The FinCEN Advisory goes into detail concerning the role that financial intermediaries play in facilitating Ransomware payments
The Advisory illustrates how FIs play a critical role:
FIs protect the US Financial System from ransomware threats through compliance with their BSA obligations
Financial institutions need to evaluate their internal policy with respect to filing Suspicious Activity Reports (SARs) in connection to cybersecurity incidents. Is filing a SAR required or appropriate when dealing with an incident of ransomware conducted by, at, or through the FI, including ransom payments made by financial institutions that are victims of ransomware? FinCEN wants to remind FIs that they are required to file complete and accurate SARs that include all the information that is available, including cyber-related information. FinCen states that: “When filing a SAR regarding suspicious transactions that involve cyber events (including ransomware), financial institutions should provide all pertinent available information on the event and associated with the suspicious activity, including cyber-related information and technical indicators, in the SAR form and narrative. When filing is not required, institutions may file a SAR voluntarily to aid law enforcement with protecting the financial sector. Valuable cyber indicators for law enforcement investigations for ransomware can include relevant email addresses, Internet Protocol (IP) addresses with their respective timestamps, login information with location and timestamps, virtual currency wallet addresses, mobile device information (such as device International Mobile Equipment Identity (IMEI) numbers), malware hashes, malicious domains, and descriptions and timing of suspicious electronic communications.”
Does your FI have a Corporate Governance Expert?
FIs have a responsibility to ensure that they have a response plan in place for cybersecurity incidents that include Ransomware within their Compliance function. The response plan ought to consider how to engage law enforcement while a Ransomware incident is taking place and after. Likewise, consideration for cybersecurity insurance as well as the selection of appropriate and experienced Corporate Governance Experts are critical to ensure an FI’s ability to navigate through cybersecurity threats. ©