Courtney Linn



Read full biography at
Courtney Linn focuses on advising and representing financial institutions in Bank Secrecy Act regulatory, enforcement and criminal and civil matters, and representing individuals and institutions in financial crime matters, including money laundering and mortgage fraud.

Courtney is a former federal prosecutor who has handled numerous complex financial crime cases involving fraud, money laundering, Bank Secrecy Act violations, mortgage lending and asset forfeiture. Additionally, Courtney was a chief architect of various national legislative, regulatory and policy strategies affecting the government’s anti-money laundering and asset forfeiture programs. Courtney also handled numerous civil matters on behalf of the United States, including actions in which the United States sought to recover fire suppression and resource damages arising out of forest fires on public lands.

Prior to joining Orrick in January 2009, Courtney spent nine years as an Assistant U.S. Attorney in the Eastern District of California. There he handled the forfeiture and money laundering aspects of numerous significant prosecutions, including United States v. Alyn Richard Waage (Tri-West Investment Club). The Tri-West Investment Club case is one of the largest Internet-based fraud schemes the Department of Justice has ever prosecuted. Courtney's work in that case aided in the recovery of nearly $10 million in fraud proceeds from Costa Rica and Latvia and the fraud and money laundering convictions of several defendants. He also prosecuted or co-prosecuted numerous cases against individuals involved in money laundering-type offenses, including one of the government’s most significant federal prosecutions to date under the unlicensed money transmitting business statute (18 U.S.C. § 1960), United States v. Sekharith Be. Prior to leaving the Department of Justice, Courtney actively prosecuted numerous mortgage fraud cases, served as the Corporate Fraud Coordinator for the U.S. Attorney’s Office and served as Counsel to the United States Attorney.


Posts by: Courtney Linn

New Cybersecurity Reporting Requirements? FinCEN Advisory Identifies Cybersecurity Events for Financial Institutions to Report

FinCEN Advisory Identifies Cybersecurity Events for Financial Institutions to Report Financial Building Facade

Last week, FinCEN (Financial Crimes Enforcement Network) issued a formal Advisory to Financial Institutions and published FAQs outlining specific cybersecurity events that should be reported through Suspicious Activity Reports (SARs).  This Advisory follows former FinCEN Director Jennifer Shasky Calvery’s recent statements reminding “financial institutions to include cyber-derived information (such as IP addresses or bitcoin wallet addresses) in suspicious activity reports.”  It also follows the launch of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT).  Although the Advisory does not change existing Bank Secrecy Act (BSA) requirements or other regulatory obligations, the Advisory highlights a series of cybersecurity events–such as Distributed Denial of Service (DDoS) attacks and ransomware incidents–that should be reported on SARs filed with FinCEN, even though they often (but not always) fall outside the traditional notion of a data breach or a compromise of personal information.


FinCEN to Financial Institutions: Include Cyber Data in Suspicious Activity Reports (SARs)

cyber data

As new legislation aimed at facilitating greater cybersecurity information sharing between private industry and government takes effect (i.e., Cybersecurity Information Sharing Act), FinCEN Director Jennifer Shasky Calvery recently called for “financial institutions to include cyber-derived information (such as IP addresses on bitcoin wallet addresses) in suspicious activity reports.”  Director Shasky Calvery’s statement dovetails with the Federal Financial Institutions Examination Council (FFIEC)  Cybersecurity Assessment Tool (CAT) launched last year that we discussed previously, which lists “threat intelligence and collaboration” through information-sharing forums as one of five key “domains” for assessing cybersecurity preparedness.  Regulated entities should take stock of this shifting risk management and compliance landscape, and evaluate the need for changes (and investments) to existing cybersecurity tools necessary for information collection, analysis and sharing.