Notices to Members2022 | 2021 | 2020 | 2019 | 2018 | Show more years
October 31, 2016
FinCEN issues an Advisory and Frequently Asked Questions to financial institutions on cyber-events and cyber-enabled crime
On October 25, 2016, the Financial Crimes Enforcement Network (FinCEN) issued an Advisory and supplementary Frequently Asked Questions (FAQs) to financial institutions on cyber-events and cyber-enabled crime. The Advisory is intended to assist financial institutions in understanding their Bank Secrecy Act (BSA) obligations regarding cyber-events and cyber-crime. FinCEN notes that the Advisory does not change existing BSA requirements or other regulatory obligations and that firms should continue to follow federal and state government agencies' and pertinent regulatory organizations' guidance and requirements on cyber-related reporting and compliance obligations.
The Advisory provides specific guidance regarding how BSA regulations and requirements apply to cyber-events, cyber-enabled crime and cyber-related information. In summary, the Advisory:
Describes mandatory suspicious activity reporting (SAR) requirements for cyber-related events and cyber-crime and encourages voluntary reporting of egregious, significant or damaging cyber-related events;
Identifies cyber-related information that should be included in a SAR filing (if available) and encourages firms to incorporate cyber-related information into their BSA/anti-money laundering (AML) monitoring efforts;
Encourages collaboration between BSA/AML compliance staff and cybersecurity staff to help identify suspicious activity and help financial institutions conduct a more comprehensive threat assessment and develop appropriate risk management strategies; and
Encourages financial institutions to share cyber-related information to better guard against money laundering, terrorism financing and cyber-enabled crime.
NFA Member futures commission merchants (FCM) and introducing brokers (IB) should closely review the Advisory and FAQs, consider whether any changes to their AML programs are necessary in order to comply with BSA obligations regarding cyber-events, and ensure their programs contain all relevant information and guidance regarding cyber-events and cyber-enabled crime.