Cyber-events and Cyber-enabled Crime (FinCEN)

Answered by:

Question:

As it pertains to the FinCEN guidance in 2016 relating to Cyber-events and Cyber-enabled crime, does the requirement of identifying a suspect still apply, or should banks be filing SARs on cyber-enable crime(i.e., identity theft) if the $5k threshold is met even if a suspect is not identified?

Answer:

The thresholds for reporting, $5,000 if you have a subject, $25,000 if you do not, are established by regulation. FinCEN cannot change them with mere guidance.

Regardless, the guidance indicates they want banks to consider what might have happened if the attempt had been successful. My reading of the language is they want banks not to get hung up on the dollar amounts and to be predisposed to file.

Cyber-events and Cyber-enabled Crime (FinCEN)

Related Q&As

New Account Checklist

Adverse Action Notice Verbiage

How Examiners Review Red Flags

Related Tools View All

HMDA Refi Cheat Sheet

A Guide to Bank Compliance Research

CRA Codes for Small Business Loans

OFAC Updates View All

Sanctions List Search

Specially Designated Nationals List (SDN)

Sanctions Programs and Information

Search Topics