In the wake of one of the largest reported medical ransomware attacks in U.S. history,[1] the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) issued last week a pair of advisories to assist in efforts to combat the increasing threat of ransomware attacks and related sanctions and anti-money laundering (AML) compliance issues.[2]  Like our blog post last month on the same topic, the advisories highlight the importance of considering the legal risks relating to ransomware payments and confirm that OFAC may pursue enforcement actions against ransomware payments that violate U.S. sanctions.[3]
Continue Reading OFAC and FinCEN Issue Advisories on Cyber Ransom Payments

Last month, reports surfaced that fitness technology company Garmin may have made a multimillion dollar payment in response to a ransomware attack with reported links to Evil Corp, a Russian hacking group subject to U.S. sanctions.  This incident and other recent reports of ransomware attacks against large companies highlights that companies should consider potential civil and criminal liability under U.S. sanctions laws when responding to ransomware attacks.
Continue Reading Ransomware and Sanctions Compliance: Considerations for Responses to Attacks

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional

On June 3, 2020, the International Chamber of the Paris Court of Appeal rejected an annulment application brought against an arbitral award rendered by a Paris-seated ICC arbitration tribunal. The ICC tribunal on December 27, 2018 rendered an award in favor of the Iranian Natural Gas Storage Company (“NGSC”), in a dispute arising out of

On April 20, OFAC issued COVID-related guidance indicating that it encourages those subject to its jurisdiction to contact the OFAC staff if they believe they will have difficulty meeting OFAC deadlines (whether reporting deadlines, responses to administrative subpoenas, or other matters).  OFAC also encouraged electronic submission of any communications.  In our experience, OFAC is still functioning at a relatively high level, remote operations notwithstanding, but the staff has also been flexible in responding to the challenges all institutions face.  As OFAC’s guidance and our own experience underline, open communication with the staff is very important.
Continue Reading OFAC Issues Guidance on COVID’s Impact on Compliance and Enforcement