On October 1, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) issued an advisory clarifying that banks and payments companies could be fined for facilitating ransomware payments to sanctioned entities. The same day, the Financial Crimes Enforcement Network (FinCEN) issued a related advisory concerning the threats posed by ransomware payments and the obligation of money services businesses to file suspicious activity reports (SARs) concerning suspicious ransomware payments.
As Jeff Alberts, co-head of the FinTech Group, discusses in this video, banks and FinTechs who facilitate ransomware payments can be fined even if they did not know or have reason to know that the payments involved sanctioned persons. OFAC's threat to impose penalties under this strict liability standard is highly concerning because victims seldom know who hacked their accounts and banks and money transmitters typically do not know the ultimate beneficiary of ransomware payments.
To learn more about OFAC's position on ransomware and how to mitigate the risk of OFAC penalties, check out this video.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.