Stay Connected

Our News Centre and Blog is your link to a dynamic network of information, people, and ideas curated by our FX and payments experts.

Compliance Corner
Cybercrime and Cybersecurity

Karen Bannon December 20, 2016

Welcome to our Fourth Edition of Cambridge Compliance Corner!

Last time we discussed FinCEN’s advisory to Financial Institutions on E-Mail Compromise Fraud Schemes. FinCEN has expanded on this guidance with an additional advisory on Cyber-Events and Cyber-Enabled Crime, reiterating the significant threat that cybercriminals present to financial institutions and their customers.

FinCEN outlines the wide range of cyber-related activity that should be reported as suspicious activity, which not only includes fraudulent transactions that are successfully carried out, but also attempts to gain unauthorized access to electronic systems or information for the purpose of conducting fraudulent transactions. The scope of reportable activity is intentionally broad as the cyber-related reports are extremely valuable to law enforcement investigations that identify and disrupt cybercriminals.

FinCEN emphasizes that when submitting a report it is important to include as much cyber-related information as possible to describe the nature and characteristics of the suspicious activity. This includes the technical details of the electronic activity, such as IP addresses and Indicators of Compromise (IOCs), which are pieces of forensic data that identify a computer intrusion or other malicious activity on a network.

Additionally, FinCEN encourages collaboration among each institution’s BSA/AML staff, cybersecurity personnel and fraud prevention teams to identify, report and mitigate cybercrime. The collaboration isn’t limited to the internal departments of each organization – FinCEN also encourages financial institutions to work together to identify cyber-related threats by sharing information with one another under the program established by Section 314(b) of the USA PATRIOT Act.

Other US regulators are also taking a proactive approach to strengthen cyber incident at one of the nation’s largest banks could impact the soundness of other financial institutions due to the interconnectedness of the US financial system. The enhanced standards are aimed at reducing the potential impact of a cyber incident by ensuring the banks are capable of performing critical business functions during a cyberattack. The agencies have issued an advanced notice of proposed rulemaking and will develop a more detailed proposal after considering industry input.

With the holiday season upon us it’s important to stay alert and protect yourself from the growing threat of cybercrime. Please feel free review the following articles and webinars related to cyber-crime:

FinCEN Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime

Cybercrime: A Prominent and Growing Financial Crime Threat

Attacks Hike? New Cybercrime Report Shows 40 Percent Increase for Merchants, Financial Institutions

Cybercrime Looms as Biggest Disruptive Threat to Finance Markets

FinCEN Advisory Sharpens Cybercrime Reporting Expectations  

Cybercrime and Cyber Intelligence: The Sword and Shield for Financial Crime Professionals

Cyber Threats Come From All Angles at the Financial Services Industry

Federal Regulators Want Banks to Follow Better Cybersecurity Practices