Meanwhile earlier in September the Dutch government said it was considering banning insurance companies from paying ransom payments to hackers.
White collar crime expert Andrew Sackey of Pinsent Masons, the law firm behind Out-Law, said: “OFAC’s designation of SUEX for complicity in facilitating financial transactions for ransomware actors gives an indication that the ransom payment landscape is beginning to change”.
“The importance of being able to attest to the steps taken to ensure payments aren’t made to prohibited persons or entities, and that suitable anti-money laundering reporting has been undertaken, simply cannot be overstated,” Sackey said.
OFAC said some virtual currency exchanges were exploited by “malicious actors”, but others, such as SUEX, “facilitate illicit activities for their own illicit gains”. The agency said an analysis of known SUEX transactions demonstrated that over 40% of its known transaction history was associated with illicit actors.
A strict application of the UK’s money laundering legislation raises a risk that, by paying over ransom funds, a victim could be said to be entering into a prohibited ‘arrangement’ which they knew would facilitate the ‘retention, use or control of criminal property’ by the threat actor. That offence carries a maximum penalty of 14 years.
Regulatory and compliance expert Laura Gillespie of Pinsent Masons said: “Any business hit by ransomware will immediately be faced with a decision on whether it should engage with the threat actor”.
“It is a complex issue – there is a risk that the payment could be unlawful, but in the absence of adequate back-ups, some businesses may be paralysed and so the need to engage is driven by business continuity,” Gillespie said.
“Victims, their agents and professional advisers will be increasingly obliged to document robust due diligence to underpin the difficult decision making regarding whether, or the extent to which, to engage with threat actors. Such careful consideration will also need to be given to making appropriate disclosures to the Financial Intelligence Unit, which will turn on a range of factors, but key among them will be whether your business is regulated and so operating under enhanced reporting obligations,” she said.
from WordPress https://ift.tt/3Be1rkR
via IFTTT
No comments: