Skip to content
BOL Conferences
Learn More - Click Here!

New Reply Thread Options
#2261121 - 10/14/21 11:36 PM Cyber event?
Anonymous
Unregistered

Customer allows a hacker into their online banking (under false pretenses) and the hacker moves funds from the customer's SAV to the customer's DDA and tells them the funds were deposited into the DDA by mistake and they need to send the money back. Elderly customer did not check the SAV so doesn't know it's their own funds they are sending out. Is this a cyber event? The customer let them in is where I'm hung up. I think it is, by the way. Just want to confirm.

Thank you

Return to Top Reply Quote Quick Reply Quick Quote
#2261126 - 10/15/21 01:10 PM Re: Cyber event? Anonymous
Anonymous
Unregistered

https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2016-a005

"Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information."

It's a very broad definition for a Cyber-Event. I would say that you have a Cyber Event against your customer.

I'd also call this account takeover.

Return to Top Reply Quote Quick Reply Quick Quote
#2261127 - 10/15/21 01:26 PM Re: Cyber event? Anonymous
Adam Witmer Offline
Power Poster
Joined: Sep 2010
Posts: 2,658
Great question as the guidance I recall doesn't address this specific situation. You might get differing opinions on this, but it seems to me you need to file a SAR for at least a cyber-event.

Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic
systems, services, resources, or information.


Also, I'm not an attorney (or FinCEN), but I'm wondering if you had a crime occur with the transfer, which could push this into the "cyber-enabled crime" category:

Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.
_________________________
Adam Witmer, CRCM

All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com

Return to Top Reply Quote Quick Reply Quick Quote
#2261149 - 10/15/21 04:43 PM Re: Cyber event? Anonymous
Anonymous
Unregistered

Thank you for the responses. I feel better about the fact I'm not the only one having doubts about the wording in the guidance. I will l definitely file a SAR and include account takeover and cyber event. I just wish more of these criminals were caught and punished. This customer is elderly and has lost her life savings. The front line did an excellent job of asking her questions but the hacker had instructed her on how to respond in a believable way. Sad.

Return to Top Reply Quote Quick Reply Quick Quote
#2261348 - 10/21/21 11:55 AM Re: Cyber event? Anonymous
praBSA Offline
Gold Star
Joined: Aug 2018
Posts: 348
I'd be curious for further opinions on this topic as a whole.

FIN-2011-A016 states that account takeover activity should be reported.
FIN-2016-A005 is an advisory that really just talks about cyber-events and cyber-related crime targeting a financial institution.

Does FinCEN define "targeting a financial institution" as a customer providing their account information to a scammer and the scammer transferring funds out of the account? That seems too broad to me. I feel like the guidance's intent was for financial institutions to report crimes and attempts against the financial institution itself, and not individual customers.

Return to Top Reply Quote Quick Reply Quick Quote
#2261353 - 10/21/21 02:10 PM Re: Cyber event? Anonymous
ColoradoAML Offline
Gold Star
Joined: Mar 2018
Posts: 338
If a customer is deceived into providing remote access to their PC which leads to a criminal initiating or attempting fraudulent transactions, we report that as a cyber event against the customer.

I make a distinction between that and when a customer gives their credentials to a criminal in the course of an employment scam or something so that the criminal can make a fraudulent deposit.

The customer may have been deceived in both cases (or may claim to be deceived in the second case to hide their complicity as a money mule), but in the second case the customer is willfully allowing the criminal to transact through their account, while in the first the customer didn't intentionally provide access.

This is probably more clear in my head than it is on paper or in practice, but we've been able to be consistent with this. I also admit that it may be difficult to determine exactly what was divulged and how.

Return to Top Reply Quote Quick Reply Quick Quote
#2261399 - 10/21/21 06:52 PM Re: Cyber event? Anonymous
RockChucker, CAMS Offline
Diamond Poster
Joined: Jul 2013
Posts: 1,700
The Country
I agree with both praBSA and ColoradoAML.
It is important to distinguish if the attack/compromise is against the banks systems or a customer provides their online credentials and a fraudster uses them to defraud the customer.
_________________________
A successful man is one who can lay a firm foundation with the bricks others have thrown at him.
-David Brinkley

Return to Top Reply Quote Quick Reply Quick Quote
#2261418 - 10/21/21 09:50 PM Re: Cyber event? Anonymous
Anonymous
Unregistered

So did they send the funds out?

Return to Top Reply Quote Quick Reply Quick Quote
#2279643 - 01/10/23 05:53 PM Re: Cyber event? Anonymous
Marmaduchess Offline
100 Club
Marmaduchess
Joined: Oct 2009
Posts: 175
Oregon Coast
This older thread brings up a question I have about filing out the SAR. When you click on the Cyber Event in Field 44, what do you choose from the drop down menu for the elder scam descibed above? I usually pick Other and describe it as online banking account takeover. But then what in the world is an event value??? No help from the help boxes on the SAR!

Return to Top Reply Quote Quick Reply Quick Quote
#2279728 - 01/11/23 09:56 PM Re: Cyber event? Anonymous
ColoradoAML Offline
Gold Star
Joined: Mar 2018
Posts: 338
You might take a look at the SAR efiling instructions: https://www.fincen.gov/resources/filing-information

Number 13 beginning on page 144 discusses this and provides some examples.

Return to Top Reply Quote Quick Reply Quick Quote
#2279787 - 01/13/23 12:06 AM Re: Cyber event? Anonymous
Marmaduchess Offline
100 Club
Marmaduchess
Joined: Oct 2009
Posts: 175
Oregon Coast
Thank you ColoradoAML. I went straight to the instructions for that particular field and bypassed this part of the document. I think I came up with something that will fit for that filed. BTW, I asked FInCEN and their answer was "to enter a value that coincides with the indicate you have described". Hope that helps others!

Return to Top Reply Quote Quick Reply Quick Quote
Quick Reply:
HTML is disabled
UBBCode is enabled




Moderator:  MagicCity, P*Q, Truffle Royale