News

• ABA Banking Journal: Senate tax measure contains provisions on ACRE, pass-through business deduction
• ABA Banking Journal: Stablecoin bill clears Senate
• ABA: Protect Older Adults from Financial Exploitation
• CISA News: SentinelOne shares new details on China-linked breach attempt

SDBA Updates

• 2025 Women of Impact Award

SDBA Events

• 2025 Fraud Academy
• 2025 LEAD STRONG: Women in Banking Conference

Online Education

• Additional Educational Opportunities

Compliance Alliance

• Question of the Week

ABA Banking Journal: Senate tax measure contains provisions on ACRE, pass-through business deduction

The Senate Finance Committee this week released its reconciliation tax text that contains several differences from the version passed by the House, including changes to provisions related to the Access to Credit for our Rural Economy, or ACRE, Act and the Section 199A pass-through business deduction.

The House last month passed a budget package that contained significant changes in tax policy sought by the Republican majority. The Senate Finance Committee text retains many of those provisions but with substantial tweaks in several cases. If the committee text clears the Senate, the two chambers must agree on a compromise budget package before it can be signed into law.

Among the provisions:

• The Senate version incorporates language from the ACRE Act to permit banks to exclude from gross income 25% of interest income derived from certain qualified real estate loans without a sunset date. The House version includes a sunset date of 2028.
• The Senate version would maintain the current Section 199A deduction rate of 20%. It also would expand the deduction limit phase-in range by increasing the $50,000 (non-joint returns) and $100,000 (joint returns) amounts to $75,000 and $150,000, respectively. The House version would increase the deduction to 23%. Both the Senate and House versions make the deduction permanent.
• The Senate version would impose a 3.5% excise tax on certain remittance transfers. However, remittances sent from accounts held by most banks would generally be exempt from the remittance tax.
• The Senate version would permanently increase the state housing credit ceiling and lower the bond-financing threshold to 25% for projects financed by bonds starting in 2026. The House legislation would increase the state housing credit ceiling every year for three years starting in 2026.
• The Senate version would permanently extend the New Markets Tax Credit program while the House legislation would not extend the program.
• The Senate version includes a permanent extension of increased estate tax and gift tax exemption amounts, with an increase in unified estate and gift tax exemption to an inflation-adjusted $15 million effective for tax years beginning after Dec. 31, 2025.
• The Senate version would generally implement effective tax rates of 14% for both foreign-derived intangible income (FDII) and global intangible low-taxed income (GILTI). The FDII that a domestic corporation can deduct under Section 250(a) would decrease from 37.5% to 33.34%. The GILTI deduction would decrease from 50% to 40%.
• The base erosion and anti-abuse tax (BEAT) rate would change to 14% beginning next year.

Back to Top

ABA: Protect Older Adults from Financial Exploitation

June 15 was World Elder Abuse Awareness Day, a global event that raises awareness about elder abuse, including financial exploitation. It’s a reminder to take action in protecting older adults in our communities.

The ABA Foundation offers a variety of free resources to help banks protect older customers and prevent financial harm:

• Staff Training – Prepare your team to identify, prevent, and report elder financial exploitation. Training includes how to support victims and complete Suspicious Activity Reports (SARs).

• Community Outreach – Participate in the Safe Banking for Seniors program to provide free education that helps older adults recognize and avoid scams.

• Law Enforcement Partnerships – Strengthen relationships with local law enforcement and adult protective services with support from ABA’s collaboration tools and materials.

• Technology Solutions – Explore tech-based resources from ABA’s Partner Network designed to help safeguard seniors’ finances.

Explore these and other ABA resources

CISA News: SentinelOne shares new details on China-linked breach attempt

SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm.

SentinelOne is an American endpoint protection (EDR/XDR) solutions provider that protects critical infrastructure in the country and numerous large enterprises. It is a high-value target for state actors as compromising could serve as a springboard to accessing downstream corporate networks and gaining insight into detection capabilities to develop evasion methods.

SentinelLabs first reported on the attempted attack in April, with a new report today describing the attack as part of a broader campaign targeting over 70 entities worldwide between June 2024 and March 2025.

The targets include organizations in government, telecommunications, media, finance, manufacturing, research, and IT sectors.

The campaign is separated into two clusters. The first is 'PurpleHaze,' attributed to APT15 and UNC5174, covering a timeframe between September and October 2024.

SentinelOne was targeted by both clusters, once for reconnaissance and once for supply chain intrusion.

 SentinelOne suspects that the threat actors in both campaigns exploited vulnerabilities in exposed network devices, including Ivanti Cloud Service Appliances and Check Point gateways.

"We suspect that the most common initial access vector involved the exploitation of Check Point gateway devices, consistent with previous research on this topic,"  reports SentinelLabs.

"We also observed communication to ShadowPad C2 servers originating from Fortinet Fortigate, Microsoft IIS, SonicWall, and CrushFTP servers, suggesting potential exploitation of these systems as well."

PurpleHaze and ShadowPad campaigns

The PurpleHaze attack wave attempted to breach SentinelOne in October 2024, where threat actors conducted scans on the company's internet-exposed servers over port 443, looking to map accessible services.

The threat actors registered domains masquerading as SentinelOne infrastructure, such as sentinelxdr[.]us and secmailbox[.]us.

Based on evidence from other targets, including a South Asian government, successful attacks used the GOREshell backdoor, which was dropped on network-exposed endpoints using zero-day exploits.

The more recent activity cluster is 'ShadowPad,' conducted by APT41 between June 2024 and March 2025.

The threat actors attempted what is believed to be a supply chain attack on SentinelOne in early 2025, where APT41 used the ShadowPad malware, obfuscated via ScatterBrain, against an IT services and logistics company working with the cybersecurity company.

The attackers delivered the malware to the target via PowerShell, which used a 60-second delay to evade sandbox environments. The malware then scheduled a system reboot after 30 minutes to clear traces in memory.

Next, the hackers deployed the open-source remote access framework 'Nimbo-C2' to provide a wide range of remote capabilities, including screenshot capturing, PowerShell command execution, file operations, UAC bypass, and more.

The attackers also used a PowerShell-based exfiltration script that performs a recursive search for sensitive user documents, archives them in a password-locked 7-Zip archive, and exfiltrates them.

SentinelOne comments that the threat actors' goals remain unclear, but a supply chain compromise is the most likely scenario.

The cybersecurity company thoroughly examined its assets and reported that no compromise had been detected on SentinelOne software or hardware.

"This post highlights the persistent threat posed by China-nexus cyberespionage actors to a wide range of industries and public sector organizations, including cybersecurity vendors themselves," concludes SentinelOne.

"The activities detailed in this research reflect the strong interest these actors have in the very organizations tasked with defending digital infrastructure."

Full Article

Back to Top

2025 Women of Impact Award 

Do you know an outstanding woman in banking who has made a significant contribution to her organization, community, and industry?

If so, nominate her for the "SDBA Women of Impact Award"! These awards will be presented at the 2025 Lead Strong: Women in Banking event on September 10 in Sioux Falls, SD.

Submit your nomination by August 1.

Back to Top

2025 Fraud Academy

August 12-14, 2025 | Lexington, KY or Virtual

Fraud Academy is a pioneering initiative designed to arm bankers with the skills needed to detect and combat fraud. Our unique program features insights from experts across the DEA, FBI, the Secret Service, law enforcement, AARP, and the financial industry, offering a robust education in fraud prevention from those who know it best. 

With fraud costing every bank valuable time and money, our curriculum targets over eighteen types of fraud, including check fraud, elder fraud, cybercrimes, and introduces effective prevention tools. Equipping bankers with the knowledge to minimize fraud-related losses and protect your institution's bottom line. This two-and-a-half-day school will take a deep dive into the types of fraud most affecting financial institutions.

Information & Registration

2025 LEAD STRONG: Women in Banking Conference

Back to Top

Online Education

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Question of the Week

Q: Are both new auto loans and used auto loans both within the scope of the exception under the Military Lending Act (MLA)? 

A: If the loan otherwise meets the scope of the exception for vehicle loans in the MLA, then the vehicle being purchased and securing the loan may be new or used. In other words, the exception in the MLA does not specifically require that the automobile in question be either new or used, as set out here:  

“…(1) Consumer credit means credit offered or extended to a covered borrower primarily for personal, family, or household purposes, and that is:  

(i) Subject to a finance charge; or  

(ii) Payable by a written agreement in more than four installments.  

(2) Exceptions. Notwithstanding paragraph (f)(1) of this section, consumer credit does not mean:  

… (ii) Any credit transaction that is expressly intended to finance the purchase of a motor vehicle when the credit is secured by the vehicle being purchased;…” https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-M/part-232#p-232.3(f) "

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

Back to Top