Washington, D.C. (June 23, 2023) – In a joint enforcement effort, the U.S. Department of Commerce's Bureau of Industry and Security (BIS) and the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed civil penalties totaling over $3.3 million on Microsoft Corporation. The penalties were issued to resolve alleged and apparent violations of U.S. export controls and sanctions laws. Microsoft voluntarily disclosed the violations, cooperated with the investigation, and implemented remedial measures. This alert explores the details of the case and its implications for technology companies operating through foreign subsidiaries.

Case Background and Violations

Between December 2016 and December 2017, employees of Microsoft Rus LLC (Microsoft Russia) caused another Microsoft subsidiary to enter into software licensing agreements that allowed the transfer or access to software subject to BIS's Entity List. The agreements involved FAU 'Glavgosekspertiza Rossii,' a Russian federal institution involved in construction projects, including the Kerch Bridge connecting Crimea to Russia, and the United Shipbuilding Corporation responsible for developing Russian Navy warships.

Certain employees of Microsoft Russia ordered software licenses through one of Microsoft's Open sales programs using the names of parties not on the Entity List for FAU 'Glavgosekspertiza Rossii.' In the case of United Shipbuilding, an increased number of software licenses were added under non-listed affiliates' enterprise agreements.

The Penalties

BIS issued an administrative penalty of $624,013 on Microsoft as part of its settlement. Microsoft admitted to the conduct outlined in a Proposed Charging Letter involving its subsidiary, Microsoft Russia. Additionally, Microsoft reached a settlement with OFAC, agreeing to a civil penalty of $2,980,265.86. This settlement resolved 1,339 apparent violations of OFAC sanctions regulations related to Ukraine/Russia, Cuba, Iran, and Syria.

Considering the related OFAC action, BIS granted Microsoft a credit of $276,382, contingent upon fulfilling the requirements of the OFAC settlement agreement. As a result, the combined overall penalty amounts to $3,327,896.86.

Enforcement Cooperation and Accountability

The coordinated resolution highlights the commitment of BIS and OFAC to enforcing U.S. export control and sanctions laws worldwide. Assistant Secretary for Export Enforcement Matthew S. Axelrod emphasized that U.S. companies are accountable for the activities of their foreign subsidiaries. The joint effort of BIS and OFAC ensures effective enforcement of export control and sanctions laws, regardless of the location where the underlying conduct occurs. Andrea M. Gacki, Director of OFAC, highlighted the complementary role of BIS and OFAC authorities in holding firms accountable and promoting compliance with national security obligations.

Implications and Compliance

Microsoft's recent settlement with BIS and OFAC for alleged violations of U.S. export controls and sanctions laws highlights the need for technology companies to prioritize compliance. The penalties imposed demonstrate the significance of adhering to export control and sanctions regulations, irrespective of the location of the conduct. By taking proactive steps to enhance compliance programs, companies can reduce the risk of penalties, safeguard their reputation, and ensure adherence to national security obligations. For specific guidance, consulting with legal counsel is recommended.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.