FFIEC Releases Statement on OFAC Cyber-Related Sanctions
The Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement alerting financial institutions to recent actions taken by the Department of Treasury’s Office of Foreign Asset Control (OFAC) under their Cyber-Related Sanctions Program and to the potential impact it may have on financial institutions’ risk-management programs.
The statement describes the issues a financial institution should consider regarding the effect of sanctions on the operations of the financial institution and the implications of the continued use of products or services provided by a sanctioned entity.
Since the program’s inception, OFAC has issued sanctions against entities that are responsible for, are complicit in, or that have engaged in, certain malicious cyber-enabled activities, and providing material and technological support to malicious cyber actors that have targeted U.S. organizations. Somefor information on requirements and expectations regarding OFAC-related compliance and operational risk management.
|Federal Reserve||Susan Stawick||202-452-2955|
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. It also conducts schools for examiners employed by the five federal member agencies represented on the FFIEC and makes those schools available to employees of state agencies that supervise financial institutions. The Council consists of the following six voting members: a member of the Board of Governors of the Federal Reserve System; the Chairman of the Federal Deposit Insurance Corporation; the Director of the Bureau of Consumer Financial Protection; the Comptroller of the Currency; the Chairman of the National Credit Union Administration; and the Chairman of the State Liaison Committee.