b'TABLE OF CONTENTSupdated advisory on ransomware and the use of theresult in additional inquiries to insurers and their financial system to facilitate ransom payments. Thecustomers from banks and money transmitters that advisory reflected recent trends in ransomware andprovide account and payment services.addressed (i) the role of financial intermediaries in the processing of ransomware payments; (ii) trendsOFAC Guidance on Ransomwareand typologies of ransomware and associatedIn September 2021, the Federal Office of Foreign payments; (iii)ransomware-related financial red flagAssets Control (OFAC) released an updated indicators; and (iv) reporting and sharingadvisory on the potential sanctions risks for information related to ransomware attacks. facilitating ransomware payments. The advisory The advisory emphasized the role that insuranceemphasized that the US government continues to companies play in ransomware payments. Forstrongly discourage the payment of cyber ransom example, it noted that an insurer may facilitateor extortion demands. It noted that OFACs ransomware payments to cybercriminals, often byeconomic sanctions apply to companies that directly receiving customers fiat funds,engage with victims of ransomware attacks, such as exchanging them for cryptocurrency, and thenthose involved in providing cyber insurance, digital transferring the cryptocurrency to criminal- forensics and incident response. In particular, it controlled accounts. While insurance activitywarned such companies that their sanctions typically is not subject to FinCENs anti-moneycompliance programs should account for the risk laundering compliance requirements, the advisorythat a ransomware payment may involve a specially notes that facilitating ransomware payments maydesignated national or blocked person, or a be the transmission of money, which is subject tocomprehensively embargoed jurisdiction. These FinCENs rules and could require an insurer topayments may be made only if the payor obtains a register with FinCEN as a money serviceslicense from OFAC, and license applications business. Insurers also may be required toinvolving ransomware payments demanded as a immediately report suspicious transactionsresult of malicious cyber-enabled activities are associated with ransomware attacks to FinCENreviewed by OFAC on a case-by-case basis with a and subsequently file a suspicious activity report.presumption of denial.The advisory listed red flags that all financialFSOC Annual Reportinstitutions should look for when detecting,In December 2021, the Federal Financial Stability preventing, and reporting suspicious transactionsOversight Council (FSOC) released its annual associated with ransomware attacks. One such red flagreport on its activities and significant developments is an irregular transfer of funds from an organizationfor the US financial system. As with prior issuances, that is at high risk for ransomware attacks (e.g.,the report noted the rise in cybersecurity attacks government, financial, education, healthcare) to anthat target critical infrastructure and outlined ways insurer, especially if the insurer is known to facilitatethat an attack could potentially threaten the stability ransomware payments. This part of the advisory mayof the US financial system.MAYER BROWN |137'