We have a commercial customer that had its computer system hacked and a large dollar amount zapped out via ACH. The customer suffered a large loss on this. My understanding is that the bank does not have the liability however we are going to share part of the loss as a matter of goodwill and also to reduce the reputation risk.
Do we file a SAR on this given we are sharing the loss?

Side note - the FBI is involved and this type of fraud is on the rise so we are visiting all of our ACH customers to re-communicate the importance of sound computer spywire and virus protection. Attached is a link of some something similiar that we experienced.

http://www.americanbanker.com/btn_issues...-1000631-1.html

The fact that the bank will participate in the loss, whether because it has to or because of good will concerns, is immaterial. The fact that a fraud or attempted fraud involved an account at the bank is what triggers the SAR process. If the $25,000 threshold is reached, you have a reporting requirement whether or not the bank sustains a loss.

Thanks John

For those reading this thread, the AmSouth $10 million civil money penalty in 2004 is the object lesson to take to heart. One of the key criticisms of the bank's SAR program was a failure to file SARs on suspected illegal activity passing through an account at the bank based on the fact that the bank sustained no loss from the activity.

The AmSouth CMP is outlined on BOL's BSA Penalties List page, at http://www.bankersonline.com/security/bsapenaltylist.html#amsouth. There's a link in the summary to the actual CMP order that details the alleged failings of the bank's programs.