Along the same lines of email compromise, and the recent updated FinCEN Advisory from July 2019 (FIN-2019-A005), I wanted to know if others could lend some clarification for these potential scenarios:
1. If a customer gives remote access of their personal home computer to a fraudster, and then has the customer logs into their online banking and then that fraudster transfers money from the customers checking to savings, with no actual loss, is that something still SAR-worthy?
2. If a customer's email was compromised, and online banking information was somehow also compromised in the process, and if subsequently the fraudster submitted a wire request, ACH request, etc., that would be something SAR-worthy, correct? (regardless of whether or not the payment request was fulfilled?)
3. In relation to the updated advisory, on page 9, what are other's perspective of this: "With respect to email compromise fraud involving fraudulent payment instructions, a financial institution has a SAR filing obligation regardless of whether the scheme or involved transactions were successful, and regardless of whether the financial institution or its customers incurred an actual loss".
The jist of the advisory, if I'm reading correctly, involves compromised emails that are subsequently used to make fraudulent transactions via a financial institution, correct?