January 7, 2016
On December 31, 2015, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued the Cyber-Related Sanctions Regulations. The regulations implement Executive Order (EO) 13694 of April 1, 2015, which authorizes the Treasury Department to block the property of certain persons engaging in significant malicious “cyber-enabled” activities that originate from, or are directed by persons located outside of, the United States. Persons designated pursuant to EO 13694 will be added to the SDN List with the identifier “[CYBER].” Persons blocked pursuant to a related pending investigation will be added with the identifier “[BPI-CYBER].”
EO 13694 generally targets (1) persons involved in cyber-enabled activities that (i) threaten or harm critical infrastructure (including network infrastructure), or (ii) cause, for commercial or economic gain, the misappropriation of funds and other sensitive information; and (2) persons involved in the use or receipt of trade secrets misappropriated through cyber-enabled means. For sanctions to apply, such activities must pose a significant threat to U.S. interests.
OFAC intends to publish a more comprehensive set of regulations that will likely include additional interpretive and definitional guidance (such as the definition of “cyber-enabled”), general licenses, and statements of licensing policy. As for now, the abbreviated regulations can be found in 31 CFR part 578.