Treasury FinCEN Releases Financial Trend Analysis of Ransomware Trends in 2021

Alston & Bird
Contact

Alston & Bird

[co-author: Kristen Bartolotta]

On October 15, 2021 the Financial Crimes Enforcement Network (FinCen) of the Treasury Department issued a financial trend analysis on ransomware relating to Bank Secrecy Act (BSA) reporting filed in the first half of this year. FinCEN examined ransomware-related Suspicious Activity Reports (SARs) filed between January 1 and June 30, 2021, which included a total of 635 reports and 458 confirmed transactions that, compiled, total over $590 million in suspected ransom payments. This number reflects a 42% increase from the total ransomware payments identified by FinCEN in all of 2020. If this trend continues, FinCEN estimates a higher ransomware-related transaction value in the SARs filed in 2021 than the last ten years combined. This likely reflects not only the increasing prevalence of ransomware year after year but also advances in detection and improved reporting of incidents by covered financial institutions. Notably, the Biden Administration has released various guidance and advisories with the goal of promoting reporting of ransomware-related events and stopping criminal activity.

FinCEN found that ransomware payments are often made using virtual currency – most commonly, Bitcoin. As such, Treasury’s Office of Foreign Assets Control (OFAC) released guidance in coordination with the FinCEN report addressing how financial institutions can incorporate virtual currencies in their sanctions compliance programs. In this guidance, OFAC reminds members of the virtual currency industry that they are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions. This includes avoiding all dealings with blocked persons or property, engaging in prohibited trade- or investment-related transactions, or dealing with comprehensively sanctioned countries. OFAC also highlights that appropriately managing and addressing sanctions risks will be significant in OFAC’s consideration of the appropriate outcome in enforcement actions should they occur. Even victims of ransomware attacks must therefore consider such risks when determining how to proceed in responding to ransomware attacks.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Contact
more
less

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.