Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens

The order directs five Cabinet-level officials — the Secretaries of State, Treasury, War, and Homeland Security and the Attorney General — to conduct a 60-day review of existing operational, technical, diplomatic, and regulatory frameworks for combating cyber-enabled crime. Using those findings, they must submit a joint action plan to the President within 120 days that identifies the specific transnational criminal organizations (TCOs) responsible and proposes ways to prevent, disrupt, investigate, and dismantle them. The action plan must include a new operational cell within the National Coordination Center to coordinate federal cyber enforcement and engage the private sector. Separately, the Attorney General must submit a recommendation within 90 days for a Victims Restoration Program to return clawed-back or forfeited funds to fraud victims. The Secretary of State is directed to press foreign governments for enforcement and to apply consequences — sanctions, visa restrictions, trade penalties, and expulsion of complicit diplomats — on nations that shelter TCOs.

The order does not itself create the operational cell, the Victims Restoration Program, any new sanctions designations, or changes to criminal law; each of those depends on the action plan, subsequent rulemaking, or follow-on presidential decisions. General provisions preserve existing agency authority and make implementation subject to available appropriations.

Federal agencies including Justice, Homeland Security, State, Treasury, and the Office of the National Cyber Director; state, local, tribal, and territorial governments that will receive cybersecurity training and threat-intelligence support; and American individuals and businesses victimized by ransomware, fraud, sextortion, and related schemes.

Americans who have lost money to online fraud or ransomware may eventually benefit from a new restitution mechanism funded by seized criminal assets. State and local governments gain a mandate for new federal cybersecurity training and intelligence-sharing to harden critical infrastructure against transnational criminal exploitation.

Implementation runs in overlapping stages: the five directed agencies complete a framework review at 60 days, feed those findings into a joint action plan due at 120 days, and the AG separately submits the Victims Restoration Program recommendation at 90 days. All three outputs are plans or recommendations rather than self-executing rules — actual program creation, operational-cell staffing, and any new sanctions depend on subsequent presidential or agency decisions. No explicit penalty or reporting mechanism is specified for missed deadlines. A standard severability-style general provision makes implementation subject to appropriations availability.