If there was an electronic intrusion in which a customer's email account was hacked, false wire instructions were sent to a FI including Bank & beneficiary information, but the wire transfer procedures thwarted the hacker's plan before funds were actually sent anywhere, are we to list the listed beneficiary Bank (according to the instructions) on Part III of the SAR?

My gut's telling me no because the activity never actually occurred there, however in the same token...the activity didn't occur at our institution either because at the end of the day, nothing happened due to our procedures.

What's the correct way to handle this?

You would list your institution in Part III. Even though the transaction was not successful, it was attempted, so it's still reportable on a SAR.

The beneficiary bank (and any other pertinent information from the wire instructions) should be mentioned in the narrative.

Thanks, that's exactly where I was at...just needed someone else to say (or type) it as well!