On September 16, 2021, the Financial Crimes Enforcement Network (FinCEN) issued FIN-2021- NTC3 to call attention to an increase in online child sexual exploitation (OCSE). The Notice provides financial institutions with specific Suspicious Activity Report (SAR) filing instructions, and highlights some financial trends related to OCSE.

Crimes related to OCSE, including the funding, production, and distribution of child sexual abuse materials (CSAM), have increased during the COVID-19 pandemic, according to multiple law enforcement authorities. This increase in activity is likely due to a confluence of factors, including:

  • Increased internet usage by children who are spending more time online, both unsupervised and during traditional school hours
  • Restricted travel during the COVID-19 pandemic resulting in more sex offenders being online
  • Increased access to and use of technology, including encrypted communications, bulk data transfer, cloud storage, live streaming, and anonymized transactions

Additionally, FinCEN reported a growing trend in the sextortion of minors, who are coerced or exploited into exchanging sexual images via the internet, mobile devices, and social media platforms. OCSE offenders often groom minors to share or post self-generated content online in exchange for money.

In the OSCE Notice, FinCEN explained that between 2017 and 2020, there was a 147 percent increase in OCSE-related SAR filings, including a 17 percent year-over-year increase in 2020. FinCEN also observed that OCSE offenders are increasingly using convertible virtual currency (CVC) (some of which provide anonymity), peer-to-peer (P2P) mobile applications, the dark net, and anonymization and encryption services to try to avoid detection.

When filing a SAR for OCSE, FinCEN provides the following guidance:

• FinCEN requests that financial institutions reference only this Notice in SAR field 2 (Filing Institution Note to FinCEN) using the keyword “OCSE- FIN-2021-NTC3”; this keyword should also be referenced in the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this Notice. Financial institutions may highlight additional advisory keywords in the narrative, if applicable.

• Financial institutions should also select SAR Field 38(z) (Other) as the associated suspicious activity type to indicate a connection between the suspicious activity reported and OCSE activity and include the term “OCSE” in the text box.

If known, enter the subject’s internet-based contact with the financial institution in SAR Field 43 (IP Address and Date).

• If human trafficking or human smuggling are suspected in addition to OCSE activity, financial institutions should also select SAR Field 38(h) (Human Trafficking) or SAR Field 38(g) (Human Smuggling), respectively.

• FinCEN asks that reporting entities use the Child Sexual Exploitation (CSE) terms and definitions in the Appendix provided in the Notice when describing suspicious activity, which will assist FinCEN’s analysis of the SARs.

• For additional information on reporting cyber-enabled crimes, including on how to file SARs, please see: FAQs for Reporting Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information. Collaboration between Bank Secrecy Act (BSA)/Anti-Money-Laundering (AML) and cybersecurity units within financial institutions is an effective practice for gathering information helpful to identifying OCSE offenders and victims. Please refer toFinCEN’s Advisory on Cyber-Events and Cyber-Enabled Crime, which contains examples of useful information to report including chat logs, IP addresses, email addresses, filenames, and CVC addresses, such as bitcoin. Financial institutions may consider sharing cyber-related information for the purposes of identifying and reporting money laundering and OCSE offenses.

If you have immediate information to share with law enforcement, please contact the National Center for Missing and Exploited Children, which operates a Cyber Tip Line and hotline at 1-800- 843-5678, in partnership with the FBI, DHS, and other law enforcement agencies.


InCompliance Quarterly Newsletter - Subscribe Here