Member Login
Search

SDBA eNews winter

February 26, 2026

News

SDBA Updates

SDBA Events

Online Education

Compliance Alliance

ABA Banking Journal: OCC releases proposed rule to implement payment stablecoin legislation

February 25, 2026

OCC to merge community bank, large bank supervision departmentsThe Office of the Comptroller of the Currency today released a proposed rule to implement the Genius Act, including how it would handle the law’s prohibition on paying interest or yield on payment stablecoins.

The Genius Act was passed by Congress last year and established a framework for the OCC and other federal agencies to regulate payment stablecoins. The 376-page proposed rule would set standards and requirements related to stablecoin activities, custody and risk management, among other things. For example, the OCC is proposing a floor of $5 million on the minimum capital requirement for de novo stablecoin issuers.

The regulations would apply to payment stablecoin issuers and foreign payment stablecoin issuers under the OCC’s jurisdiction, as well as certain custody activities conducted by OCC-supervised entities, according to the agency. Issues related to the Bank Secrecy Act, anti-money laundering and Office of Foreign Asset Control sanctions will be addressed in a separate rulemaking in coordination with the Treasury Department.

As for the law’s prohibition on payment of interest, the American Bankers Association and others have raised concerns that the ban could be bypassed when exchanges or other affiliates offer yield or rewards to stablecoin holders. The rule states that the OCC understands that issuers could attempt to bypass the ban through arrangements with third parties. As a result, it will presume a stablecoin issuer is paying interest or yield if two conditions are met:

  • The stablecoin issuer has a contract, agreement or other arrangement with an affiliate or a related third party to pay interest or yield to the affiliate or related third party.
  • The affiliate or related third party has a contract, agreement or other arrangement to pay interest or yield to a holder of any payment stablecoin issued by the permitted stablecoin issuer solely in connection with the holding, use or retention of such payment stablecoin.

“Other arrangements that are not captured by the presumption may also violate the statutory prohibition or constitute an evasion thereof,” the rule states. “The OCC would assess those arrangements on a case-by-case basis but does not believe that it is necessary to include other arrangements within the rebuttable presumption at this time.”

“The OCC has given thoughtful consideration to a proposed regulatory framework in which the stablecoin industry can flourish in a safe and sound manner,” Comptroller of the Currency Jonathan Gould said. “We welcome feedback on the proposal to inform a final rule that is effective, practical and reflects broad industry perspective.”

Comments on the rule are due 60 days after publication in the Federal Register.

Full Article

Back to Top

ABA Banking Journal: FBI: Malware-enabled ATM jackpotting crimes on the rise

February 25, 2026
ABA opposes overdraft bill, calls credit report bill flawed

Out of the 1,900 ATM jackpotting incidents reported since 2000, more than 700 occurred last year alone, resulting in roughly $20 million in losses, the FBI said in a new alert.

Criminals are deploying ATM jackpotting malware, including the Ploutus family malware, to infect ATMs and force them to dispense cash, the FBI said. Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.

The alert lists several indicators that an ATM has been compromised with malware. It also encourages financial institutions to take steps to enhance both the physical security and hardware security of ATMs, such as installing threat sensors that alert personnel to suspicious activity and enabling hard drive encryption.

The agency encourages financial institutions that have identified suspicious activity to contact their local FBI field office, and to report the activity to the FBI Internet Crime Complaint Center. Each report should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Full Article

Back to Top

ABA Banking Journal: Treasury releases first of AI resources

February 23, 2026
Treasury Department seeks comment on AI use in financial services

The Treasury Department has released the first two of six planned resources to help the financial services sector safely deploy artificial intelligence.

The AI Lexicon defines key AI-related terms based on definitions from various industry standards and government resources with the goal of improving sector communications, on aspects ranging from risk management to contract negotiation.

The Financial Services AI Risk Management Framework, or AI RMF, is a retooling of the National Institute of Standards and Technology’s AI RMF that is specifically tailored for financial services. The FS AI RMF consists of four parts — an AI adoption stage questionnaire, a risk and control matrix, a user guidebook, and a control objective reference guide.

The resources were developed by the Artificial Intelligence Executive Oversight Group, a private-public partnership that brought together financial institution executives with federal and state regulators and other stakeholders to identify gaps in the financial sector’s use of AI. The Treasury Department plans to release all six resources by the end of the month.

Full Article

Back to Top

CISA News: Payroll pirates are conning help desks to steal workers' identities and redirect paychecks

February 11, 2026 | Jessica Lyons

Attackers using social engineering to exploit business processes, rather than tunnelling in via tech

Exclusive When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.

In December 2025, managed detection and response outfit Binary Defense's threat research group ARC Labs investigated a security incident in which a thief redirected a physician's salary into their own account using a very simple attack that started with a help-desk call.

"This was a combination of exploiting people and processes rather than technology," Dwyer, the deputy CTO and head of Arc Labs, told The Register in an exclusive interview. "It's technology-adjacent. This was identity theft from pure-play social engineering into exploiting a weaker-than-advised process internally to gain access."

In a report shared exclusively with The Register, Dwyer and co-authors Danny Dubree and Eric Gonzalez detailed how the attacker used compromised credentials belonging to a shared mailbox at a healthcare facility. Binary Defenses’ incident responders can't say for certain how the attacker obtained the credentials. Dwyer said his team found no evidence of phishing and assumes the miscreant obtained the email login info from an earlier breach.

Once the attackers gained access to the mailbox, they snooped around and determined whose identity to assume when calling the help desk to request a password and multi-factor authentication (MFA) reset.

In this case, the attacker pretended to be a physician locked out of their account and thus unable to treat patients.

"The call basically went that this person can't log into their account, they have patients they need to see right now, they need to get immediate access," Dwyer said. The fake physician's name and access-level checked out, so the help desk employee reset the password and MFA token. This gave the attacker access to the account, which enabled the rest of the payroll scam to play out.

It's technology-adjacent. This was identity theft from pure-play social engineering into exploiting a weaker-than-advised process internally to gain access

"And this is where things get very, very interesting," Dwyer said. "Over the last year where we've seen these sort of incidents, it has followed traditional business email compromise attack flows."

In one such attack targeting university employees and documented by Microsoft, the digital thieves compromised employee accounts to gain access to HR platforms like Workday and then diverted employees' direct-deposit paychecks. The attackers gained initial access through phishing emails, stole MFA codes via an adversary-in-the-middle phishing link, and then accessed the victims' Microsoft Exchange Online inboxes before hijacking their Workday profiles and sending paychecks to attacker-controlled accounts.

'Identity is the new perimeter'

"Everything happens through that access, through that mailbox in that Microsoft account," Dwyer said, adding that the attack targeting the physician looked different. After "recovering" the medico’s identity from the help desk social engineering call, the attacker authenticated from the healthcare organization's own virtual desktop infrastructure, registered new authentication devices to the account, and logged into the Workday payroll system.

Once they had logged into Workday, the crook changed the banking and direct deposit details to re-route the physician's paycheck into an attacker-controlled account.

This is about process exploitation and the hijacking of identities, which makes it extraordinarily hard to identify malicious versus normal identity behavior

Using the company's own virtual infrastructure allowed the attacker to bypass security detections because the logins appeared to be a legitimate internal user with a trusted endpoint and internal IP address.

"With this one, the big thing that really stood out is that the attackers seem to be aware of the detection strategies against them," Dwyer said. "This attack was carried out purely outside of email and leveraging the trusted access through the VDI infrastructure. By abusing the organization's own virtual desktop infrastructure, so from a security tools point of view, everything looks normal and trusted."

The organization wasn't even aware that it had been compromised until the physician asked why they hadn’t been paid.

"It isn't always about technology hacking," Dwyer said. "This is about process exploitation and the hijacking of identities, which makes it extraordinarily hard to identify malicious versus normal identity behavior. Identity is the new perimeter, and this is a new threat vector in which your persona needs to be treated like a privileged asset, rather than just your computer or your phone."

In addition to underscoring the security threats around using shared mailboxes, this incident shows how payroll and HR platforms should be viewed as a high-value target for attackers, Dwyer added. For defenders, this requires treating payroll information as a telemetry stream for threat detection and treating payroll changes as high-risk financial events.

"The good news is we already have a model around this – lessons learned from wire fraud and pay and accounts payable fraud applies here," Dwyer said. "Changes that are made to direct deposit information should have to be confirmed in some mechanism, there should be a temporary holding period while it goes through some sort of fraud detection review, or something along those lines."

While organizations have the technology to do this, they don't necessarily have the processes in place to address this type of security and business risk, he added.

"Organizations need to consider direct deposit as a legitimate, viable threat vector," Dwyer said. "If I was a business leader, I would want to get ahead of this, because I wouldn't want to get into some sort of arbitration with an employee over a lost paycheck." ®

Full Article

Back to Top

SDBA Updates

2027 PHOTO CONTEST 

Back to Top

 

SDBA Events

2026 SDBA IRA Spring Update

March 11, 2026 | Sioux Falls

The IRA Update builds on your knowledge of IRA basics to address some of the more complex IRA issues your financial organization may handle. This course includes how the transitions rules work, RMDs and death distributions. We will also discuss amending documents. This is a specialty session; some previous IRA knowledge is assumed. The instructor uses real-world exercises to help participants apply information to job-related situations.

Details & Registration

Back to Top

2026 Understanding Bank Performance

April 2, 3, 9, 10, 16, 17, 23, 24 | 10am-12pm CST | Virtual

Participants will learn how to assess and analyze a bank’s financial performance by working with data from real institutions. Using financial statements from one sample financial institution along with statements from their own banks, participants will become familiar with the ins and outs of balance sheets and income statements and learn how to apply key performance metrics to the data presented in these documents.

Having learned how to interpret and analyze a bank’s financial statements, participants will gain deeper insight into the factors affecting bank performance. Later sessions in this course will address ways in which performance may be hindered or improved by funding strategies and risk management. Ultimately, participants will be able to review a bank’s financial statements to identify strengths and weaknesses and be able to recommend changes that will lead to improved performance.

In the final session of this course, participants will put what they have learned into practice. Participants will analyze a new data set, rate the bank’s performance and suggest strategic adjustments that might benefit the bank.

Details & Registration

Back to Top

2026 South Dakota Fraud Forum

May 14 | 9:00am-3:00pm CDT

Join us at the upcoming UMACHA Fraud Forum, hosted by UMACHA, for an in-person information-sharing event designed specifically for banking professionals. This interactive forum brings together local law enforcement, guest speakers, and your industry peers for meaningful discussion around fraud awareness, prevention, and response.

Takeaways

• Practical insights into current financial crimes impacting institutions across South Dakota
• Real-world strategies to strengthen your fraud mitigation efforts
• Valuable connections with professionals facing the same challenges

Details & Registration - COMING SOON

Back to Top

2026 WBA Management Development Program

April-September, 2026 | Virtual

wba MDPSESSION HIGHLIGHTS

Discuss critical issues facing the banking industry today, including: • Reduction of the number of banks in the U.S. • The impact of shrinking margins on bank profitability • Impact of a changing bank environment • Finding talented employees for your bank’s continued success • Changing customer expectations and how they are utilizing bank services today

WHO SHOULD ATTEND

WBA’s MDP is an excellent prep program for bank managers wishing to advance their careers. This is a class designed for those who have aspirations of broadening their understanding of the key success elements required to manage a successful banking organization. Some MDP graduates go on to enroll in the WBA’s more advanced Executive Development Program.

Learn morehttps://wabankers.com/mdp/ 

Back to Top

2026 NDBA/SDBA Annual Convention

June 15-17, 2026 | Bismarck, ND

2026 Convention

Community banking is built on connection — between colleagues, institutions, and the communities we proudly serve. Across North and South Dakota, bankers collaborate, share insight, and lift one another up to make the industry stronger.

As our nation approaches its 250th anniversary, this year’s theme, Stronger Together, celebrates the shared values that unite us — collaboration, trust, and a steadfast commitment to doing what’s right. While the landscape may evolve, the heart of community banking remains constant. Bankers face challenges head-on, solve problems creatively, and move forward with optimism… always.

Thank you for being part of the NDBA and SDBA family. When we come together, we elevate each other, our institutions, and the communities we serve.

Join us in Bismarck this summer for the 2026 NDBA/SDBA Annual Convention, where we’ll celebrate our shared strength, honor our impact, and look ahead to what’s next.

Registration opens April 1

Back to Top

Online Education

online ed

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Compliance Alliance logo

 

Banking Matters Podcast

Episode 120 Banking Matters What Banks Need to Know

Episode 120 - What Banks Need to Know

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters. 

Back to Top

SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email