If there was an electronic intrusion in which a customer's email account was hacked, false wire instructions were sent to a FI including Bank & beneficiary information, but the wire transfer procedures thwarted the hacker's plan before funds were actually sent anywhere, are we to list the listed beneficiary Bank (according to the instructions) on Part III of the SAR?
My gut's telling me no because the activity never actually occurred there, however in the same token...the activity didn't occur at our institution either because at the end of the day, nothing happened due to our procedures.
What's the correct way to handle this?
Life is like a bicycle. To keep your balance, you must keep moving.