In The News

Steps to Take After OFAC and FinCEN’s Warnings on Ransomware Payoffs

Cybersecurity Law Report

21 Oct 2020

John Smith spoke to the Cybersecurity Law Report about the Office of Foreign Asset Controls’ (OFAC) advisory warning organizations throughout the ransomware payment chain that they will face national security law violations if they pay off attackers tied to sanctioned regions or entities.

According to John, OFAC’s enforcement has zeroed in on lack of management commitment, “A compliance team must have cover from the top to run the sanctions program, so that in debates between the business side and compliance, management must hear compliance and not simply overrule it.”

A series of bank “wire-stripping” cases since 2009 drove companies to strengthen sanctions compliance programs, John noted. “Compliance decision-makers were given direct lines to CEOs, management, and sometimes the boards, so businesses that went forward with any risky decisions did so with eyes wide open.”

Read the full article (subscription required).



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.