Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FCC launches inquiry to reduce cyber risks

    Privacy, Cyber Risk & Data Security

    On February 25, the FCC adopted a Notice of Inquiry proposed by FCC Chairwoman Jessica Rosenworcel that would launch an inquiry into the vulnerabilities of the internet’s global routing system, in response to the increasing risk of cyberattacks stemming from Russia’s invasion of Ukraine. The adopted inquiry solicits public comments on vulnerabilities threatening the security and integrity of the Border Gateway Protocol, which is central to the global routing of internet traffic. The inquiry also intends to evaluate how these security risks could impact the transmission of data through email, e-commerce, and bank transactions to interconnected Voiceover Internet Protocol and 911 calls and how best to address any identified challenges. Comments are due 30 days after publication in the Federal Register, with replies due 30 days later.

    Privacy/Cyber Risk & Data Security FCC Russia Ukraine Ukraine Invasion Federal Register

    Share page with AddThis
  • Special Alert: NYDFS guidance on cybersecurity and virtual currency responds to events in Ukraine

    State Issues

    The New York Department of Financial Services last week issued guidance on its cybersecurity and virtual currency regulations in response to the Russian military actions in Ukraine and recently imposed sanctions. NYDFS specifically raised the specter of elevated cyber risk due to ongoing cyberattacks against Ukraine, which could spill over to other networks, as well as potential direct attacks against U.S. critical infrastructure.

    Updated cybersecurity regulation guidance

    NYDFS suggested that regulated entities with programs pursuant to its cybersecurity regulation (23 NYCRR 500) have the potential to mitigate increased cyber threats and should take the following steps:

    • Review cybersecurity programs for compliance, with particular attention to certain safeguards and core cybersecurity hygiene measures, including access control, vulnerability management, and privileged access review
    • Review, update, and test incident-response and business-continuity plans and ensure they address ransomware events
    • Review and implement practices pursuant to the June 2021 Ransomware Guidance
    • Re-evaluate plans to maintain essential services and protect critical data in the event of an extended outage or service disruption
    • Conduct a full test of backup and recovery abilities
    • Provide additional cybersecurity awareness training and reminders for all employees 

    NYDFS also advised that regulated entities should keep track of known threat actors and take extra precautions when doing business in Russia and Ukraine, including segregating Russian and Ukrainian networks. Regulated entities must report cybersecurity events that meet the criteria of 23 NYCRR 500.17(a) as promptly as possible and within 72 hours, and should also report cybersecurity events immediately to law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency.

    Guidance in response to recent sanctions

    In the last week, the Biden administration imposed significant new sanctions targeting Russian assets, the Russian financial market, and Russian business dealings in response to Russia’s invasion of Ukraine. (See InfoBytes coverage here.) NYDFS reiterated that regulated entities should fully comply with U.S. sanctions on Russia, as well as Part 504 of its regulations regarding transaction monitoring and filtering. In order to comply with the new sanctions, NYDFS recommended that regulated entities take the following steps immediately:

    • Monitor all communications from NYDFS, the U.S. Department of the Treasury, the Office of Foreign Assets Control (OFAC), and other federal agencies on a real-time basis to keep tabs on the latest developments
    • Modify transaction monitoring and filtering programs as necessary to capture new sanctions as they are proposed
    • Monitor all transactions, particularly trade finance transactions and funds transfers, and identify and interdict transactions prohibited by U.S. sanctions.
    • Update OFAC compliance policies and procedures on a continuous basis to incorporate the recent sanctions and any new sanctions that may be imposed.

    Updated virtual currency regulation guidance

    NYDFS also cautioned that sanctioned entities may attempt to use virtual currency to evade sanctions. It said regulated entities must ensure they have “tailored policies, procedures, and processes to protect against the unique risks that virtual currency present” and are complying with the relevant state and federal laws, including the OFAC Sanctions Compliance Guidance for the Virtual Currency Industry and New York virtual currency regulation (23 NYCRR 200).  Additionally, regulated entities should monitor the effectiveness of virtual currency-specific control measures, including sanctions lists, geographic screening, geolocation tools/IP address identification and blocking capabilities, and transaction monitoring and investigative tools, including blockchain analytics tools.

    Buckley will continue to monitor the ongoing situation in Ukraine and provide updates in conjunction with significant developments.

    If you have any questions regarding the NYDFS guidance or the recent Ukraine-related sanctions against Russia, please visit our Privacy, Cyber Risk & Data Security or Bank Secrecy Act/Anti-Money Laundering & Sanctions practice pages, or contact a Buckley attorney with whom you have worked in the past.

    State Issues Financial Crimes Federal Issues NYDFS OFAC Department of Treasury OFAC Sanctions Privacy/Cyber Risk & Data Security Russia Ukraine Ukraine Invasion 23 NYCRR Part 500 Special Alerts

    Share page with AddThis
  • Special Alert: Russian invasion of Ukraine triggers significant sanctions (updated)

    Financial Crimes

    Over past few days, and following weeks of clear signals that sanctions would be imposed in response to military activity, the Biden administration issued significant new sanctions in response to the Russian Federation’s military invasion of Ukraine and its recognition of Ukraine’s separatist regions. The recent measures:

    • Freeze the U.S. assets of numerous Russian banks and their subsidiaries, including Russia’s second largest bank, VTB, the company behind the Nord Stream 2 pipeline and multiple Kremlin-connected individuals
    • Cut off Sberbank, Russia’s largest bank, from the U.S. financial system by prohibiting transactions involving Sberbank and imposing correspondent account-related prohibitions
    • Prohibit transactions in new debt and equity of 13 large Russian enterprises
    • Target secondary market dealings in Russian government debt
    • Impose a near complete prohibition on dealings with the separatist regions of Ukraine

    Financial Crimes Department of Treasury OFAC Biden OFAC Sanctions OFAC Designations Ukraine Russia Of Interest to Non-US Persons Special Alerts Ukraine Invasion

    Share page with AddThis
  • Special Alert: Russian invasion of Ukraine triggers significant sanctions

    Financial Crimes

    On February 21 and 22, following weeks of clear signals that sanctions would be imposed in response to military activity, the Biden administration issued significant new sanctions in response to the Russian Federation’s recognition of separatist regions of Ukraine and incursions of Russian troops. The new measures impose property-blocking sanctions on two state-owned banks (including their subsidiaries), target secondary market dealings in Russian debt, and impose a near complete prohibition on dealings with the separatist regions of Ukraine. Additionally, the Department of the Treasury took steps that enable it to impose sanctions on any person determined to be operating in Russia’s financial services sector. This appears to be an initial phase of sanctions activity and should military activity continue or escalate, it is likely that sanctions would similarly increase in stringency.

    The evolving nature of the U.S. sanctions response is evidenced by a recent announcement that the Biden administration will soon impose sanctions targeting Nord Stream 2 AG, the company behind the $11.3 billion pipeline project that was intended to carry gas from Russia to Germany. Buckley will continue to monitor the situation and provide updates.

    Financial Crimes Department of Treasury OFAC Biden OFAC Sanctions OFAC Designations Ukraine Russia Of Interest to Non-US Persons Special Alerts Ukraine Invasion

    Share page with AddThis
  • OFAC sanctions Russians engaged in Ukrainian destabilization activities

    Financial Crimes

    On January 20, the U.S. Treasury Department’s Office of Foreign Assets Control announced sanctions pursuant to Executive Order 14024 against four individuals engaged in Russian government-directed influence activities to destabilize Ukraine. OFAC stated that it will continue to take actions, including in partnership with the Ukrainian government, “to undercut Russia’s destabilization efforts.” The designations are the latest actions to target purveyors of Russian disinformation, including similar designations made last April (covered by InfoBytes here). As a result of the sanctions, all property and interests in property of the sanctioned individuals subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC noted that its regulations generally prohibit U.S. persons from participating in transactions with the designated persons, which include “the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person, or the receipt of any contribution or provision of funds, goods or services from any such person.”

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations SDN List Russia Ukraine Ukraine Invasion

    Share page with AddThis

Pages