The Financial Crimes Enforcement Network ("FinCEN") advised firms on Bank Secrecy Act ("BSA") reporting obligations regarding cyber events and cyber-enabled crime.

FinCEN recommended that financial institutions:

  • report cyber-enabled crime and cyber events through Suspicious Activity Reports ("SARs"), especially those cyber events that put customer funds at risk;
  • include relevant and available cyber-related information (e.g., Internet Protocol ("IP") addresses with timestamps, virtual-wallet information, device identifiers) in SARs;
  • collaborate with BSA / Anti-Money Laundering units and in-house cybersecurity units in identifying suspicious activity; and
  • share information (including cyber-related information) with other financial institutions to guard against and report money laundering, terrorism financing and cyber-enabled crime.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.