The conduct of illegal activities such as money laundering, fraud, identity theft by electronic systems is called cybercrime. Anti-Money Laundering (AML) is policies, laws, and regulations to prevent financial crime. Therefore, the future of cybersecurity and AML, which combat similar targets and threats, should be considered together.
How is Cybersecurity Related to AML System?
With the release of the October 2016 cybersecurity guide of the Financial Crime Enforcement Network (FinCEN), financial services faced the challenge of integrating cyber incidents into AML programs. As cyber-attacks increase worldwide, financial institutions are working to incorporate compliance departments into the Information Management and Information Security (“IM / IT”) department.
Senior money laundering managers in banks, brokerage houses, and other financial services firms should have a firm understanding of their company's cybersecurity regimes and be responsible for the resources and knowledge of the responsible experts. Therefore, these sectors should include staff from fraud and Information Technology (IT) or Information Security (IS) teams for AML programs. These staff can also access information such as Internet Protocol (IP) addresses and geographic locations where logins are made to the system. Including this technical information in the subsequent filing of the Suspicious Activity Report (SAR) is an important part of the cyber integration program.
Reporting Cyber Events
The proliferation of cyber incidents and cyber-efficient crime poses a significant threat to consumers and the US financial system. The Financial Crimes Enforcement Network (FinCEN) publishes this advisory to help financial institutions understand the Bank Secrecy Act (BSA) obligations related to cyber events and cyber-efficient crime. This advisory also emphasizes how BSA reporting helps US authorities fight cyber incidents and cyber-efficient crime.
Suspicious Activity Report (SAR) is a tool provided to track suspicious activities that will not be marked as usual under other reports and can cover almost all unusual events. SAR is part of anti-money laundering laws and regulations that have become much stricter since 2001. The most general purpose of this report is to identify customers who are involved in money laundering, fraud, or terrorist funding.
Advisory states should consider any cyber incident a suspicious transaction. A financial institution must send complete and accurate SARs and contain all SAR related cyber information, such as IP addresses, virtual wallet information, and cyber incident information. Also, FinCEN recommends that financial institutions include information about the cyber system in their BSA / AML monitoring efforts.
Furthermore, there must be information sharing, including cyber information, between money laundering, terrorism financing, and reporting to protect and report against cyber-effective crime. This information sharing should be done with:
• Cybersecurity units
• Risk departments
• Fraud prevention units
• BSA/AML management
• AML intelligence units
• AML analysts/investigators
• Network administrators
Define the Behavior and The Process for Cyber-Reporting Program
Definitions are the key to creating your cyber reporting program, and these definitions provided the following three main definitions under the guidance of FinCEN 2016:
Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.
Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.
Cyber-Related Information: Information that describes technical details of electronic activity and behavior, such as IP addresses, timestamps, and Indicators of Compromise (IOCs). Cyber-related information also includes, but is not limited to, data regarding the digital footprint of individuals and their behavior.