Apple paid a heft fine after it voluntarily disclosed that it had violated US sanctions by inadvertently allowing a Slovenian developer’s apps into the App Store for more than two years even though they were blacklisted by the US Office of Foreign Assets Control (OFAC).
The Wall Street Journal reports that Apple entered into an app development agreement with app developer SIS d.o.o. based in Trzin, Slovenia back in 2008. That company along with its majority owner Savo Stjepanovic got blacklisted in February 2015 over being part of an international steroid trafficking network. The developer was removed from the blacklist in 2017, but Apple had been allowing their apps into the App Store throughout the offending period.
The reason why this happened can be chalked up to a formatting issue:
On the day Mr. Stjepanovic and SIS were blacklisted, Apple ran the new designations against its app developer account holder names. But the company’s sanctions-screening tool failed to identify SIS as a blacklisted entity because Apple’s system listed the company as ‘SIS DOO,’ rather than ‘SIS d.o.o’ on OFAC’s list..
Apple allegedly failed to identify Mr. Stjepanovic as a blacklisted individual in its system as well because Apple didn’t screen all individual users associated with an App Store account at the time, according to the agreement.
An Apple spokesman issued the following statement on Monday:
In 2017, we found that we had inadvertently paid a developer on the US Treasury’s List of Specially Designated Nationals. We reported it to the authorities and fully cooperated with their investigation, which has now been completed.
The period during which the violations happened showed “reckless disregard for US sanctions requirements,” as per the settlement agreement between OFAC and Apple. OFAC credited Apple for its voluntary self-disclosure of the alleged violations, saying the iPhone maker boosted the role of its global export and sanctions compliance officer in the review and escalation process.
Apple had expanded sanctions screening to the app developer’s payment beneficiaries and associated banks, but that hadn’t saved it from paying a heft a fine of over $467,000.