FFIEC Reminds Financial Institutions to Review OFAC Requirements

Members of the Federal Financial Institutions Examination Council (FFIEC) issued a joint statement alerting all financial institutions including credit unions to the potential impacts recent actions taken by the Treasury Department's Office of Foreign Asset Control (OFAC) under its Cyber-Related Sanctions Program may have on risk-management programs.

The statement describes the risks financial institutions could face with the continued use of products or services from a sanctioned entity, whether directly or indirectly provided. Such risks include: violations of law, civil money penalties, enforcement actions and reputational harm.

Financial institutions are urged to ensure "their OFAC compliance and risk management processes address the challenges arising from possible interactions with a sanctioned entity."

The FFIEC encourages financial institutions to refer to OFAC resources for further information.

Information Technology Examination Handbook 
OFAC Cyber-Related Sanctions Program
OFAC FAQs: General Questions
OFAC - Sanctions Programs and Information
Sanctions Related to Significant Malicious Cyber-Enabled Activities