ABA: Supreme Court Ruling to Have Major Regulatory Impact on Banks

Last month, the US Supreme Court reversed a 40-year-old decision that granted federal agencies broad regulatory power, limiting their authority to issue regulations unless Congress has explicitly authorized them. This ruling, stemming from a pair of related cases, is a significant victory for the business community, which has long sought to reign in federal regulators abuse of their statutory authority. Critics of the Chevron doctrine argue that it grants unelected federal bureaucrats excessive power in crafting regulations impacting major areas of American life, including the workplace, environment, and healthcare.

"Chevron is overruled. Courts must exercise their independent judgment in deciding whether an agency has acted within its statutory authority, as the [Administrative Procedure Act] requires," Roberts wrote for the court. He described the earlier decision as a "judicial invention that required judges to disregard their statutory duties." Previously, the framework required courts to defer to an agency's reasonable interpretation of laws passed by Congress. Calls for overturning this doctrine came not only from conservative legal scholars but also from some justices who argued that courts were abdicating their responsibility to interpret the law.

This ruling will likely have a significant impact on the dozens of pending legal challenges filed by the banking industry. We have long argued federal banking regulators are abusing their statutory authority and this ruling will allow judges to better reign in rouge regulators.

Tech Crunch: AI-powered Scams and What You Can Do About Them

On this episode of the ABA Banking Journal Podcast, ABA economist Jeff Huther discusses recent dynamics with the Secured Overnight Financing Rate, the “world’s most important number.” Huther delves into topics in his his new ABA DataBank essay, exploring how quantitative tightening has pushed SOFR toward the upper end of the Federal Open Market Committee’s rate target range, the effects of monetary policy mechanisms like the Overnight Reverse Repo Facility, and how banks and other SOFR users can manage volatility that may emerge in the rate.

Read full article

CISA NEWS: 10 Billion Passwords Leaked in the Largest Compilation of All Time

July 4, 2024

cisa

The largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum. The Cybernews research team believes the leak poses severe dangers to users prone to reusing passwords.

The king is dead. Long live the king. Cybernews researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext passwords. The file with the data, titled rockyou2024.txt, was posted on July 4th by forum user ObamaCare.
While the user registered in late May 2024, they have previously shared an employee database from the law firm Simmons & Simmons, a lead from an online casino AskGamblers, and student applications for Rowan College at Burlington County. The team cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” researchers said.

Credential stuffing attacks can be severely damaging for users and businesses. For example, a recent wave of attacks targeting Santander, Ticketmaster, Advance Auto Parts, QuoteWizard, and others was a direct result of credential stuffing attacks against the victims’ cloud service provider, Snowflake.
“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” the team explained.

Not the first rodeo

The RockYou2024 compilation did not just fall from the sky. Three years ago, Cybernews published a story about the RockYou2021 password compilation, the largest at the time, with 8.4 billion plain text passwords. According to the team’s analysis of RockYou2024, attackers developed the dataset by scouring the internet for data leaks, adding another 1.5 billion passwords from 2021 through to 2024 and increasing the dataset by 15 percent.

The RockYou2021 compilation, an expansion of a data breach from 2009, included tens of millions of user passwords for social media accounts. Since then, however, the compilation has ballooned exponentially. Most likely, the latest RockYou iteration contains information collected from over 4,000 databases over more than two decades. The Cybernews team believes that attackers can utilize the ten-billion-strong RockYou2024 compilation to target any system that isn’t protected against brute-force attacks. This includes everything from online and offline services to internet-facing cameras and industrial hardware. “Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team said.

Read full article

ABA Banking Journal: Federal Court Issues Partial Injunction Against Labor Department Overtime Rule

June 30, 2024

ABA banking journal

A federal court in Texas on Friday issued a preliminary injunction partially blocking the Department of Labor’s overtime final rule. The state of Texas had filed a lawsuit challenging the rule, and the court blocked enforcement of the rule against Texas (as an employer) only. A group of nonfinancial employer-side trade associations had filed a separate lawsuit. The court did not rule on that lawsuit, which had not sought a preliminary injunction to enjoin the July 1 salary increase. Consequently, unless there is further judicial action, the rule takes effect today with respect to all private employers, including banks.

The rule increases the salary level below which an employee is automatically subject to the Fair Labor Standards Act’s overtime and minimum wage requirements. As of July 1, the existing $35,568 salary level increased to $43,888. Therefore, if a bank has exempt employees who make between $35,568 and $43,888, the bank will need to reclassify the employee as nonexempt—and therefore subject to federal overtime and minimum wage requirements—or increase the employee’s salary to $43,888.

Previously, the American Bankers Association joined other trade associations in urging the DOL to extend the July 1 implementation date to at least Sept. 1. They also urged the DOL to stay implementation of the rule to allow for judicial review. The agency has not responded to the requests.

Read full article

2025 South Dakota Bank Directory

All member banks have been contacted by NFR (our publisher for the SD Bank Directory) regarding any updates your bank may have. Please complete the form and send it back to them so that our 2025 directory can be as current as possible.

SDBA Events

Ag Credit Conference | July 17-18 | Pierre

Information & Registration

Introduction to HSAs Webinar | August 1 | Zoom

Information & Registration

Fraud Academy | August 6-8 | Virtual

Information & Registration

Digital Innovations Conference | August 27 | Sioux Falls

Information & Registration

Bank Trainers' Conference & Expo | October 9-11 | St. Louis, MO

Information & Registration

2024 Lead Strong: Women in Banking Conference

September 25-26 | Sioux Falls

Lead Strong: Women in Banking is an annual gathering that celebrates and empowers women in the financial industry. Join us for an engaging and enlightening event that focuses on the achievements, challenges, and opportunities for women in the world of banking. This conference provides a unique platform for networking, knowledge sharing and fostering meaningful connections among leading professionals in the field.

Compliance Alliance logo

Question of the Week

Q: Under the Department of Labor’s new Retirement Security Rule, how has the definition of “fiduciary” changed?

A: Under the new final rule, a person is an investment advice fiduciary if they provide a recommendation in one of the following contexts:
• The person either directly or indirectly (e.g., through or together with any affiliate) makes professional investment recommendations to investors on a regular basis as part of their business and the recommendation is made under circumstances that would indicate to a reasonable investor in like circumstances that the recommendation:

• is based on review of the retirement investor’s particular needs or individual circumstances, reflects the application of professional or expert judgment to the retirement investor’s particular needs or individual circumstances, and may be relied upon by the retirement investor as intended to advance the retirement investor’s best interest; or

• The person represents or acknowledges that they are acting as a fiduciary under Title I of ERISA, Title II of ERISA, or both with respect to the recommendation. https://www.federalregister.gov/documents/2024/04/25/2024-08065/retirement-security-rule-definition-of-an-investment-advice-fiduciary

This is considered to be a departure, and a likely non-insignificant expansion, of the scope of what type of employees may be deemed fiduciaries.

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team.

For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

UBB