I am looking for some assistance on the reporting thresholds for cyber events.
FIN-2016-A005 guidance states "A financial institution is required to report a suspicious transaction conducted or attempted by, at, or through the institution that involves or aggregates to $5,000 or more in funds or other assets."
This is however in contrast to the FFIEC manual and 12 CFR208.62.c.3 which says without a suspect the reporting requirement is $25,000.
Is the bank obligated to file in this situation if we only have perhaps an email address from the attack?