SDBA eNews: May 18, 2017

In This Issue

GSB Hot Topic Webinar: WannaCry Ransomware Impacts

More than 225,000 victims identified in 150 countries have been infected by a new strain of ransomware called WannaCry. Ransomware is a type of malware that encrypts your data and offers to return it safely if you pay the requested ransom. WannaCry has one significant difference from traditional ransomware; it spreads itself automatically across your network and over the Internet.

Join Chad Knutson and Jon Waldman with SBS CyberSecurity for a GSB Hot Topic Webinar: WannaCry Ransomware Impacts on Friday, May 19, at 10 a.m. CDT.

The webinar will discuss the current impacts of WannaCry, risks of wormable vulnerabilities, steps to take IMMEDIATELY to protect your institution, ways to defend or recover from WannaCry, and best practices for ransomware. The cost of the webinar is $159. Learn more and register.

HUD Seeks Industry Feedback on Regulatory Burden

Implementing the president’s executive orders on regulatory reform, the Department of Housing and Urban Development on Monday requested public and industry feedback on HUD regulations that may be outdated, ineffective or unnecessarily burdensome. Comments are due by June 14.

In identifying regulations that should be repealed, replaced or modified, commenters are asked to describe in what ways they eliminate jobs or inhibit job creation, are outdated, impose costs exceeding their benefits or are inconsistent with regulatory reform priorities or other existing rules. HUD also sought feedback on any of its regulations that have been overtaken by technological developments and requested information for commenters on their total compliance costs for HUD regulations. Read more.


Question of the Week

In regard to flood requirements, some borrowers have buildings with little to no value or that will be torn down after closing located on the property we are financing that is in a flood zone—do we have to require flood insurance for these?

Answer: Generally, yes—there’s not an exception in the regulations for buildings that have little value or will be torn down after closing. If the value is less than the minimum deductible, the bank would have to note that in the file and get a statement from the insurer to that effect. If that’s not the case, the bank may consider “carving out” buildings from the security it takes on the loan. Note that the bank should fully analyze the risks of this option. Specifically, it should consider whether it would be able to market the property securing its loan in the event of foreclosure and whether there are any zoning or other issues that would affect its collateral.

Compliance rules and regulations change quickly. For timely compliance updates, subscribe to Compliance Alliance’s email newsletters.

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call 888.353.3933 or email.

Upcoming Events

View all SDBA events

Advertising Opportunity

Learn more about sponsoring the SDBA eNews.


Contact Alisa DeMers, SDBA, at 800. 726.7322 or via email.

Call Lawmakers Today in Support of Durbin Repeal

As House leaders prepare to bring the Financial Choice Act to the floor in the coming days, ABA calls on all bankers to phone their lawmakers today and urge them to keep a provision in the bill that would roll back the Durbin Amendment and eliminate government-imposed price controls on debit card interchange.

This grassroots effort will help counter attempts by the retail industry to push lawmakers to condition their support for the Choice Act on the removal of the Durbin repeal provision. In addition to the grassroots effort, ABA is conducting targeted digital advertising to all House members making the case for the Durbin Amendment's repeal.

Bankers can make phone calls quickly and easily through ABA’s patch-through calling system, which allows bankers to reach their lawmaker by entering their contact information. Bankers may also dial 202.568.6811 to be automatically connected.

Carson Signals FHA Policy Shift on PACE Loans

Housing and Urban Development Secretary Ben Carson signaled on Tuesday that the administration may revisit an Obama-era policy on Property Assessed Clean Energy, or PACE, loans, a controversial financial product that allows homeowners to pay for energy-efficient retrofitting--such as solar panels and high-efficiency air conditioners--through their property tax assessments.

Guidance issued last year allowed the Federal Housing Administration to approve mortgage and refinance applications for properties with PACE loans outstanding. “We are very, very amenable to adjusting that policy,” Carson said at an industry conference. “I’m concerned about it. It really does create a burden and an extra complication.”

ABA and other trade groups, as well as the Federal Housing Finance Agency and the housing GSEs, have long expressed concern about PACE loans--currently available in about 30 states--taking lien priority over the first mortgage lien. FHFA has prohibited Fannie Mae and Freddie Mac from purchasing loans with PACE liens which take precedence over the first mortgage, citing concerns about taxpayer risk.

As PACE loans have come under fire in the media for their lack of consumer protections, ABA has also supported bills in Congress that would ensure PACE lenders provide full consumer disclosures.

Trump Signs Cybersecurity Executive Order

President Trump last week signed a long-awaited executive order directing federal agencies to increase their efforts to mitigate cyber risks. Effective immediately, all federal agencies will be required to follow the National Institute of Standards and Technology’s framework for cybersecurity, and each agency will be responsible for submitting a risk management report to the Department of Homeland Security within 90 days.

The order also emphasizes the need for increased government support to the nation’s critical infrastructure entities to help them guard against cyberattacks. It calls for DHS--in collaboration with the Department of Defense, the FBI and others--to identify ways to support the cybersecurity efforts of critical infrastructure entities, support transparency of cyber risk management practices in the marketplace, and reduce the threat of automated and distributed cyberattacks by botnets.

ABA applauded this action by the White House. “The executive order issued today will enhance the security of government systems and help protect our critical financial infrastructure--and ultimately bank customers--through enhanced information sharing and greater cross-industry collaboration,” said ABA President and CEO Rob Nichols. “The financial services industry is committed to help protect our country’s critical sectors and economic security. America’s banks will continue to work closely with the White House, Congress and others to establish clear lines of public-private communication, while avoiding inconsistent or duplicative regulation that might undermine our efforts to protect banks and the customers they serve.” Read the executive order.

FS-ISAC Monitoring Ransomware Attack; No Financial Sector Impacts Yet Reported

A massive ransomware cyber attack spread around the world last Friday, affecting more than 230,000 computers in about 150 countries, according to news reports over the weekend. Users of infected computers received a message that their files had been encrypted and that they should pay a ransom in bitcoin in order to decrypt their files.

Through its membership in the Financial Services Information Sharing and Analysis Center, ABA is closely monitoring the attack. As of Sunday, there were no known effects on the U.S. financial services sector. Friday's attack, labeled "WannaCry," exploits known vulnerabilities for which patches are available. Institutions and individuals that had not recently updated their software or who were running unsupported versions of software were vulnerable.

ABA encourages all banks to become FS-ISAC members to receive the latest updates on cyber threats to the financial industry. ABA has also produced several resources to help banks and their customers--in particular business clients--understand ransomware and respond should they become victims of an attack. View ABA resources on ransomware. For more information, contact ABA's Doug Johnson.

ABA Calls for Revisions to Cyber Standards for Insurers

ABA on Tuesday submitted comments to the National Association of Insurance Commissioners on its draft of the insurance data security model law, which would establish data security and data breach notification standards for insurance licensees (insurers and insurance agencies). ABA requested that the association add language to the draft stating that bank-affiliated insurance agencies be considered in compliance with the model law if their bank affiliates are in compliance with existing interagency data security standards.

ABA noted that the proposed model law for insurance licensees is very similar to existing guidance already followed by banks, and that in most cases, banks and their affiliated insurance agencies use the same information system to manage their customer data. By adding the proposed language, bank-affiliated insurance agencies would be allowed to comply with one set of requirements regarding cybersecurity, ABA said.

In addition, ABA requested that the model law be revised to allow insurance licensees more time to report a cybersecurity event to an insurance regulator. As currently drafted, they have only 72 hours to report an incident. For more information, contact ABA's Sarah Ferman.

Sens. Tester, Moran, Heitkamp Introduce Bill Easing Stress Test Burden

Sens. Jon Tester (D-Mont.), Jerry Moran (R-Kan.) and Heidi Heitkamp (D-N.D.) on Tuesday introduced a bill that would provide relief from the Dodd-Frank Act stress tests, reducing the mandated frequency of testing for all institutions and removing many from the stress test process altogether.

The Main Street Regulatory Fairness Act raises the asset threshold for stress testing from $10 billion to $50 billion and for the rest removes the requirement for semiannual stress tests, instead calling for regulators to conduct them periodically. ABA has long sought reform of the stress test process, noting that it imposes excessively heavy burdens on institutions for which stress tests are superfluous or not well suited, and continues to seek legislative and regulatory opportunities to address arbitrary asset thresholds and unnecessary burdens on banks.