The U.S. Treasury Department's plan to collect more details about cyberattacks on financial institutions in suspicious activity reports may impose new monitoring requirements on compliance professionals, say sources. Once finalized, the proposal pitched by the department's Financial Crimes Enforcement Network in February would add new data fields to the SAR for banks and other financial institutions to indicate when and where an attack took place, whether the attack targeted the institution, its customers, or both, as well as new fields to disclose any IP addresses associated with the event. While the planned data fields do not technically impose any new...
A U.S. Treasury Department advisory instructing financial institutions to more frequently and thoroughly investigate, report and exchange data on cyberattacks against them could inform a new category of regulatory penalties, say sources.
Anti-money laundering, fraud prevention and cybersecurity personnel should more frequently collaborate to guard their institutions and their customers against online intrusions by criminals and state-sponsored groups, U.S. officials said Tuesday.
Bank compliance departments continue to underreport Internet Protocol and e-mail addresses in their regulatory filings to the U.S. Treasury Department despite repeated requests for such disclosures from federal officials.