US prosecutors fine German software company for violating sanctions against Iran

Federal prosecutors have imposed a fine on a German software company for violating suctions against Iran.

Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said Thursday.

The company admitted to “thousands” of violations of the Export Administration Regulations and Iranian Transactions and Sanctions Regulations.

Between 2010 and 2017, SAP and its overseas partners released U.S.-origin software, including upgrades and software patches, over 20,000 times to users in Iran. 

The majority of the Iranian downloads went to 14 companies that SAP’s international partners knew were Iranian-controlled, and several went to multinational companies with operations in Iran.

During that time, companies in SAP’s Cloud Business Group (CBG) allowed over 2,300 Iranian users to access U.S.-based cloud services from Iran.

According to a non-prosecution agreement, the company received multiple whistleblower complaints as early as 2011 about the sales, but didn’t confirm that they occurred until 2017.

The company was paid a total of $5.14 million for the illegal downloads and CBG services.

The company agreed to conduct internal audits of its compliance with export control laws and produce reports on them for the next three years.

SAP said in a statement “we accept full responsibility for past conduct, and we have enhanced our internal controls to ensure compliance with applicable laws.”  

“Our significant remediation efforts, combined with our full and proactive cooperation with U.S. authorities, have led to a mutually agreeable resolution of the Iran investigation without the imposition of an external monitor,” the company said.