SAR Guidance on Child Exploitation

On 9/16/21, the Financial Crimes Enforcement Network (FinCEN) issued a notice (FIN-2021-NTC3) to call attention to an increase in online child sexual exploitation (OCSE). The Notice provides financial institutions with specific suspicious activity report (SAR) filing instructions, and highlights some financial trends related to OCSE.

In their notice, FinCEN explained that between 2017 and 2020, there was a 147 percent increase in OCSE-related SAR filings, including a 17 percent year-over-year increase in 2020. FinCEN also observed that OCSE offenders are increasingly using convertible virtual currency (CVC) (some of which provide anonymity), peer-to-peer mobile applications, the darknet, and anonymization and encryption services to try to avoid detection.

When filing a SAR for OCSE, FinCEN provides the following guidance:

  • FinCEN requests that financial institutions reference only this notice in SAR field 2 (Filing Institution Note to FinCEN) using the keyword “OCSE-FIN-2021-NTC3”; this keyword should also be referenced in the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this notice. Financial institutions may highlight additional advisory keywords in the narrative, if applicable.

  • Financial institutions should also select SAR Field 38(z) (Other) as the associated suspicious activity type to indicate a connection between the suspicious activity reported and OCSE activity and include the term “OCSE” in the text box. If known, enter the subject’s internet based contact with the financial institution in SAR Field 43 (IP Address and Date).

  • If human trafficking or human smuggling are suspected in addition to OCSE activity, financial institutions should also select SAR Field 38(h) (Human Trafficking) or SAR Field 38(g) (Human Smuggling), respectively.7

  • FinCEN asks that reporting entities use the Child Sexual Exploitation (CSE) terms and definitions in the appendix below when describing suspicious activity, which will assist FinCEN’s analysis of the SARs.

  • For additional information on reporting cyber-enabled crimes, including on how to file SARs, please see: FAQs for Reporting Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information. Collaboration between Bank Secrecy Act (BSA)/anti-money-laundering (AML) and cybersecurity units within financial institutions is an effective practice for gathering information helpful to identifying OCSE offenders and victims. Please refer to FinCEN’s Advisory on Cyber-Events and Cyber-Enabled Crime, which contains examples of useful information to report including chat logs, IP addresses, email addresses, filenames, and CVC addresses, such as bitcoin. Financial institutions may consider sharing cyber-related information for the purposes of identifying and reporting money laundering and OCSE offenses.

The full FinCEN Advisory can be found here.

OCC Updates Handbook for Earnings and Regulatory Reporting

New OCC Booklet on Problematic Bank Supervision