FinCEN Chief: Include IP Addresses in SARs

Financial institutions should include IP addresses and other cyber-derived information in the Suspicious Activity Reports they file, Financial Crimes Enforcement Network Director Jennifer Shasky Calvery said today at a cybersecurity forum in New York. “Less than two percent of SARs filed contain IP information,” she said. “This information is incredibly important to the FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”

Shasky Calvery offered examples of how information derived from SARs has been used in stopping cyber threats. Data from several SARs advanced an investigation into a $7 million fraudulent wire scheme in Florida, she said; the FBI identified the virus that was used to steal the credentials to transfer the funds, and SARs helped track down other wire transfers related to a money launderer working with the hackers.

“FinCEN is actively analyzing BSA data to analyze and develop leads on cyber threats including ransomware, DDoS attacks, and malware targeting financial institutions,” she said. “FinCEN also provides our law enforcement stakeholders with tactical and strategic intelligence reports associated with these threats.” She also highlighted cybersecurity-related information sharing partnerships between FinCEN and the private sector.