Steve H. Powell & Company

  • Contact
  • About us
  • Management
  • Services
    • Loan Review
    • Compliance
    • Due Diligence
    • ALLL Methodology
    • Strategic Planning
  • Newsletter
  • Blog
  • Contact
  • About us
  • Management
  • Services
    • Loan Review
    • Compliance
    • Due Diligence
    • ALLL Methodology
    • Strategic Planning
  • Newsletter
  • Blog

​

FinCEN Issues Advisory for Filing SARs on Cyber-Enabled Crime

3/26/2017

0 Comments

 
By: Tyler Youmans

The proliferation of cyber-enabled crimes prompted FinCEN to issue a new advisory on October 25, 2016 for filing and completing SARs. The new advisory does not alter existing BSA requirements or other regulatory obligations. It simply aims to clarify when cyber-events elicit a SAR filing and the types of information to include within SARs related to cyber-events.

FinCEN defines a cyber-event as, “an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.” The mandatory filing requirements for cyber-events obligates financial institutions to report, “a suspicious transaction conducted or attempted by, at, or through the institution that involves or aggregates to $5,000 or more in funds or other assets.” Under the mandatory filing requirement, it is important to note that financial institutions are required to file SARs for “attempted” transactions. FinCEN’s advisory also notes, “cyber-events targeting financial institutions that could affect a transaction or series of transactions would be reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.” Therefore, banks must file a SAR for cyber-events when no funds were lost, but the aggregate total of the potential loss exceeds $5,000.​
When a cyber-event occurs that warrants a SAR, the financial institution should include all cyber-related information. FinCEN states, “cyber-related information includes, but is not limited to, IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information.” In addition, information about type, magnitude, and methodology of the cyber-event should be included in the narrative of the SAR. FinCEN also encourages financial institutions include comma separated value (CSV) files as a SAR attachment to report pertinent information about the cyber-event data. To the extent available, SARs should include the following:

  • Description and magnitude of the event
  • Known or suspected time, location, and characteristics or signatures of the event
  • Indicators of compromise
  • Relevant IP addresses and their timestamps
  • Device identifiers
  • Methodologies used
  • Other information the institution believes is relevant

In the event the financial institution is subject to multiple cyber-events in close proximity that are similar in nature and displaying the same characteristics, you may file one cumulative SAR to report all the incidents.
FinCEN Advisory FIN-2016-A005, notes it is permissible for banks to share information related to cyber-events under the guidelines of 314(b). Providing information such as “malware signatures, IP addresses and device identifiers, and seemingly anonymous virtual currency addresses,” aids law enforcement in identifying the individuals and groups responsible for perpetrating cybercrimes.  Consequently, the safe harbor benefits are extended to cover information sharing related to cyber-events.

To review the full advisory and FAQs, visit the links below.

https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2016-a005

https://www.fincen.gov/frequently-asked-questions-faqs-regarding-reporting-cyber-events-cyber-enabled-crime-and-cyber
​
0 Comments



Leave a Reply.

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    May 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    September 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    July 2021
    May 2021
    February 2021
    January 2021
    October 2020
    August 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    March 2019
    January 2019
    September 2018
    August 2018
    June 2018
    May 2018
    April 2018
    February 2018
    January 2018
    October 2017
    August 2017
    July 2017
    June 2017
    March 2017
    February 2017
    October 2016
    September 2016
    August 2016
    June 2016

    RSS Feed

Proudly powered by Weebly