LAST CALL FOR TWO SDBA EVENTS: Emerging Leaders Summit (10/17 & 10/18) and Annual Security Seminar (10/19)

This is your final reminder to register for two SDBA events coming up next week: the SDBA NEXT STEP: Emerging Leaders Summit, October 17 & 18, in Fort Pierre, SD, and the Annual Security Seminar in Sioux Falls on Thursday, October 19. Join the SDBA at the Casey Tibbs Rodeo Center Museum, Tuesday and Wednesday, October 17 & 18 for a split two-day event. Speakers include SDSU's legendary football coach, John 'Stig' Stiegelmeier; USD Economics Professor, Mike Allgrunn; Cindy Peterson, Maximizing Excellence; Larry Young, Boiling Frong Development; Bailey Ronnebaum, forbinfi; and Dan Burwitz, Vantage Point. From leadership to philanthropy to AI, the Emerging Leaders Summit has a little bit of everything for everyone. Attendee counts are due to the venue by COB today, so if you're on the fence to attend, you won't be disappointed! Click here to review the full agenda and hit that "REGISTER" button!

Second, the Annual Security Seminar will be held on Thursday, October 19, at the Best Western PLUS Ramkota Hotel & Conference Center in Sioux Falls, SD. Barry Thompson is back and will deliver sessions on AI, Active Shooter, Risk Management, Physical Security and Internal Fraud. Security officers or directors, operations managers, auditors, HR directors, legal staff, loan officers, disaster recovery managers, collection staff and fraud investigators are encouraged to attend. Click here for details and to register.

Registration OPEN: IRA Fall Update | Friday, Nov. 3 via Zoom

The South Dakota Bankers Association will host its 2023 Fall IRA Updated via Zoom on Friday, November 3. The IRA Update builds on the attendees’ knowledge of IRA basics to address some of the more complex IRA issues their financial organizations may handle. This course includes how the SECURE Act really changes our two biggest topics: RMDs and death distributions and discusses any pending legislation. This is a specialty session; some previous IRA knowledge is assumed. The instructor uses real-world exercises to help participants apply information to job-related situations. IRA administrator, personal banker, or member services personnel who has a working knowledge of basic IRA operations and wishes to expand their expertise and provide enhanced customer service; A financial professional who recognizes that IRAs play an integral role in retirement planning; A compliance specialist with procedural oversight of IRA policies and practices; or support personnel responsible for promotional materials that describe the services provided by your financial organization are encouraged to attend. Click here to review the full agenda and register.

Chopra: CFPB Data Privacy Rule Coming Later This Month

The Consumer Financial Protection Bureau plans later this month to release its long-awaited rulemaking to implement Section 1033 of the Dodd-Frank Act, concerning financial data privacy, Director Rohit Chopra said today. During a speech in Washington, D.C., on possible future actions by the bureau, Chopra didn’t provide any specifics about the rule other than it will “seek to accelerate America’s shift to open, competitive and decentralized banking while also safeguarding against abuse of our personal data.”

Chopra also said that payment systems in the U.S. may be driven by the private sector, but that public payments infrastructure and regulation are important and suggested concerns about the cost, speed and competitiveness of the ecosystem. He said the CFPB will soon take several steps to ensure that private currencies and payment systems “do no harm to consumers,” including subjecting nonbanks to supervisory examinations by the bureau.

Later, responding to a question, Chopra questioned whether credit card rewards miles are funds, noting that large retailers benefit from rewards programs and drive purchases. Chopra stated that there are questions about the transparency of newer rewards programs, like online game rewards, and that CFPB may provide further guidance on related issues.

Nichols Calls on Banks to Work Together on Current Challenges

ABA President and CEO Rob Nichols on Monday called for unity in the banking industry as bankers confront present challenges. In his opening address at the ABA Annual Convention in Nashville, Nichols noted that “we are strongest and most effective in our advocacy when we are able to come together. That’s how we will achieve a policy environment that will support economic growth—not restrict it—so that bankers like you can continue doing the most important job you have: serving your customers.”

Among the challenges that are top-of-mind for the association are the so-called “Basel III endgame” proposals to increase the amount of capital banks are required to hold in reserve. “There is a cost to too much capital, and it’s paid by both consumers and businesses who need credit, and ultimately, this proposal puts economic growth at risk,” Nichols said. “It would be a self-inflicted wound at a time when our economy is already feeling the effects of high interest rates—and it doesn’t make sense.”

Nichols also recapped ABA’s current litigation against the CFPB, emphasizing that the association will continue to push back against attempts by regulatory agencies that exceed their authority. ABA has challenged the bureau over a 2022 update to its examination manual that would have greatly expanded its ability to examine banks for alleged discriminatory conduct, and over its 1071 final rule relating to small business data collection.

“We don’t like suing regulators. We want to have productive working relationships with all of the banking agencies, and we will continue to work constructively with the CFPB where we can,” Nichols said. “But we will not allow blatant regulatory overreach to go unchecked. Should the bureau—or any other agency—issue another rule that clearly exceeds the statutory limits set by Congress, they can count on seeing us in court.”

Bowman: Public Engagement 'Critical' in Rulemaking Process

During an address to the Connecticut Bankers Association last week, Federal Reserve Governor Michelle Bowman commented on what she termed the “responsible evolution” of banking’s regulatory framework. She outlined how efficiency should be a part of policy discussions; limits on the Fed’s tools to implement policy decisions; and the importance of public engagement in rulemaking.

“Efficiency should play a central role in policymaking,” she said. “Policymakers should consider how a desired policy goal can be achieved in a targeted manner that minimizes costs and administrative burdens on financial institutions.” Citing this summer’s release of third-party risk management guidance for banks of all sizes, which she supported, Bowman said regulatory agencies “lost an opportunity to maximize efficiency” in the release of the guidance. “We should do better for the smallest in size, yet largest number, of banks.”

She called public engagement “critical” to improving rulemaking and noted that industry can help policymakers understand the unintended consequences of proposed rules. Last October, agencies finalized amendments to Regulation II—new rules pertaining to debit card routing on different networks. “A key element … is that banks engaged in the rulemaking process shared their feedback, especially around potential fraud concerns and the speed with which the rule mandated system changes and implementation without consideration of the practical implementation and processor functionality constraints,” she said, noting that stakeholders need to engage in the comment process and communicate with policymakers to share their “real-world” views on the rulemaking agenda.

CSBS to Host Updated Ransomware Self-Assessment Tool Webinar | Tuesday, Oct. 24

You’re Invited – Updated Ransomware Self-Assessment Tool (R-SAT), Version 2.0 for Banks
South Dakota Division of Banking Director Bret Afdahl invites bankers to a briefing hosted by the Conference of State Bank Supervisors (CSBS) titled “Updated Ransomware Self-Assessment Tool (R-SAT), Version 2.0 for Banks.”

Webinar Details
CSBS, in collaboration with a national task force of bank CEOs (the Bankers Electronic Crimes Task Force), state bank regulators, and the U.S. Secret Service has updated and improved the R-SAT for banks. The R-SAT is a valuable cybersecurity tool designed to help banks of all sizes assess their readiness for identifying, protecting, detecting, responding to, and recovering from ransomware attacks. The R-SAT has recently been updated to address evolving threat actor methodologies and changes in bank control environments.

Updates to the R-SAT were developed based on insights from cybersecurity experts, feedback from financial institutions, and lessons learned from analyzing real-life ransomware attacks.

Join us on October 24th as we detail findings from our research, improvements to the R-SAT, and how you can most effectively leverage this updated tool to protect your institution and customers. The R-SAT 2.0 will be made available to your institution following the webinar.

Speakers

Charles Cooper, Commissioner, Texas Department of Banking
Phillip Hinkle, Director of IT Security Examinations, Texas Department of Banking
Robert Kahl, Senior Examination Specialist-Information Technology, FDIC RMS
Christopher Furlow, President & CEO, Texas Bankers Association
Brad Robinson, Senior Director, Cybersecurity Policy & Supervision, CSBS

Webex Registration Link
Click on the link below to register for the meeting and to receive a calendar invite.
Tuesday, October 24, 2023
2:00 – 3:00 p.m. Central Time
Click here to register for the webinar
Webinar Password: 2CSBS_RSAT0

CISA News: Picture Images & Sound

Researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures.

A group of academic researchers has devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures.

The movement of camera hardware, such as the Complementary Metal-oxide–Semiconductor (CMOS) rolling shutters and the moving lenses used for Optical Image Stabilization (OIS) and Auto Focus (AF), create sounds that are modulated into images as imperceptible distortions.

These types of smartphone cameras, the researchers explain in a research paper (PDF), create a “point-of-view (POV) optical-acoustic side channel for acoustic eavesdropping” that requires no line of sight, nor the presence of an object within the camera’s field of view.

Focusing on the limitations of this side channel – which relies on a “suitable mechanical path from the sound source to the smartphone” to support sound propagation, the researchers extract and analyze the leaked acoustic information identifying with high accuracy different speakers, genders, and spoken digits.

The academics relied on machine learning to recover information from human speech broadcast by speakers, in the context of an attacker that has a malicious application running on the smartphone but does not have access to the device’s microphone.

However, the threat model assumes that the attacker can captures a video with the victim’s camera and that they can acquire speech samples of the target individuals beforehand, to use them as part of the learning process.

Using a dataset of 10,000 samples of signal-digit utterances, the researchers performed three classification tasks (gender, identity, and digit recognition) and trained their model for each task. They used Google Pixel, Samsung Galaxy, and Apple iPhone devices for the experiments.

“Our evaluation with 10 smartphones on a spoken digit dataset reports 80.66%, 91.28%, and 99.67% accuracies on recognizing 10 spoken digits, 20 speakers, and 2 genders respectively,” the academics say.

Lower quality cameras, the researchers say, would limit the potential information leakage associated with this type of attack. Keeping smartphones away from speakers and adding vibration-isolation dampening materials between the phone and the transmitting surface should also help.

Smartphone makers can mitigate the attack through higher rolling shutter frequencies, random-code rolling shutters, tougher lens suspension springs, and lens locking mechanisms.

“We believe the high classification accuracies obtained in our evaluation and the related work using motion sensors suggest this optical-acoustic side channel can support more diverse malicious applications by incorporating speech reconstruction functionality in the signal processing pipeline,” the researchers added.

Click here for the link to the original article.

QUESTION OF THE WEEK

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call (888) 353-3933 or email [email protected] and ask for our Membership Team.

For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.