I just want to make sure I have this straight.

If a customer experiences business or personal email compromise resulting in funds being wired out or some other type of disbursement (ACH) are we now supposed to complete Item 42 Cyber Event and select "b" Against Financial Institution Customer?

That's my understanding.

Thanks. Getting ready to do our first SAR since the change.

Along the same lines of email compromise, and the recent updated FinCEN Advisory from July 2019 (FIN-2019-A005), I wanted to know if others could lend some clarification for these potential scenarios:

1. If a customer gives remote access of their personal home computer to a fraudster, and then has the customer logs into their online banking and then that fraudster transfers money from the customers checking to savings, with no actual loss, is that something still SAR-worthy?

2. If a customer's email was compromised, and online banking information was somehow also compromised in the process, and if subsequently the fraudster submitted a wire request, ACH request, etc., that would be something SAR-worthy, correct? (regardless of whether or not the payment request was fulfilled?)

3. In relation to the updated advisory, on page 9, what are other's perspective of this: "With respect to email compromise fraud involving fraudulent payment instructions, a financial institution has a SAR filing obligation regardless of whether the scheme or involved transactions were successful, and regardless of whether the financial institution or its customers incurred an actual loss".

The jist of the advisory, if I'm reading correctly, involves compromised emails that are subsequently used to make fraudulent transactions via a financial institution, correct?

1. Assuming the amount is greater than either $5,000 or $25,000, I would file. This is this is attempted fraud and account takeover, and an unauthorized transaction was completed.

2. Yes, if it's over the reporting thesholds it should be filed regardless of whether or not it's successful.

3. This appears to reiterate the answer to #2

Reviving this thread. Is everyone entering the email address in Item 44 when the email address is reported to the bank by the customer?

Yes we do.

We haven't been doing so consistently, but have always included in the narrative. Looks like we need to do a few amendments.