FFIEC Releases Statement on OFAC Cyber-Related Sanctions

November 2018
FFIEC Releases Statement on OFAC Cyber-Related Sanctions

The Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement alerting financial institutions to recent actions taken by the Department of Treasury’s Office of Foreign Asset Control (OFAC) under their Cyber-Related Sanctions Program and to the potential impact it may have on financial institutions’ risk-management programs.

The statement describes the issues a financial institution should consider regarding the effect of sanctions on the operations of the financial institution and the implications of the continued use of products or services provided by a sanctioned entity.

Since the program’s inception, OFAC has issued sanctions against entities that are responsible for, are complicit in, or that have engaged in, certain malicious cyber-enabled activities, and providing material and technological support to malicious cyber actors that have targeted U.S. organizations. Some sanctioned entities may offer services to financial institutions that operate in the United States. As a result of OFAC’s sanctions, all property and interests in property of the designated persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.

Financial institutions should refer to OFAC resources or the FFIEC’s Information Technology Examination Handbook for information on requirements and expectations regarding OFAC-related compliance and operational risk management.

Attachment: Joint Statement

Agency Contact Phone
BCFP John Czwartacki 202.435.7170
FDIC Greg Hernandez 202.898.6984
Federal Reserve Darren Gersh 202.452.2955
NCUA Ben Hardaway 703.518.6333
OCC Stephanie Collins 202.649.6870
SLC Matt Longacre 202.803.8091

 

Last modified on
05/13/19