News

• ABA Banking Journal: White House releases AI action plan
• ABA Banking Journal: Bowman provides rationale for capital standards, bank ratings reform
• ABA Banking Journal: House committee advances ABA-backed bills
• CISA News: China's Salt Typhoon Hacked US National Guard

SDBA Updates

• 2025 Women of Impact Award
  
• 2026 Scenes of South Dakota Photo Contest

SDBA Events

• GSBC’s C-Suite School Takes Succession Planning to New Heights
• 2025 GSB Financial Managers School

Online Education

• Additional Educational Opportunities

Compliance Alliance

• Question of the Week

ABA Banking Journal: White House releases AI action plan

The Trump administration today released an“action plan” for spurring the development of artificial intelligence technologies. Among its many provisions, the document calls for eliminating regulatory barriers to AI, sharing software and hardware with U.S. allies, and promoting rapid buildout of data centers.

The action plan also calls for bolstering infrastructure cybersecurity by establishing AI Information Sharing and Analysis Center led by the Department of Homeland Security, which will issue and maintain guidance to private sector entities pm responding to AI-specific vulnerabilities and threats.

In March, the American Bankers Association offered four high-level policy recommendations for administration officials as they developed the action plan, including the adoption of voluntary standards and frameworks to encourage cross-sector collaboration. ABA also noted banks are a model for how other industries can explore AI-enabled use cases in a fruitful and sustainable manner.

“The compliance requirements, model risk management expectations, and supervision by specialized regulators has resulted in an environment of trust and responsible innovation, a prerequisite for prosperity,” ABA said. “Accordingly, the financial services sector can be a leader to encourage the proliferation of these features. The framework under which banks operate can, with some clarifications and adjustments, effectively manage risk without endangering American dominance.”

Back to Top

ABA Banking Journal: Bowman provides rationale for capital standards, bank ratings reform

In an interview on CNBC, Federal Reserve Vice Chair for Supervision Michelle Bowman spelled out her approach to reforming capital requirements for large banks, saying it was time to evaluate what has and hasn’t worked since passage of the Dodd-Frank Act.

The Fed today is holding a conference on capital requirements for large banks. A previous attempt by the Fed and banking agencies to implement the Basel III endgame standards failed amid worries about the proposal’s effects on the economy. Bowman said regulators are still pushing forward to implement some form of Basel III along with regulations concerning the global systemically important banks surcharge and stress tests.

“We realized that we’re 15 years past the financial crisis and the implementation of the Dodd-Frank regulations, and it’s time for us to take a look backwards to understand what’s been working, what isn’t working, what’s duplicative and overlapping, and how we can have a more comprehensive review of what those capital regulations are,” Bowman said.

The Fed under Bowman has also initiated a review of its supervisory rating framework for large banks. The current rating framework includes three components — capital, liquidity, and governance and controls — and a negative finding in any of them can lower a bank’s rating. The Fed is proposing to amend the framework by allowing a bank with no more than one “deficient-1” rating for a component to still be rated “well managed.” (Banks with any “deficient-2” ratings would still be considered “not well managed.”)

“When you have three components and two of them are related to their financial condition and one is related only to their operations and no other financial factors, it doesn’t make sense that we would allow nonfinancial factors on their own to degrade a bank’s financial standing,” Bowman said.

ABA Banking Journal: House committee advances ABA-backed bills

The House Financial Services Committee this week advanced six bills supported by the American Bankers Association, including legislation concerning the Federal Reserve’s discount window, the FDIC board and de novo bank formation.

ABA submitted a statement ahead of the votes urging committee members to support the following bills:

• H.R. 3390, the Bringing the Discount Window into the 21st Century Act, sponsored by Rep. Monica De La Cruz (R-Texas). The bill would require the Fed to review its discount window lending programs, develop a remediation plan to address deficiencies and enhance the effectiveness of the programs. The committee vote was 48-1.
• H.R. 4460, the Stop Agency Fiat Enforcement of Guidance (SAFE Guidance) Act, sponsored by Rep. Dan Meuser (R-Pa.). The legislation would require each financial regulator to include a guidance clarity statement with any guidance issued by that agency. The vote was 26-23.
• H.R. 3446, the FDIC Board Accountability Act, sponsored by Rep. Bill Huizenga (R-Mich.). The bill would revise the membership requirements for the FDIC board by making the CFPB director a nonvoting member of the board, mandating that one member have state bank supervisory experience, and that one member have primary experience working in or supervising depository institutions with less than $10 billion in total assets. The vote was 26-23.
• H.R. 4544, The American Access to Banking Act, sponsored by committee Ranking Member Maxine Waters (D-Calif). The bill would encourage the formation of de novo financial institutions by, among other things, directing agencies to streamline and simplify the application process. The vote was 49-0.
• H.R. 4478, the Tailored Regulatory Updates for Supervisory Testing Act of 2025 (TRUST Act), sponsored by Reps. Tim Moore (R-N.C.) and Ritchie Torres (D-N.Y.). The bill would increase the total asset threshold under which institutions qualify for an 18-month exam cycle from $3 billion to $6 billion. The vote was 49-0.
• H.R. 4437, the Supervisory Modifications for Appropriate Risk-Based Testing Act of 2025 (SMART Act), sponsored by Reps. William Timmons (R-S.C.) and Bill Foster (D-Ill.). The bill would increase the total asset threshold under which institutions qualify for a limited-scope examination directly after an on-site, full-scope exam from $3 billion to $6 billion. It also requires that if an institution is otherwise subject to a separate safety and soundness exam and a consumer compliance exam, at the request of the institution, the regulatory agency shall combine and carry out the exams at the same time. The vote was 53-1.

Full Article

Back to Top

CISA News: China's Salt Typhoon Hacked US National Guard

Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.

Chinese state-sponsored hackers compromised the network of a state’s Army National Guard unit, collected configuration information, and tapped into its communication with other units, a Department of Defense report shows.

The nation-state threat actor, tracked as Salt Typhoon, was previously accused of hacking US telecommunications giants AT&T and Verizon, along with Lumen Technologies and other service providers in the US and abroad, to compromise wiretap systems.

Last month, the Canadian Centre for Cyber Security and the FBI warned that the APT had also targeted telecom providers in Canada, stealing configuration files and modifying one file to configure a GRE tunnel and enable traffic collection.

In a June report obtained by NBC News, the DoD warned that Salt Typhoon compromised a US state’s Army National Guard network, obtaining valuable information that could facilitate its hacking into other units’ networks and their state-level cybersecurity partners.

“If the PRC-associated cyber actors that conducted the hack succeeded in the latter, it could hamstring state-level cybersecurity partners’ ability to defend US critical infrastructure against PRC cyber campaigns in the event of a crisis or conflict,” the report reads.

According to the DoD, Salt Typhoon accessed the compromised network between March and December 2024, exfiltrating configuration information and collecting data sent to and received from “counterparts’ networks in every other US state and at least four US territories”.

“This data also included these networks’ administrator credentials and network diagrams—which could be used to facilitate follow-on Salt Typhoon hacks of these units,” the DoD says.

According to the report, between January and March 2024, the Chinese hackers stole configuration files for other US government and critical infrastructure organizations, including at least two state government agencies.

In 2023 and 2024, the DoD says, Salt Typhoon stole 1,462 network configuration files for roughly 70 US government and critical infrastructure entities from 12 sectors, including energy, communication, transportation, and water and waste water.

For initial access, the hackers exploited known vulnerabilities in Cisco and Palo Alto Networks edge devices, including CVE-2018-0171, CVE-2023-20198, CVE-2023-20273, and CVE-2024-3400, the report shows.

The compromise of National Guard networks, the DoD says, could undermine local efforts to protect critical infrastructure against cyberattacks, as the National Guard units in 14 states are integrated with centers responsible for threat intelligence and the unit in one state provides cyber defense services.

“Salt Typhoon access to Army National Guard networks in these states could include information on state cyber defense posture as well as the personally identifiable information (PII) and work locations of state cybersecurity personnel—data that could be used to inform future cyber-targeting efforts,” the report reads.

Responding to a SecurityWeek inquiry, the National Guard Bureau confirmed it was aware of the DoD report on Salt Typhoon’s hacking.

“While we cannot provide specific details on the attack or our response to it, we can say this attack has not prevented the National Guard from accomplishing assigned state or federal missions, and that NGB continues to investigate the intrusion to determine its full scope. We are taking this matter extremely seriously. Security protocols are in place to mitigate further risk and contain any potential data compromises, and the response is ongoing. We are coordinating closely with DHS and other federal partners,” the Bureau said.

*Updated with National Guard Bureau statement and to clarify what type of information was stolen in the attacks against Canadian carriers.

Full Article

Back to Top

2025 Women of Impact Award 

Do you know an outstanding woman in banking who has made a significant contribution to her organization, community, and industry?

If so, nominate her for the "SDBA Women of Impact Award"! These awards will be presented at the 2025 Lead Strong: Women in Banking event on September 10 in Sioux Falls, SD.

Nomination deadline EXTENDED to August 15: Submit your nomination 

2026 Scenes of South Dakota Photo Contest

Back to Top

GSBC’s C-Suite School Takes Succession Planning to New Heights

Limited Availability for October 2025 Cohort  |  Apply by August 15

The Graduate School of Banking at Colorado’s Executive Development Institute for Community Bankers® (EDI) is a program for up-and-coming C-level executives whose work efforts influence the future direction of their banks. A dual curriculum of advanced leadership and advanced financial management strategies prepares participants for the challenges associated with leading a community bank in today’s increasingly competitive environment.

Building Visionary Leaders for the Long Haul

EDI turns succession planning from a vague concern into a confident, strategic advantage—ensuring the long-term success of community banks by developing leaders who are not only ready to take the helm, but equipped to lead with vision and resilience. EDI supports the development and skills of rising leaders through:

• Intimate Peer Learning Environment of 10-15 Non-Competing Bank Executives

• Executive Coaching

• CEO Mentoring

• Institution-Specific Projects on Talent Management, Enterprise Risk Management & Profitability

2025 EDI Brochure (printable PDF)

Additional information about EDI can be found on GSBC’s website at www.GSBColorado.org.

2025 GSB Financial Managers School

September 22-26, 2025 | Madison, WI

Designed by experienced CFOs especially for financial managers, this prestigious school goes beyond the basics to present best practices and provide community financial institution financial managers the tools to build a solid foundation in asset/liability management. Learn the unique concepts and terminology of bank finance and asset/liability management along with the practical implementation tools to profitably manage a financial institution’s balance sheet, develop effective strategies and communicate strategies to the board and senior management that ensure effective decision-making.

Enrollment Deadline: August 22, 2025

Learn more and apply HERE.

Back to Top

Online Education

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Question of the Week

Q: Where should we include victim details – such as an entity’s authorized signatories or contact persons – within a Suspicious Activity Report?

A: Generally speaking, the SAR Filing Instructions and SAR Narrative Guidance Package instruct that information about the victim should generally only be included in the narrative, and only if that inclusion is necessary for a complete description / understanding of the suspicious activity; indeed, the intention of the SAR is to capture information about the suspicious activity, and in particular, the "subject" of that activity (i.e. the person or entity conducting, attempting to conduct, or suspected of being involved in the suspicious activity):

"Provide information on the victims of the suspicious activity only when it is necessary for a complete understanding of the activity. DO NOT record victim information in a Part I Subject Information record." FinCEN Suspicious Activity Report (FinCEN SAR) Electronic Filing Requirements, pg. 179

Broadly, this suggests that if the bank absolutely needed to include information on a victim that was a business, then the contact persons (or, for example, signatories / authorized signers) information being listed would only be appropriate if that information was necessary to fully understand the suspicious activity being described (for reference, generally, please see: FFIEC - Suspicious Activity Reporting).

Given the subjective nature of SAR narratives - ultimately, this is a risk-based determination reliant on the bank's own BSA / AML policies and procedures, but the guidance suggests that this information may likely only be appropriate when absolutely crucial. As always, our BSA / AML / OFAC Toolkit contains a bevvy of resources on the subject (in particular, our BSA SAR Form and Narrative Cheat Sheet.)

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

Back to Top