A U.S. Treasury Department advisory instructing financial institutions to more frequently and thoroughly investigate, report and exchange data on cyberattacks against them could inform a new category of regulatory penalties, say sources. U.S. financial institutions already must file suspicious activity reports on any "cyber-event" they know or believe was attempted to transfer funds to or from accounts, and the Oct. 25 advisory doesn't amend Bank Secrecy Act requirements or impose new obligations, the department's Financial Crimes Enforcement Network, or FinCEN, said. In the advisory, FinCEN "encourages" banks and other institutions to also consider voluntarily reporting "egregious, significant or damaging" cyberattacks...
The U.S. Treasury Department's plan to collect more details about cyberattacks on financial institutions in suspicious activity reports may impose new monitoring requirements on compliance professionals, say sources.
Anti-money laundering, fraud prevention and cybersecurity personnel should more frequently collaborate to guard their institutions and their customers against online intrusions by criminals and state-sponsored groups, U.S. officials said Tuesday.
Bank compliance departments continue to underreport Internet Protocol and e-mail addresses in their regulatory filings to the U.S. Treasury Department despite repeated requests for such disclosures from federal officials.