|
News
SDBA Updates
SDBA Events
Online Education
Compliance Alliance
ABA Banking Journal: Senators introduce bill requiring online platforms to crack down on scam ads
February 4, 2026
 Two senators have introduced bipartisan legislation directing social media companies and other online media providers to take steps to fight fraudulent advertisements on their platforms. The American Bankers Association supports the legislation.
The Safeguarding Consumers from Advertising Misconduct, or SCAM, Act by Sens. Bernie Moreno (R-Ohio) and Ruben Gallego (D-Ariz.) would prohibit online platforms from displaying fraudulent or deceptive commercial advertisements. It would require companies to take additional steps to prevent scam ads from appearing on their platforms, such as by giving users better tools to report fraud.
The bill also would strengthen the Federal Trade Commission’s and states’ ability to enforce violations of consumer protection laws.
In a statement, ABA President and CEO Rob Nichols called the SCAM Act a critical step forward in the nation’s fight against fraud.
“Millions of Americans lose billions of dollars a year to scams that start on social media platforms,” Nichols said. “Banks of all sizes invest significant resources to detect and stop fraud, and Americans appreciate those efforts, but we need to prevent scams before they ever reach a bank.
“The SCAM Act simply asks social media companies to put consumers first by taking responsible steps to remove scammers from their platforms,” he added. “Protecting Americans from fraud should be a bipartisan, national priority, and ABA encourages all lawmakers to join Sens. Gallego and Moreno in supporting the SCAM Act and sticking it to the scammers.”
Full Article
ABA DataBank: ARMs are noticeable but niche
January 30, 2026
 Today’s challenging housing market can be characterized by record unaffordability and low sales. To finance home purchases, most turn to the standard 30-year–fixed-rate mortgage. However, an increasing number of homebuyers have saved money (at least in the short term) through adjustable-rate mortgages. The recent uptick in ARMs caused some analysts to equate today’s market to that seen in the runup to the 2008 financial crisis.
However, ARM activity today represents only a small slice of new originations — and an even smaller percentage of outstanding mortgages. In fact, the share of outstanding mortgages with an adjustable rate is lower today than it was at the onset of the COVID-19 pandemic. The majority of U.S. homeowners continue to hold onto low fixed-rate mortgages that they took out during the refinance boom of 2020 and 2021. This ABA DataBank discusses current housing market trends and provides an update on the ARM market.
Current housing market trends
Challenges in today’s housing market are largely attributable to high mortgage rates, high prices and a lock-in effect for existing homeowners which all contribute to low sales activity. Figure 1 illustrates the drop in existing home sales following the interest rate hikes in 2022.
During the pandemic, inventory shortages were so severe that, at one point, there were more registered real estate agents than homes for sale. Low sales volume since the spring of 2022 has led to a climbing active listing count in the United States (Figure 2). The number of active listings in the U.S. now exceeds one million homes, approaching levels last seen in 2019.
ARM market dynamics
As noted in a prior DataBank, a much higher share of mortgages prior to the financial crisis had adjustable rates than today. Figure 3 shows the number of new mortgages with an adjustable rate and the relative savings available for borrowers that choose an ARM (a 5/1 ARM is a mortgage where the rate is fixed for the first five years and then adjusts annually to the market rate thereafter). As the chart shows, while the savings (the fixed rate minus the adjustable rate) was highest around 2004 and 2022, a much smaller share of borrowers took out an ARM in 2022 than in 2004. This is mainly due to regulatory changes following the GFC — such as stricter ability-to-pay rules and securitization eligibility requirements.
Figure 4 focuses on the 2020-October 2025 period in Figure 3. The share of new mortgages with ARMs has ticked up in 2025 — from roughly 5.5% to just under 9% — drawing attention to the risk of ARMs resetting to higher rates and recollections of the role of ARMs in the GFC. However, this increase is just a small subset of overall mortgage activity and is still within the post-pandemic range of ARM use.
The share of outstanding mortgages with ARMs is even smaller than the share of new mortgages with ARMs. Figure 5 tracks the percent of all outstanding mortgages with an adjustable rate from the beginning of 2020 to the middle of 2025. There were more mortgages with an adjustable rate in 2020 Q1 (5.3%) than in Q2 2025 (4%). This decline is largely due to millions of homeowners locking in historically low fixed rates in 2020 and 2021. In fact, more than half of all outstanding mortgages in 2025 carry rates below 4% which are far below current rates of over 6% as of December 2025 (Figure 6).
 Conclusion
Despite recent attention regarding the increase in ARM use, ARMs remain a niche product in a market dominated by 30-year fixed-rate loans. While some borrowers realized savings of over 100 basis points in 2022 by choosing ARMs, savings today are less than 50 basis points. Given ongoing affordability challenges and regulatory constraints, ARMs are likely to remain just a small subset of the mortgage market for the foreseeable future.
Full Article
ABA Banking Journal: Creating a cyber-aware risk culture requires teamwork
Six key elements for a banking industry facing increasingly sophisticated threats from a wide variety of adversaries
February 2, 2026 | John Carlson and Joshua Hubbard
As cyber risks continue to evolve, it is critical for banks to create a cyber-aware risk culture. Developing a cyber-aware risk culture means more than just awareness. It is about embedding risk controls and monitoring across every business line and senior executive support.
In June 2025 during the ABA Risk and Compliance Conference, industry experts discussed the following key elements for creating a cyber-aware risk culture [1]:
- Understanding key cyber threats
- Defining and developing a cyber aware risk culture and setting the tone at the top
- Using risk assessment and control frameworks that measure risks and assesses effectiveness of controls while also fostering innovation
- Focusing on continuous improvement and accountability through exercises
- Evolving security awareness and training programs
- Making third-party risk management a top priority
Understanding key cyber threats
The financial sector faces increasingly sophisticated threats from a wide variety of adversaries including organized criminal enterprises, hostile nation states which notably include Russia, China, Iran, and even trusted insiders, thereby increasing the scale and magnitude of impact to business operations. Attacks include breaches leading to the theft of sensitive information and often with a demand to pay a ransom to return the stolen and unencrypted data. There’s also a pernicious and persistent assault of generative AI-enabled deep-fake videos and phone calls and well-crafted phishing emails designed to defraud customers.
Defining and developing a cyber aware risk culture and setting the tone at the top
“Cyber-aware risk culture” can be defined as an organizational mindset that prioritizes cybersecurity across all levels and functions. It involves embedding cybersecurity principles into daily operations, decision-making processes, and employee behaviors to proactively manage and mitigate cyber risk. Cyber-aware risk culture can be metaphorically described as NASCAR, where every team member, from the driver to the pit crew, to engineers, mechanics and owners, plays a crucial role in the success of the race, every individual in our organizations must contribute to our cyber resilience efforts.
The much harder task is operationalizing a cyber-aware risk culture in a sustainable way. This is where senior leadership and teamwork is essential. It’s critical to secure CEO and board level support with clear risk appetite, key risk indicators and incident response planning. Building on the metaphor of a race team, you don’t just put any driver in the car and say ‘go.’ Every member plays a crucial role in winning the race, and similarly, collaboration and building frameworks for identifying risks are critical initial steps for developing a robust cyber culture. However, the challenge lies in moving faster and becoming more agile in identifying and mitigating these risks.
To do so, collaboration and building frameworks for identifying risks are critical steps for laying the foundation for a robust cyber culture. One of the most significant challenges is overcoming the misconception that cyber risk is solely an IT issue, and not an organization/business issue. This misguided mindset can lead to a lack of ownership and engagement from other departments, thereby diminishing the organization’s overall resilience. In today’s interconnected world, cyber resilience is not just an IT issue; it’s everyone’s responsibility.
Just as the financial services sector has matured “compliance and risk management culture, ”it is time to mature cyber-aware risk cultures. It’s about integrating key risk indicators, defining risk appetite, and implementing effective challenge frameworks appropriated proportionately to the size and scope of an institution’s strategic goals and risks.
Leaders should ask themselves several key questions:
- What steps have you taken to ensure that every department and employee understands and takes ownership of cyber risks?
- What role does targeted training play in ensuring that both internal teams and external partners adhere to a bank’s risk culture?
- How do to embrace innovation and cybersecurity?
Using risk assessment and control frameworks that measure risks and assess effectiveness of controls while also fostering innovation
Last year, the Federal Financial Institutions Examination Council (FFIEC) sunset the Cybersecurity Assessment Tool and pointed banks to several public and private sector developed frameworks, including Cyber Risk Institute’s Profile, NIST’s Cybersecurity Framework 2.0, CISA’s Cybersecurity Performance Goals and Sector-Specific Goals and Center for Internet Security Controls. (See this April 2025 article on sunsetting the FFEIC CAT: https://bankingjournal.aba.com/2025/04/the-nine-lives-of-the-ffiec-cyber-assessment-tool/). Banks have chosen and adopted such public and private sector frameworks that work best for their institutions with features that can create metrics and measure maturity.
Focusing on continuous improvement and accountability through exercises
Cyber exercises are an important tool for educating employees and developing stronger teams. As discussed in other articles (see https://bankingjournal.aba.com/2024/03/gather-around-the-table/ and https://bankingjournal.aba.com/2025/06/key-questions-and-decisions-bankers-face-in-response-to-ransomware-attacks/), tabletop exercises provide forums to discuss roles and responsibilities and to discover gaps that need to be filled. The value of these tabletop exercises include:
- Raising internal awareness of cybersecurity issues
- Gaining participation outside of the IT department
- Achieving continual improvement of the institution’s incident readiness and response.
- Verifying that the appropriate teams know their roles in case of a real incident
- Improving communication and coordination among internal and external teams
- Demonstrating to management and the board that a plan is in place, staff members know how to execute it, and when to escalate
- Complying with regulatory requirements
Evolving security awareness and training programs
A mainstay of creating a security aware culture is security awareness and training programs. It is important to refresh, adapt to evolving risks and incentivize positive behavior. The training programs should not be limited to just onboarding new employees or annual refresher courses but should include programs such as training and testing employees (from the CEO to the intern) to avoid clicking on suspicious emails and educating employees on how adversaries (from fraudsters to hostile nation state actors) are targeting banks and their third-party providers. Cybersecurity awareness programs must be an enterprise-wide initiative.
Making third-party risk management a top priority
Finally, it’s critical that banks evolve their third-party risk management programs. Increasingly, adversaries target third party providers, which means banks need to step up the due diligence process and ongoing oversight of critical third-party providers.
Conclusion
As the financial sector continues to face an increasingly complex and fast-moving cyber threat landscape, a cyber aware risk culture has become a fundamental requirement rather than an aspirational goal. Establishing this culture demands visible leadership, consistent reinforcement and cross-functional participation. When banks align governance frameworks, strengthen third party oversight, and tailor training to their highest risk roles, cybersecurity becomes part of everyday decision making — not an isolated IT function. This shared responsibility is essential for protecting customer trust and maintaining operational resilience.
Entering 2026, the threat environment has evolved even more rapidly than anticipated after the June 2025 session. Artificial intelligence now plays a central role in both attack strategies and defensive measures, enabling adversaries to bypass traditional technical barriers by using legitimate identities instead of exploiting software flaws.
At the same time, AI is fueling more adaptive and hyper personalized fraud attempts, including deepfake based social engineering that closely mimics trusted communications. These developments shift the challenge from simply building a cyber aware culture to continually advancing it — moving beyond annual compliance training toward AI literacy, real time behavioral monitoring, and adaptive training that strengthens the “weakest link,” whether internal staff or external customers who interact with sensitive channels. By embedding adaptive controls into daily workflows and equipping both staff and customers to recognize AI generated fraud, institutions can ensure the cultural foundations built in 2025 remain resilient and responsive to the realities of 2026’s rapidly shifting cyber landscape.
Full Article
CISA News: ITRC breach report reveals lack of detailed breach reporting
Order your 2026 South Dakota Bank Directory
 The South Dakota Bank Directory provides detailed information on all South Dakota banks including addresses, telephone numbers, important contact names and additional pertinent information. The directory also contains information on the SDBA, banking associations, regulatory agencies, endorsed vendors, associate members and South Dakota officials.
Order the 2026 SD Bank Directory
All member branches and endorsed vendors receive one complimentary copy. Associate members also receive a complimentary copy once they pay their 2026 dues.
Breaking Into Banking 101 + 201
February 25 | March 25, 2026 | Zoom
The Dakota School of Lending Principles, hosted by the South Dakota Bankers Association and co-sponsored by the North Dakota Bankers Association on April 7-10, 2026, in Pierre, S.D., is a learning event with one foot grounded in the classroom and one foot in the bank. This school allows students to learn the theory and process of basic lending and then put this knowledge to work in actual nuts and bolts sessions.
Loan Modules
In the four modules on loan types, learn the lending process by studying elements applicable to each loan type: terminology, the application process, interviewing, investigation, credit analysis, loan structure, decision communication and selling. Case studies and exercises provide hands-on learning experience.
Details & Registration
2026 WBA Credit Analyst Development Program
March 12, 2026 | Virtual
 The Credit Analyst Development Program (CADP) takes bankers beyond the basics, developing practical, job-ready skills to assess creditworthiness and support successful lending.
Participants will:
- Analyze financial statements and tax returns with confidence
- Apply ratio analysis techniques to real-world lending scenarios
- Build, document, and monitor strong commercial loans
- Understand C&I and CRE lending fundamentals
Whether new to credit or preparing for a commercial lending role, CADP builds the technical and analytical foundation every banker needs to advance.
Live March–May 2026 | On-Demand Access through July 10
Learn more: www.wabankers.com/cadp
2026 WBA Management Development Program
April-September, 2026 | Virtual
 SESSION HIGHLIGHTS
Discuss critical issues facing the banking industry today, including: • Reduction of the number of banks in the U.S. • The impact of shrinking margins on bank profitability • Impact of a changing bank environment • Finding talented employees for your bank’s continued success • Changing customer expectations and how they are utilizing bank services today
WHO SHOULD ATTEND
WBA’s MDP is an excellent prep program for bank managers wishing to advance their careers. This is a class designed for those who have aspirations of broadening their understanding of the key success elements required to manage a successful banking organization. Some MDP graduates go on to enroll in the WBA’s more advanced Executive Development Program.
Learn more: https://wabankers.com/mdp/
Online Education
Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.
GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training
Question of the Week
Q: We’ve heard a lot lately about Section 1071 – what’s the latest status on those rules (including thresholds and timelines)?
A: Ah, Section 1071 - the gift that keeps on giving…and changing!
The "current" interim final rule extended the Section 1071 small-business-lending compliance dates by roughly a year. Under this rule, Tier 1 institutions would begin collecting demographic data July 1, 2026; Tier 2 by January 1, 2027; and Tier 3 by October 1, 2027. Voluntary collection one year in advance is still fair game (for testing "…procedures and systems for compiling and maintaining this information…").
However, as of November 13th, the CFPB has proposed revisions to Section 1071 via its proposed rule (90 FR 50952) which appears to signal a shift toward a "longer-term, incremental approach." The proposed rule, if adopted, would significantly narrow the scope of the 2023 final rule (currently on hold due to ongoing litigation from the Texas Bankers Association and other plaintiffs) by rolling back several discretionary data points and redefining what counts as a covered transaction.
Under the new draft, lenders would report on a smaller set of core data points, with the CFPB reserving the option to expand requirements later. The proposed rule appears to remove prior requirements to collect details like denial reasons, pricing data, application method, and workforce size, while also excluding merchant cash advances, agricultural credit, and small-dollar loans. Coverage thresholds would seemingly shift as well, and the rule’s "small business" definition would tighten to firms with $1 million or less in annual revenue. The proposed rule can be found at 90 FR 50952. For additional changes and up-to-date news on Section 1071, please check in periodically to our Regulatory Change Management Tracker and our Banker Compliance News, as well as our 1071 Small Business Lending Toolkit.
Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.
SDBA eNews Archive
Advertising OpportunityLearn more about sponsoring the SDBA eNews
Questions/Comments
Contact the SDBA at 605.224.1653 or via email
|
We’re not sure if we should tell you all this, but…