Practical Issues in Cyber-Related Sanctions
GIR: The Guide to Sanctions
In this chapter of Global Investigations Review: The Guide to Sanctions (Fourth Edition), authors Timothy O’Toole, Christopher Stagg,* FeiFei Ren, Caroline Watson, Manuel Levitt and Samuel Cutler provide an overview of the Cyber-Related Sanctions Program, which is managed by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC). This program is designed to address malicious cyber activities, including cyberespionage, intrusions into critical infrastructure and computer networks, as well as disinformation campaigns conducted from abroad. "Given the risks associated with ransomware payments and the possibility that sanctioned persons or jurisdictions may be involved in them, sanctions compliance programmes should incorporate risk-based procedures for responding to ransomware attacks, including, at a minimum, thorough enhanced screening procedures," authors wrote, adding that, "In many cases, companies should strongly consider engaging with relevant law enforcement agencies when ransomware attacks arise, including OFAC if the ransomware attack or a requested ransom payment may potentially involve a sanctioned party or country."
*Former Miller & Chevalier attorney