Cyber Crimes – Don’t Forget to File that SAR!


Stopping, or even slowing, the proliferation of cyber-event related criminal activities remains a chief goal in the broker-dealer and investment advisory communities. As pointed out in a 2016 advisory released by the Financial Crimes Enforcement Network (“FinCen”), “Cyber-events targeting financial institutions often constitute criminal activity and can serve as means to commit a wide range of further criminal activity.[1] The FinCen Advisory went on to provide guidance on how Bank Secrecy Act (“BSA”) regulatory requirements, including the filing of Suspicious Activity Reports (“SARs”), apply to cyber-events.

The nexus between SAR filings and cybersecurity, as well as the need for close coordination between IT and AML compliance staff, was also highlighted in remarks at a SIFMA Conference by Susan Axelrod, FINRA Executive Vice President, Regulatory Operations.[2]  Axelrod reminded firms that “…in the cybersecurity area, firms are required to report patterns of intrusion on their suspicious activity reports (SARs). So, it’s essential that your cybersecurity staff remain in close contact with your AML staff.” To foster the kind of close contact recommended by Axelrod, Ascendant believes that, among other measures, AML compliance and IT staff should strongly consider performing ongoing risk assessments to identify specific cybersecurity and AML risks, and develop system countermeasures to thwart system intrusions.

SAR Reporting of Cyber-Events is Required

The FinCen Advisory noted that “cyber-events that could affect a transaction or series of transactions are reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”

When determining if a cyber-event triggers a SAR filing, all available information must be evaluated to develop the fact pattern, such as the nature of the data, systems impacted and clients or firm accounts targeted. Ascendant has frequently observed that senior management, compliance, and, as applicable, in-house legal, and outside counsel, are involved in making the determination of whether to file a SAR. In deciding  the monetary amount involved in the transactions or attempted transactions, the FinCen Advisory pointed out that firms “… should consider in aggregate the funds and assets involved in or put at risk by the cyber-event.”

Brief Background on SAR Filings – Who Must File:

Broker-dealers have been required to file SARs since December 30, 2002 when the Department of the Treasury (Treasury) issued new rules requiring such reports with the  FinCEN, a bureau of Treasury. For investment advisers, filing SARs is voluntary, although under FinCen’s proposed AML rules, investment advisers will be required to file SARs.[3}

What are the SAR Reporting Requirements for Broker-Dealers?

A broker-dealer must report a transaction on Form SAR-SF if (a) the transaction is conducted or attempted by, at, or through a broker-dealer,[4] (b) it involves or aggregates funds or other assets of at least $5,000, and (c) the broker-dealer knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity; is designed, whether through structuring or other means, to evade the requirements of the BSA; appears to serve no business or apparent lawful purpose or is not the sort of transaction in which the customer would be expected to engage and for which the broker-dealer knows of no reasonable explanation after examining the available facts; or involves use of the broker-dealer to facilitate criminal activity.

SAR Filings – Potential Regulatory Consequences

Under the BSA rules, FinCEN may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA, including matters relating to the filing of or the failure to file SARs. FinCEN’s Office of Enforcement evaluates enforcement matters that may result in a variety of remedies, including the assessment of civil money penalties.

FinCen has assessed penalties for the failure to file SARs in a number of enforcement cases. To illustrate, in February 2015, FinCen assessed a civil money penalty of $1.5 million against a community bank for failing to file SARs on accounts held by one of its directors, a Pennsylvania judge who was convicted of judicial corruption. In this case, the bank failed to investigate the accounts after receiving a law enforcement subpoena. More recently, in November 2017, the SEC assessed $3.5 million in penalties against a wire-house for their failure to file or timely file a number SARs from approximately March 2012 through June 2013. The majority of these involved the failure to timely file SARs on ongoing suspicious activity that continued after an initial SAR filing by the firm on related suspicious activity.

Some Key Takeaways (Not an Exhaustive List)

  1. Review your firm’s internal policies regarding SAR filings to ensure that cyber-events are covered and that a thorough process is in place to determine when SAR filings are required, i.e. in particular, when should outside counsel or, as needed, regulators and/or law enforcement, be consulted?
  2. Include a tailored discussion of cyber events and SAR filings in your annual AML training. As part of the training, where relevant, provide examples of AML enforcement actions where SAR issues are noted as part of the fact pattern.
  3. AML and IT staff should conduct a risk assessment to identify cyber and AML risks and adopt policies to mitigate such risks, such as implementing enhanced AML surveillance systems.
  4. Monitor the progress of FinCen’s proposed AML rules for investment advisers, as the adoption of these rules will require investment advisers to file SARs.

[1] The Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury Department, issued an advisory, dated October 26, 2016, regarding cyber-events and crime. A cyber-event can be defined as an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.

[2] In remarks on February 9, 2017, at the Securities Industry and Financial Markets Association’s (“SIFMA”) Anti-Money Laundering and Financial Crimes Conference.

[3] On August 25, 2015, FinCEN proposed a rule requiring investment advisers to establish anti-money laundering (AML) programs and report suspicious activity to FinCEN pursuant to the Bank Secrecy Act (BSA). While the proposed rule has not yet been adopted, indications are that it will, i.e. on March 8, 2017, in statements made to the trade publication Financial Planning, a FinCen spokesman said that FinCEN is currently in the process of reviewing public comments. “The next step is to draft a final rule and, beyond that, to work with OMB on how to proceed,” the agency spokesman said.

[4] A transaction includes a deposit; a withdrawal; a transfer between accounts; an exchange of currency; an extension of credit; a purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security; or any other parent, transfer, or delivery by, through, or to a broker-dealer.

Related Content

Latest Content

When Policies, Procedures and Testing Protocols Aren’t Enough…

The Compliance Program Rule continues to be a powerful tool for SEC enforcement, recently used by the SEC to address trading away in wrap accounts, misappropriation of retail client assets, and the misuse of an omnibus account. Advisory firms had written policies and procedures and testing protocols, but they were not good enough; are yours? … Continued

The Compliance Professionals Guide to Effective Trade Desk Monitoring

Global regulators continue to enhance their ability to monitor the activities of market participants through a combination of new rules, filing requirements, and upgrades to surveillance technologies. As a result, many market participants, including both buy-and sell-side firms, need to re-assess how they currently monitor the trading desk, and whether new policies and procedures are … Continued

How Do You Supervise for SEC Pay-to-Play Violations?

If you wanted more information about the contours of the SEC’s Pay-to-Play Rule, or how the SEC may enforce it, three recent Settlement Orders against large investment advisers for “over de minimis” political contributions provide some insight regarding one of the prohibitions: Contributions by Covered Associates to certain Government Officials over the specified Exception amount (capitalized words are terms in the … Continued

Do your Fund Documents Clearly Disclose Receipt of Accelerated Monitoring Fees?

Somewhat more reminiscent of the broken-windows enforcement era, two affiliated private equity advisers managing billions settled with the SEC on charges that they failed to make pre-commitment disclosures in fund governing documents related to accelerated fees received from portfolio companies. Interestingly, according to the Settlement Order, the advisers had made some disclosures in fund documents … Continued

With New Risk Alert, SEC Doubles Down on Best Execution

On July 11, 2018, the SEC issued a Risk Alert outlining commonly found compliance issues related to best execution by investment advisers. Advisers have an obligation to seek best execution of client transactions, taking into consideration quantitative factors such as execution quality and commission rate, as well as more qualitative factors such as the value … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.