Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • White House orders DOJ and CFPB to better protect citizens’ sensitive personal data

    Privacy, Cyber Risk & Data Security

    On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”

    A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.

    Privacy, Cyber Risk & Data Security Federal Issues Department of Justice CFPB Executive Order Department of Homeland Security White House Big Data China Russia Iran North Korea Cuba Venezuela

  • FTC reports on efforts to combat cross-border fraud and ransomware attacks

    Federal Issues

    On October 20, the FTC published two reports outlining its efforts to protect consumers against cross-border fraud and ransomware attacks. 

    In the first report, the FTC described the US SAFE Web Act (SAFE WEB), passed in 2006, as an “indispensable” tool to combat cross-border fraud and protect consumers in an increasingly global and digital economy.  For example, the report noted that since SAFE WEB was passed, the FTC has used the law in myriad ways: issuing more than 140 civil investigative demands on behalf of 21 foreign agencies from eight countries; engaging in 148 staff exchanges to build cooperation with foreign counterparts; and sharing confidential information from FTC files with 43 law enforcement agencies in twenty different countries.  The report also indicated that SAFE WEB has allowed the FTC to pursue and stop harmful conduct in the US and defend against challenges to its jurisdictional authority over foreign companies targeting American consumers.  Notably, SAFE WEB helped the FTC (i) shut down a real estate investment scam that took in more than $100 million (the largest such scheme the FTC has ever targeted); (ii) cooperate with privacy authorities in Canada and the United Kingdom to pursue actions against an online dating site that deceived consumers and failed to protect the account and profile information of more than 36 million individuals; (iii) and work with foreign law enforcement agencies to stop fraudulent money transfers to certain money transfer companies located in Spain in connection with a Nigerian email scam.  The FTC recommends that Congress permanently reauthorize SAFE WEB to preserve the agency’s ability to fight cross-border fraud.

    In the second report, the FTC discussed its work to target ransomware and other cyber-attacks.  The FTC highlighted its longstanding data security enforcement program, which seeks to ensure that businesses engage in reasonable practices to protect the data of their customers.  Moreover, the RANSOMWARE Act refers specifically to China, Russia, North Korea, and Iran.  The report stated that although the FTC has taken data security-related enforcement actions involving connections to China and Russia, the FTC has had limited interactions with government agencies in China, Russia, North Korea, and Iran.  The report included several recommendations for Congress, including making SAFE WEB permanent, amending a provision in the FTC act which would restore the FTC’s ability to provide refunds to harmed consumers, and enacting privacy and data security legislation which would be enforceable by the FTC.  The FTC also urged businesses to take steps to safeguard customer data, including retaining information only so long as there is a legitimate business need, restricting access to sensitive data, and storing personal information securely and protecting it during transmission.

    Federal Issues FTC Ransomware Fraud

  • EU-U.S. release statement on Joint Financial Regulatory Forum

    Federal Issues

    On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”

    Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.

    Federal Issues Bank Regulatory Financial Crimes Digital Assets Of Interest to Non-US Persons EU Department of Treasury Federal Reserve CFTC FDIC SEC OCC Anti-Money Laundering Combating the Financing of Terrorism

  • OFAC sanctions Burma Ministry of Defense and supporting financial institutions

    Financial Crimes

    On June 21, pursuant to Executive Order 14014, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Burma’s Ministry of Defense and two regime-controlled financial institutions. In announcing the sanctions, OFAC explained that the Burmese military, which overthrew the country’s democratic government in February 2021, has increased its reliance on air strikes in civilian populated areas, resulting in the death of more than 3,600 civilians and displacing nearly than 1.5 million people, and that Burma’s Ministry of Defense has imported goods from sanctioned entities in Russia to support the Burmese military. OFAC detailed that the two sanctioned financial institutions, which primarily function as foreign currency exchanges, “enable Burma’s Ministry of Defense and other sanctioned military entities to purchase arms and other materials from foreign sources.” As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless authorized by a general or specific OFAC license, or if otherwise exempt.

    In conjunction with the sanctions, OFAC issued a Burma-related special license (See General License 5).

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions Department of Treasury Burma Russia SDN List

  • OFAC sanctions Russians for election influence

    Financial Crimes

    On June 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against two individuals for attempting to conduct “global malign influence operations,” including efforts to influence a U.S. local election. According to OFAC, the designated individuals are Russian Federal Security Service officers who operate as part of a mission that provokes anti-government and anti-democratic positions designed to undermine faith in democratic principles, weaken U.S. diplomatic connections, and exploits societal divisions in an effort to expand Russia’s influence. OFAC said one of the individuals directed more than six U.S. co-conspirators, including two who ran in local U.S. elections, to report on the activities of political groups. OFAC designated the two individuals “for having acted or purported to act for or on behalf of, directly or indirectly, the Government of the Russian Federation.” The designated individuals were also recently indicted by the DOJ as well as by the U.S. Attorney’s Office for the Middle District of Florida. In a parallel action announced the same day, the EU released its Eleventh Package of sanctions against Russia. The Eleventh Package added, among other things, over 100 individuals and entities subject to asset freezes, a new anti-circumvention tool to restrict the trade of sanctioned goods, and 87 new entities to the list of those directly supporting Russia’s military and industrial complex in the war against Ukraine.

    As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions Department of Treasury Ukraine Russia SDN List

  • OFAC settles with international financial institution

    Financial Crimes

    On June 20, the U.S Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement with a Latvia-based bank—a subsidiary of an international financial institution headquartered in Sweden—to resolve potential civil liability stemming from OFAC’s Crimea sanctions. According to OFAC’s web notice, in 2015 and 2016, a shipping industry client of the Latvia-based subsidiary bank made 386 transactions totaling over $3 million through its e-banking platform from a Crimea-based IP address to persons in Crimea, which were processed through U.S. correspondent banks. OFAC alleges that in 2016, the client attempted to make a payment to a U.S. correspondent bank from a Crimea-based IP address, but after the payments were rejected and the bank was reassured by the client that the transactions did not involve Crimea, the bank rerouted the payment through a different U.S. correspondent bank. OFAC alleges that the bank had client onboarding information that the client had a physical presence in Crimea, so the bank had reason to know that the transactions in fact involved Crimea. OFAC also accused the bank of not integrating the client’s IP data into its sanctions screening processes.

    In arriving at the $3.4 million settlement amount, OFAC considered, among other things, that the bank willfully violated U.S. sanctions by not self-disclosing the violations, which is required as a third party. According to the OCC, the bank failed to exercise due caution or care in neglecting to account for the client’s presence in Crimea, and instead solely relied on the client’s reassurances when it possessed contradictory information. OFAC also claimed that the bank had many customers in Crimea, and therefore had reason to know the origin of the payments it was processing. OFAC also considered several mitigating factors, including that: (i) the bank has not received a penalty notice from OFAC in the preceding five years; (ii) the bank and the financial institution took remedial action; and (iii) the bank and the financial institution cooperated with OFAC’s requests for information.

    OFAC said that this action “demonstrates the importance of implementing and maintaining effective, risk-based sanctions compliance controls, especially for sophisticated financial institutions operating in proximity to high-risk regions.” OFAC added that this case also demonstrates the importance of undertaking reasonable efforts to investigate red flags. Finally, OFAC noted that this matter underscores the importance of remaining vigilant against efforts by entities based in Crimea, Russia, and other high-risk countries seeking to evade sanctions and elude compliance controls. 

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions Department of Treasury Settlement Latvia Russia Enforcement

  • OFAC clarifies impact of sanctions on humanitarian assistance and trade

    Financial Crimes

    On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Iran Syria North Korea Cuba Russia Venezuela Covid-19

  • OFAC sanctions individuals and entities connected to Russia’s corruption in Moldova

    On June 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against seven leading members of a Russian intelligence-linked group and an entity connected to one of these individuals, for their role in “the destabilization campaign and continued malign influence campaigns in Moldova.” OFAC previously sanctioned individuals and entities endeavoring in similar efforts to undermine Moldova’s democracy, (covered by InfoBytes here). OFAC also mentioned in the announcement that the EU sanctioned Russian and Moldovan individuals for the same crimes. The designated individuals for these sanctions, OFAC said, are part of a global information operation connected to the Russian Federation—targeting not only Moldova, but other Balkan countries, the EU, UK, and U.S.—that provokes anti-government demonstrations designed to instill fear that undermines faith in democratic principles. Notably, the actors designated were part of a plot to “capitalize on these protests in Chisinau and seize the Moldovan Government House,” OFAC stated. As a result of these sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.

    Financial Crimes OFAC OFAC Designations OFAC Sanctions SDN List Department of Treasury Of Interest to Non-US Persons Russia Moldova

  • OFAC sanctions Russian paramilitary leader in Mali

    Financial Crimes

    Recently, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14024, against a Mali-based principal administrator and head of a Russian private military company’s paramilitary units. Aside from acting as a key player in Russia’s war against Ukraine, the private military company “has meddled in and destabilized countries in Africa, committing widespread human rights abuses and appropriating natural resources,” OFAC said, noting that the sanctioned individual worked with the Malian government to support incoming paramilitary forces to Mali, including preparing living quarters and arranging meetings with officials from several African nations. The action follows previous sanctions issued against those working with or supporting the private military company’s destabilizing activities, involving human rights abuses, and appropriating natural resources.

    As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless authorized by a general or specific OFAC license, or otherwise exempt.

    Financial Crimes OFAC OFAC Designations OFAC Sanctions SDN List Department of Treasury Mali

  • OFAC issues new general licenses related to Russia and Venezuela sanctions

    Financial Crimes

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently released two general licenses relating to Russia and Venezuela. Newly issued Russia-related General License (GL) 69 authorizes certain debt securities servicing transactions issued by an identified bank that would otherwise be prohibited by Executive Order (E.O.) 14024. Interest or principal payments on the authorized transactions cannot be made to persons located in the Russian Federation, and any payments made to a blocked person must be done in accordance with the Russian Harmful Foreign Activities Sanctions Regulations regardless of where the person is located.

    Additionally, OFAC also issued GL 8L, which authorizes transactions involving Petróleos de Venezuela, S.A. (PdVSA) that are deemed necessary for the wind down of operations in Venezuela for certain entities. While authorizing some transactions, GL 8L also includes a comprehensive list of transactions that are not authorized, including “[a]ny loans to, accrual of additional debt by, or subsidization of PdVSA, or any entity in which PdVSA owns, directly or indirectly, a 50 percent or greater interest, including in kind, prohibited by E.O. 13808 of August 24, 2017, as amended by E.O. 13857, and incorporated into the [Venezuela Sanctions Regulations].”

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions Department of Treasury Russia Venezuela

Pages

Upcoming Events