FinCEN and OFAC Put Financial Institutions on Notice About Processing Ransomware Payments

Subscriber Content
Screenshot of the first page of FinCEN and OFAC Put Financial Institutions on Notice About Processing Ransomware Payments
By
Josh Kaptur, Protiviti Director

The compliance risks for financial institutions over ransomware payments increased significantly following a pair of recent advisories from the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). While the advisories do not impose any new legal or compliance obligation, they emphasize Treasury’s clear position that ransomware payments through a financial institution may trigger anti-money laundering and sanctions program controls under existing regulatory requirements.

In this article, we share some of the highlights of these advisories and explain what financial institutions providing ransomware response services can do now.


Topics
Cash & Treasury
Fraud
Anti-Money Laundering
Financial Services Industry
Risk Assessment
Accounting/Finance

Related Resources

Articles

FinCEN and the Banking Agencies Clarify Due Diligence Requirements for Charities, Non-Profit Organizations

Articles

For Financial Industry, Post-Pandemic Resilience Building Should Focus Equally on Operational Successes and Failures

Internal Audit CPE Courses

Introduction to Fraud (KLplus CPE Course)

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It