Page 7 - 1Q 2017 Reporter
P. 7
Banks and Cyberwarfare:
FinCEN’s Guidance on
Cyberattacks and Reporting
Elizabeth K. by Elizabeth K. Madlem, Associate General Council
Madlem
Cyberattacks - despite sounding like a concept n Communication and collaboration are key
out of a science fiction novel - have become a components to defeating a cyber threat - BSA,
growing battleground with far-reaching security and fraud prevention, cybersecurity and other areas
privacy implications. of an institution must work together to conduct
Ransomware attacks, high-stakes wire transfer a more comprehensive threat assessment to
fraud and other incidents are constant threats with identify, report and mitigate cyber-events; and
damaging results to banks. No longer wanting to be
victims, banks have begun to take proactive steps to
n Lastly, to aid in communication, FinCEN is
get ahead of a cyber breach before it happens and
seeking to promote information sharing between
the practice of thinking like a criminal is now more
financial institutions and the safe harbor under
common within a bank’s IT and risk departments.
Section 314(b) of the USA PATRIOT Act.
In many financial institutions, management
has specifically-formulated plans and assigned
responsibilities, implemented chains of command, SAR reporting of cyber events is mandatory - the
developed policies and procedures, and allocated FinCEN Advisory does provide several non-exclusive
adequate resources to perform the monitoring for examples of this type of cause of action. First, if
cyber security. These tools ensure the bank is better a cybercriminal gains access to a bank’s systems
prepared for a cyber-attack. Being proactive in and information through malware intrusion, the
cyberwarfare better protects customers as well as bank must determine the amount implicated (with
the bank. $5,000 in funds or assets being the minimum), and
denote all relevant SAR information of the suspicious
Last October, FinCEN issued an advisory to
activity. Additionally, even if the amount did not meet
financial institutions on cyber events and cyber-
the $5,000 required minimum to trigger a mandatory
enabled crime. Cybercriminals are targeting
cyber-reporting event, FinCEN is adamant that
financial systems with more force, attempting to
voluntary reporting will play a crucial role in
defraud these institutions as well as their customers.
preempting an attack. FinCEN is seeking an active
Advisory FIN-2016-A005 attempts to aid financial
commitment from financial institutions to voluntarily
institutions in understanding their Bank Secrecy
provide SAR reporting, as well as work closely with
Act (BSA) reporting obligations of cyber events and
BSA/AML and cybersecurity units, on top of sharing
cyber-enabled crime. Though the advisory does
with other financial institutions.
not change existing regulatory expectations, it does
provide insight into several areas:
For further information regarding Advisory
FIN-2016-A005 and its Frequently Asked Questions,
n Guidance is now provided on how to file a SAR
please refer to the following hyperlinks: FinCEN
to report cyber events, including the proper
Advisory and FAQs.
completion of SARs as well as examples of
potential events that would lead to SAR reporting;
4
First Quarter 2017 IllInoIs RepoRteR
