ABA Banking Journal: ABA, associations: FHFA pushing Federal Home Loan Banks away from providing liquidity
October 2, 2024
Recent actions by the Federal Housing Finance Agency suggest it is seeking to reduce the Federal Home Loan Banks’ role as a key liquidity source for banks and may be ignoring the will of Congress in the process, the American Bankers Association and 52 state bankers associations wrote in a letter to the agency.
In their letter, the associations noted that the FHLBank of New York recently issued significant updates to its Credit Risk Management Framework to align the document with the recommendations in the FHFA’s centennial review of the FHLBank system, which was released last year. Those updates may restrict individual FHLBank members’ access to funding, especially during times of financial stress, they said. There is concern that similar changes may soon be required of all 11 FHLBanks.
“While we recognize the FHFA’s role as the regulator of the FHLBanks and the appropriateness of requiring review and updates of credit rating frameworks, we have significant concerns about FHFA’s imposition of new standards, without sufficient consultation and input from the banking industry, banking regulators and other interested parties,” the associations said. “Additionally, we are concerned about the confusion that has resulted from this process, leaving affected banks unable to fully understand the metrics being applied to them or the rationale for reduced borrowing capacity.”
The associations also noted the FHFA recently issued a request for input on efforts to shift FHLBanks’ mission away from liquidity toward more affordable housing efforts. However, such a shift runs counter to the Competitive Equality Banking Act, or CEBA, which recognizes the FHLBanks as a “lender of last resort.”
“Taken together, the language of the report, the mission [request for input], and the apparent required changes to the credit framework, suggest that the FHFA is seeking to reduce the FHLBanks’ role as a key liquidity source, and may be ignoring the will of Congress as reflected in CEBA in the process,” the associations said.
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:
1. Check Suspicious URLs
Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination and mislead users. The first step in protecting yourself is to inspect the URL carefully. Always ensure it begins with "HTTPS," as the "s" indicates a secure connection using an SSL certificate. However, keep in mind that SSL certificates alone are not enough. Cyber attackers have increasingly used legitimate-looking HTTPS links to distribute malicious content. This is why you should be suspicious of links that are overly complex or look like a jumble of characters. Tools like ANY.RUN's Safebrowsing allow users to check suspicious links in a secure and isolated environment without the need to manually inspect every character in a URL.
Example: One of the recent cases involved Google's URL redirect being used several times to mask the real phishing link and make it difficult to trace the true destination of the URL.
In this case, after the initial "Google" in the URL, you see 2 other instances of "Google," which is a clear sign of a redirection attempt and misuse of the platform.
2. Pay Attention to Redirect Chains
As you can see from the example mentioned above, redirecting is one of the main tactics used by cyber attackers. Besides considering the complexity of the URL, find out where the link leads you. This tactic extends the delivery chain and confuses users, making it harder to spot the malicious intent. One more common scenario is when attackers send an email, claiming a file needs to be downloaded. But instead of an attachment or direct link, they send a URL leading through redirects, ultimately asking for login credentials to access the file. To investigate this safely, copy and paste the suspicious link into ANY.RUN's Safebrowsing tool. After running the analysis session, you'll be able to interact with the link in a secure environment and see exactly where it redirects and how it behaves.
In this instance, attackers shared a seemingly harmless link to a file storage page. However, instead of leading directly to the intended document, the link redirected users multiple times, eventually landing on a fake login page designed to steal their credentials.
3. Inspect Strange Page Titles and Missing Favicons
Another way to spot phishing links is paying attention to the page titles and favicons. A legitimate page should have a title that matches the service you're interacting with, without strange symbols or gibberish. Suspicious, random characters or incomplete titles are often signs that something is wrong.
Besides the page title, valid websites have a favicon that corresponds to the service. An empty or generic favicon is an indication of a phishing attempt. Normally, you would see the Microsoft favicon along with a clear, relevant page title. However, in this example, the title consists of random numbers and letters, and the Microsoft favicon is broken or missing. This is a major red flag and likely indicates a phishing attempt.
4. Beware of Abused CAPTCHA and Cloudflare checks
One common tactic used in phishing links is the abuse of CAPTCHA systems, particularly the "I'm not a robot" verification. While CAPTCHAs are designed to verify human users and protect against bots, phishing attackers may exploit them by adding unnecessary, repetitive CAPTCHA challenges on malicious websites. A similar tactic involves the misuse of services like Cloudflare, where attackers may use Cloudflare's security checks to slow down users and mask the phishing attempt.
In this analysis session, attackers use Cloudflare verification as a deceptive layer in their phishing scheme to add legitimacy and obscure their malicious intent.
5. Verify Microsoft Domains Before Entering Passwords
Phishers often create websites that mimic trusted services like Microsoft to trick users into providing their credentials. While Microsoft typically asks for passwords on a few official domains, it's important to remain cautious.
Here are some of the legitimate Microsoft domains where password requests may occur:
Keep in mind that your organization may also request authentication through its official domain. Therefore, it's always a good idea to verify the link before sharing the credentials.
Use ANY.RUN's Safebrowsing feature to verify the legitimacy of the site before entering any sensitive information. Make sure to protect yourself by double-checking the domain.
6. Analyze Links with Familiar Interface Elements
You can also spot phishing links by closely examining the interface elements of programs. Keep in mind that program interface elements on a browser page with a password input form are a major warning sign. Attackers often attempt to gain users' trust by mimicking familiar software interfaces, such as those from Adobe or Microsoft, and embedding password input forms within them. This makes potential victims feel more comfortable and lowers their defenses, ultimately leading them into the phishing trap. Always double-check links with such elements before entering sensitive information.
ABA Banking Journal: FinCEN Releases Commercial on Beneficial Ownership Information Reporting
The Financial Crimes Enforcement Network this week released a new video and radio commercial to educate business owners on the new beneficial ownership information reporting requirements. It is part of a larger public outreach campaign by the agency, which includes a dedicated website and videos on BOI reporting.
FinCEN last month issued a notice to financial institution customers about BOI reporting, explaining why certain customers must report directly to the agency in addition to giving information to their banks, which are subject to the customer due diligence rule.
ABA Banking Journal: OCC updates supervisory operating plan with expanded focus on capital, third-party risk October 1, 2024
The Office of the Comptroller of the Currency today released its bank supervision operating plan for fiscal year 2025, which lists the agency’s supervision priorities and objectives. New this year is language clarifying that the OCC’s “risk-based supervision approach” will focus on evaluating risk, identifying material and emerging concerns, and requiring banks to take timely corrective action before deficiencies compromise their safety and soundness.
“The OCC’s risk-based supervision approach requires examiners to determine how existing or emerging issues for a bank, its related organizations, or the banking industry as a whole affect the nature and extent of risks in that bank,” the document states.
Many supervisory priorities for the OCC in FY25 are the same as the previous fiscal year, including a focus on the areas of credit, asset and liability management, cybersecurity and bank operations. New this year is more detailed guidance for examiners in the areas of capital and third-party risk. In terms of the latter, the document instructs examiners to “determine when third-party and other subcontracted relationships, particularly those with financial technology companies that provide consumers and businesses access to banking products and services, represent significant operational, compliance, strategic, financial, reputation or other risks.”
Vote No on IM-28 | South Dakota Retailers Association
South Dakota Retailers Association Executive Director, Nathan Sanderson, shares the impact of IM-28, a widespread tax cut that would decrease state funding by up to $646 Million, potentially resulting in an income tax, higher property taxes, and/or less funding to essential public services like schools and roadways.
Salary & Compensation Surveys have been sent to participants and non-participants who pre-ordered them. These surveys gathered salary and cash compensation (salary + annual cash incentive/bonus + commissions) for approximately 30 executive positions and over 150 middle management and staff level positions. Blanchard Consulting Group will provide the national and combined North Dakota and South Dakota surveys to all purchasers. Please be aware that this should not be reproduced or distributed to anyone else. If you are interested in ordering, reach out to [email protected]. For any survey-related questions, please contact Elyse Hoffmann at [email protected] or 608-843-9672.
2024SDBA Security Seminar
October 10, 2024 | Holiday Inn & Suites | 2040 West Russell Street | Sioux Falls, SD
Registration is now open for the 2024 SDBA Annual Security Seminar, Thursday, October 10 at the Holiday Inn & Suites located at 2040 Russell Street in Sioux Falls, SD. This well-rounded seminar focuses on a range of issues of concern to security officers, facility personnel, and management. Using current trends and examples, a variety of topics will be covered, such as The Robbery Experience; Active Shooter Vs. Armed Robbery; Increasing Customer Service and Security; and Security Assessments. Security officers or directors, operations managers, auditors, HR directors, legal staff, loan officers, disaster recovery managers, collection staff and fraud investigators are encouraged to attend.
The IRA Update builds on the attendees’ knowledge of IRA basics to address some of the more complex IRA issues their financial organizations may handle. This course includes how the SECURE Act really changes our two biggest topics: RMDs and death distributions and discusses any pending legislation. This is a specialty session; some previous IRA knowledge is assumed. The instructor uses real-world exercises to help participants apply information to job-related situations.
Q. We have an applicant who has requested a refinance on his primary residence, but the purpose of the additional loan proceeds will be to pay off a different lien on a different dwelling that he also owns. For HMDA purposes, should I report this as a Refinance since both liens are in the borrower’s name even if it’s not the same property?
A. Yes, that is correct since the HMDA definition of a refinancing does require that the borrower be the same but does not necessarily require that that the dwelling securing the loans be the same:
"Refinancing means a closed-end mortgage loan or an open-end line of credit in which a new, dwelling-secured debt obligation satisfies and replaces an existing, dwelling-secured debt obligation by the same borrower." 12 CFR 1003.2(p): https://www.consumerfinance.gov/rules-policy/regulations/1003/2/#p