FinCEN Calls Attention to Online Child Sexual Exploitation Crimes
The Financial Crimes Enforcement Network (FinCEN) is issuing this Notice to call attention to an increase in online child sexual exploitation (OCSE). This Notice provides financial institutions with specific suspicious activity report (SAR) filing instructions, and highlights some financial trends related to OCSE.

Crimes related to OCSE, including the funding, production, and distribution of child sexual abuse materials (CSAM), have increased during the COVID-19 pandemic, according to multiple law enforcement authorities. This increase in activity is likely due to a confluence of factors, including: (1) increased internet usage by children who are spending more time online, both unsupervised and during traditional school hours; (2) restricted travel during the COVID-19 pandemic resulting in more sex offenders being online; and (3) increased access to and use of technology, including encrypted communications, bulk data transfer, cloud storage, live- streaming, and anonymized transactions. Another trend is the rise in sextortion of minors, who are coerced or exploited into exchanging sexual images via the internet, mobile devices, and social media platforms. OCSE offenders often groom minors to share or post self-generated content online in exchange for money.

FinCEN performed a review of OCSE-related SARs and observed the following trends. Between 2017 and 2020, there was a 147 percent increase in OCSE-related SAR filings, including a 17 percent year-over-year increase in 2020. FinCEN also observed that OCSE offenders are increasingly using convertible virtual currency (CVC) (some of which provide anonymity), peer-to-peer mobile applications, the darknet, and anonymization and encryption services to try to avoid detection. CVC in particular is increasingly the payment method of choice for OCSE offenders who make payments to websites that host CSAM. Finally, FinCEN found that OCSE facilitators attempt to conceal their illicit file sharing and streaming activities by transferring funds via third-party payment processors.

Suspicious Activity Report (SAR) Filing Instructions

SARs, in conjunction with effective implementation of other BSA requirements, are crucial to identify and stop cybercrimes, including OCSE. Financial institutions should provide all pertinent and available information in the SAR narrative and attachments.

• FinCEN requests that financial institutions reference only this notice in SAR field 2 (Filing Institution Note to FinCEN) using the keyword “OCSE-FIN-2021-NTC3”; this keyword should also be referenced in the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this notice. Financial institutions may highlight additional advisory keywords in the narrative, if applicable.

• Financial institutions should also select SAR Field 38(z) (Other) as the associated suspicious activity type to indicate a connection between the suspicious activity reported and OCSE activity and include the term “OCSE” in the text box. If known, enter the subject’s internet- based contact with the financial institution in SAR Field 43 (IP Address and Date).

• If human trafficking or human smuggling are suspected in addition to OCSE activity, financial institutions should also select SAR Field 38(h) (Human Trafficking) or SAR Field 38(g) (Human Smuggling), respectively.

• FinCEN asks that reporting entities use the Child Sexual Exploitation (CSE) terms and definitions in the appendix below when describing suspicious activity, which will assist FinCEN’s analysis of the SARs.

• For additional information on reporting cyber-enabled crimes, including on how to file SARs, please see: FAQs for Reporting Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information. Collaboration between Bank Secrecy Act (BSA)/anti-money-laundering (AML) and cybersecurity units within financial institutions is an effective practice for gathering information helpful to identifying OCSE offenders and victims. Please refer to FinCEN’s Advisory on Cyber-Events and Cyber-Enabled Crime, which contains examples of useful information to report including chat logs, IP addresses, email addresses, filenames, and CVC addresses, such as bitcoin. Financial institutions may consider sharing cyber-related information for the purposes of identifying and reporting money laundering and OCSE offenses.

For Further Information

FinCEN’s website at https://www.fincen.gov/ contains information on how to register for FinCEN Updates. Questions or comments regarding the contents of this notice should be addressed to the FinCEN Regulatory Support Section at frc@fincen.gov.

If you have immediate information to share with law enforcement, please contact the National Center for Missing and Exploited Children, which operates a Cyber Tip Line and hotline at 1-800- 843-5678, in partnership with the FBI, DHS, and other law enforcement agencies.