Settlement Agreements between the U.S. Department of the Treasury’s Office of Foreign Assets Control and MoneyGram Payment Systems, Inc., and SAP SE
Release date 04/29/2021
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) today announced a settlement with MoneyGram Payment Systems, Inc. (“MoneyGram”), a global payments company based in Dallas, Texas that allows people to send money in more than 200 countries and territories. MoneyGram agreed to remit $34,328.78 to settle its potential civil liability for 359 apparent violations of multiple sanctions programs. MoneyGram provided services to blocked individuals incarcerated in U.S. federal prisons without a license from OFAC, processed transactions on behalf of an additional blocked person, and processed transactions for individuals who initiated commercial transactions involving Syria. For more information regarding today’s settlement with MoneyGram, please visit the following web notice.
Separately, OFAC has announced a $2,132,174 settlement with SAP SE (“SAP”). SAP, a software company located in Walldorf, Germany has agreed to settle its potential civil liability for 190 apparent violations of the Iranian Transactions and Sanctions Regulations, 31 C.F.R. part 560. Specifically, between approximately 2013 and 2018, SAP engaged in the export, re-export, sale, or supply of technology or services from the United States to companies in third countries with knowledge or reason to know the software or services were intended specifically for Iran, and sold cloud-based software subscription services accessed remotely through SAP’s cloud businesses in the United States to customers that made the services available to their employees in Iran. OFAC determined that SAP voluntarily self-disclosed the apparent violations, and that these apparent violations constitute a non-egregious case. For more information regarding today’s settlement with SAP, please visit the following web notice.
While the amounts are small, remember that OFAC’s fines are determined by the penalty grid in the Enforcement Guidelines. When you have non-egregious, voluntarily self-reported violations, the fines are going to be small.
That being said, you have to wonder what makes violations egregious. Both of these firms conducted a lot of violations, yet the fines are tiny comparatively. In MoneyGram’s case, these were low value payments, which caps the fine at really low numbers ($1,000 for a violation of up to $1,000, for example).
The other thing to note is that SAP actually paid significantly more than the base penalty – on a percentage basis. The base penalty was only $1,316,157, while they paid $2,132,174. The penalty went up due to recklessness on their part and actual knowledge that their software and services were being used by Iranian parties.
The actual details aren’t all that interesting – bad due diligence, bad compliance program, misunderstanding requirements… yawn!