The Federal Financial Institutions Examination Council ("FFIEC") alerted financial institutions to the potential impact that cyber-related sanctions may have on information technology, operations and compliance.

The FFIEC statement reminds financial institutions that U.S. Treasury Department Office of Financial Asset Control ("OFAC") sanctions generally prohibit U.S. persons from conducting transactions with sanctioned entities. The Cyber-Related Sanctions Program was implemented on April 1, 2015 following Executive Order 13694. Under the program, OFAC targets entities engaging in, directly or indirectly, "malicious cyber-enabled activities."

The FFIEC urged financial institutions to:

  • evaluate their individual OFAC sanctions compliance risks;
  • pinpoint potentially affected relationships and transactions;
  • ensure that sanction screening systems are updated;
  • verify that they have robust processes to comply with OFAC sanctions; and
  • understand how their third-party service providers ensure compliance with OFAC requirements.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.