ransomware

Subscribe to ransomware

On January 13, 2022, Himamauli “Him” Das, the Acting Director of FinCEN, virtually addressed the Financial Crimes Enforcement Conference hosted by the American Bankers Association and the American Bar Association.  In his speech, Mr. Das highlighted the transformation and modernization of the anti-money laundering/counter-terrorist financing (“AML/CFT”) regulatory framework from a tool updated in the wake of September 11, 2001 to combat money flows to terrorist organizations, to an instrument designed to address the more complex current and future challenges presented by digital assets and strategic corruption.

Acting on the authority accorded FinCEN by the Anti-Money Laundering Act of 2020 (the “AML Act”), FinCEN has been in the process of reorganizing and upscaling several of its divisions in order to meet increased obligations. New divisions include the Global Investigations Division, the Strategic Operations Division and the Enforcement and Compliance Division, which together work to combine resources against bad actors, share information, and act to resolve investigations across the financial sector. Mr. Das focused on three additional areas that FinCEN would concentrate on moving forward: new threats, new innovations and new partnerships.
Continue Reading  Transformation of the AML/CFT Regulatory Regime Requires Innovation and Collaboration, According to FinCEN Acting Director

As anticipated, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both

On October 15, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued a financial trend analysis on ransomware relating to Suspicious Activity Reports (“SARs”) filed in the first half of this year (“Analysis”).  According to the Analysis, U.S. banks and financial institutions reported $590 million in suspected ransomware payments in SARs filed between January and June 2021, more than the total for all of 2020.  FinCEN found that ransomware payments are often made using virtual currency, such as Bitcoin (“BTC”).  The Office of Foreign Assets Control (“OFAC”) also released guidance in tandem with the FinCEN Analysis, addressing how the virtual currency industry can address sanctions-related risks.

Ransomware appears to be top-of-mind at the U.S. Treasury, as we have blogged.  FinCEN’s Analysis and OFAC’s guidance came quickly on the heels of OFAC issuing on September 21 a six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action against a ransomware victim that halts an attack by making the demanded payment to attackers who were sanctioned or otherwise had a sanctions nexus.  Also on September 21, 2021, OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange “for its part in facilitating financial transactions for ransomware variants.”
Continue Reading  FinCEN Reports Spiraling SARs Relating to Ransomware

On October 6, the Department of Justice (“DOJ”) announced the creation of a National Cryptocurrency Enforcement Team (“NCET”).  The DOJ press release is set forth in part below, without further commentary, other than to observe that the NCET’s stated goals are to address issues on which we repeatedly have blogged:  crypto exchangers and their AML

OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay Ransomware

First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.
Continue Reading  OFAC Targets Virtual Currency Exchange For Ransomware Attack

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading  FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector