Thread Options
#2203075 - 01/15/19 10:12 PM Item 42 on New SAR
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 1,831
The West
I just want to make sure I have this straight.

If a customer experiences business or personal email compromise resulting in funds being wired out or some other type of disbursement (ACH) are we now supposed to complete Item 42 Cyber Event and select "b" Against Financial Institution Customer?
_________________________
TryingToComply
CRCM

Return to Top
BSA/AML/CIP/OFAC Forum
#2203083 - 01/15/19 11:26 PM Re: Item 42 on New SAR TryingtoComply
ColoradoAML Offline
100 Club
Joined: Mar 2018
Posts: 241
That's my understanding.

Return to Top
#2203201 - 01/16/19 09:25 PM Re: Item 42 on New SAR TryingtoComply
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 1,831
The West
Thanks. Getting ready to do our first SAR since the change.
_________________________
TryingToComply
CRCM

Return to Top
#2219159 - 08/06/19 11:47 AM Re: Item 42 on New SAR TryingtoComply
banker1976 Offline
Gold Star
Joined: Nov 2005
Posts: 344
Mid-Atlantic
Along the same lines of email compromise, and the recent updated FinCEN Advisory from July 2019 (FIN-2019-A005), I wanted to know if others could lend some clarification for these potential scenarios:

1. If a customer gives remote access of their personal home computer to a fraudster, and then has the customer logs into their online banking and then that fraudster transfers money from the customers checking to savings, with no actual loss, is that something still SAR-worthy?

2. If a customer's email was compromised, and online banking information was somehow also compromised in the process, and if subsequently the fraudster submitted a wire request, ACH request, etc., that would be something SAR-worthy, correct? (regardless of whether or not the payment request was fulfilled?)

3. In relation to the updated advisory, on page 9, what are other's perspective of this: "With respect to email compromise fraud involving fraudulent payment instructions, a financial institution has a SAR filing obligation regardless of whether the scheme or involved transactions were successful, and regardless of whether the financial institution or its customers incurred an actual loss".

The jist of the advisory, if I'm reading correctly, involves compromised emails that are subsequently used to make fraudulent transactions via a financial institution, correct?
_________________________
CAMS
CAFP

Return to Top
#2219164 - 08/06/19 02:10 PM Re: Item 42 on New SAR TryingtoComply
ColoradoAML Offline
100 Club
Joined: Mar 2018
Posts: 241
1. Assuming the amount is greater than either $5,000 or $25,000, I would file. This is this is attempted fraud and account takeover, and an unauthorized transaction was completed.

2. Yes, if it's over the reporting thesholds it should be filed regardless of whether or not it's successful.

3. This appears to reiterate the answer to #2

Return to Top
#2219538 - 08/12/19 05:11 PM Re: Item 42 on New SAR TryingtoComply
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 1,831
The West
Reviving this thread. Is everyone entering the email address in Item 44 when the email address is reported to the bank by the customer?
_________________________
TryingToComply
CRCM

Return to Top
#2219548 - 08/12/19 05:41 PM Re: Item 42 on New SAR TryingtoComply
Sunshine Lady Online
Platinum Poster
Sunshine Lady
Joined: Apr 2014
Posts: 590
Yes we do.
_________________________
Define Success on your own terms, achieve it by your own rules, and build a life you are proud of. Anne Sweeney

Return to Top
#2219554 - 08/12/19 06:43 PM Re: Item 42 on New SAR TryingtoComply
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 1,831
The West
We haven't been doing so consistently, but have always included in the narrative. Looks like we need to do a few amendments.
_________________________
TryingToComply
CRCM

Return to Top

Moderator:  Andy_Z