A mandatory filing is one which hits our thresholds of $5000 and $25,000. A voluntary filing is one which does not hit the thresholds.
When filing a mandatory or voluntary SAR involving a cyber-event, financial institutions should provide complete and accurate information, including relevant facts in appropriate SAR fields, and information about the cyber-event in the narrative section of the SAR—in addition to any other related suspicious activity. As needed, financial institutions may also attach a comma separated value (CSV) file to SARs to report data, such as cyber-event data and transaction details, in tabular form. For example, to the extent available, SARs involving cyber-events should include:
• Description and magnitude of the event
• Known or suspected time, location, and characteristics or signatures of the event
• Indicators of compromise
• Relevant IP addresses and their timestamps
• Device identifiers
• Methodologies used
Other information the institution believes is relevant.
Learn more about Deborah Crawford’s webinar SAR: Line-by-Line