OCC Bulletin 2018-40| November 5, 2018
Cybersecurity: Cyber-Related Sanctions
Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, and Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Federal Financial Institutions Examination Council (FFIEC)1, on behalf of its members, has issued a statement to alert financial institutions of the recent actions taken by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) under OFAC’s Cyber-Related Sanctions Program and to the potential impact similar sanctions may have on financial institutions’ operations.
Note for Community Banks
This statement applies to all OCC-supervised institutions.
Consistent with existing guidance, financial institutions should consider the following issues regarding the effect of sanctions on financial institutions’ operations. Continued use of products or services from a sanctioned entity
- directly or indirectly through a service provider may increase operational risk for a financial institution.
- may cause the institution to violate OFAC sanctions. These sanctions prohibit U.S. persons—including U.S. financial institutions—from conducting transactions with sanctioned entities.
Affected institutions are encouraged to contact OFAC, their legal counsel, or their security offices for more guidance.
Please contact Patrick J. Kelly, Director for Critical Infrastructure Policy, Operational Risk Division, at (202) 649-6550.
Grace E. Dailey
Senior Deputy Comptroller for Bank Supervision Policy and Chief National Bank Examiner
- FFIEC Joint Statement (PDF)