The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) recently issued an advisory to financial institutions on cyber-events and cyber-enabled crime, as well as Frequently-Asked-Questions guidance regarding the reporting of cyber-events, cyber-enabled crime and cyber-related information through Suspicious Activity Reports.
FinCEN said the late October guidance is designed to assist financial institutions in understanding their Bank Secrecy Act obligations regarding cyber-events and cyber-enabled crime, and also highlights how BSA reporting helps U.S. authorities combat cyber-events and cyber-enabled crime.
The alert is designed to help financial institutions with the following:
-
Reporting cyber-enabled crime and cyber-events through Suspicious Activity Reports (SARs);
-
Including relevant and available cyber-related information (e.g., Internet Protocol (IP) addresses with timestamps, virtual-wallet information, device identifiers) in SARs;
-
Collaborating between BSA/Anti-Money Laundering (AML) units and in-house cybersecurity units to identify suspicious activity; and
-
Sharing information, including cyber-related information, among financial institutions to guard against and report money laundering, terrorism financing, and cyber-enabled crime.
The alert also defines three types of cyber-related incidents:
-
Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.
-
Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.
-
Cyber-Related Information: Information that describes technical details of electronic activity and behavior, such as IP addresses, timestamps, and Indicators of Compromise (IOCs). Cyber-related information also includes, but is not limited to, data regarding the digital footprint of individuals and their behavior.
FinCEN and law enforcement regularly use information financial institutions report under the BSA to initiate investigations, identify criminals, and disrupt and dismantle criminal networks, the alert states.
FinCEN also points out that the advisory “does not change existing BSA requirements or other regulatory obligations for financial institutions,” and that financial institutions “should continue to follow federal and state requirements and guidance on cyber-related reporting and compliance obligations.”
Further, financial institutions should also note that filing a SAR does not relieve financial institutions from any other applicable requirements to timely notify appropriate regulatory agencies of events concerning critical systems and information or of disruptions in their ability to operate, the report states.
The recently enacted Cybersecurity Act of 2015, also known as the Cybersecurity Information Sharing Act (CISA), does not change any SAR-reporting requirements under the BSA, SAR confidentiality rules, or the safe harbor protections under section 314 of the USA PATRIOT Act, the advisory notes.
The FAQs guidance also provides some examples of when SAR reporting of cyber-events is manadatory, such as a malware intrusion.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Melanie Waddell
Melanie is senior editor and Washington bureau chief of ThinkAdvisor. Her ThinkAdvisor coverage zeros in on how politics, policy, legislation and regulations affect the investment advisory space. Melanie’s coverage has been cited in various lawmakers’ reports, letters and bills, and in the Labor Department’s fiduciary rule in 2024. In 2019, Melanie received an Honorable Mention, Range of Work by a Single Author award from @Folio. Melanie joined Investment Advisor magazine as New York bureau chief in 2000. She has been a columnist since 2002. She started her career in Washington in 1994, covering financial issues at American Banker. Since 1997, Melanie has been covering investment-related issues, holding senior editorial positions at American Banker publications in both Washington and New York. Briefly, she was content chief for Internet Capital Group’s EFinancialWorld in New York and wrote freelance articles for Institutional Investor. Melanie holds a bachelor’s degree in English from Towson University. She interned at The Baltimore Sun and its suburban edition.
