Thread Options
#2118977 - 02/21/17 06:19 PM Cyber SAR
Banker57 Offline
Gold Star
Joined: Jul 2010
Posts: 439
Minnesota
Anyone offer tips or guidance on completeing a SAR for a cyber related event? I am not an IT person so am floundering on what and how to include information.

Return to Top
BSA/AML/CIP/OFAC Forum
#2118979 - 02/21/17 06:23 PM Re: Cyber SAR Banker57
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 76,958
Galveston, TX
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2118996 - 02/21/17 07:06 PM Re: Cyber SAR Banker57
Banker57 Offline
Gold Star
Joined: Jul 2010
Posts: 439
Minnesota
Yes, that is what got me floundering!

Return to Top
#2119021 - 02/21/17 08:56 PM Re: Cyber SAR Banker57
bcompliance Offline
Diamond Poster
Joined: Sep 2014
Posts: 1,224
I would suggest getting with your IT department or vendor and have a discussion on how they can assist you with obtaining IP addresses, etc from these cyber events. You should include all information that the bank has available to them to file the SAR. If an email address was compromised to send a wire request to your bank, you should be able to obtain the IP address it was sent from. It may take some digging, but it should be able to be obtained. Also, chances are it is a spoofed IP address, but if enough SARs are filed with the spoofed IP address, law enforcement may be able to trace the fraudster down. Hopefully that helps you out some.
_________________________
CRCM, CAMS

Return to Top
#2119152 - 02/22/17 07:58 PM Re: Cyber SAR Banker57
Banker57 Offline
Gold Star
Joined: Jul 2010
Posts: 439
Minnesota
Thank you, your information was very helpful!

Return to Top

Moderator:  Andy_Z