What you need to know
- The US Office of Foreign Assets Control blacklisted a Slovenian dev in 2015.
- The developer was removed from the blacklist in 2017.
- But Apple continued to allow their apps into the App Store throughout.
According to OFAC Apple disclosed its violation of the sanctions voluntarily, although the lack of compliance reportedly shows that Apple's oversight during the period was "reckless."
So what exactly happened? A lot, as it turns out. And it all seems to have passed Apple by with the developer's apps remaining in the App Store throughout.
Apple allegedly entered into an app development agreement with SIS d.o.o., an app developer based in Trzin, Slovenia, in 2008, according to the settlement agreement between OFAC and Apple.
In February 2015, OFAC blacklisted SIS and its majority owner Savo Stjepanovic for allegedly being part of an international steroid trafficking network. As a result of the designations, any property that SIS or Mr. Stjepanovic had an interest in were blocked, and U.S. individuals and entities were prohibited from dealing with them. In May 2017, OFAC removed Mr. Stjepanovic and SIS from its blacklist.
During the time SIS was blacklisted, Apple made 47 payments related to the company's blocked apps, including making payments directly to SIS, OFAC said. Apple also collected about $1.2 million from customers that downloaded SIS's apps.
OFAC said the span of time over which the alleged violations happened and the multiple points of failure within Apple's sanctions compliance program showed "reckless disregard for U.S. sanctions requirements," according to the agreement.
While that all sounds like something out of a movie, the reason Apple missed the fact that it was dealing with a blacklisted entity is even more bizarre. According to the WSJ report it all came down to a simple case of formatting, with the blacklisted name and the developer's account name not matching completely.
On the day Mr. Stjepanovic and SIS were blacklisted, Apple ran the new designations against its app developer account holder names. But the company's sanctions-screening tool failed to identify SIS as a blacklisted entity because Apple's system listed the company as "SIS DOO," rather than "SIS d.o.o" on OFAC's list, according to the agreement.
Apple allegedly failed to identify Mr. Stjepanovic as a blacklisted individual in its system as well, because Apple didn't screen all individual users associated with an App Store account at the time, according to the agreement.
That fact that Apple alerted OFAC didn't mean that it got off without paying a fine, though. Instead the company handed over $467,000 and set about making sure a similar incident can't happen again.