InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
White House orders DOJ and CFPB to better protect citizens’ sensitive personal data
On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”
A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.
OFAC sanctions Burma Ministry of Defense and supporting financial institutions
On June 21, pursuant to Executive Order 14014, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Burma’s Ministry of Defense and two regime-controlled financial institutions. In announcing the sanctions, OFAC explained that the Burmese military, which overthrew the country’s democratic government in February 2021, has increased its reliance on air strikes in civilian populated areas, resulting in the death of more than 3,600 civilians and displacing nearly than 1.5 million people, and that Burma’s Ministry of Defense has imported goods from sanctioned entities in Russia to support the Burmese military. OFAC detailed that the two sanctioned financial institutions, which primarily function as foreign currency exchanges, “enable Burma’s Ministry of Defense and other sanctioned military entities to purchase arms and other materials from foreign sources.” As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless authorized by a general or specific OFAC license, or if otherwise exempt.
In conjunction with the sanctions, OFAC issued a Burma-related special license (See General License 5).
OFAC sanctions Russians for election influence
On June 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against two individuals for attempting to conduct “global malign influence operations,” including efforts to influence a U.S. local election. According to OFAC, the designated individuals are Russian Federal Security Service officers who operate as part of a mission that provokes anti-government and anti-democratic positions designed to undermine faith in democratic principles, weaken U.S. diplomatic connections, and exploits societal divisions in an effort to expand Russia’s influence. OFAC said one of the individuals directed more than six U.S. co-conspirators, including two who ran in local U.S. elections, to report on the activities of political groups. OFAC designated the two individuals “for having acted or purported to act for or on behalf of, directly or indirectly, the Government of the Russian Federation.” The designated individuals were also recently indicted by the DOJ as well as by the U.S. Attorney’s Office for the Middle District of Florida. In a parallel action announced the same day, the EU released its Eleventh Package of sanctions against Russia. The Eleventh Package added, among other things, over 100 individuals and entities subject to asset freezes, a new anti-circumvention tool to restrict the trade of sanctioned goods, and 87 new entities to the list of those directly supporting Russia’s military and industrial complex in the war against Ukraine.
As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.
OFAC settles with international financial institution
On June 20, the U.S Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement with a Latvia-based bank—a subsidiary of an international financial institution headquartered in Sweden—to resolve potential civil liability stemming from OFAC’s Crimea sanctions. According to OFAC’s web notice, in 2015 and 2016, a shipping industry client of the Latvia-based subsidiary bank made 386 transactions totaling over $3 million through its e-banking platform from a Crimea-based IP address to persons in Crimea, which were processed through U.S. correspondent banks. OFAC alleges that in 2016, the client attempted to make a payment to a U.S. correspondent bank from a Crimea-based IP address, but after the payments were rejected and the bank was reassured by the client that the transactions did not involve Crimea, the bank rerouted the payment through a different U.S. correspondent bank. OFAC alleges that the bank had client onboarding information that the client had a physical presence in Crimea, so the bank had reason to know that the transactions in fact involved Crimea. OFAC also accused the bank of not integrating the client’s IP data into its sanctions screening processes.
In arriving at the $3.4 million settlement amount, OFAC considered, among other things, that the bank willfully violated U.S. sanctions by not self-disclosing the violations, which is required as a third party. According to the OCC, the bank failed to exercise due caution or care in neglecting to account for the client’s presence in Crimea, and instead solely relied on the client’s reassurances when it possessed contradictory information. OFAC also claimed that the bank had many customers in Crimea, and therefore had reason to know the origin of the payments it was processing. OFAC also considered several mitigating factors, including that: (i) the bank has not received a penalty notice from OFAC in the preceding five years; (ii) the bank and the financial institution took remedial action; and (iii) the bank and the financial institution cooperated with OFAC’s requests for information.
OFAC said that this action “demonstrates the importance of implementing and maintaining effective, risk-based sanctions compliance controls, especially for sophisticated financial institutions operating in proximity to high-risk regions.” OFAC added that this case also demonstrates the importance of undertaking reasonable efforts to investigate red flags. Finally, OFAC noted that this matter underscores the importance of remaining vigilant against efforts by entities based in Crimea, Russia, and other high-risk countries seeking to evade sanctions and elude compliance controls.
OFAC clarifies impact of sanctions on humanitarian assistance and trade
On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.
OFAC sanctions individuals and entities connected to Russia’s corruption in Moldova
On June 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against seven leading members of a Russian intelligence-linked group and an entity connected to one of these individuals, for their role in “the destabilization campaign and continued malign influence campaigns in Moldova.” OFAC previously sanctioned individuals and entities endeavoring in similar efforts to undermine Moldova’s democracy, (covered by InfoBytes here). OFAC also mentioned in the announcement that the EU sanctioned Russian and Moldovan individuals for the same crimes. The designated individuals for these sanctions, OFAC said, are part of a global information operation connected to the Russian Federation—targeting not only Moldova, but other Balkan countries, the EU, UK, and U.S.—that provokes anti-government demonstrations designed to instill fear that undermines faith in democratic principles. Notably, the actors designated were part of a plot to “capitalize on these protests in Chisinau and seize the Moldovan Government House,” OFAC stated. As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.
OFAC issues new general licenses related to Russia and Venezuela sanctions
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently released two general licenses relating to Russia and Venezuela. Newly issued Russia-related General License (GL) 69 authorizes certain debt securities servicing transactions issued by an identified bank that would otherwise be prohibited by Executive Order (E.O.) 14024. Interest or principal payments on the authorized transactions cannot be made to persons located in the Russian Federation, and any payments made to a blocked person must be done in accordance with the Russian Harmful Foreign Activities Sanctions Regulations regardless of where the person is located.
Additionally, OFAC also issued GL 8L, which authorizes transactions involving Petróleos de Venezuela, S.A. (PdVSA) that are deemed necessary for the wind down of operations in Venezuela for certain entities. While authorizing some transactions, GL 8L also includes a comprehensive list of transactions that are not authorized, including “[a]ny loans to, accrual of additional debt by, or subsidization of PdVSA, or any entity in which PdVSA owns, directly or indirectly, a 50 percent or greater interest, including in kind, prohibited by E.O. 13808 of August 24, 2017, as amended by E.O. 13857, and incorporated into the [Venezuela Sanctions Regulations].”
OFAC issues new general licenses related to Russia and Venezuela sanctions
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently released two general licenses relating to Russia and Venezuela. Newly issued Russia-related General License (GL) 69 authorizes certain debt securities servicing transactions issued by an identified bank that would otherwise be prohibited by Executive Order (E.O.) 14024. Interest or principal payments on the authorized transactions cannot be made to persons located in the Russian Federation, and any payments made to a blocked person must be done in accordance with the Russian Harmful Foreign Activities Sanctions Regulations regardless of where the person is located.
Additionally, OFAC also issued GL 8L, which authorizes transactions involving Petróleos de Venezuela, S.A. (PdVSA) that are deemed necessary for the wind down of operations in Venezuela for certain entities. While authorizing some transactions, GL 8L also includes a comprehensive list of transactions that are not authorized, including “[a]ny loans to, accrual of additional debt by, or subsidization of PdVSA, or any entity in which PdVSA owns, directly or indirectly, a 50 percent or greater interest, including in kind, prohibited by E.O. 13808 of August 24, 2017, as amended by E.O. 13857, and incorporated into the [Venezuela Sanctions Regulations].”
OFAC expands Russian sanctions
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several actions targeting Russia’s attempts to circumvent or evade sanctions and implemented other economic measures to degrade the country’s capacity to wage its war against Ukraine. In coordination with the G7 and other international partners, OFAC implemented several new commitments to cut Russia off from revenue streams and key inputs needed to equip its military. The sanctions target 22 individuals and 104 entities with touchpoints in more than 20 countries or jurisdictions with involvement in the technology, energy, and financial services sectors. OFAC also expanded sanctions authorities to target new sectors of Russia’s economy and sever the country’s access to several new categories of services. Additional sanctions-related measures include the designation or identification as blocked property of nearly 200 individuals, entities, vessels, and aircraft by the State Department. Concurrently, the Commerce Department significantly expanded the territorial reach and categories covered by its export controls and added 71 entities to its Entity List to prevent Russia from accessing goods needed for its war.
OFAC noted that it also expanded its Russia-related sanctions authorities through the issuance of a determination that identifies the architecture, engineering, construction, manufacturing, and transportation sectors of the Russian economy pursuant to Executive Order (E.O.) 14024. The determination complements existing sanctions authorities and allows for additional economic costs to be imposed on Russia and for sanctions to be imposed on any person determined to operate of have operated in any of the sectors. OFAC issued a second determination pursuant to E.O. 14071 (effective June 18) to prohibit the “exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of architecture services or engineering services to any person located in the Russian Federation.” (See new OFAC FAQs and general licenses here.)
Additionally, OFAC amended Directive 4 under E.O. 14024 “to require U.S. persons to report to OFAC any property in their possession or control in which the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation has an interest.”
Earlier in the month, OFAC also announced sanctions against a Russian ransomware actor for being complicit in cyberattacks against U.S. law enforcement, businesses, and critical infrastructure. OFAC commented that analysis conducted by FinCEN found that “75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf.”
As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license.
FinCEN, Commerce urge monitoring of attempts to evade Russian export controls
On May 19, FinCEN and the Department of Commerce’s Bureau of Industry and Security (BIS) issued a supplemental joint alert urging continued vigilance for potential Russian export control evasion attempts. The alert reinforces ongoing initiatives to further constrain and prevent Russia from accessing critical technology and goods to support its war-making efforts against Ukraine. It follows a joint alert issued last June which urged financial institutions to take a “risk-based approach” for identifying potentially suspicious activity, such as end-use certificates, export documents, or letters of credit-based trade financing. (Covered by InfoBytes here.) The supplemental alert provides information on new export control restrictions implemented since the last joint alert was issued, including evasion typologies, new high priority Harmonized System codes to inform U.S. financial institutions’ customer due diligence, and additional transactional and behavioral red flags to help identify suspicious transactions relating to possible export control evasion.