The Financial Crimes Enforcement Network (FinCEN) recently issued an advisory opinion instructing financial institutions that they are obligated to issue suspicious activity reports (SARs) in response to suspicious cyber activity.

According to the advisory opinion, “A financial institution is required to file a SAR to report any cyber event if the institution knows, suspects, or has reason to suspect the cyber event was intent to or could affect a transaction conducted or attempted by, at, or through the financial institution.” Like other suspicious activity, SARs for cyber activity are require for suspicious transactions, whether attempted or completed, that involve at least $5,000 in funds or other assets.