In its December 31 publication, OFAC stated that it was publishing the regulations in an abbreviated form and expressed its intention to supplement them with a more comprehensive set. The regulations, as currently published, largely mirror OFAC’s standard abbreviated regulations for programs involving blocked persons.
The U.S. government has not yet designated any parties under this new sanctions program. Therefore, for the time being, companies need not take any action. However, once parties are blocked for cyber-related sanctions purposes, their names will be added to the OFAC Specially Designated Nationals List, which must be checked and complied with. Finally, while OFAC has not provided any specific channel for companies to identify possible cyber-related sanctions targets to the U.S. government (i.e., foreign hackers), we believe that OFAC and other agencies would be receptive to receiving such information from companies with potentially relevant information.
The Cyber-Related Sanctions Regulations, currently without elaboration, prohibit all transactions prohibited under E.O. 13694, including dealing in the property or interests in property, that come within the United States, of blocked persons. Under E.O. 13694, any party may be blocked if the U.S. government determines that the party is responsible for or complicit in, or has engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside of the United States that have the purpose or effect of
- harming or otherwise significantly compromising the provision of services by a computer or network of computers that supports one or more entities in a critical infrastructure sector
- significantly compromising the provision of services by one or more entities in a critical infrastructure sector
- causing a significant disruption to the availability of a computer or network of computers or
- causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers or financial information for commercial or competitive advantage or private financial gain
The Order also permits the Secretary of the Treasury to designate parties who derive commercial or economic gain from trade secrets misappropriated through cyber-enabled means; who have materially assisted, sponsored or provided financial, material or technological support for, or goods or services in support of such activities; or are owned or controlled by parties blocked under the Executive Order. OFAC defined “financial, material, or technological support” as any property, tangible or intangible, including but not limited to currency, securities, weapons, false documentation, communications equipment, electronic devices, lodging, transportation, goods or technologies. In addition, the Order blocks designated individuals from entering the United States.
Similar to other regulations concerning blocked persons, the Cyber-Related Sanctions Regulations require any U.S. persons holding blocked funds to place them in interest-bearing accounts outside of the blocked person’s control.
In addition to the definitions included in other sanctions regulations concerning blocked persons, OFAC has provided a definition of “technologies” as “specific information necessary for the development, production, or use of a product.” OFAC also stated that it may provide a definition of “cyber-enabled” activities in the more comprehensive regulations that it will publish later. OFAC anticipates that the definition will include “any act that is primarily accomplished through or facilitated by computers or other electronic devices.”
If you have any questions regarding this Sidley Update, please contact the Sidley lawyer with whom you usually work, or
Alan Charles Raul
+1 202 736 8477
David A. Simon
+1 202 736 8413
+1 202 736 8161