News

A U.S. Treasury Department advisory instructing financial institutions to more frequently and thoroughly investigate, report and exchange data on cyberattacks against them could inform a new category of regulatory penalties, say sources. U.S. financial institutions already must file suspicious activity reports on any "cyber-event" they know or believe was attempted to transfer funds to or from accounts, and the Oct. 25 advisory doesn't amend Bank Secrecy Act requirements or impose new obligations, the department's Financial Crimes Enforcement Network, or FinCEN, said. In the advisory, FinCEN "encourages" banks and other institutions to also consider voluntarily reporting "egregious, significant or damaging" cyberattacks...