Skip to content
BOL Conferences
Thread Options Tools
#69567 - 03/25/03 03:30 PM SAR - Activity characterization
LiL Bit Moore Offline
Platinum Poster
LiL Bit Moore
Joined: Nov 2002
Posts: 624
Texas
If an employee manipulates or fraudulently obtains another employees system password and uses it to faciliate embezzlement against the bank, no customer accounts involved, would you characterize this specific action on the SAR as computer intrusion, use the "other" box, or only mention it in the activity summary?
_________________________
An error is not a mistake until you refuse to correct it

Return to Top
General Discussion
#69568 - 03/25/03 04:08 PM Re: SAR - Activity characterization
Connie Ollis Offline
Member
Connie Ollis
Joined: Nov 2001
Posts: 83
Western NC, US
IMO I would think you would check the "Defalcation/Embezzlement" as the characterization. This would be the "Federal criminal violation" whereas misuse of the computer was the vehicle used to facilitate the crime. Of course, you would want to include in your "Explanation/Description" the misuse of the computer.

Return to Top
#69569 - 03/25/03 04:39 PM Re: SAR - Activity characterization
LiL Bit Moore Offline
Platinum Poster
LiL Bit Moore
Joined: Nov 2002
Posts: 624
Texas
In this particular case, there are several characterizations involved. Check fraud, kiting, embezzlement/defalcation and Money Laundering. It has been very infuriating and we want to be sure to identify all applicable criminal activities. Use of employee passwords is only one of the many activities involved. I was just contemplating whether I could include this characterization in addition to all of the others.
_________________________
An error is not a mistake until you refuse to correct it

Return to Top
#69570 - 03/25/03 04:47 PM Re: SAR - Activity characterization
Kansayaku Offline
Diamond Poster
Joined: Jan 2003
Posts: 1,454
metsuretsu
I have to agree that the the characterization of suspicious activity should be listed as Defalcation/Embezzlement. The manner for which it was done can easily be included in Part V of the SAR. There you can go into as much detail of facilitating criminal activity as management and the board of directors will permit.
_________________________
I have many opinions; some are good, some are bad, and some don't contradict.

Return to Top
#69571 - 03/25/03 05:04 PM Re: SAR - Activity characterization
Tina A Sweet Offline
Diamond Poster
Tina A Sweet
Joined: Aug 2001
Posts: 1,033
Marysville, Ca.
I agree completely with the other posting comments.
_________________________
Tina A Sweet-Williams
AVP Special Assets
mailto:tsweet@goldcountrynb.com

Return to Top
#69572 - 03/25/03 06:11 PM Re: SAR - Activity characterization
LiL Bit Moore Offline
Platinum Poster
LiL Bit Moore
Joined: Nov 2002
Posts: 624
Texas
If you have multiple types of activity involved with one situation are you not checking multiple boxes regarding charcterization? For example, in this particular case, I am checking embezzlement/defalcation, but I am also indicating (marking) and characterizing other activity such as money laundering, kiting, check fraud. I agree that embezzlment/defalcation is one of the characterizations, but within that, this person was also guilty/suspected of all of the other. And although use of other employees passwords was done to facilitate the embezzlement, I was wondering if it alone could be considered computer intrusion or a form of ID theft?
_________________________
An error is not a mistake until you refuse to correct it

Return to Top
#69573 - 03/25/03 07:16 PM Re: SAR - Activity characterization
Connie Ollis Offline
Member
Connie Ollis
Joined: Nov 2001
Posts: 83
Western NC, US
I guess I think of computer intrusion as being when your network systems or website is compromised. Maybe this is a FinCEN question ((202) 354-6423).

Return to Top
#69574 - 03/26/03 12:22 AM Re: SAR - Activity characterization
RFitzpatrick Offline
Gold Star
RFitzpatrick
Joined: Apr 2002
Posts: 424
Pacific NW
From the SAR instructions:

2. Computer Intrusion. For purposes of this report, computer intrusion is defined as gaining access to a
computer system of a financial institution to:
a. Remove, steal, procure or otherwise affect funds of the institution or the institution's customers;
b. Remove, steal, procure or otherwise affect critical information of the institution including customer account information or
c. Damage, disable or otherwise affect critical systems of the institution.
For purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or
other non-critical information systems of the institution that provide no access to institution or customer financial
or other critical information.

So if they took the password to get bank or customer info, I would also check box 35(f), and all the others applicable.
_________________________
Liability for taking my advice is limited to the amount you paid for it.

Return to Top