The U.S. government on Tuesday instructed banks to include details of cyberattacks when filing mandatory reports on fraud and money laundering. Banks have long been required to file confidential reports of suspicious activities (SARs), when there are fraud cases involving more than $5,000.

The Treasury Department’s office of Financial Crimes Enforcement Network (FinCEN) issued an advisory in which it specifies the details of information banks should include in SARs when there is a cyber-event involved.

According to FinCEN, the advisory will assist financial institutions in understanding their Bank Secrecy Act (BSA) obligations regarding cyber-events and cyber-enabled crime.

The advisory instructs banks to Include relevant and available cyber-related information (e.g., Internet Protocol (IP) addresses with timestamps, virtual-wallet information, device identifiers) in SARs.

FinCEN gave examples of situations in which SAR reporting of cyber-events is mandatory, including:

  • When there is a malware intrusion
  • When cybercriminals gain access to a financial institution’s systems/networks
  • When there is a Distributed Denial of Service (DDoS) attack

FinCEN and law enforcement regularly use information financial institutions report under the BSA to initiate investigations, identify criminals, and disrupt and dismantle criminal networks. The cyber-related information that financial institutions include in this reporting is a valuable source of investigatory leads. Law enforcement has been able to use cyber-related information reported— such as IP addresses with timestamps, cyber-event data, and virtual-wallet information—to track criminals, identify victims, and trace illicit funds, said FinCEN.