26 Nov 2019

Welcome to OFAC Compliance, Apple


Name matching failure results in $467,000 fine and delivers a wake-up call for all companies

Once upon a time, it seemed only banks and border security had to worry about the issues around watchlist screening… until Apple was slapped with a $467,000 fine on Monday, 1 for having entered into an App Store agreement with an app development company listed on the U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list.

Slovenia-based SIS and its director and majority owner, Savo Stjepanovic (“Stjepanovic”), were put on the OFAC SDN list on February 24, 2015. The designation means any transactions or dealings between such a person or organization with a U.S. entity become prohibited.2 Apple failed to identify SIS as being on the SDN for two years, and during that time sent payments to SIS for downloaded SIS apps totaling $1,152,868.3

Specifically, Apple’s sanctions screening tool failed to match the upper case name “SIS DOO” in its system with the lower case name “SIS d.o.o.” as written on the SDN List. (“d.o.o” is a standard corporate suffix in Slovenia.) In addition, Apple did not take into account that SIS DOO and SIS d.o.o. had the same addresses or that Savo Stjepanovic was listed as an “account executive” as Apple only screened the names of people listed as “developer.”4

Following discovery of the compliance violation, Apple took several steps to “minimize the recurrence of similar conduct in the future” including: “Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country-specific business suffixes, and implemented an annual review of the tool’s logic and configuration.”5

But spelling and capitalization differences only scratch the surface of the complexity of fuzzy name matching. There’s also variable spacing, misordered names, what names look like when written in different languages, how organization names can be “misspelled” with synonyms like “Eagle Drug” vs. “Eagle Pharmaceutical.”

The Industry Standard Regulators Demand

The industry standard in watchlist screening is — unsurprisingly — in the financial compliance and border security area, where Rosette is at the forefront, in use by U.S. Customs and Border Protection, Airbnb, LexisNexis Risk, RapidAdvance, ComplyAdvantage, NCB Capital, and major financial compliance and due diligence vendors such as Red Flag Group.

To find out what state-of-the-art fuzzy name matching looks like today, check out how Rosette’s intelligent name matching technology works to strengthen your compliance screening tool.

13 ways Rosette matches names

Phonetic similarity JesusHeyzeusHaezoos
Transliteration spelling differences Abdul RasheedAbd al-Rashid
Nicknames WilliamWillBillBilly
Missing spaces or hyphens MaryEllenMary EllenMary-Ellen
Titles and honorifics Dr.Mr.Ph.D.
Truncated name components McDonaldsMcDonaldMcD
Missing name components Phillip Charles CarrPhillip Carr
Out-of-order name components Diaz, Carlos AlfonzoCarlos Alfonzo Diaz
Initials J. E. SmithJames Earl Smith
Names split inconsistently across database fields Dick. Van DykeDick Van . Dyke
Same name in multiple languages Mao ZedongМао Цзэдун泽东澤東
Semantically similar names Eagle Pharmaceuticals, Inc. ↔ Eagle Drugs, Co.
Semantically similar names across language Nippon Telegraph and Telephone Corporation ↔ 日本電信電話株式会社

—————————-

1. Cassin, Richard L. “OFAC: Apple’s faulty screening caused 47 sanctions violations,” The FCPA Blog, November 25, 2019 https://fcpablog.com/2019/11/25/ofac-apples-faulty-screening-caused-47-sanction-violations/
2. https://en.wikipedia.org/wiki/Foreign_Narcotics_Kingpin_Designation_Act
3. U.S. Treasury enforcement information for November 25, 2019: “Apple, Inc. Settles Potential Civil Liability for Apparent Violations of the Foreign Narcotics Kingpin Sanctions Regulations, 31 C.F.R. part 598” https://www.treasury.gov/resource-center/sanctions/CivPen/Documents/20191125_apple.pdf
3. Ibid.
4. Ibid.