Financial institutions can take steps to protect the U.S. financial system from cybercriminals, according to the Financial Crimes Enforcement Network. The agency recently issued an advisory and list of frequently asked questions to help these institutions understand their obligations under the Bank Secrecy Act, and how they can help authorities combat cybercrime.
“Cybercriminals target the financial system to defraud financial institutions and their customers and to further other illegal activities,” according to a FinCEN news release. “Financial institutions can play an important role in protecting the U.S. financial system from these threats.”
The advisory offers information to financial institutions on:
• Reporting cybercrime and events though suspicious activity reports;
• Completing and filing SARs;
• Working with various entities to identify suspicious activity; and
• Sharing information with other financial institutions regarding money laundering and cybercrime.
In the advisory, FinCen stated: “A financial institution is required to report a suspicions transaction conducted or attempted by, at, or though the institution that involves or aggregates to $5,000 or more in funds or other assets.”
The advisory offers examples of instances when SARS would be mandated, and states that even if actual transactions may not have occurred during an attempt to gain access to a bank system, those cyber events still should be reported.
FinCEN’s advisory also encourages voluntary reporting of cyberevents that aren’t mandated by the BSA; and lists the information that needs to be gathered and included in SARs, such as internet protocol addresses and timestamps.
The advisory does not add any new requirements or rules, but should instead be interpreted as a guide, according to FinCEN.
For the complete advisory and frequently asked questions, visit https://www.fincen.gov/news/news-releases/fincen-issues-advisory-financial-institutions-cyber-events-and-cyber-enabled.