Sanctions for Cybercrime

Individual criminals may employ cyber-attacks to commit financial crimes, but state-level offenders may also use them to target other nations. Yahoo had a data breach that resulted in the loss of 3 billion user accounts between 2013 and 2016. The attackers obtained personal data and passwords for some of these accounts, which may be used to access user accounts on other online sites. Much of this information is now accessible on the dark web, either for cash or credit. When state participants commit cybercrime, traditional economic penalties such as trade embargoes and asset freezes may not be suitable responses, and governments may alternatively attempt to implement cyber sanctions to deter and punish the harmful behavior. With this in mind, businesses in a digital financial environment must be conscious of the significance of cyber-crime penalties and the growing necessity of cyber sanctions compliance.


What Exactly Are Cyber Sanctions and Cybercrime Punishments?

Cyber sanctions are a relatively new addition to the international regulatory environment, but they are increasingly being used to avoid and punish cyber-attacks perpetrated by harmful state actors. State-level cyber-attacks or cyber-crime may include phishing and hacking for the purposes of data or financial theft, intellectual property theft, or the dissemination of disinformation through social media.


Cyber sanctions work similarly to traditional sanctions in that they restrict transactions, trade, and commercial connections with people and organizations suspected of carrying out cyber-enabled assaults or harmful acts. The application of a cyber penalty entails an attribution procedure in which authorities attempt to identify who is responsible for an attack. Authorities must examine large quantities of technical evidence such as computer code, IP addresses, and other data while also dealing with privacy concerns, anonymity, and the possibility of identity falsification connected with cybercrime.


After an attribution has been established, the appropriate national authority may designate penalties. Failure to comply with such a designation may result in a variety of cybercrime consequences, including fines and jail terms.


Cybercrime Types

Cybercrime takes various forms, making it tough to combat. The following are examples of common types of cybercrime:


  • Phishing is the use of forged email communications to obtain personal information from internet users.
  • misappropriation
  •  of personal information (identity theft);
  • Hacking is the act of shutting down or abusing a website or computer network.
  • promoting hatred and instigating terrorism
  • disseminating pornography aimed at children;
  • Grooming is the practice of making sexual approaches to children.


International Cybercrime Regulations

When a country adopts a cyber sanctions scheme, it must be sure that the cybercrime penalties it imposes will have the planned effect on its targets. As a result, regulations differ depending on global jurisdiction:


The European Union (EU)

The EU has moved more slowly than other countries in enacting cybercrime fines and sanctions: it did not establish a cybercrime system until May 2019 and did not issue its first designations until July 2020. The first wave of EU cyber penalties targeted Russian, North Korean, and Chinese actors engaged in 2017 assaults. In response to cyber assaults on member states' vital social and economic infrastructure and services, military and diplomatic functions, and sensitive information, the EU applies cyber penalties.


  • The following categories of people are designated under the EU cyber sanctions regime:
  • Individuals who participate in or try to engage in cyber attacks.
  • Individuals who offer financial, technical, or material assistance to cyber attacks.
  • Individuals who associate with those engaged in a cyber attack.


The United States (US)

The cybercrime system in the United States was created in 2015, and the first designations were issued in 2016 against those trying to influence the 2016 general election. The Office of Foreign Assets Control's Specially Designated Nationals and Blocked Person List includes targets of US cyber sanctions (SDN list). OFAC has identified over 100 cyber sanction targets for cyber-related actions like election meddling, phishing schemes, hacking and malware assaults, and other kinds of fraudulent conduct.


The United States imposes cyber penalties on the following individuals:

  • Individuals conducting cyber attacks from outside the United States represent a serious danger to public safety, foreign policy, or financial stability.
  • Individuals who attempt to exploit trade secrets for commercial or financial advantage.
  • Individuals that help or give financial or technical support for a cyber-attack.
  • Individuals who are owned or controlled by cyber-attackers.
  • Cyber sanctions are imposed on those who participate in or try to engage in the specified acts.


The United Kingdom (UK)

Following Brexit, the United Kingdom revised its cyber sanctions system, replacing the EU regime with its own independent regime known as The Cyber (Sanctions) (EU Exit) Regulations 2020. The new cyber sanctions system largely mirrors the EU regime's functions and goals, although the UK is allowed to add, remove, and modify its own penalties independently. The United Kingdom has similarly modified the licensing procedure for its autonomous system, as well as the mechanism through which designated individuals may dispute their status.


Avoiding Cybercrime Penalties Through Sanctions Compliance

In most countries, the consequences for failing to comply with cyber sanctions include fines and jail terms that vary according to the severity of the offense. As a result, banks, financial institutions, and other obliged organizations should be informed of the appropriate sanctions lists that apply within their jurisdiction in order to comply with cyber sanctions. As a result, businesses must check their clients against sanctions lists.


Effective cyber sanctions screening should be based on a strong name screening procedure that is implemented as part of a risk-based AML/CFT program. The Sanction Scanner offers products to combat money laundering. You can contact us and request a demo to further learn about our tools.

Previous Post
New European Due Diligence Guidance Published
Next Post
6AMLD Money Laundering 22 Predicate Offenses
×