Recommended Alerts

Sign Up For Alerts

Litigation & Enforcement Attorneys Contribute as Editors and Authors to GIR’s Fifth Edition of The Practitioner’s Guide to Global Investigations

A cross-office team of attorneys in Ropes & Gray’s anti-corruption and international risk and government enforcement/white collar practices have co-authored four chapters and the introduction for the fifth edition of Global Investigations Review’s “The Practitioner’s Guide to Global Investigations.” The authoritative, comprehensive and practical guide examines how companies should approach each stage of an investigation across the globe from an individual’s and corporate’s perspective.

Read More

Cyber-Attacks (Asset-Freezing) Regulations 2019

Time to Read: 1 minutes Practices: Government Enforcement / White Collar Criminal Defense

Printer-Friendly Version

On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) (the “U.K. Regulations”) come into force in the United Kingdom. The U.K. Regulations implement the domestic requirements of EU Regulation (2019/796), which sets out restrictive measures against cyber-attacks (i.e., malicious cyber activities) threatening the European Union or its Member States.

The U.K. Regulations apply to U.K. nationals or any body incorporated in the United Kingdom but also have extra-territorial effect for conduct (which includes acts and omissions) committed wholly or partly outside the U.K. by a U.K. national or body incorporated in the United Kingdom.

Interactions with funds or resources belonging to a “designated person” can trigger liability under the U.K. Regulations. The definition of a “designated person” is taken from EU Regulation (2019/796) and includes those who:

  1. are responsible for cyber-attacks or attempted cyber-attacks;
  2. provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission; or
  3. are associated with the natural or legal persons, entities or bodies covered by points (a) and (b) of this paragraph.

The nature of the cyber-attack must be significant and originate or be carried out from outside the EU in order to fall within scope.

The U.K Regulations prohibit:

  1. dealing with funds or economic resources owned, held or controlled by a designated person;
  2. making funds available to, or for the benefit of, a designated person; and
  3. making economic resources available (directly or indirectly) to a designated person.

Suspicion or having reasonable cause to suspect that any of the above will occur is enough to constitute an offence. Conviction of an offence under the U.K. Regulations can lead to a term of imprisonment or an unlimited fine.

It is possible to protect against liability by obtaining a licence from HM Treasury granting permission to deal with funds or resources linked with a designated person.

It is important to note that, as yet, no one is listed as a “designated person” under Annex 1 of EU Regulation (2019/796). This means that firms will need to monitor developments in this area to ensure they are not dealing with such persons. Firms should also review the situation following the U.K. leaving the EU as the U.K. may still seek to agree a position with the EU on this issue.

Printer-Friendly Version

Cookie Settings