top of page
Rose Nordbrock and Brian Chu

Cybercrime: Addressing Potential OFAC Violations


As we make the transition from 2020 to 2021, it’s become very clear that companies will continue to have a significant number of employees working remotely.


However, with the proliferation of remote work, there has also been a proliferation of cybercrime. In 2020, Finextra estimates cybercrime to exceed $1 trillion – Cybersecurity Ventures estimates costs will reach $10.5 trillion by 2025. A fundamental risk management challenge, close to half of all breaches are traced back to human error and system glitches (exposures that are impossible to fully control).


In advising many SMBs, one of the main beliefs is that cybercrime only impacts large companies. This couldn’t be further from the truth. A key concern for small businesses is that according to a recent IBM study, “companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for a small business…”

Cybercrime continues to rapidly evolve with malicious cyber actors extending beyond individuals, to criminal enterprises and terrorist organizations sponsored by foreign governments. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is a government agency working to address risks associated with ransomware payments to these malicious actors.


According to an OFAC Advisory on October 1, 2020, “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”


What should companies consider doing?


OFAC evaluates potential violations on a case basis. It’s important to note that companies that have followed OFAC’s recommendations to implement the five elements of a Sanctions Compliance Program (SCP) will be evaluated more favorably:


1) Management Commitment

2) Risk Assessment

3) Internal Controls

4) Testing and Auditing

5) Training


Stay tuned as we will be covering each of the five essential components in greater detail.

14 views0 comments

Комментарии


bottom of page