And this is where credit unions come in.

Identification of OCSE crimes is difficult for credit unions. The use of third-party and P2P payment providers can obfuscate the transaction from your account monitoring. A couple of things to look for include the following:

• Significant changes in account activity (transaction counts) in accounts held by teens and young adults, such as transactions that include payouts from and transfers to Venmo and PayPal, as well as higher and lower balances.
• Changes in transaction counts with respect to any P2P or third-party payment provider without explanation in any member account (are they engaged in OCSE commerce?)
• Suspicious in-person encounters with teens and young adults who appear to be conducting transactions at the behest of or coerced by another person. The latter is also a typical red flag for human trafficking, human smuggling, and other exploitation crimes (elder abuse, for example).

SARs are crucial to identify and stop cybercrimes, including OSCE, and FinCEN has directed specific SAR filing instructions for suspected OSCE, which are included in their Notice:

• Reference only this notice in SAR field 2 using keyword “OCSE-FIN-2021-NTC3” and this keyword should also be referenced in the narrative. Remember: Law enforcement manages its SARs using keyword searches!
• Also, select SAR field 38(z) Other as the associated suspicious activity type, and include “OCSE” in the text box. If known, enter the subject’s internet-based contact with the credit union in SAR field 43 (IP address and date).
• If human smuggling or human trafficking is also suspected in addition to OCSE, also select SAR field 38(h) (Human Trafficking) or SAR field 38(g) (Human Smuggling), respectively.
• FinCEN also asks that SARs include the Child Sexual Exploitation terms and definitions referenced in the FinCEN Notice. See the link above in the event the credit union files such a SAR.

Finally, and while slightly off the OCSE topic, the Notice closes with reminders for filing cyber-enabled crimes and cyber-related information. Many of you are probably like me and feel inadequate with some of the cyber-related vocabulary and terms, so make sure to be familiar with FinCEN’s Advisory on Cyber-Events and Cyber-Enabled Crime from October 25, 2016, or at least keep this important Advisory handy for a cyber-related SAR.

One last reminder on cyber-threats, and this is where you must engage your IT staff: Filing SARs for cyber-related incidents is required. A few tips are as follows:

• You must have a process for identifying, reviewing, and reporting such SARs. There are few financial institutions that have not engaged with someone who has attempted cyber-related criminal activity. Know what and when to file the SAR.
• You also must make sure your IT staff knows when to engage the BSA/AML staff. That means, first, education, but also it means dropping those silos that often separate IT from compliance. Not only is ransomware rampant but your business members are also likely to be getting peppered with business email compromise (BEC) attempts right now based on recent FBI reports. Such attempts are typically SAR-reportable incidents even if there is no exchange of funds. You will need your IT staff to get you critical information, including IP addresses and dates.
• Again, refer to the 2016 Advisory, and make sure to use the appropriate keywords in your SAR filing, including the narrative.