FinCEN Issues Advisory on Ransomware and the Use of Financial Systems to Facilitate Ransom Payments


FinCEN released FinCEN Advisory FIN-2020-A006 on ransomware and the use of the financial system to facilitate ransom payments. The advisory is intended to alert financial institutions to the predominate trends, typologies, and potential red flags of ransomware and associated money laundering activities.

Ransomware is a form of malicious software designed to block access to a computer system or data that is used to extort ransom payments from victims in exchange for restoring victims’ access to their systems or data. Ransomware attacks are a growing concern for the financial sector due to the critical role financial institutions play in the collection of ransom payments. Processing ransomware payments is typically a multi-step process that involves at least one depository institution and one or more money service business.

The severity and sophistication of ransomware attacks continue to rise across various sectors, particularly across governmental entities and financial, educational, and health care institutions. Ransomware attacks on small municipalities and healthcare organizations have increased, likely due to victims’ weaker cybersecurity controls, such as adequate system backups and ineffective incident response capabilities.

Cybercriminals using ransomware often resort to common tactics, such as wide-scale phishing and targeted spear-phishing campaigns that induce victims to download a malicious file or go to a malicious site, exploit remote desktop protocol endpoints and software vulnerabilities, or deploy “drive-by” malware attacks that host malicious code on legitimate websites. Proactive prevention through effective cyber hygiene, cybersecurity controls, and business continuity resiliency is often the best defense against ransomware.

While there is no one financial red flag indicator, credit unions should consider the relevant facts and circumstances of each transaction. Potential red flags are listed here.

Credit unions should determine if filing a Suspicious Activity Report is required and appropriate when dealing with an incident of ransomware conducted by, at, or through the credit union, including ransomware payments made by credit unions that were victims of ransomware.

Question of the Week

Q. Can a credit union or member stop payment on a cashier’s check, tellers’ check or certified check?

A. The short answer is no. This is because a third party can enforce a cashiers check if they are aholder in due course.In orderto be considered a holder in due course, the holder must have taken the instrument for value, in good faith, without notice ofany claims against the instrument, and without notice that the instrument was fraudulent. If a credit union wrongfully refuses topay a cashier’s check, the holder can assert the right to enforce the check and may be entitled to compensation for expenses andpossible damages.

There is, however, an exception if the credit union’s member claims that the cashier’s check has been lost, destroyed, or stolen. If this happens, the member must identify the check with reasonable certainty, complete a declaration of loss, and promise toindemnify the credit union for any loss. Once the member completes these steps, the cashier’s check can be re-issued. It isimportant to note that the original check has not actually been stopped. If someone receives the original check undercircumstances where (s)he is considered a holder in due course, the credit union must pay the original check. 


RCW 62A.3-302
RCW 62A.3-312
RCW 62A.3-411
ORS 73.0302
ORS 73.0312
ORS 73.0411
IDS 28-3-302
IDS 28-3-311
IDS 28-3-411

Legal Briefs

Consumer Financial Protection Bureau

CFPB provides clearer rule of the road for RESPA marketing service agreements
The CFPB published guidance in the form of FAQs on the RESPA Section 8 topics. The FAQs provide an overview of the RESPA Section 8 provisions and address the application of certain provisions to common scenarios involving gifts and promotional activities as well as marketing service agreements.

Financial Crimes Enforcement Network

Federal Banking Agencies and FinCEN Announce Exemption from CIP Requirements for Premium Finance Loans
FinCEN issued an order which grants exemption from the customer identification program requirements to all customers to facilitate purchases of property and casualty insurance policies. Premium finance loans provide short-term financing to businesses and non-business borrowers to facilitate their purchases of property and casualty insurance policies.

Office of Foreign Assets Control

OFAC has updated the SDN list as of Oct. 9. The last update prior to this was Oct. 2.

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News, Compliance News.