Online child sex abuse spurs new SAR instructions

(Sept. 17, 2021) Online child sexual exploitation (OCSE) crimes are on the rise, and the Treasury’s top enforcement unit is highlighting some financial trends related to the crimes, as well as issuing new suspicious activity report (SAR) filing instructions to address the uptick, the agency said in a notice issued this week.

“Crimes related to OCSE, including the funding, production, and distribution of child sexual abuse materials (CSAM), have increased during the COVID-19 pandemic, according to multiple law enforcement authorities,” Treasury’s Financial Crimes Enforcement Network (FinCEN) said in its notice.

A review of SARs, the agency said, showed some trends, including: that from 2017 to  2020, there was a 147% increase in OCSE-related SAR filings, including a 17% year-over-year increase in 2020. FinCEN said it also observed that OCSE offenders are increasingly using convertible virtual currency (CVC, some of which provide anonymity), peer-to-peer mobile applications, the darknet, and anonymization and encryption services to try to avoid detection. CVC, the agency said, is increasingly the payment method of choice for OCSE officers to make payments to websites that host CSAM.

SAR filing instruction changes made by FinCEN in response to the uptick in OCSE actions include:

  • Financial institutions reference only this notice in SAR field 2 (Filing Institution Note to FinCEN) using the keyword OCSE-FIN-2021-NTC3. “This keyword should also be referenced in the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this notice,” FinCEN said. “Financial institutions may highlight additional advisory keywords in the narrative, if applicable.”
  • Financial institutions should also select SAR Field 38(z) (Other) as the associated suspicious activity type to indicate a connection between the suspicious activity reported and OCSE activity and include the term “OCSE” in the text box. “If known, enter the subject’s internet- based contact with the financial institution in SAR Field 43 (IP Address and Date),” the agency said.
  • If human trafficking or human smuggling are suspected in addition to OCSE activity, financial institutions should also select SAR Field 38(h) (Human Trafficking) or SAR Field 38(g) (Human Smuggling), respectively.
  • Reporting entities should use the Child Sexual Exploitation (CSE) terms and definitions in the appendix of the notice when describing suspicious activity, which FinCEN would assist its analysis of the SARs.


FinCEN Calls Attention to Online Child Sexual Exploitation Crimes