Thursday, December 31, 2015

OFAC Publishes Final Rule on Cybersecurity Sanctions

The Treasury Department’s Office of Foreign Assets Control (OFAC) published a notice in today’s Federal Register (80 FR 81752-81759) implementing the President’s Executive Order on Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities (EO 13694). According to the notice OFAC is publishing the regulations (new 31 CFR 578) ‘in abbreviated form’ for the purpose of providing immediate guidance to the public.

Since OFAC proceeded directly to a final rule in this matter this notice is missing much of the analysis that one normally finds in final rules. The Treasury maintains that since this rule involves a ‘foreign affairs function’ neither the notice and comment process nor does the Regulatory Flexibility Act. The Department reportedly has rolled the information collection request (ICR) requirements for this rule into an existing collection under 31 CFR 501 (RIN 1505-0164) though there is not currently a record on the OMB’s Office of Information and Regulatory Affairs web site of an update to that IRC for this rule.

The new §578 contains 7 Subparts that pretty much reflect the Subparts in other sanctions regulations. In fact, many of the definitions and other materials are direct copies from the other sanction regulations, and this is probably to be expected and perhaps necessary to maintain an effective sanctions program.

In fact, as you read through this rule, there is nothing in it that refers to anything cyber related beyond the basic reference to EO 13694. The designation of the affected ‘certain persons’ is done completely under EO 13694 and is thus beyond the scope of this rulemaking.

OFAC is not soliciting public comments on this final rule. The effective date for this rule is today; December 31st, 2015.

No comments:

/* Use this with templates/template-twocol.html */