The Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement alerting financial institutions to recent actions taken by the Department of Treasury’s Office of Foreign Asset Control (OFAC) under their Cyber-Related Sanctions Program and to the potential impact it may have on financial institutions’ risk-management programs.
The statement describes the issues a financial institution should consider regarding the effect of sanctions on the operations of the financial institution and the implications of the continued use of products or services provided by a sanctioned entity.
Since the program’s inception, OFAC has issued sanctions against entities that are responsible for, are complicit in, or that have engaged in, certain malicious cyber-enabled activities, and providing material and technological support to malicious cyber actors that have targeted U.S. organizations. Some sanctioned entities may offer services to financial institutions that operate in the United States. As a result of OFAC’s sanctions, all property and interests in property of the designated persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
Financial institutions should refer to OFAC resources or the FFIEC’s Information Technology Examination Handbook for information on requirements and expectations regarding OFAC-related compliance and operational risk management.
Attachment: Joint Statement
NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, NCUA operates and manages the National Credit Union Share
Insurance Fund, insuring the deposits of account holders in all federal credit unions and the overwhelming majority of
state-chartered credit unions. At MyCreditUnion.gov, NCUA also educates the public on consumer protection and financial literacy issues.