Barracuda Networks allegedly violated the Iranian, Sudanese and Syrian sanctions programs by selling and providing updates to web filtering products that could be used to block and censor Internet content and Internet security software from August 2009 to May 2012 to blocked persons, including people on the SDN List under the Syrian sanctions program. The base penalty for these voluntarily self-disclosed, non-egregious violations is $123, 586.
Here is OFAC's accounting of the General Factors considered in coming up with the settlement amount:
(1) Barracuda acted with reckless disregard for sanctions requirements
by(a) permitting distributors and resellers to sell its products and updates to SDNs and to
customers in sanctioned countries when it knew or had reason to know that the products were
located in sanctioned countries or with SDNs, in potential violation of U.S. sanctions
requirements, and(b) distributing its products and technology to more than 17,000 resellers and
distributors worldwide without implementing any written sanctions compliance policies or
procedures, and failing to provide training to its employees regarding export controls and
sanctions;(2) Barracuda knew or had reason to know that it was exporting goods, technology,
and services to Iran and Sudan because IP addresses associated with those countries were used to
contact the company; further, Barracuda knew or had reason to know that it was exporting technology to Syrian SDNs because the SDNs were listed on sales invoices;(3) the exportation
of the Web filtering software and hardware to Iran, Sudan, and SDNs in Syria could potentially
have caused significant harm to U.S. sanctions program objectives because the technology could
have been used to block or censor Internet activity;2(4) Barracuda did not screen IP addresses
used to contact Barracuda’s servers because it had no OFAC compliance program in place at the
time of the transactions;(5) Barracuda has no prior OFAC sanctions history, including no
penalty notice or Finding of Violation in the five years preceding the earliest date of the
transactions giving rise to the apparent violations, making it eligible for up to 25 percent “first
offense” mitigation;(6) Barracuda took significant remedial steps including developing a method
to disable products in sanctioned countries, prioritizing U.S. sanctions and export controls
compliance by establishing an Office of Trade Compliance and hiring a general counsel with
subject matter expertise in these areas, issuing company-wide a statement from the CEO about
sanctions-related policy, implementing a trade compliance manual, and enhancing its sales
software to include red flags for orders that may require a license; and(7) Barracuda
substantially cooperated with OFAC’s investigation, including by agreeing to toll the statute of
limitations for approximately 521 days.
That statute of limitations tolling is for a bit shy of 1 1/2 years. This is also the first time Mr. Watchlist has seen OFAC refer to the “first offense” discount (it's in the Enforcement Guidelines).
Link: