Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

OFAC: Apple’s faulty screening caused 47 sanctions violations

Apple, Inc. agreed Monday to pay $467,000 to settle violations of the Foreign Narcotics Kingpin Sanctions Regulations after its screening tool failed to detect a sanctioned company and its owner.

The Treasury Department’s Office of Foreign Assets Control said Apple dealt with a software company that OFAC had listed as a “significant foreign narcotics trafficker.”

In July 2008, Cupertino-based Apple entered into an app development agreement with a Slovenia company called SIS, d.o.o.

(The term “d.o.o.” is a standard corporate suffix in Slovenia identifying a limited liability company.)

In February 2015, OFAC designated SIS and Savo Stjepanovic, a director and majority owner of SIS, under the Foreign Narcotics Kingpin Designation Act (21 U.S.C. §§ 1901-1908) and added them to the List of Specially Designated Nationals and Blocked Persons (the SDN List).

Companies subject to OFAC jurisdiction generally can’t do business with any organizations or people on the SDN List.

OFAC’s SDN List entry included SIS’s address, registration number, and tax identification number:

SIS D.O.O., 19 Spruha, Trzin 1236, Slovenia; Registration ID 5919070 (Slovenia); Tax ID No. SI91729181 (Slovenia) [SDNTK].

OFAC publicly linked Stjepanovic to SIS. It published a diagram titled “KARNER Steroid Trafficking Network” that included both Stjepanovic’s photo and SIS’s logo.

On the day when OFAC designated SIS and Stjepanovic, Apple followed its standard compliance procedures and ran a check using its sanctions screening tool.

“During this screening, Apple failed to identify that SIS, an App Store developer, was added to the SDN List and was therefore blocked,” OFAC said.

Apple later said its sanctions screening tool failed to match different upper case and lower case letters that appeared in Apple’s system and on the SDN List.

Apple didn’t identify SIS as a blocked company even though the address for SIS that Apple collected matched the address OFAC published.

Apple also missed Stjepanovic’s OFAC designation. He was listed as an “account administrator” in SIS’s App Store developer account but not as a “developer.” At the time, Apple didn’t screen everyone identified in an App Store account against the SDN List, only developers.

Because of the misses, Apple continued to host apps owned by SIS on the App Store. Apple allowed downloads and sales of the blocked SIS apps, received payments from App Store users downloading the SIS apps, permitted SIS to transfer and sell its apps to two other developers, and remitted to SIS each month the revenues produced by the blocked apps.

Apple discovered the misses two years later, in February 2017, when it upgraded its sanctions screening tool. The company’s finance team immediately suspended payments associated with the SIS account, OFAC said. But Apple didn’t suspend payments “for multiple months” to a third party that was processing payments for SIS.

In all, Apple made 47 payments associated with the blocked apps, including payments directly to SIS, after OFAC put SIS on the SDN List.

Apple collected about $1.2 million over 54 months from customers who downloaded SIS apps, OFAC said.

OFAC said it gave Apple credit for a previously clean sanctions compliance record and for responding “to numerous requests for information in a prompt manner.”

OFAC said Apple had “reconfigured” its primary sanctions screening tool and instituted mandatory training for all employees on export and sanctions regulations. It also expanded the role of its “Global Export and Sanctions Compliance Senior Manager in the escalation and review process.”

Share this post



  1. Let’s see, so Apple is to pay $467,000 to settle violations, but “collected about $1.2 million over 54 months from customers who downloaded SIS apps.” That’s a good rate of return for their investment, isn’t it?
    How is this supposed to deter or punish wrongdoing?

    • Apple keeps only 30% of money spent on apps so the sanctions may reflect that plus some.

Comments are closed for this article!