FinCEN and OFAC Put Financial Institutions on Notice About Processing Ransomware Payments
Subscriber Content

The compliance risks for financial institutions over ransomware payments increased significantly following a pair of recent advisories from the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). While the advisories do not impose any new legal or compliance obligation, they emphasize Treasury’s clear position that ransomware payments through a financial institution may trigger anti-money laundering and sanctions program controls under existing regulatory requirements.
In this article, we share some of the highlights of these advisories and explain what financial institutions providing ransomware response services can do now.