The U.S. government on Tuesday told banks to include details about cyber attacks when filing mandatory reports on fraud and money laundering, saying that will help battle digital crimes that pose “a significant threat” to the U.S. financial system.
The U.S. government has long required banks to submit confidential reports known as suspicious activity reports, or SARs, in fraud cases involving at least $5,000.
The Treasury Department’s office of Financial Crimes Enforcement Network, or FinCEN, released an advisory that specifies what details banks should include in SARs when there is a cyber element in the case.
“The bank should include all available information,” FinCEN said in the advisory. That includes describing how the system was breached, IP addresses of computers used by hackers and device identifiers.
It is the latest attempt by governments around the world to crack down on cybercrime after $81 million was stolen from Bangladesh Bank’s account at the New York Federal Reserve Bank. U.S. Securities and Exchange Commission Chair Mary Jo White earlier this year warned that cyber security shortcomings present the biggest risk to the nation’s financial system.
Valerie Abend, head of the U.S. cybersecurity practice with consulting firm Promontory Financial Group, said the advisory gives banks a clear list of what they need to include in SARs and the purpose.
“The advisory says what specific pieces of information should be provided to help law enforcement,” said Abend, a former Treasury official
FinCEN said in it hopes increased that broadening the disclosure requirements will help authorities crack down on financial cyber crimes.
“Financial institutions can play an important role in safeguarding customers and the financial system from these threats through timely and thorough reporting ofcyber-events and cyber-related information in SARs,” FinCEN said in the advisory. (Reporting by Jim Finkle in Boston; Additional reporting by Joel Schectman in Washington.)