Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • White House orders DOJ and CFPB to better protect citizens’ sensitive personal data

    Privacy, Cyber Risk & Data Security

    On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”

    A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.

    Privacy, Cyber Risk & Data Security Federal Issues Department of Justice CFPB Executive Order Department of Homeland Security White House Big Data China Russia Iran North Korea Cuba Venezuela

  • Senators ask Treasury, White House for answers on North Korea’s crypo-crime funding

    Financial Crimes

    On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The senators noted that a UN report found that in 2016, “North Korea exhibited a ‘clear shift’ to attacking cryptocurrency exchanges for the purposes of ‘generating financial revenue’” that is difficult to trace and subject to less government oversight. The letter highlights the effects of the cyberattacks, including how they have generated about $2 billion, which is then used to fund the North Korean military.  The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. The senators asked for a response to their five questions by August 16.

    Financial Crimes Fintech Cryptocurrency Digital Assets Bank Secrecy Act North Korea Department of Treasury

  • OFAC sanctions DPRK missile development procurers

    Financial Crimes

    On June 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Orders (E.O.) 13382 and 13810, against two individuals involved in the procurement of equipment and materials that support the Democratic People’s Republic of Korea’s (DPRK) ballistic missile program. According to OFAC, the missile program relies on foreign-sourced ballistic missile-related components that it cannot produce domestically. One of the sanctioned persons has collaborated with a number of individuals to purchase and procure items including those known to be used in the production of DPRK ballistic missiles. The individual’s wife is the second sanctioned individual listed as “being a North Korean person, including a North Korean person that has engaged in commercial activity that generates revenue for the Government of North Korea or the Workers’ Party of Korea.”

    As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S., or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. OFAC further mentioned, “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Sanctions OFAC Designations Department of Treasury China North Korea SDN List

  • OFAC clarifies impact of sanctions on humanitarian assistance and trade

    Financial Crimes

    On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Iran Syria North Korea Cuba Russia Venezuela Covid-19

  • OFAC sanctions DPRK cyber and IT workers

    Financial Crimes

    On May 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order (E.O.) 13687 and E.O. 13810, against four entities and one individual, involved in obscure revenue generation and malicious cyber activities supporting the Democratic People’s Republic of Korea (DPRK) government. Through continued coordination with the Republic of Korea (ROK), one individual and one of the entities are concurrently being sanctioned by the ROK, while the other three entities OFAC designated were previously sanctioned by the ROK earlier in February. According to OFAC, the malicious cyber action and illicit IT worker revenue generation supports the DPRK’s unlawful weapons of mass destruction and ballistic missile programs. As a result of the sanctions, all property and interests in property of the designated persons that are in the United States, or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. OFAC further mentioned, “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions SDN List North Korea

  • OFAC reaches $508 million settlement with British tobacco company on North Korean transactions

    Financial Crimes

    On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $508 million settlement with one of the world’s largest tobacco companies to resolve potential civil liabilities stemming from allegations that the company sent more than $250 million in profits from a North Korean joint venture through U.S. financial institutions by relying on designated North Korean banks and several intermediaries. According to OFAC’s web notice, from 2007 to 2016, the London-headquartered company formed a conspiracy to export tobacco and related products to North Korea, and remitted approximately $250 million in payments from the North Korean joint venture. The payments were allegedly remitted through bank accounts controlled by sanctioned North Korean banks to the company’s Singaporean subsidiary via U.S. banks who cleared the transactions. By causing U.S. financial institutions to process wire transfers containing blocked property interests of sanctioned North Korean banks in order to export financial services and facilitate the export of tobacco, the company violated the Weapons of Mass Destruction Proliferators Sanctions Regulations and the North Korea Sanctions Regulations, OFAC said.

    According to OFAC, the settlement is the largest ever reached with a non-financial institution and reflects the statutory maximum penalty due to OFAC’s determination that the company’s conduct was egregious and not voluntarily self-disclosed. In arriving at the settlement amount, OFAC determined, among other things, that the company and its subsidiaries willfully conspired to transfer hundreds of millions of dollars related to North Korea through U.S. financial institutions while being aware that U.S. sanctions regulations prohibited this conduct. The company and its subsidiaries also allegedly “relied on an opaque series of front companies and intermediaries” to conceal their North-Korea-related business, with management having actual knowledge about the alleged conspiracy from the beginning. OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, and that the company cooperated with OFAC and agreed to toll the statute of limitations.

    Providing context for the settlement, OFAC said that this action demonstrates that “creating the illusion of distance between a firm and apparently violative conduct does not shield that firm from liability.” Moreover, “[s]enior management decisions to approve or otherwise support arrangements that obscure dealings with sanctioned countries and parties can be reflected throughout an organization, compounding sanctions risks and increasing the likelihood of committing potential violations.”

    Concurrently, the DOJ announced that the company and one of its subsidiaries have agreed to pay combined penalties of more than $629 million to resolve bank fraud and sanctions violations charges stemming from the aforementioned conduct. According to the DOJ, the subsidiary pleaded guilty to a criminal information charging both entities with conspiracy to commit bank fraud and conspiracy to violate the International Emergency Economic Powers Act. The company entered into a deferred prosecution agreement related to these charges.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Enforcement Settlement North Korea DOJ

  • OFAC sanctions facilitators of DPRK virtual currency laundering

    Financial Crimes

    On April 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Orders 13722 and 13382, against three individuals for providing material support to the Democratic People’s Republic of Korea (DPRK) through several previously designated entities. According to OFAC, the DPRK uses illicit facilitation networks to access the international financial system, launder stolen virtual currency, and generate revenue to support the regime’s weapons of mass destruction and ballistic missile programs. “The United States and our partners are committed to safeguarding the international financial system and preventing its use in the DPRK’s destabilizing activities, especially in light of the DPRK’s three launches of intercontinental ballistic missiles (ICBMs) this year alone,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. OFAC explained that the DPRK deploys IT workers to fraudulently obtain employment to generate revenue in virtual currency, and said that in 2022 alone, DPRK cyber actors were able to steal an estimated $1.7 billion in virtual currency through various hacks. The stolen virtual currency was converted into fiat currency using a network of over-the-counter virtual currency traders (including traders based in China) to avoid detection by financial institutions or authorities, OFAC said.

    As a result of the sanctions, all property and interests in property belonging to the sanctioned entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC further warned that “persons that engage in certain transactions with the individuals or entities designated today may themselves be exposed to designation,” and that “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations SDN List North Korea Digital Assets Virtual Currency

  • OFAC settles with Indian tobacco company on North Korean transactions

    Financial Crimes

    On March 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $332,500 settlement with an India-registered tobacco company to resolve allegations that it “requested payment in U.S. dollars for its indirect exportation of tobacco to the Democratic People’s Republic of Korea [(DPRK)].” According to OFAC’s web notice, in late 2016, an assistant manager at the company and a representative from a Thai intermediary began communicating about a prospective order of tobacco from a DPRK customer. A decision was eventually made not to include the DPRK customer or to list the DPRK in trade documents for the order. Rather, the order listed the Thai intermediary as the customer and China as the destination. OFAC maintained that the company issued three invoices to the Thai intermediary for its tobacco orders, and asked that payments be sent in USD to either the company’s bank account at a non-U.S. bank in India or to the India-branch of a U.S. bank. Between July and August 2017, four Hong Kong-organized intermediaries remitted funds to the company for these shipments and made five payments totaling approximately $369,228. Four of the five USD payments were sent to the non-U.S. bank, causing three U.S. financial institutions to clear the payments. The fifth payment was sent to the India-branch of a U.S. bank. By directing the Hong Kong intermediaries to remit payments in USD, OFAC claimed the company “caused U.S. correspondent banks that processed the payments, as well as the foreign branch of a U.S. bank, to export financial services to or otherwise facilitate the exportation of tobacco to the DPRK” in violation of the North Korea Sanctions Regulations.

    In arriving at the settlement amount, OFAC determined, among other things, that several managers had actual knowledge of the alleged conduct at issue, and that the company “acted recklessly” by “fail[ing] to exercise a minimal degree of caution or care for U.S. sanctions laws and regulations and caus[ing] U.S. financial institutions to export financial services or otherwise facilitate the exportation of tobacco to the DPRK.”

    OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years. Additionally, the company undertook remedial measures upon learning of the alleged violations, cooperated with OFAC throughout the investigation, and agreed to toll the statute of limitations, the notice said.

    Providing context for the settlement, OFAC said that this action “highlights the deceptive practices DPRK entities use to evade U.S. and international sanctions and acquire revenue-generating goods, such as by employing intermediaries in various countries to coordinate shipping and make payments.”

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Sanctions OFAC Designations Settlement North Korea Enforcement

  • OFAC sanctions persons supporting North Korea

    Financial Crimes

    On March 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against three entities and two individuals for their roles in illicitly generating revenue to support the government of the Democratic People’s Republic of Korea (DPRK). According to OFAC, two of the sanctioned entities are designated pursuant to Executive Order (E.O.) 13687 “for being agencies, instrumentalities, or controlled entities of the Government of North Korea or the Workers’ Party of Korea.” One of the entities is a subordinate to the Government of North Korea, and is used by the DPRK government to earn foreign currency, collect intelligence, and provide cover status for intelligence operatives. The other entity—a subordinate to the DPRK Ministry of People’s Armed Forces (which was previously sanctioned by OFAC)—allegedly generated funds for the DPRK government for decades by conducting art and construction projects on behalf of regimes throughout the Middle East and Africa. The two individuals are sanctioned, pursuant to E.O. 13810, for being North Korean persons who have generated revenue for the DPRK government or the Workers’ Party of Korea. These individuals, OFAC said, established the third sanctioned entity in the Democratic Republic of the Congo to earn revenue from construction and statue-building projects with local governments. 

    As a result of the sanctions, all property and interests in property of the sanctioned persons that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons.” Persons that engage in certain transactions with the designated individuals and entities may themselves be exposed to sanctions, and “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Sanctions OFAC Designations North Korea SDN List

  • OFAC sanctions officials connected to DPRK

    Financial Crimes

    On December 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against three North Korean officials for providing support to the Democratic People’s Republic of Korea’s (DPRK) development of weapons of mass destruction (WMD) and ballistic missiles. According to OFAC, the designations are “in line with wider multilateral efforts to impede the DPRK’s ability to advance its unlawful WMD and ballistic missile programs that threaten regional stability.” As a result of the sanctions, all property and interests in property of the sanctioned entity that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons.” OFAC noted that its regulations prohibit U.S. persons from participating in transactions with designated persons unless authorized by a general or specific license issued by OFAC.

    Financial Crimes Department of Treasury OFAC SDN List OFAC Sanctions OFAC Designations North Korea Of Interest to Non-US Persons

Pages

Upcoming Events