WASHINGTON—The Financial Crimes Enforcement Network (FinCEN) is recommending that FIs include IP addresses and other cyber-derived information in the Suspicious Activity Reports (SARs) they file.
That recommendation was made recently by FinCEN Director Jennifer Shasky Calvery at a cybersecurity forum in New York.
“Less than 2% of SARs filed contain IP information,” said Shasky Calvery. “This information is incredibly important to the FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”
Shasky Calvery offered examples of how information derived from SARs has been used in stopping cyber threats. Data from several SARs advanced an investigation into a $7 million fraudulent wire scheme in Florida, she said; the FBI identified the virus that was used to steal the credentials to transfer the funds, and SARs helped track down other wire transfers related to a money launderer working with the hackers.
“FinCEN is actively analyzing BSA data to analyze and develop leads on cyber threats including ransomware, DDoS attacks, and malware targeting financial institutions,” she said. “FinCEN also provides our law enforcement stakeholders with tactical and strategic intelligence reports associated with these threats.”