.svg)
The software giant has found itself in hot water with US authorities over sanctions violations following the Russia-Ukraine conflict.
Microsoft will pay over $3.3m in total combined civil penalties to the US Department of Commerce’s Bureau of Industry and Security (BIS) and the Treasury’s Office of Foreign Assets Control (OFAC).
This is to resolve alleged and apparent violations of the US’ export controls and sanctions regime via foreign subsidiaries of Microsoft.
“US companies will be held accountable for the activities of their foreign subsidiaries,” said assistant secretary for export enforcement Matthew S. Axelrod.
Axelrod stated that the two regulators will work together to ensure US export control and sanctions laws are enforced effectively, “[w]herever in the world the underlying conduct occurs.”
“This case demonstrates how BIS and OFAC authorities can complement one another to hold firms accountable and promote compliance with core national security obligations. It further underscores the risks technology companies may face when engaging through foreign subsidiaries, distributors and resellers and the importance of maintaining effective controls,” said Andrea M. Gacki, who serves as director of OFAC.
Microsoft voluntarily self-disclosed the alleged violations to both authorities and also cooperated with the joint investigation conducted by BIS’s Office of Export Enforcement and OFAC.
In addition, Microsoft took remedial measures after discovering the issue, which predated the export controls and sanctions imposed in connection with the Russian-Ukraine war.
The case revolves around seven occasions between December 28, 2016, and December 22, 2017.
Employees of Microsoft Russia caused another Microsoft subsidiary to enter into, or sell, software licensing agreements that would allow the transfer or access to software to FAU Glavgosekspertiza Rossii and United Shipbuilding Corporation, both of which were on BIS’ sanctioned entity list.
FAU Glavgosekspertiza Rossii is a Russian federal institution involved with construction projects, including the Kerch Bridge, which was built to connect Crimea to Russia after its 2014 invasion.
United Shipbuilding Corporation is responsible for developing and building the Russian Navy’s warships.
In the case of FAU Glavgosekspertiza Rossii, Russian-based employees of Microsoft Russia ordered software licences through one of Microsoft’s Open sales programmes in the names of parties not on the entity list.
Meanwhile, in the case of United Shipbuilding Corporation, an increased number of software licences were added under non-listed affiliates’ enterprise agreements.
These sanctions violations pre-date those implemented following the Russia-Ukraine conflict, which has seen entity lists and other compliance requirements rapidly expand.
Sanctions in light of the invasion resulted in the highest number of regulatory events ever recorded by VIXIO PaymentsCompliance, with 243 recorded in March 2022.
More should be expected in all key jurisdictions as well. In February 2023, the EU agreed to its tenth package of sanctions against Russia and Russian allies, such as Belarus.
Meanwhile, US Treasury Secretary Janet Yellen has also been pushing for stronger sanctions against Russia.
