On January 29, 2024, the U.S. Department of Commerce (“Commerce”) published a notice of proposed rulemaking (the “Notice”) seeking comments on proposed rules promulgated by Commerce’s Bureau of Industry and Security (“BIS”) and newly-created Office of Information and Communications Technology and Services to implement Executive Order 14110, the Biden Administration’s October 2023 executive order on artificial intelligence (“AI”) (“E.O. 14110”, see our prior alert here). The Notice also implements Executive Order 13984, a 2021 executive order relating to malicious cyber-enabled activities (“E.O. 13984”) (with respect to which Commerce had already issued an advanced notice of proposed rulemaking). Continue Reading Proposed Rulemaking by U.S. Department of Commerce Introduces New Obligations on U.S. IaaS Providers and Foreign Resellers to Curb Malicious Cyber-Enabled Activities
Chase Kaniecki’s practice focuses on international trade and national security matters, including CFIUS and global foreign direct investment, economic sanctions, export controls, customs, and trade remedies.
On November 8, 2021, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) designated a virtual currency exchange, Chatex, and its infrastructure support providers on the list of Specially Designated Nationals and Blocked Persons (SDN List) for their role in facilitating financial transactions for ransomware actors.[i] The Financial Crimes Enforcement Network (FinCEN) also released an updated advisory on ransomware and the use of the financial system to facilitate ransomware payments.[ii] These actions were taken in furtherance of a coordinated “whole-of-government” effort to disrupt criminal ransomware actors and the virtual currency exchanges used to launder ransom payments around the world.
Continue Reading OFAC Ramps up Targeting of Ransomware-linked Actors and FinCEN Updates Ransomware Advisory
On September 21, 2021, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC): (i) issued an updated advisory on potential sanctions risks for facilitating ransomware payments; and (ii) designated SUEX OTC, S.R.O. (SUEX), a virtual currency exchange, on the list of Specially Designated Nationals and Blocked Persons (SDN List) for its role in facilitating financial transactions for ransomware actors. These actions demonstrate the U.S. government’s increasing focus on virtual currencies as a key means of facilitating ransomware payments and related money laundering, as well as OFAC’s commitment to combating ransomware attacks and other malicious cyber activities.
Continue Reading OFAC Updates Ransomware Advisory and Sanctions Virtual Currency Exchange
While large financial institutions have traditionally been hesitant to enter new areas of financial products, particularly virtual assets, many more banks and companies have expressed interest in virtual currencies as cryptocurrency has become increasingly mainstream. Given the use of such services by terrorist groups, it is important for banks and other financial institutions to consider…
On February 18, 2021, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay), a payment processor for merchants accepting digital currency as payment for goods and services, for 2,102 apparent violations of multiple sanctions programs between 2013 and 2018. The settlement highlights that financial service providers facilitating digital currency transactions must not only establish sanctions compliance programs to screen their own customers but also must monitor third-party non-customer transaction information.
Continue Reading OFAC Settles with Digital Currency Payment Processor for Sanctions Violations
In the wake of one of the largest reported medical ransomware attacks in U.S. history, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) issued last week a pair of advisories to assist in efforts to combat the increasing threat of ransomware attacks and related sanctions and anti-money laundering (AML) compliance issues. Like our blog post last month on the same topic, the advisories highlight the importance of considering the legal risks relating to ransomware payments and confirm that OFAC may pursue enforcement actions against ransomware payments that violate U.S. sanctions.
Continue Reading OFAC and FinCEN Issue Advisories on Cyber Ransom Payments
Last month, reports surfaced that fitness technology company Garmin may have made a multimillion dollar payment in response to a ransomware attack with reported links to Evil Corp, a Russian hacking group subject to U.S. sanctions. This incident and other recent reports of ransomware attacks against large companies highlights that companies should consider potential civil and criminal liability under U.S. sanctions laws when responding to ransomware attacks.
Continue Reading Ransomware and Sanctions Compliance: Considerations for Responses to Attacks