Amazon Fined for Violating US Sanctions Programs, Not Reporting Hundreds of Transactions

Amazon's 2011-2018 processed orders included shipments of retail goods and services to sanctioned individuals and Crimea, Iran and Syria, the notice said. The company also processed orders for people “located in or employed by the foreign missions” of Cuba, Iran, North Korea, Sudan and Syria, and accepted orders from individuals listed on OFAC’s Specially Designated Nationals List. Amazon fulfilled transactions of “low-value retail goods,” totaling more than $250,000, for people sanctioned under OFAC’s narcotics trafficking sanctions, weapons proliferation regime and transnational criminal organizations regime. Other customers were designated under OFAC sanctions regimes for the Democratic Republic of the Congo, Venezuela and Zimbabwe.

Amazon’s sanctions screening program “failed to fully analyze all transaction and customer data,” which led to gaps in compliance, the notice said. Although the Amazon orders referenced sanctioned jurisdictions or a “common alternative spelling” of a sanctioned jurisdiction, the company’s screening process did not flag the transactions. In one instance, the company’s program did not flag a transaction with the address listed in “Yalta, Krimea” because it did not account for the variation in spelling for Crimea. Amazon also did not flag orders shipped to Iranian embassies in third countries, and in “several hundred instances” the screening program “failed to flag the correctly spelled names and addresses of persons on OFAC’s SDN List.”

Amazon also failed to report hundreds of transactions involving Crimea despite using a general license that required users to report transactions, OFAC said. The company had previously reported 245 transactions involving Crimea in February 2015 but did not report 362 similar transactions “until well after the required reporting period had expired,” OFAC said.

The maximum penalty for Amazon’s violations was more than $1 billion, but OFAC said several mitigating factors led to the $134,523 penalty, including that Amazon self-disclosed the violations. Additional mitigating factors included that Amazon had not committed a violation in the previous five years, cooperated with the investigation and conducted an internal investigation without a subpoena. OFAC said the company also “undertook significant remedial measures,” including “investing substantial resources” to improve its screening program, hiring third-parties to review its compliance program, introducing “additional automated preventative screening controls,” “enhancing its sanctioned jurisdiction Internet Protocol (IP) blocking controls,” improving its compliance training and expanding the use of sanctions and export control language in its agreements.

OFAC said aggravating factors included Amazon’s lack of “caution or care” involving its screening process and its failure to review variations in addresses and names. OFAC added that although the orders were mainly for “low-value retail and consumer goods,” some orders were for “personal security products” for Iranian embassies in Tokyo and Brussels. Another aggravating factor was that Amazon is “one of the largest and most commercially sophisticated companies in the world.”

OFAC said this case shows the importance of compliance programs for e-commerce and other online-based businesses. “Such large and sophisticated businesses should implement and employ compliance tools and programs that are commensurate with the speed and scale of their business operations,” the agency said. Companies relying heavily on automated screening should take steps to make sure their programs capture common misspellings, OFAC said.