Recommended Alerts

Sign Up For Alerts

DOJ Provides Framework for Cryptocurrency Enforcement

On October 8, 2020, the Department of Justice released “Cryptocurrency: An Enforcement Framework” (the “Framework”), setting out risks and enforcement initiatives related to cryptocurrency-related crime. The Framework is the second report published by the Cyber-Digital Task Force (the “Task Force”), established by former Attorney General Jeff Sessions in February 2018 to analyze the “many ways that the Department is combatting the global cyber threat, and… to identify how federal law enforcement can more effectively accomplish its mission in this vital and evolving area.”

Read More

Cyber-Attacks (Asset-Freezing) Regulations 2019

Time to Read: 1 minutes Practices: Government Enforcement / White Collar Criminal Defense

Printer-Friendly Version

On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) (the “U.K. Regulations”) come into force in the United Kingdom. The U.K. Regulations implement the domestic requirements of EU Regulation (2019/796), which sets out restrictive measures against cyber-attacks (i.e., malicious cyber activities) threatening the European Union or its Member States.

The U.K. Regulations apply to U.K. nationals or any body incorporated in the United Kingdom but also have extra-territorial effect for conduct (which includes acts and omissions) committed wholly or partly outside the U.K. by a U.K. national or body incorporated in the United Kingdom.

Interactions with funds or resources belonging to a “designated person” can trigger liability under the U.K. Regulations. The definition of a “designated person” is taken from EU Regulation (2019/796) and includes those who:

  1. are responsible for cyber-attacks or attempted cyber-attacks;
  2. provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission; or
  3. are associated with the natural or legal persons, entities or bodies covered by points (a) and (b) of this paragraph.

The nature of the cyber-attack must be significant and originate or be carried out from outside the EU in order to fall within scope.

The U.K Regulations prohibit:

  1. dealing with funds or economic resources owned, held or controlled by a designated person;
  2. making funds available to, or for the benefit of, a designated person; and
  3. making economic resources available (directly or indirectly) to a designated person.

Suspicion or having reasonable cause to suspect that any of the above will occur is enough to constitute an offence. Conviction of an offence under the U.K. Regulations can lead to a term of imprisonment or an unlimited fine.

It is possible to protect against liability by obtaining a licence from HM Treasury granting permission to deal with funds or resources linked with a designated person.

It is important to note that, as yet, no one is listed as a “designated person” under Annex 1 of EU Regulation (2019/796). This means that firms will need to monitor developments in this area to ensure they are not dealing with such persons. Firms should also review the situation following the U.K. leaving the EU as the U.K. may still seek to agree a position with the EU on this issue.

Printer-Friendly Version

Cookie Settings