Skip to content

Do we file on every cyber event? A SAR?

Question: 
What must be in a mandatory or voluntary cybercrime filing?
Answer: 

A mandatory filing is one which hits our thresholds of $5000 and $25,000. A voluntary filing is one which does not hit the thresholds.
When filing a mandatory or voluntary SAR involving a cyber-event, financial institutions should provide complete and accurate information, including relevant facts in appropriate SAR fields, and information about the cyber-event in the narrative section of the SAR—in addition to any other related suspicious activity. As needed, financial institutions may also attach a comma separated value (CSV) file to SARs to report data, such as cyber-event data and transaction details, in tabular form.[13] For example, to the extent available, SARs involving cyber-events should include:
• Description and magnitude of the event
• Known or suspected time, location, and characteristics or signatures of the event
• Indicators of compromise
• Relevant IP addresses and their timestamps
• Device identifiers
• Methodologies used
Other information the institution believes is relevant.

-----------------------------
Learn more about Deborah Crawford’s webinar SAR: Line-by-Line

First published on 10/27/2019

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics