InfoBytes Blog

FinCEN announces second exchange on ransomware

On July 15, the Financial Crimes Enforcement Network (FinCEN) announced it will host a “FinCEN Exchange” in August with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss continuing concerns regarding ransomware. According to FinCEN, the exchange builds upon FinCEN’s November 2020 event regarding ransomware and “will assist its government and private sector partners to inform next steps to address ransomware and focus resources to mitigate the threat.” FinCEN also notes that ransomware attacks are a growing concern and efforts to detect and report ransomware payments are “vital to prevent and deter ransomware attacks.” Recent efforts by FinCEN to do just that include issuing two advisories in October 2020 to aid U.S. individuals and businesses in combating ransomware scams and attacks (covered by InfoBytes here) and issuing the first government-wide priorities for anti-money laundering and countering the financing of terrorism policy pursuant to the Anti-Money Laundering Act of 2020 in June (covered by InfoBytes here).

Financial Crimes FinCEN Ransomware Of Interest to Non-US Persons Anti-Money Laundering Act of 2020

NYDFS issues ransomware guidance

On June 30, NYDFS announced new guidance for preventing ransomware attacks. In the guidance, NYDFS identified cybersecurity controls that decrease the risk of a ransomware attack. In examining ransomware incidents reported by its regulated entities over the past year and a half, NYDFS observed that incidents follow a similar pattern where “hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups.” Following guidance from the Federal Bureau of Investigation, NYDFS recommended that companies avoid making ransomware payments if their networks are compromised. NYDFS also urged all regulated entities to prepare for a ransomware attack by implementing measures such as: (i) training employees in cybersecurity awareness; (ii) implementing a vulnerability and patch management program; (iii) utilizing multi-factor authentications and strong passwords; (iv) using monitoring and response to detect intruders; (v) and having a ransomware-specific incident response plan. NYDFS Superintendent Linda A. Lacewell noted that “[c]ybercriminals are not only extorting individual companies but also jeopardizing the stability of the financial services industry.”

Agency Rule-Making & Guidance NYDFS Ransomware Privacy/Cyber Risk & Data Security State Issues State Regulators Bank Regulatory

G7 urges financial services sector to mitigate ransomware attacks

On October 13, the member nations of the G7 issued a joint statement stressing their commitment to working with the financial services sector to address and mitigate ransomware attacks. The statement highlights the recent increase in ransomware attacks over the last few years and notes that the scale, sophistication, and frequency has intensified as attackers “demand payments primarily in virtual assets to facilitate money laundering.” These ransom payments, the G7 warns, “can incentivize further malicious cyber activity; benefit malign actors and fund illicit activities; and present a risk of money laundering, terrorist financing, and proliferation financing, and other illicit financial activity.” The G7 reminds financial institutions that paying ransom is subject to anti-money laundering/combating the financing of terrorism (AML/CFT) laws and regulations, and warns non-financial services companies that providing certain services, such as money transfers, may subject them to the same obligations. The G7 further urges entities to follow international obligations for reporting ransom payments as suspicious activity and to take measures to prevent sanctions evasions. Moreover, the G7 recommends that entities implement standards set by the Financial Action Task Force to reduce criminals’ access to and use of financial services and digital assets, and emphasizes the importance of implementing effective programs to “hold and exchange information about the originators and beneficiaries of virtual asset transfers.” The G7 plans to share information related to ransomware threats, explore opportunities for coordinated targeted financial sanctions, and encourage a global implementation of AML/CFT obligations on virtual assets and virtual asset service providers.

Federal Issues Ransomware Privacy/Cyber Risk & Data Security Of Interest to Non-US Persons FATF

CSBS and others release ransomware mitigation tool

On October 13, the Conference of State Bank Supervisors (CSBS), joined by the Bankers Electronic Crimes Task Force and the U.S. Secret Service, released a self-assessment tool to help supervised financial institutions mitigate the risk of ransomware attacks. The tool will also help financial institutions assess how well they are managing risks and identify gaps for increasing security. CSBS developed the tool in conjunction with the U.S. Secret Service and the Bankers Electronic Crimes Task Force as incidents of ransomware have been on the rise and continue to spread.

State Issues CSBS Ransomware Privacy/Cyber Risk & Data Security

FinCEN, OFAC issue ransomware advisories

On October 1, the U.S. Treasury Department’s Office of Terrorism and Financial Intelligence issued two advisories to aid U.S. individuals and businesses in combating ransomware scams and attacks. In issuing the advisories, Treasury emphasized that “[e]fforts to detect and report ransomware payments are vital to prevent and deter cyber actors from deploying malicious software to extort individuals and businesses, and to hold ransomware attackers accountable for their crimes.” The advisory released by FinCEN, titled the Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, provides information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags indicators. Among other things, the advisory urges financial institutions to file suspicious activity reports when handling any transfer of funds related to a ransomware-related activity, and provides information on effectively reporting and sharing information related to ransomware attacks.

The advisory released by Treasury’s Office of Foreign Assets Control (OFAC), titled the Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, cautions that companies that facilitate ransomware payments to cyber actors on behalf of victims targeted by ransomware activities may face potential sanctions risks. Among other things, the advisory encourages financial institutions and other companies that engage with victims of ransomware attacks to implement risk-based compliance programs “to mitigate exposure to sanctions-related violations,” and to report such attacks to law enforcement. These sanctions compliance programs, OFAC emphasizes, “should account for the risk that a ransomware payment may involve [a specially designated national] or blocked person, or a comprehensively embargoed jurisdiction.” OFAC also cautions companies to consider whether they also need to comply with FinCEN’s regulatory obligations. Furthermore, the advisory provides U.S. government resources for reporting ransomware attacks, as well as guidance on factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation.

Federal Issues FinCEN Department of Treasury OFAC Ransomware Of Interest to Non-US Persons Financial Crimes