« Back to The Blog

October is National Cybersecurity Awareness Month

Since October is National Cybersecurity Awareness Month, FinCEN and OFAC have published advisories aiming to increase cybersecurity awareness and aid institutions in responding and reporting incidents.

The FinCEN Advisory – Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments

The advisory provides information on: (1) the role of financial intermediaries in the processing of ransomware payments; (2) trends and typologies of ransomware and associated payments; (3) ransomware-related financial red flag indicators; and (4) reporting and sharing information related to ransomware attacks.

Red flag indicators listed in the advisory are:

  • IT enterprise activity is connected to cyber indicators that have been associated with possible ransomware activity or cyber threat actors known to perpetrate ransomware schemes. Malicious cyber activity may be evident in system log files, network traffic, or file information.
  • When opening a new account or during other interactions with the financial institution, a customer provides information that a payment is in response to a ransomware incident.
  • A customer’s CVC (Convertible Virtual Currency) address, or an address with which a customer conducts transactions, appears on open sources, or commercial or government analyses have linked those addresses to ransomware strains, payments, or related activity.
  • A transaction occurs between an organization, especially an organization from a sector at high risk for targeting by ransomware (e.g., government, financial, educational, healthcare), and a DFIR (Digital Forensics and Incident Response) or CIC (Cyber Insurance Companies), especially one known to facilitate ransomware payments.
  • A DFIR or CIC customer receives funds from a customer company and shortly after receipt of funds sends equivalent amounts to a CVC exchange.
  • A customer shows limited knowledge of CVC during onboarding or via other interactions with the financial institution, yet inquires about or purchases CVC (particularly if in a large amount or rush requests), which may indicate the customer is a victim of ransomware.
  • A DFIR, CIC, or other company that has no or limited history of CVC transactions sends a large CVC transaction, particularly if outside a company’s normal business practices.
  • A customer that has not identified itself to the CVC exchanger, or registered with FinCEN as a money transmitter, appears to be using the liquidity provided by the exchange to execute large numbers of offsetting transactions between various CVCs, which may indicate that the customer is acting as an unregistered MSB.
  • A customer uses a CVC exchanger or foreign-located MSB in a high-risk jurisdiction lacking, or known to have inadequate, AML/CFT regulations for CVC entities.
  • A customer initiates multiple rapid trades between multiple CVCs, especially AECs (Anonymity-Enhanced Cryptocurrencies), with no apparent related purpose, which may be indicative of attempts to break the chain of custody on the respective blockchains or further obfuscate the transaction.

The advisory also reminds institutions of their obligations to report activity involving ransomware on Suspicious Activity Reports.

This is a good advisory to share with all the institution’s staff.

The OFAC Advisory – Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

The Advisory states that demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business. Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations. The advisory describes these sanctions risks and provides information for contacting relevant U.S. government agencies, including OFAC, if there is a reason to believe the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus.

This is a good advisory to share with the institution’s BSA and Risk Management staff.

 

Please be advised that CSG provides financial services compliance audit and consulting services to our clients.  The services that we provide include certain tasks that may be characterized as “law-related services” under Rule 5.7 of the Rules of Professional Conduct governing lawyers.  Since some of our employees are lawyers with an active bar license but are NOT engaged in the private practice of law, that Rule requires us to make disclosures clarifying that the services we perform may be law-related services, but they are not legal services.  Because they are not legal services, those services and our relationship will not be governed by the Rules of Professional Conduct that guide the client-lawyer relationship, such as rules applicable to privileged communications and prohibitions of conflicts of interest.  Notwithstanding this disclaimer, we will continue to govern our relationship with you using reasonable ethical and professional standards that are expected to meet your expectations.

   

Compliance Services Group Copyright 2026.© All Rights Reserved | Privacy Policy

No Legal Advice Intended

The information on this website is provided as a service to our clients and visitors. The contents of this website, and the posting and viewing of the information on this website may convey information that can be characterized as “law related services” as defined by Rule 5.7 of the Rules of Professional Conduct (“RPC”) governing lawyers, but should not be construed as, and is not intended to be legal services, legal advice, or forming a client-lawyer relationship. Since CSG is not engaged in the practice of law, neither our services nor our relationship will be governed by the RPCs governing lawyers including, but not limited to, specific RPC rules applicable to privileged communications and prohibitions of conflicts of interest. While CSG uses reasonable efforts to include accurate, up-to-date information on this website, CSG makes no warranties or representations as to its accuracy and assumes no liability or responsibility for any errors or omissions in the content of this website or any third-party websites accessed through links from this website.

Formal Agreement Required for Services

You cannot engage CSG to render services for you through e-mail. CSG is not committed to provide services of any kind to you unless a formal services agreement has been executed by both you and CSG. CSG makes no commitment to you to maintain the confidentiality of any e-mail you send to us nor to respond to any e-mail.

Copyrights

Except for information in the public domain, or whether other ownership is acknowledged, CSG owns the copyright to this web site and all of its content. You may not copy or distribute materials from this web site except for personal, noncommercial use.

Links

Links provided by this web site are to assist our clients and visitors in identifying other useful resources and are not intended to state or imply that CSG sponsors or is associated with these resources or endorses or recommends any of the third party information, products, or services found there.

Compliance Services Group
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.