Alert

Recommended Alerts

Sign Up For Alerts

In Rare Move, Japan Extradites Two of Its Own Citizens to the U.S. to Face DOJ Prosecution

Extradition from Japan is rare, and even more so for Japanese nationals in connection with white collar offenses. But on April 17, 2019, Japan extradited two of its own citizens to the United States—Junzo Suzuki, and his son, Paul Suzuki—in connection with their alleged roles in a $1.5 billion Ponzi scheme. The extradition followed the Suzukis’ arrest in January 2019 by Japanese authorities at the request of the United States.

Read More

Cyber-Attacks (Asset-Freezing) Regulations 2019


Time to Read: 1 minutes Practices: Government Enforcement / White Collar Criminal Defense

Printer-Friendly Version

On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) (the “U.K. Regulations”) come into force in the United Kingdom. The U.K. Regulations implement the domestic requirements of EU Regulation (2019/796), which sets out restrictive measures against cyber-attacks (i.e., malicious cyber activities) threatening the European Union or its Member States.

The U.K. Regulations apply to U.K. nationals or any body incorporated in the United Kingdom but also have extra-territorial effect for conduct (which includes acts and omissions) committed wholly or partly outside the U.K. by a U.K. national or body incorporated in the United Kingdom.

Interactions with funds or resources belonging to a “designated person” can trigger liability under the U.K. Regulations. The definition of a “designated person” is taken from EU Regulation (2019/796) and includes those who:

  1. are responsible for cyber-attacks or attempted cyber-attacks;
  2. provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission; or
  3. are associated with the natural or legal persons, entities or bodies covered by points (a) and (b) of this paragraph.

The nature of the cyber-attack must be significant and originate or be carried out from outside the EU in order to fall within scope.

The U.K Regulations prohibit:

  1. dealing with funds or economic resources owned, held or controlled by a designated person;
  2. making funds available to, or for the benefit of, a designated person; and
  3. making economic resources available (directly or indirectly) to a designated person.

Suspicion or having reasonable cause to suspect that any of the above will occur is enough to constitute an offence. Conviction of an offence under the U.K. Regulations can lead to a term of imprisonment or an unlimited fine.

It is possible to protect against liability by obtaining a licence from HM Treasury granting permission to deal with funds or resources linked with a designated person.

It is important to note that, as yet, no one is listed as a “designated person” under Annex 1 of EU Regulation (2019/796). This means that firms will need to monitor developments in this area to ensure they are not dealing with such persons. Firms should also review the situation following the U.K. leaving the EU as the U.K. may still seek to agree a position with the EU on this issue.

Printer-Friendly Version

Cookie Settings