OCC Bulletin 2018-40| November 5, 2018

Cybersecurity: Cyber-Related Sanctions

To

Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, and Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Summary

The Federal Financial Institutions Examination Council (FFIEC)1,  on behalf of its members, has issued a statement to alert financial institutions of the recent actions taken by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) under OFAC’s Cyber-Related Sanctions Program and to the potential impact similar sanctions may have on financial institutions’ operations.  

Note for Community Banks

This statement applies to all OCC-supervised institutions.

Highlights

Consistent with existing guidance, financial institutions should consider the following issues regarding the effect of sanctions on financial institutions’ operations. Continued use of products or services from a sanctioned entity

  • directly or indirectly through a service provider may increase operational risk for a financial institution.
  • may cause the institution to violate OFAC sanctions. These sanctions prohibit U.S. persons—including U.S. financial institutions—from conducting transactions with sanctioned entities.

Affected institutions are encouraged to contact OFAC, their legal counsel, or their security offices for more guidance.

Further Information

Please contact Patrick J. Kelly, Director for Critical Infrastructure Policy, Operational Risk Division, at (202) 649-6550.

 

Grace E. Dailey
Senior Deputy Comptroller for Bank Supervision Policy and Chief National Bank Examiner

Related Link

1 The FFIEC comprises the principals of the following: Board of Governors of the Federal Reserve System, Bureau of Consumer Financial Protection, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee.