With stories of cybercrime and cyberattacks buzzing in the headlines, it’s no surprise more sanctions, like those levied against North Korean officials and organizations, are back in the news. In fact, on April 1, 2015, President Barack Obama ramped up the OFAC sanctions program—and now he’s focusing on cyber-related threats.
Language in Executive Order 13694 targets individuals and groups outside the United States that use cyberattacks to threaten U.S. foreign policy, national security, economic health or financial stability. U.S. individuals and companies are prohibited from doing business with those designated as “cyber attackers” and will be required to freeze the assets of sanctioned cyber attackers.
What These OFAC Sanctions Mean for Cyber Attackers
Under EO 13694, sanctions may be imposed on any individuals or entities that engage in “significant malicious cyber-enabled activities.” These harms may be considered cyber-enabled activities:
- Harming or significantly compromising the provision of services by entities in a critical infrastructure sector
- Significantly disrupting the availability of a computer or network of computers
- Misappropriating funds or economic resources, trade secrets, personal identifiers or financial information for commercial or competitive advantage or private financial gain
- Knowingly receiving or using trade secrets that were stolen by cyber-enabled means for commercial or competitive advantage or private financial gain
- Attempting, assisting or providing material support for any of these harms
These OFAC sanctions are not meant to target the petty criminal; they’re meant to go after the heavy weights. The individuals and companies targeted are those doing significant and direct harm to the U.S.
What These OFAC Sanctions Mean for Your Financial Institution
Because specific names are yet to be added under EO 13694, there is no immediate effect on banks and financial institutions at this time; however, financial institutions need to monitor their watch list screening programs to make sure OFAC audit lists are up to date. Choosing a compliance partner like CSI will ensure your customer files are always being screened against the updated OFAC list.
Beyond watch list screening, your financial institutions must take additional measures to defend against cyber attackers. Cyberattacks are very hard to prevent when criminals are intent on hacking into your system. That’s why banks and other financial institutions should continue performing pre-audits and utilizing compliance and risk services to anticipate and prepare for criminal behavior.
Ronnie Wylie is the Data Services Manager with CSI Regulatory Compliance, where he oversees the company’s watch lists, list update process and the Data Services department. Ronnie has been with the regulatory compliance team for more than seven years, and he also is a member of ACAMS.