Every business with the opportunity and capability to grow rapidly can look to the failure of one of the world's largest Internet companies as an example of the importance of Know Your Customer (KYC) programs, growing compliance systems in parallel with business expansion, and being transparent when compliance issues arise.
The company's net revenue was 135.99 billion U.S. dollars in 2016, making the $33,760 of products sold to Iran-based customers negligible in terms of sales impact. Yet the apparent violation of the Iran Threat Reduction and Syria Human Rights Act has garnered significant media attention and a likely hit to the retail and technology giant's reputation.
Maintaining accurate and timely information on 300 million customers is a daunting task to be sure, and the company's risk exposure may increase as it touches an increasing number of industries, products, and consumer bases. However, risks may be mitigated by leveraging technological advantages to screen customers via IP sourcing, geographic targeting, transaction monitoring, and enhanced due diligence processes.
That $33,760 reported sum may not include undetected risks that could result in more severe penalties that would impact business operations and regulatory risk.
In its latest US Security and Exchange Commissions filing (PDF), Amazon noted that between January 2012 and June 2017, it has "processed and delivered" consumer good orders for individuals and entities outside Iran covered by the Iran Threat Reduction and Syria Human Rights Act (ITRA), including embassies, individuals potentially acting on their behalf and potentially government-owned entities.