Cyber Crimes – Don’t Forget to File that SAR!


Stopping, or even slowing, the proliferation of cyber-event related criminal activities remains a chief goal in the broker-dealer and investment advisory communities. As pointed out in a 2016 advisory released by the Financial Crimes Enforcement Network (“FinCen”), “Cyber-events targeting financial institutions often constitute criminal activity and can serve as means to commit a wide range of further criminal activity.[1] The FinCen Advisory went on to provide guidance on how Bank Secrecy Act (“BSA”) regulatory requirements, including the filing of Suspicious Activity Reports (“SARs”), apply to cyber-events.

The nexus between SAR filings and cybersecurity, as well as the need for close coordination between IT and AML compliance staff, was also highlighted in remarks at a SIFMA Conference by Susan Axelrod, FINRA Executive Vice President, Regulatory Operations.[2]  Axelrod reminded firms that “…in the cybersecurity area, firms are required to report patterns of intrusion on their suspicious activity reports (SARs). So, it’s essential that your cybersecurity staff remain in close contact with your AML staff.” To foster the kind of close contact recommended by Axelrod, Ascendant believes that, among other measures, AML compliance and IT staff should strongly consider performing ongoing risk assessments to identify specific cybersecurity and AML risks, and develop system countermeasures to thwart system intrusions.

SAR Reporting of Cyber-Events is Required

The FinCen Advisory noted that “cyber-events that could affect a transaction or series of transactions are reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”

When determining if a cyber-event triggers a SAR filing, all available information must be evaluated to develop the fact pattern, such as the nature of the data, systems impacted and clients or firm accounts targeted. Ascendant has frequently observed that senior management, compliance, and, as applicable, in-house legal, and outside counsel, are involved in making the determination of whether to file a SAR. In deciding  the monetary amount involved in the transactions or attempted transactions, the FinCen Advisory pointed out that firms “… should consider in aggregate the funds and assets involved in or put at risk by the cyber-event.”

Brief Background on SAR Filings – Who Must File:

Broker-dealers have been required to file SARs since December 30, 2002 when the Department of the Treasury (Treasury) issued new rules requiring such reports with the  FinCEN, a bureau of Treasury. For investment advisers, filing SARs is voluntary, although under FinCen’s proposed AML rules, investment advisers will be required to file SARs.[3}

What are the SAR Reporting Requirements for Broker-Dealers?

A broker-dealer must report a transaction on Form SAR-SF if (a) the transaction is conducted or attempted by, at, or through a broker-dealer,[4] (b) it involves or aggregates funds or other assets of at least $5,000, and (c) the broker-dealer knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity; is designed, whether through structuring or other means, to evade the requirements of the BSA; appears to serve no business or apparent lawful purpose or is not the sort of transaction in which the customer would be expected to engage and for which the broker-dealer knows of no reasonable explanation after examining the available facts; or involves use of the broker-dealer to facilitate criminal activity.

SAR Filings – Potential Regulatory Consequences

Under the BSA rules, FinCEN may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA, including matters relating to the filing of or the failure to file SARs. FinCEN’s Office of Enforcement evaluates enforcement matters that may result in a variety of remedies, including the assessment of civil money penalties.

FinCen has assessed penalties for the failure to file SARs in a number of enforcement cases. To illustrate, in February 2015, FinCen assessed a civil money penalty of $1.5 million against a community bank for failing to file SARs on accounts held by one of its directors, a Pennsylvania judge who was convicted of judicial corruption. In this case, the bank failed to investigate the accounts after receiving a law enforcement subpoena. More recently, in November 2017, the SEC assessed $3.5 million in penalties against a wire-house for their failure to file or timely file a number SARs from approximately March 2012 through June 2013. The majority of these involved the failure to timely file SARs on ongoing suspicious activity that continued after an initial SAR filing by the firm on related suspicious activity.

Some Key Takeaways (Not an Exhaustive List)

  1. Review your firm’s internal policies regarding SAR filings to ensure that cyber-events are covered and that a thorough process is in place to determine when SAR filings are required, i.e. in particular, when should outside counsel or, as needed, regulators and/or law enforcement, be consulted?
  2. Include a tailored discussion of cyber events and SAR filings in your annual AML training. As part of the training, where relevant, provide examples of AML enforcement actions where SAR issues are noted as part of the fact pattern.
  3. AML and IT staff should conduct a risk assessment to identify cyber and AML risks and adopt policies to mitigate such risks, such as implementing enhanced AML surveillance systems.
  4. Monitor the progress of FinCen’s proposed AML rules for investment advisers, as the adoption of these rules will require investment advisers to file SARs.

[1] The Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury Department, issued an advisory, dated October 26, 2016, regarding cyber-events and crime. A cyber-event can be defined as an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.

[2] In remarks on February 9, 2017, at the Securities Industry and Financial Markets Association’s (“SIFMA”) Anti-Money Laundering and Financial Crimes Conference.

[3] On August 25, 2015, FinCEN proposed a rule requiring investment advisers to establish anti-money laundering (AML) programs and report suspicious activity to FinCEN pursuant to the Bank Secrecy Act (BSA). While the proposed rule has not yet been adopted, indications are that it will, i.e. on March 8, 2017, in statements made to the trade publication Financial Planning, a FinCen spokesman said that FinCEN is currently in the process of reviewing public comments. “The next step is to draft a final rule and, beyond that, to work with OMB on how to proceed,” the agency spokesman said.

[4] A transaction includes a deposit; a withdrawal; a transfer between accounts; an exchange of currency; an extension of credit; a purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security; or any other parent, transfer, or delivery by, through, or to a broker-dealer.

Related Content

Latest Content

SEC Delays Form N-PORT Submission Requirements

On Friday, December 8, 2017, the SEC issued a Temporary Rule that provides a nine-month delay of the filing dates for certain registered investment companies to submit data using the new Form N-PORT via the EDGAR system. The SEC delayed the initial reporting requirement for Form N-PORT, giving the agency time to review data security … Continued

Transparency Spreads to FINRA Exam Findings

On December 6, 2017, FINRA did something it has never done before: It released a summary report of its examination findings. While FINRA has annually released an examination priorities letter, this report is a first for examination findings. Why now? Credit FINRA’s new president and CEO, Robert W. Cook..  Since joining FINRA in 2016, Cook … Continued

DOL Rule Extension to Overlap with SEC Consideration of Fiduciary Standards

Following the Department of Labor’s November 27, 2017 announcement of an 18-month extension to the existing Fiduciary Rule transition period, the industry will enter a period of further study for proper standards for disclosure or elimination of conflicted compensation arrangements. That’s a mouthful right there. The Obama administration’s March 31, 2017 implementation of various new prohibited … Continued

Due Diligence of Sub-Advisers and Other Third-Parties

November’s Compliance Cast will look at the Adviser/Sub-adviser relationship, from the standpoint of sub-adviser. During the session, we will discuss: Qualities of an attractive sub-adviser candidate Initial and ongoing due diligence expectations Communications with the primary adviser Compliance and operational issues The session will be presented by Melanie Mendoza and Matt Calabro of Ascendant, and … Continued

Schedule 13D/13F Clarity on ETF Issues

Do I need to file a 13D or 13G if my client accounts hold in excess of 5% of an ETF? Generally, no. The SEC has granted no-action relief to ETFs with respect to compliance with Section 13(d) of the Securities Exchange Act. Section 13(d) was designed to require disclosure when holders begin to accumulate … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.