Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC announces sanctions against Russia-based organization for malware attacks on financial institutions
On December 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against a Russia-based cybercriminal organization for allegedly developing and distributing malware that infected financial institutions and resulted in more than $100 million in theft. OFAC’s action targets 17 individuals and seven entities and is “intended to disrupt the massive phishing campaigns orchestrated by [the organization],” Treasury Secretary Steven T. Mnuchin stated. According to OFAC, the organization used the malware to infect computers and harvest login credentials from roughly 300 banks and financial institutions in over 40 countries, resulting in millions of dollars of damage to U.S. and international financial institutions and their customers. As a result of the sanctions, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, along with “any entities 50 percent or more owned by one or more designated persons.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons, and warned that “foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.”
In a concurrent action announced the same day, the DOJ unsealed criminal charges—including those related to international computer hacking and bank fraud schemes—against two of the organization’s members. In addition, Treasury’s Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency released a report providing a technical analysis of the malware and related variants, emphasizing that because the malware continues to target the financial services sector, financial institutions should review and incorporate the report’s techniques, tactics, and procedures into existing network defense capabilities and planning.
President Trump authorizes new sanctions on Russian sovereign debt; OFAC imposes prohibition on certain U.S. bank loans
On August 1, President Trump issued Executive Order (E.O.) 13883 titled “Administration of Proliferation Sanctions and Amendment of Executive Order 12851,” which authorizes sanctions on new issuances of Russian sovereign debt and directs the U.S. government to attempt to cut off international financing and forbids U.S. bank loans to governments subject to U.S. sanctions for using chemical or nuclear weapons. Among other things, E.O. 13883 allows the Secretary of the Treasury, in consultation with the Secretary of Defense, the authorization to (i) “oppose. . .the extension of any loan or financial or technical assistance to [a sanctioned] country by international financial institutions”; and (ii) “prohibit any U.S. bank from making any loan or providing any credit to the government of [a sanctioned] country, except for loans or credits for the purpose of purchasing food or other agricultural commodities or products.”
Following the issuance of E.O. 13883, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions on August 3 against the Russian Federation, which will “impos[e] a prohibition related to certain U.S. bank loans and will oppose multilateral development bank assistance to the Russian Federation.” According to OFAC, the sanctions are issued in response to Russia’s use of the “Novichok” nerve agent in the U.K. in March 2018. In order to implement the sanctions related to U.S. bank loans, OFAC issued the CBW Act Directive on August 2—scheduled to take effect August 26 following a required Congressional notification period—which “prohibits U.S. banks from participating in the primary market for non-ruble denominated bonds issued by the Russian sovereign and also prohibits U.S. banks from lending non-ruble denominated funds to the Russian sovereign.” OFAC also released a set of FAQs to provide guidance on the CBW Act Directive.
On June 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced its decision to sanction a Russian financial entity, pursuant to Executive Order 13382, for allegedly “having provided, or attempted to provide, financial, material, technological, or other support for, or goods or services” on behalf of an entity that is owned and controlled by North Korea’s primary foreign exchange bank. According to OFAC, since at least 2017 and continuing through 2018, the Russian entity has provided multiple accounts to the North Korean entity, which has “enabled North Korea to circumvent U.S. and UN sanctions to gain access to the global financial system in order to generate revenue for the Kim regime’s nuclear program.” Pursuant to OFAC’s sanctions, all property and interests in property of the designated persons within U.S. jurisdiction must be blocked and reported to OFAC. OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with these individuals and entities.
On March 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced its decision to sanction six Russian individuals and eight entities, pursuant to Executive Order 13661, for “playing a role in Russia’s unjustified attacks on Ukrainian naval vessels in the Kerch Strait, the purported annexation of Crimea, and backing of illegitimate separatist government elections in eastern Ukraine.” The action complements sanctions imposed the same day by the European Union and Canada as part of a coordinated effort “to counter Russia’s continued destabilizing behavior and malign activities.” As a result, all property and interests in property of the sanctioned individuals and entities, as well as any entities owned 50 percent or more by them, are blocked and U.S. persons are generally prohibited from entering into transactions with them.
Visit here for continuing InfoBytes cover of actions related to Russia and Ukraine.
On January 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) lifted sanctions on three companies identified last April in connection with sanctions imposed against a Russian oligarch. (See previous InfoBytes coverage here on the full list of sanctioned Russian oligarchs and government officials.) Under the terms of removal from OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), the companies reduced the sanctioned Russian oligarch’s “direct and indirect shareholding stake in these companies and severed his control.” The majority of directors on the companies’ boards going forward will be independent directors and include U.S. and European persons with no ties to identified persons on the SDN List. OFAC reports that the companies “have also agreed to unprecedented transparency for Treasury into their operations by undertaking extensive, ongoing auditing, certification, and reporting requirements.” The sanctions imposed against the Russian oligarch remain in place.
Visit here for additional InfoBytes coverage on Ukraine/Russian sanctions.
On November 13, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against four Hizballah-affiliated individuals for their alleged leadership roles in the group’s terrorist financial activities in Iraq, including providing support for the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF). According to OFAC, the sanctions were issued pursuant to Executive Order 13224, which “targets terrorists and those providing support to terrorists or acts of terrorism.” OFAC’s designations follow the Hizballah International Financing Prevention Amendments Act of 2018—signed into law October 25—along with the reimposition of Iran-related sanctions on November 5 (see previous InfoBytes coverage here), and reinforces U.S. efforts to “protect the international financial system by targeting Hizballah’s supporters, financial networks, and those that facilitate and enable its destabilizing activities worldwide.” Furthermore, OFAC states that the four Specially Designated Global Terrorists are also subject to secondary sanctions under the Hizballah Financial Sanctions Regulations, which implement the Hizballah International Financing Prevention Act of 2015, and allows OFAC to “prohibit or impose strict conditions on the opening or maintaining in the [U.S.] of a correspondent account or a payable-through account by a foreign financial institution that knowingly facilitates a significant transaction for Hizballah.” As a result, all property and interests in property belonging to the identified individuals subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from entering into transactions with them.
Visit here for additional InfoBytes coverage on sanctions involving Hizballah networks.
On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced its decision to sanction an additional three individuals and nine entities, pursuant to the Countering America’s Adversaries Through Sanctions Act of 2017 (CAATSA) and Executive Orders (E.O.) 13685 and 13661, for supporting Russia’s occupation of Crimea and parts of eastern Ukraine and its continued “malign activity and destabilizing behavior.” According to OFAC, two of the individuals and one of the entities placed on the Specially Designated Nationals and Blocked Persons List (SDN List) allegedly engaged in serious human rights abuses in “territories forcibly occupied or otherwise controlled by Russia” under the Support for the Sovereignty, Integrity, Democracy, and Economic Stability of Ukraine Act of 2014, as amended by CAATSA Section 228. Additionally, pursuant to E.O. 13685, OFAC imposed sanctions on eight entities and one individual allegedly responsible for helping Russia advance its interests by operating in the Crimea region of Ukraine. OFAC further noted that one of the eight entities is also designated for being owned or controlled by, directly or indirectly, a sanctioned Russian bank and a Russian national whose property and interests in property are blocked pursuant to E.O. 13661. As a result, all property and interests in property belonging to the identified individuals and entities subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from entering into transactions with them.
Visit here for additional InfoBytes coverage on Russia sanctions.
On November 5, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement alerting financial institutions to the potential impact that the U.S. Treasury Department’s Office of Foreign Assets Control’s (OFAC) recent actions under its Cyber-Related Sanctions Program may have on financial institutions’ risk management programs. OFAC implemented the Cyber-Related Sanctions Program in response to Executive Order 13694 to address individuals and entities that threaten national security, foreign policy, and the economy of the U.S. by malicious cyber-enabled activities. FFIEC’s press release announcing the joint statement references OFAC’s June action against five Russian entities and three Russian individuals who, through “malign and destabilizing cyber activities,” provided material and technological support to Russia’s Federal Security Service (previously covered by InfoBytes here), noting that these entities may offer services to financial institutions operating in the U.S.
The joint statement reminds financial institutions to ensure that their compliance and risk management processes address possible interactions with an OFAC sanctioned entity. The statement notes that continued use of products or services from a sanctioned entity may cause the financial institution to violate the OFAC sanctions. Additionally, use of software or technical services from a sanctioned entity may increase a financial institution’s cybersecurity risk. The statement encourages financial institutions to take appropriate corrective action, as well as to ensure their third-party service providers comply with OFAC’s requirements.
The OCC also released Bulletin 2018-40, which corresponds with the FFIEC’s joint statement.
President Trump issues Executive Order delegating sanctions implementation authority; OFAC issues new CAATSA - Russia-related FAQ
On September 20, President Trump announced the issuance of Executive Order 13849 (E.O. 13849), “Authorizing the Implementation of Certain Sanctions Set Forth in the Countering America’s Adversaries Through Sanctions Act (CAATSA),” pursuant to national emergencies previously declared in Executive Orders 13660, 13694, and 13757. E.O. 13849 grants authority to the Secretary of the Treasury to take certain actions to implement the sanctions against identified persons, including the promulgation of regulations. Among other things, E.O. 13849 prohibits: (i) any U.S. financial institution from making loans or extending credits to sanctioned persons “totaling more than $10,000,000 in any 12-month period, unless the person is engaged in activities to relieve human suffering and the loans or credits are provided for such activities”; (ii) any foreign exchange transactions, subject to U.S. jurisdiction, in which the sanctioned person has any interest; and (iii) transfers of credit or payments between, by, or through financial institutions for the benefit of a sanctioned person subject to U.S. jurisdiction. E.O. 13849 further describes the actions that can be taken to implement the sanctions.
In response to E.O. 13849, the U.S. Treasury Department’s Office of Foreign Assets Control published a new CAATSA - Russia-related FAQ providing additional clarifying information.
Find continuing InfoBytes covered on CAATSA-related sanctions here.
OFAC publishes new Ukraine-related FAQs providing guidance on “maintenance” related to wind-down activities
On September 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced the publication of two new FAQs to provide additional guidance on “maintenance” as that term is used in General Licenses (GLs) 14, 15, and 16. As previously covered in InfoBytes (see posts here, here, and here), the GLs authorize specified wind-down activities otherwise prohibited by Ukraine-related sanctions regulations. According to OFAC, maintenance “generally includes all transactions and activities ordinarily incident to performing under a contract or agreement in effect prior to April 6, 2018, provided that the level of performance is consistent with the terms of the general license and consistent with past practices that existed between the party and the blocked entity prior to April 6, 2018.”
Visit here for additional InfoBytes coverage on Ukraine/Russia-related sanctions.