Kenneth A. Blanco, director of Financial Crimes Enforcement Network. Courtesy photo Kenneth Blanco, director of the Financial Crimes Enforcement Network. Courtesy photo

The rate of cyber-related suspicious activity reports has grown to nearly 80,000 per year, according to Kenneth Blanco, director of the Financial Crimes Enforcement Network in the U.S. Treasury Department.

That number includes 13,500 reports per year on suspicious business email alone, up 95% from 2016. Phishing and other email schemes “are among the growing trend of cyber-enabled crime adversely affecting financial institutions, their customers, and others, which is estimated to have resulted in losses of more than $12.5 billion since 2013,” Blanco said in a June 12 speech at New York University Law School.

Laurel Rimon, senior counsel at O'Melveny & Myers in Washington, D.C., who focuses on cyber and white-collar crime, attended the speech. After serving 15 years with the Department of Justice and as an assistant U.S. attorney, Rimon served as general counsel of the office of inspector general for the U.S. Department of Homeland Security from 2015 to 2018, and as assistant deputy director of enforcement at the Consumer Financial Protection Bureau for three years before that.

She said she thinks the significant increase in reported activity is due to a combination of factors, including “the exponential explosion of these events in general,” as well as companies increasing their monitoring to detect events.

Another factor in the increase, Rimon said, is companies feel reporting is required after a 2016 federal advisory that says, “With respect to e-mail-compromise fraud, a financial institution may have a [report] filing obligation regardless of whether the scheme or involved transactions were successful, and regardless of whether the financial institution or its customers incurred an actual loss.

Rimon said she “talks regularly with general counsel and chief compliance officers about these issues,” and one area she thinks can be improved is the sharing of information within an organization.

“Sharing information is always a challenge,” she said, “but there is a much stronger emphasis now on making sure different silos in the business are talking to one another.” She said the role of compliance is to force that information sharing to happen where it needs to.

Michael Zweiback, a partner and co-founder at boutique white-collar and cybersecurity law firm Zweiback Fiset & Coleman, said he advises in-house counsel that sometimes the simplest techniques can be the best.

“The old analog method of picking up the phone and actually verifying a transaction over a certain dollar amount” needs to be done, he said. Zweiback formerly served as an assistant U.S. attorney in central California and was chief of its cyber and intellectual property crimes section.

“General counsel need to look at patterns of behavior of their own personnel, and make sure they are not doing the easiest and most efficient thing electronically, while not actually talking to one another,” he advised.

He said in-house counsel also need to “make friends” with the local office of the FBI. “The FBI has the expertise and has had good success in retrieving these wire transfers [based on deceptions],” he said. “But the key is time. They must be able to jump on it immediately.”

Both Rimon and Zweiback said the government also needs to be doing a better job of reaching out to businesses and helping them understand how attacks happen and how they can better prepare internally.

When it comes to suspicious activity reports, Rimon said, “the greatest frustration on the part of financial organizations is that it's a one-way street.” She said every company wants more information on the nature and types of attacks and how to avoid them.

“I worked in government, so I understand that it's not in the business of reporting back. But with financial transactions, the government should be providing more information and analysis on what it's seeing in the reports so companies can attune their processes to be more meaningful.”

For the government's part, Blanco closed his speech by noting ongoing efforts to upgrade and modernize the reporting system and to enhance his agency's engagement with the financial sector.

He said he wants to “incorporate the innovative approaches being taken by financial institutions and others, in order to have the best and most actionable information available.”

Rimon would welcome it if it means more sharing. She said that “general counsel and compliance folks continue to be thirsty for more details” about how they can develop compliance programs in ways the government will appreciate and that will also be more efficient for the institutions.

“I feel strongest about that point,” Rimon said. “It is very frustrating for companies dedicated to compliance and who really want to provide meaningful information, when they are kept in the dark about what the government is aware of. They need more insight.”