InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC Publishes Venezuela Sanctions Regulations
On July 10, OFAC published regulations to implement the Venezuela Defense of Human Rights and Civil Society Act of 2014 and Executive Order 13692. The Act required the President to impose targeted sanctions on certain persons determined to be responsible for significant acts of violence or serious human rights abuses against antigovernment protesters in Venezuela, and to have ordered, or otherwise directed, the arrest or prosecution of certain persons in Venezuela. The Executive Order set forth standards for designating and suspending entry into the United States of corresponding persons in Venezuela. The regulations provide the framework for blocking property or interests in property of persons designated according to the Executive Order. According to OFAC, the regulations are currently in “abbreviated form” and the agency will issue a more comprehensive set of regulations that may provide further interpretive guidance, general licenses, and statements of licensing policy.
White House Issues Executive Order To Combat Against Cyber Attacks
On April 1, President Obama issued an executive order granting the Department of Treasury new authority to impose sanctions against individuals or entities that engage in activities which benefit from cyber attacks against U.S. including financial institutions. The executive order is a response to an increase of malicious cyber-enabled activities that continue to pose a threat to the United States’ national security, foreign policy, and economy. As noted in a statement released by Treasury Secretary Jack Lew, the executive order “allows [Treasury] to expose and financially isolate those who hide in the shadows of the Internet to conduct malicious cyber activities that threaten the national security, foreign policy, or economic health or financial stability of the United States.” The announcement follows earlier measures made by the White House to combat against cyber attacks, including the creation of a new federal agency to facilitate the sharing of information about potential threats.
White House Issues Executive Order Targeting Venezuela
On March 8, President Obama signed an executive order imposing sanctions on Venezuela in response to the country’s ongoing human rights violations and abuses in anti-governmental protests. Specifically, the Order (i) designates seven Venezuelan government officials as Specially Designated Nationals (SDNs), (ii) provides authorization for the designation of additional parties as SDNs who are determined to be engaged in specified activities, and (iii) suspends entry into the United States of persons designated under the Order. While the Order stems from defending human rights and democratic governance, according to Treasury Secretary Jack Lew, the Order “will be used to protect the U.S. financial system from the illicit financial flows from public corruption in Venezuela.”
OFAC Publishes Initial Ukraine-Related Sanctions Regulations
On May 8, OFAC issued regulations to implement recent Executive Orders establishing sanctions against Russian individuals and entities related to the situation in Ukraine. The Ukraine-Related Sanctions Regulations, 31 C.F.R. Part 589, implement Executive Order 13660 of March 6, 2014, Executive Order 13661 of March 17, 2014, and Executive Order 13662 of March 20, 2014. Consistent with its prior practice, OFAC published the regulations in abbreviated form and plans to provide a more comprehensive set of regulations, which may include additional interpretive and definitional guidance and additional general licenses and statements of licensing policy.
Treasury Implements Additional Russia Sanctions
On April 28, the Treasury Department announced additional sanctions in response to developments in Ukraine by designating seven Russian government officials and 17 entities, including numerous financial institutions, pursuant to Executive Order 13661. That order authorizes sanctions on, among others, officials of the Russian Government and any individual or entity that is owned or controlled by, that has acted for or on behalf of, or that has provided material or other support to, a senior Russian government official. The designated individuals will be subject to an asset freeze and a U.S. visa ban, and the companies will be subject to an asset freeze. In addition, the Department of Commerce imposed additional restrictions on 13 of the companies by imposing a license requirement with a presumption of denial for the export, re-export or other foreign transfer of U.S.-origin items to the companies. Further, the Departments of Commerce and State tightened review of export license applications for any high-technology items that could contribute to Russia’s military capabilities, and plan to revoke any existing export licenses that meet the tightened conditions.
OMB Reviewing Significant AML Proposed Rule
On April 11, the Treasury Department submitted to the OMB's Office of Information and Regulatory Affairs (OIRA) FinCEN’s long-awaited proposed rule to establish customer due diligence requirements for financial institutions. Under executive order, each agency is required to submit for regulatory review rules resulting from “significant regulatory actions,” and OIRA has 90 days to complete or waive the review. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
Obama Administration Sanctions Numerous Russian, Ukrainian Officials
This week, President Obama issued two new Executive Orders, one on March 17 and another on March 20, authorizing the Treasury Department to impose sanctions on (i) current and former Russian and Ukrainian officials; (ii) a Russian bank; (iii) any individual or entity that operates in the Russian arms industry; and (iv) any individual or entity determined to be owned or controlled by, to act on behalf of, or provide material or other support to, any senior Russian government official or blocked person. Concurrent with each executive order, OFAC added (on March 17 and March 20) numerous current and former Ukrainian and Russian officials to its list of Specially Designated Nationals and Blocked Persons. These latest actions expand on the President’s initial March 6 Executive Order authorizing sanctions in response to Russia’s recent actions related to Ukraine, which the Obama Administration has characterized as threatening Ukraine’s democratic processes and institutions, sovereignty, territorial integrity, and assets. Generally, the orders exclude the designated persons and entities from the U.S. financial system and block the designated persons’ and entities’ access to property and interests in property that are within the U.S. As a result, U.S. banking institutions are required to block the financial assets of the designated individuals and entities and report such blocked property to OFAC within 10 business days. The orders and sanctions are the beginning stages of a potential extended sanctions framework involving Russian officials and businesses.
NIST Releases Final Cybersecurity Framework
On February 12, the Obama Administration released the Cybersecurity Framework prepared by NIST, as called for by Executive Order 13636 issued by President Obama one year ago. The Framework organizes best practices regarding cyber risks into three components—the Framework Core, Profiles and Tiers—each of which “reinforces the connection between business drivers and cybersecurity activities.” The Framework Core component is described as a set of cybersecurity activities and informative references that are common across critical infrastructure sectors. The cybersecurity activities are grouped into five functions—Identify, Protect, Detect, Respond, and Recover—which provide a high-level view of an organization’s management of cyber risks. The second component, Profiles, is designed to assist organizations in aligning their cybersecurity activities with business requirements, risk tolerances, and resources. Finally, the Tiers component provides a mechanism for organizations to view their approach and processes for managing cyber risk. The Department of Homeland Security has established a voluntary program intended to increase awareness and use of the Framework to help organizations of all sizes manage cybersecurity risks and improve security and resilience of critical infrastructure. NIST hopes the Framework will serve as a model for international cooperation on strengthening critical infrastructure cybersecurity. NIST will continue to update and improve the Framework as the industry provides feedback on implementation. NIST also issued a Roadmap that discusses its next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
House Committee Approves Cybersecurity Bill
On February 5, the House Homeland Security Committee unanimously approved H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013 (the NCCIP). The NCCIP builds on many of the ideas set forth in the February 2013 Presidential Executive Order on cybersecurity. The bill seeks to enhance cybersecurity readiness in governmental and private institutions, in part, by facilitating information sharing and a “public-private collaboration” between government agencies and “critical infrastructure owners” and by promoting “cross-sector coordination and sharing of threat information” through NIST. The bill directs NIST to develop voluntary best practices that include individual privacy and civil liberty protections. The NCCIP also amends the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act) to provide liability protections for those selling or providing agency-approved cybersecurity technology to customers.
CFPB Joins With DOD, VA, And Others To Launch Servicemember Education Complaint System
On January 30 the CFPB, the Department of Defense (DOD), the Department of Veterans Affairs (VA), the FTC, and other federal agencies announced the launch of a new online system designed to collect information from veterans, current servicemembers, and their families regarding negative experiences at education institutions and training programs administering the Post-9/11 GI Bill, DOD Military Tuition Assistance, and other military-related education benefit programs. The new system is modeled after the CFPB’s complaint system and is intended to help the government identify and address unfair, deceptive, and misleading practices. The complaint system, which is comprised of the DOD’s Postsecondary Education Complaint System and to the VA GI Bill Feedback System, was developed in accordance with the April 2012 Executive Order 13607, Establishing Principles of Excellence for Educational Institutions Serving Service Members, Veterans, Spouses, and Other Family Members. That order required, among other things, the Secretaries of Defense and Veterans Affairs to “create a centralized complaint system for students receiving Federal military and veterans educational benefits to register complaints that can be tracked and responded to by the Departments of Defense, Veterans Affairs, Justice, and Education, the CFPB” and other relevant agencies.