WASHINGTON—FinCEN has issued an advisory outlining financial institutions’ suspicious activity report (SAR) obligations as they relate to cyber-events and cyber-enabled crime.
NAFCU reminds credit unions that for certain cyber activity, FinCEN requires a SAR.
“Any illegal or suspicious activity can form the grounds of a SAR. In certain cases, credit unions are required to file a SAR,” explained NAFCU. “In particular, when criminal or suspicious activity from someone outside of the credit union that totals $5,000 or more and you have a suspect, you must file a SAR. For criminal or suspicious activity from an outsider totaling $25,000 or more, even if the credit union can’t identify a potential suspect, the credit union is required to file a SAR.”
FinCEN in its guidance advised that the financial institution include in its SAR relevant and available cyber-related information, such as Internet protocol addresses with timestamps, virtual-wallet information, and device identifiers.