InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions individuals and entities tied to ISIS
On November 7, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against four members of an Islamic State of Iraq and Syria (ISIS) cell operating in South Africa, along with eight companies owned, controlled, or directed by the individuals in the ISIS cell. According to OFAC, the individuals provided technical, financial, or material support to the terrorist group. As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities, and of “any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons” that are subject to U.S. jurisdiction are blocked. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the designated individuals or entities may themselves be exposed to designation, OFAC warned, adding that foreign financial institutions that knowingly conduct or facilitate significant transactions to any of the sanctioned persons could also be subject to U.S. sanctions.
OFAC sanctions Haitian politicians for narcotics trafficking
On November 4, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), along with the Government of Canada, announced sanctions pursuant to Executive Order 14059 against two Haitian politicians for having allegedly “engaged in, or attempted to engage in, activities or transactions that have materially contributed to, or pose a significant risk of materially contributing to, the international proliferation of illicit drugs or their means of production.” OFAC said it coordinated its efforts closely with the Drug Enforcement Administration on this designation. As a result, all property, and interests in property of the designated individuals and “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s regulations also generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of designated or otherwise blocked persons. OFAC also warned that “persons that engage in certain transactions with the individuals designated today may themselves be exposed to sanctions or subject to an enforcement action. Furthermore, unless an exception applies, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for the individuals designated today could be subject to U.S. sanctions.”
OFAC sanctions oil shipping network connected to IRGC-QF and Hizballah
On November 3, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against members of an international oil smuggling network for allegedly facilitating oil trades and generating revenue for Hizballah and the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF). Included are “several key individuals and numerous front companies and vessels involved in blending oil to conceal the Iranian origins of the shipments and exporting it around the world in support of Hizballah and the IRGC-QF.” According to Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson, the responsible individuals “use a web of shell companies and fraudulent tactics including document falsification to obfuscate the origins of Iranian oil, sell it on the international market, and evade sanctions” in order to generate revenue to enable Hizballah and IRGC-QF terrorist activities. The sanctions follow the designation of another Iranian oil smuggling network earlier in May (covered by InfoBytes here). As a result, all property, and interests in property of the designated persons, “and of any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons, must be blocked and reported to OFAC.” Unless authorized by general or specific OFAC licenses or otherwise exempt, OFAC regulations generally prohibit all transactions by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of designated individuals. OFAC further warned that “engaging in certain transactions with the individuals and entities designated today entails risk of secondary sanctions.” Additionally, OFAC warned that a foreign financial institution that knowingly conducts or facilitates a significant transaction on behalf of a Specially Designated Global Terrorist could be subject to U.S. correspondent or payable-through account sanctions.
FinCEN reports significant increase in ransomware-related BSA filings in 2021
On November 1, FinCEN reported that ransomware continues to pose a significant threat to U.S. infrastructure, businesses, and the public, with ransomware-related Bank Secrecy Act (BSA) filings in 2021 accounting for nearly $1.2 billion. Issued pursuant to the Anti-Money Laundering Act of 2020, FinCEN’s Financial Trend Analysis examines ransomware activities for calendar year 2021, with a particular focus on ransomware trends in BSA data from July-December 2021. According to FinCEN, reported ransomware-related incidents have substantially increased from 2020, with roughly 75 percent of these incidents reported during the second half of 2021 emanating from or connected to actors in Russia. Highlights from the report include: (i) the number and total U.S. dollar value for ransomware-related incidents during 2021 far exceeds data for any previous year, with FinCEN reporting a 188 percent increase from 2020 to 2021 (possibly reflecting either an increase of ransomware-related incidents or improved reporting and detection); (ii) an average of 132 and a median of 136 ransomware-related incidents per month were reported during the review period (Treasury’s October 2021 measures to combat ransomware — covered by InfoBytes here — and potentially associated reporting obligations may have contributed to the overall rise in 2021 filings, FinCEN noted); and (iii) of the 793 ransomware-related incidents reported during the second half of 2021, 594 (roughly 75 percent) pertained to Russia-related variants.
The same day, Deputy Secretary of the Treasury Wally Adeyemo hosted participants from 36 countries during the second International Counter Ransomware Initiative Summit where attendees examined the challenges presented by ransomware and discussed the U.S.’s whole-of-government approach for responding to serious threats posed by bad actors.
OFAC sanctions terrorist weapons trafficking network tied to ISIS-Somalia
On November 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against the Islamic State in Somalia (ISIS-Somalia) — marking the first time this affiliate of the Islamic State of Iraq and Syria (ISIS) is being designated. The action follows designations taken by OFAC earlier in the month against a network of financial facilitators who hold leadership roles and are key interlocutors between the group and local companies in Somalia (covered by InfoBytes here). According to OFAC, the designated persons serve as “critical nodes for a weapons trafficking network that is closely integrated with ISIS-Somalia,” and maintain “strong ties to al-Qa’ida in the Arabian Peninsula (AQAP) and al-Shabaab.” Addressing the significance of the sanctions, Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said “[t]oday, we take direct aim at the networks funding and supplying both ISIS-Somalia and al-Shabaab that support their violent acts. The involvement of those designated today in other criminal activity, including piracy and illegal fishing, demonstrates the extent of ISIS-Somalia’s integration with illicit networks and other terrorist organizations operating in the region.” “Treasury is committed to working with partners in the region to disrupt the financing of ISIS and al-Shabaab,” Nelson said.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the individuals or entities designated today may themselves be exposed to designation, OFAC warned, adding that foreign financial institutions that knowingly facilitate significant transactions or provide significant financial services to any of the sanctioned persons could also be subject to U.S. sanctions.
OFAC clarifies guidance on Russian oil price cap
On October 31, the U.S. Treasury Department’s Office of Foreign Assets Control published Russia-related frequently asked question 1094, to clarify when Russian Federation origin crude oil will be subject to a price cap announced earlier in September. As previously covered by InfoBytes, Treasury recently issued preliminary guidance on implementing a maritime services policy and related price exception for seaborne Russian oil, which is intended to establish a framework for Russian oil to be exported by sea under a capped price, as well as a ban on services for any shipments of seaborne Russian oil above the capped price. The policy, which relates to a broad range of services in connection with the maritime transportation of Russian Federation origin crude oil and petroleum products, will become effective December 5, 2022, for the maritime transportation of crude oil and on February 5, 2023, for the maritime transportation of petroleum products.
FinCEN issues statements on its lists of jurisdictions with AML/CFT/CPF deficiencies
On October 31, FinCEN announced that the Financial Action Task Force (FATF) issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”
FinCEN’s announcement also informed members that FATF added Burma to the list of High-Risk Jurisdictions Subject to a Call for Action, and advised jurisdictions to apply enhanced due diligence proportionate to the risks. Moreover, U.S. financial institutions should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. Removed from the list of jurisdictions subject to increased monitoring are Nicaragua and Pakistan. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”
FinCEN renews and expands real estate GTOs
On October 26, FinCEN renewed and expanded its Geographic Targeting Orders (GTOs). The GTOs require U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in certain counties within the following major metropolitan areas: “Boston; Chicago; Dallas-Fort Worth; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; Seattle; the District of Columbia, Northern Virginia, and Maryland (DMV) area; as well as the City and County of Baltimore; the County of Fairfield, Connecticut; and the Hawaiian islands of Honolulu, Maui, Hawaii, and Kauai.” FinCEN also expanded the geographic coverage of the GTOs to counties encompassing Houston and Laredo, Texas, after the agency—in conjunction with law enforcement partners—identified the regions as presenting greater risks for illicit finance activity through non-financed purchases of residential real estate. The purchase amount threshold remains set at $300,000 for residential real estate purchased in the covered areas, with the exception of the City and County of Baltimore for which the purchase threshold is $50,000. The renewed GTOs take effect October 27 and end April 24, 2023. The effective period for the newly added areas begins on November 25.
FinCEN FAQs regarding the GTOs are available here.
OFAC sanctions individuals and entities connected to Russia’s corruption in Moldova
On October 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Orders 13818 and 14024 against nine individuals and 12 entities in an attempt to counter the Russian Federation’s “persistent malign influence campaigns and systemic corruption in Moldova.” Included among the sanctioned persons are “oligarchs widely recognized for capturing and corrupting Moldova’s political and economic institutions and those acting as instruments of Russia’s global influence campaign, which seeks to manipulate the United States and its allies and partners, including Moldova and Ukraine,” OFAC said in the announcement. Notably, the designations also include a former Moldovan government official “who engaged in state capture by exerting control over and manipulating key sectors of Moldova’s government, including the law enforcement, electoral, and judicial sectors.” As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC warned that financial institutions and other persons that engage in certain transactions or activities with the sanctioned persons may themselves be exposed to sanctions or be subject to an enforcement action.
EU Court of Justice says controllers of personal data must take reasonable steps to inform third parties when consumer consent is withdrawn
On October 27, the European Court of Justice (ECJ) held that controllers of personal data must take reasonable steps to inform other controllers when a data subject withdraws consent. The decision stems from a request made by a subscriber to a Belgian telecommunications provider to not have his information included in the public telephone directories and directory inquiry services published by the company and other third parties. The controller pulled the subscriber’s information from the public record, but re-added the information to the directories after it received an update to the subscriber’s data that was not noted as being confidential. The subscriber submitted multiple requests for his data to be removed and submitted a complaint with the Belgian Data Protection Authority. The Data Protection Authority ordered the company to take remedial action and fined it €20,000 for infringing several provisions of the General Data Protection Regulation (GDPR). The controller appealed, “arguing that the consent of the subscriber is not required for the purposes of the publication of his or her personal data in the telephone directories, rather the subscribers must themselves request not to be included in those directories under an ‘opt-out’ system. In the absence of such a request, the subscriber concerned may in fact be included in those directories.” The Data Protection Authority contended, however, that the privacy and electronic communications directive “requires the ‘consent of subscribers’ within the meaning of the GDPR in order for the providers of directories to be able to process and pass on their personal data.”
The Brussels Court of Appeal referred questions to the ECJ for a preliminary ruling after determining that there are no specific rules “concerning the withdrawal by a subscriber of his or her statement of wishes or of that ‘consent.’” The ECJ determined that controllers of personal data must get consumers’ informed consent before publishing their information in a public directory. Further, the ECJ determined that such consent can be extended to any subsequent processing of data by third parties, provided the data is processed for the same purpose to which the consumer consented. However, consumers can withdraw consent at any time, and controllers are required to make reasonable efforts to notify third parties, including search engine providers, that are making use of that subscriber’s information of the withdrawal. Notably, the ECJ concluded that if various controllers rely on the single consent of a data subject, “it is sufficient, in order for that person to withdraw such consent, that he or she contacts any one of the controllers.”