Newsroom

The Financial Crimes Enforcement Network this week issued an advisory to assist financial institutions in understanding the applicability of Bank Secrecy Act reporting requirements for cyber-enabled crime and cyber-events. It also published a set of frequently asked questions regarding these types of crimes.

FinCEN defines a cyber-event as an attempt to compromise or gain unauthorized electronic access to systems, services, resources or information. A cyber-enabled crime, it noted, is defined as illegal activity, including fraud, money laundering or identity theft carried out by electronic systems and devices.

In the advisory, released Tuesday, FinCEN shares with financial institutions:

• how they can report cyber-enabled crimes and cyber-events through suspicious activity reports;
• how to collaborate between Bank Secrecy Act/anti-money laundering units and in-house cybersecurity units to identify suspicious activity; and
• how institutions can share cyber-related information with other financial institutions to guard against and report money laundering, terrorism financing and cyber-enabled crime.

The advisory also discussed regulatory expectations for financial institutions including the mandatory reporting of certain incidents of actual or attempted cyber-crime using SARs.

The FAQ document answers questions such as what kind of information should be included in SARs when reporting cyber-events and cyber-enabled crime, how a financial institution should complete SARs when reporting on these crimes, how the crimes should be characterized in a SARs, and how a financial institution can report numerous cyber-events in SARs.

FinCEN said its FAQ supersedes those published in 2001 regarding computer intrusion.