Subscribe to news digests

News Search

Industry News

Anti-cyber-attack legislation allows ministers to freeze suspects' accounts

Thursday, 6 June, 2019

The UK Cyber-Attacks (Asset-Freezing) Regulations 2019 come into force on 11 June, implementing the financial sanctions provisions of the European Union’s Cyber-Attacks Regulation to combat cyber-attacks from outside the EU.

The new UK regulation include granting HM Treasury ministers the power to freeze assets of persons or entities suspected of a 'significant' cyber-attack.

Restrictions can be imposed on the dealings that a UK national, UK-incorporated entity or other 'relevant institution' are allowed to have with persons subject to asset-freezing sanctions, regardless of whether their actions took place inside or outside the UK. HM Treasury can put such targets, and their associates or supporters, on a 'designated person' list.

Financial institutions (FIs) that receive funds transferred to a designated person's account are permitted to credit the relevant account, but must inform HM Treasury at the same time. They cannot make the funds available to any designated persons, or deal with those funds without permission.

Suspicion of, or having reasonable cause to suspect contraventions of, any of these restrictions is enough to make out an offence. Conviction can result in prison or an unlimited fine. However, FIs can protect themselves against liability by obtaining a licence from HM Treasury, granting permission to deal with funds or resources linked to a designated person.

The regulations also grant HM Treasury wide information-seeking powers. It can force a designated person to provide information concerning his assets and expenditure, and it can require 'any person in, or resident in, the United Kingdom to provide such information as the Treasury may reasonably require' for the purposes of enforcing the regulation. Refusal to comply is also a criminal offence.

HM Treasury has not yet listed any designated persons. 'This means that firms will need to monitor developments in this area to ensure they are not dealing with such persons', commented Rosemarie Paul of US law firm Ropes & Gray.