Serviceteam IT Security News

A software company based in Germany has self-disclosed violating United States sanction laws by exporting American products and services to Iran.

SAP SE, which is headquartered in Walldorf, admitted to carrying out thousands of export violations over a seven-year period.

After self-reporting its transgressions, the company agreed to pay combined penalties of more than $8m as part of a global resolution reached with the United States Departments of Justice (DOJ), Commerce, and Treasury.

SAP entered into a non-prosecution agreement with the three agencies that requires the company to disgorge $5.14m of ill-gotten gains.

From around January 2010 through approximately September 2017, SAP and its overseas partners released US-origin software more than 20,000 times to users located in Iran. Software exported by SAP without a license included upgrades and patches.

“Certain SAP senior executives were aware that neither the company nor its U.S.-based content delivery provider used geolocation filters to identify and block Iranian downloads, yet for years the company did not remedy the issue,” stated the DOJ.

Most of the Iranian downloads went to 14 companies, which SAP’s partners in Turkey, United Arab Emirates, Germany, and Malaysia knew to be under Iranian control. The remaining downloads were sold to several multinational companies then downloaded by their Iranian-based operations.

During the same period, SAP’s Cloud Business Group companies (CBGs) permitted approximately 2,360 Iranian users to access US-based cloud services from Iran.

The DOJ praised SAP for voluntarily confessing its violations, running an extensive internal investigation, and for cooperating with the US government over a three-year period.

“During this time, SAP worked with prosecutors and investigators, producing thousands of translated documents, answering inquiries and making foreign-based employees available for interviews in a mutually agreed upon overseas location,” stated the DOJ.

SAP also spent more than $27m on remediating its export compliance and sanctions program. Changes introduced by the company included the implementation of GeoIP blocking, the deactivation of thousands of Iran-based user accounts for cloud services, and the suspension of SAP partners who sold to customers affiliated with Iran.

Assistant Attorney General John Demers said: “SAP will suffer the penalties for its violations of the Iran sanctions, but these would have been far worse had they not disclosed, cooperated, and remediated.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply