The United States Treasury Department has told financial organizations to report instances of computer-related crime and attacks.
On 25 October, the Financial Crimes Enforcement Network (FinCEN) of the Treasury Department issued an advisory (PDF) to financial institutions on computer crime and attacks.
The resource explains that organizations must file what is known as a suspicious activity report (SAR) whenever they experience a suspicious transaction that succeeds in stealing or attempts to steal 5,000 USD or more in funds and other assets.
Computer crime or attacks could require institutions to file a SAR. If that’s the case, FinCEN wants organizations to include some additional information.
As the Treasury Department office explains in the advisory:
“When filing a mandatory or voluntary SAR involving a cyber-event, financial institutions should provide complete and accurate information, including relevant facts in appropriate SAR fields, and information about the cyber-event in the narrative section of the SAR—in addition to any other related suspicious activity.”
That information includes relevant details about the computer attack such as indicators of compromise, relevant IP addresses and timestamps, device identifiers, methodologies used, and other relevant information.
FinCEN feels those pieces of data can help law enforcement shut down computer criminal networks, such as those actors who abused the Society for Worldwide Interbank Financial Telecommunications (SWIFT) network to steal 81 million USD from the Bangladesh Bank.
To protect against similar heists, the Treasury Department feels organizations should share information about computer attacks not only with it and law enforcement agencies but also with one another:
“Financial institutions can work together to identify threats, vulnerabilities, and criminals. By sharing information with one another, financial institutions may gain a more comprehensive and accurate picture of possible threats, allowing for more precise decision making in risk mitigation strategies. FinCEN continues to encourage financial institutions to use all lawful means to guard against money laundering and terrorist activities presented through cyber-events and cyber-enabled crime.”
For more information about what is expected of institutions when it comes to reporting incidents of computer crime, please view FinCEN’s Frequently Asked Questions (PDF).