On September 16, the Financial Crimes Enforcement Network (FinCEN) issued a Notice calling attention to an increase in online child sexual exploitation (OCSE). The Notice included specific Suspicious Activity Report (SAR) filing instructions and highlighted the financial trends related to OCSE.

Crimes related to OCSE include the funding, production, and distribution of child sexual abuse materials, and such activity has increased during the pandemic, according to multiple law enforcement authorities. This is likely due to a number of factors associated with COVID-related lockdowns and greater use of the internet by children from online classrooms and time spent alone. Another trend has been the rise in “sextortion” of minors who are coerced or exploited into exchanging sexual images online via mobile devices and on social media. These OCSE offenders often coerce such activities in exchange for money.

The statistics are alarming. FinCEN’s review of OSCE-related SARs found that between 2017-2020, there was a 147% increase in OSCE-related SARs filed, including a 17% increase in 2020. The tricky piece is that the criminals are increasingly using virtual currency along with person-to-person (P2P) mobile applications (e.g., Venmo, PayPal), the darknet, and anonymization and encryption services to avoid detection. Finally, the criminals are increasingly using third-party payment processors for funds transfer in order to conceal their activities.

November ACAMS Chapter Event 

If you are interested in learning how to write stellar SARs directly from members of law enforcement, please consider attending the next meeting of the Central Ohio ACAMS Chapter. Virtual attendance for members AND non-members in November is FREE!

Register Now

And this is where credit unions come in.

Identification of OCSE crimes is difficult for credit unions. The use of third-party and P2P payment providers can obfuscate the transaction from your account monitoring. A couple of things to look for include the following:

  • Significant changes in account activity (transaction counts) in accounts held by teens and young adults, such as transactions that include payouts from and transfers to Venmo and PayPal, as well as higher and lower balances.
  • Changes in transaction counts with respect to any P2P or third-party payment provider without explanation in any member account (are they engaged in OCSE commerce?)
  • Suspicious in-person encounters with teens and young adults who appear to be conducting transactions at the behest of or coerced by another person. The latter is also a typical red flag for human trafficking, human smuggling, and other exploitation crimes (elder abuse, for example).

SARs are crucial to identify and stop cybercrimes, including OSCE, and FinCEN has directed specific SAR filing instructions for suspected OSCE, which are included in their Notice:

  • Reference only this notice in SAR field 2 using keyword “OCSE-FIN-2021-NTC3” and this keyword should also be referenced in the narrative. Remember: Law enforcement manages its SARs using keyword searches!
  • Also, select SAR field 38(z) Other as the associated suspicious activity type, and include “OCSE” in the text box. If known, enter the subject’s internet-based contact with the credit union in SAR field 43 (IP address and date).
  • If human smuggling or human trafficking is also suspected in addition to OCSE, also select SAR field 38(h) (Human Trafficking) or SAR field 38(g) (Human Smuggling), respectively.
  • FinCEN also asks that SARs include the Child Sexual Exploitation terms and definitions referenced in the FinCEN Notice. See the link above in the event the credit union files such a SAR.

Finally, and while slightly off the OCSE topic, the Notice closes with reminders for filing cyber-enabled crimes and cyber-related information. Many of you are probably like me and feel inadequate with some of the cyber-related vocabulary and terms, so make sure to be familiar with FinCEN’s Advisory on Cyber-Events and Cyber-Enabled Crime from October 25, 2016, or at least keep this important Advisory handy for a cyber-related SAR.

One last reminder on cyber-threats, and this is where you must engage your IT staff: Filing SARs for cyber-related incidents is required. A few tips are as follows:

  • You must have a process for identifying, reviewing, and reporting such SARs. There are few financial institutions that have not engaged with someone who has attempted cyber-related criminal activity. Know what and when to file the SAR.
  • You also must make sure your IT staff knows when to engage the BSA/AML staff. That means, first, education, but also it means dropping those silos that often separate IT from compliance. Not only is ransomware rampant but your business members are also likely to be getting peppered with business email compromise (BEC) attempts right now based on recent FBI reports. Such attempts are typically SAR-reportable incidents even if there is no exchange of funds. You will need your IT staff to get you critical information, including IP addresses and dates.
  • Again, refer to the 2016 Advisory, and make sure to use the appropriate keywords in your SAR filing, including the narrative.

Jennifer Morrison
VP, Senior Risk Manager

plus background image bottom right