Banks must release details on cyberattacks, says US Treasury

Cybercrime has turned the financial sector into a top target. The Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, has issued an advisory asking financial institutions to release details on cyberattacks to build better security strategies against terrorism financing and cyber-related crimes.

The advisory aids financial institutions in understanding their obligations under the Bank Secrecy Act (BSA) regarding cybercrime and illicit activity. It addresses institutions such as casinos, depository institutions, insurance industry, money services businesses, mortgage co/broker, precious metals/jewelry industry, securities and futures.

From now on, when issuing reports on fraud and money laundering, details on cyberattacks are mandatory in Suspicious Activity Reports to better fight cybercriminals. The reports should contain IPs with timestamps, virtual-wallet information and device identifiers. Timely notifications and comprehensive reporting of unauthorized access and transactions and other criminal activity may pinpoint further leads.

“BSA reporting by more than 20 financial institutions—on transactions related to cyber-enabled crimes—played an important role in the investigation of an internet-based company, its co-founders, and other collaborators,” FinCEN said. “Criminals used this company to conduct over $6 billion in illicit transactions involving proceeds from cyber-attacks, credit card fraud, child pornography, Ponzi schemes, identity theft, and trafficking in narcotics and other contraband.”