We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Research and Briefings

What OFAC’s Ransomware Advisory Means for US Companies


Ransomware payments — and their reimbursement under insurance policies — remain a controversial topic because of their potential for moral hazard and the possibility that such payments will fund criminal, terrorist, and/or state sponsored cyber actors.

On October 1, 2020, the US Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that addresses this issue. The  advisory reiterates the prohibition against US businesses and persons conducting business or paying funds to any person on the “Specially Designated Nationals and Blocked Persons” list. US companies can be sanctioned for violation of OFAC’s rule even if they do not personally execute a transaction or know that a payment is being made to a prohibited organisation or person.

The OFAC advisory does not change any applicable laws, regulations, or guidance in relation to ransom payments. But it does serve as a reminder — to US companies, ransom payment facilitators, and cyber insurers — that a regulatory framework on ransomware already exists and applies in these circumstances.

In our client advisory, Marsh lays out what US businesses need to know about the OFAC advisory and the importance of completing an OFAC review before payment of ransom demands.

We also offer recommendations for re-assessing ransom incident response plans, mitigating ransomware risk, and ways that Marsh can help you prepare for, respond to, and recover from ransomware and cyber extortion attacks.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.