The Financial Crimes Enforcement Network ("FinCEN") advised firms on Bank Secrecy Act ("BSA") reporting obligations regarding cyber events and cyber-enabled crime.
FinCEN recommended that financial institutions:
- report cyber-enabled crime and cyber events through Suspicious Activity Reports ("SARs"), especially those cyber events that put customer funds at risk;
- include relevant and available cyber-related information (e.g., Internet Protocol ("IP") addresses with timestamps, virtual-wallet information, device identifiers) in SARs;
- collaborate with BSA / Anti-Money Laundering units and in-house cybersecurity units in identifying suspicious activity; and
- share information (including cyber-related information) with other financial institutions to guard against and report money laundering, terrorism financing and cyber-enabled crime.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.