On Thursday, December 31, 2015, the US Treasury Department’s Office of Foreign Assets Control (“OFAC”) issued the Cyber-Related Sanctions Regulations, 31 C.F.R. Part 578 (“Regulations”), which implement Executive Order 13694 of April 1, 2015 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” or the “Cyber EO”). Our prior blog post on the Cyber EO is available here.
The Regulations implement the restrictions on transactions involving parties designated as Specially Designated Nationals (“SDNs”) under the Cyber EO. Parties may be designated as SDNs under the Cyber EO for, among other things, engaging in “significant malicious cyber-enabled activities.” Although no parties have been designated under the Cyber EO to date, publication of the Regulations signals that the U.S. Government continues to pursue measures for combating “significant cyber threats,” as announced by the President in a statement accompanying release of the Cyber EO in April.
The Regulations were published in an abbreviated form and, for now, include only the standard provisions that are incorporated in most OFAC blocking program regulations. These include a small number of general licenses that are commonly found in OFAC sanctions regulations, such as general licenses for legal services and certain payments and transfer of credit related to blocked accounts. The Regulations also re-state OFAC’s interpretation that any entities in which any SDNs hold a 50% or greater interest are treated as SDNs for purposes of the Regulations.
OFAC has noted that it intends to provide a more comprehensive set of Regulations at a later date, which may include guidance regarding “cyber-enabled” activities and potential general licenses/statements of licensing policy. OFAC provided some initial guidance on the activities targeted by the Cyber EO in FAQ’s issued in April 2015 on the same day as the Cyber EO.