FinCEN updates and rescinds previous ransomware advisory

November 15, 2021 by Keith Schostag, NAFCU Compliance Blog

On November 8, 2021, FinCEN issued an advisory on “Ransomware and the Use of the Financial System to Facilitate Ransom Payments.” This advisory updates and rescinds a previous advisory, published on October 1, 2020. FinCEN is releasing an updated advisory due to “the increase of ransomware attacks in recent months” and to reflect new information released by FinCEN.

FinCEN is concerned about financial institutions because of “the critical role financial institutions play in the collection of ransom payments.” As FinCEN notes, ransomware payments are a multi-step process that will involve at least one depository institution, if not more. FinCEN notes that it will not hesitate to take action against any entity that is engaged in money transmission that fails to comply with their anti-money laundering (AML) obligations. Furthermore, FinCEN reminds institutions that they must also remain aware of any OFAC related obligations that may arise.

Trends and Types of Ransomware

FinCEN provides the following types of ransomware attacks and trends that financial institutions should be watching for: