Pub. 3 2022 Issue 1

cbak.com 8 In Touch THE THREAT OF RANSOMWARE FOR FINANCIAL INSTITUTIONS: FinCEN Issues Red Flags Cyberattacks — specifically ransomware — are the most significant threats to U.S. financial institutions. The June 2021 release of the Financial Crimes Enforcement Network (FinCEN) Priorities makes this clear in naming cybercrime as one of the eight national anti-money launderings and countering the financing of terrorism (AML/CTF) priorities. On Nov. 8, 2021, FinCEN issued a revised advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (https://www.fincen.gov/ sites/default/files/advisory/2021-11-08/ FinCEN%20Ransomware%20Advisory_ FINAL_508_.pdf). Ransomware is a form of malicious software (malware) designed to block access to a computer system or data. It often encrypts data and prevents or limits users from accessing their system, either by locking the system’s screen or locking the users’ files until a ransom is paid. Usually, the ransom is a substantial amount of money or cryptocurrency. In some cases, the perpetrators threaten to publish sensitive information, with significant consequences to those being held ransom for losing sensitive, proprietary, or critical information. In response to an increase in ransomware attacks, this updated FinCEN advisory rescinds the agency’s previous advisory dated October 2020, showing the dynamic nature and criticality of ransomware threats. According to FinCEN, “Detecting and reporting ransomware payments are vital to holding ransomware attackers.” Recent ransomware disruptions to critical U.S. infrastructure industries include attacks on manufacturing, legal services, insurance, financial services, health care, energy, and food production sectors. The advisory is full of important information for financial institutions, focusing on disrupting criminal ransomware actors. Processing ransomware payments includes at least one depository institution used in facilitating payments. Most transactions are requested in convertible virtual currency (CVC). After a ransom payment is made, the funds typically flow through a financial institution as a wire transfer, ACH transaction, or credit card payment. Monitoring this type of activity is where the keen eye of AML and fraud investigations professionals is crucial BY TERRI LUTRELL, ABRIGO

RkJQdWJsaXNoZXIy MTIyNDg2OA==