- Education & Events
- Advocacy
- Products & Services
- Membership
- Resources
- SDBANKER Magazine
- SDBA eNews
- SDBA eNews Archives
- Legislative Update/Bill Watch
- South Dakota Bank Directory
- Women in Banking
- Scenes of South Dakota Calendar*
- Holiday Signs
- Regulatory Report
- South Dakota Banking Code
- Record Retention Manual
- Advertising & Sponsorship Guide
- COVID-19 Resources
- Mental Health and Crisis Prevention
- About
|
News
SDBA UpdatesSDBA Events
Online EducationCompliance AllianceABA Banking Journal: OCC releases proposed rule to implement payment stablecoin legislationFebruary 25, 2026
The Genius Act was passed by Congress last year and established a framework for the OCC and other federal agencies to regulate payment stablecoins. The 376-page proposed rule would set standards and requirements related to stablecoin activities, custody and risk management, among other things. For example, the OCC is proposing a floor of $5 million on the minimum capital requirement for de novo stablecoin issuers. The regulations would apply to payment stablecoin issuers and foreign payment stablecoin issuers under the OCC’s jurisdiction, as well as certain custody activities conducted by OCC-supervised entities, according to the agency. Issues related to the Bank Secrecy Act, anti-money laundering and Office of Foreign Asset Control sanctions will be addressed in a separate rulemaking in coordination with the Treasury Department. As for the law’s prohibition on payment of interest, the American Bankers Association and others have raised concerns that the ban could be bypassed when exchanges or other affiliates offer yield or rewards to stablecoin holders. The rule states that the OCC understands that issuers could attempt to bypass the ban through arrangements with third parties. As a result, it will presume a stablecoin issuer is paying interest or yield if two conditions are met:
“Other arrangements that are not captured by the presumption may also violate the statutory prohibition or constitute an evasion thereof,” the rule states. “The OCC would assess those arrangements on a case-by-case basis but does not believe that it is necessary to include other arrangements within the rebuttable presumption at this time.” “The OCC has given thoughtful consideration to a proposed regulatory framework in which the stablecoin industry can flourish in a safe and sound manner,” Comptroller of the Currency Jonathan Gould said. “We welcome feedback on the proposal to inform a final rule that is effective, practical and reflects broad industry perspective.” Comments on the rule are due 60 days after publication in the Federal Register. Back to TopABA Banking Journal: FBI: Malware-enabled ATM jackpotting crimes on the riseFebruary 25, 2026 Out of the 1,900 ATM jackpotting incidents reported since 2000, more than 700 occurred last year alone, resulting in roughly $20 million in losses, the FBI said in a new alert. Criminals are deploying ATM jackpotting malware, including the Ploutus family malware, to infect ATMs and force them to dispense cash, the FBI said. Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn. The alert lists several indicators that an ATM has been compromised with malware. It also encourages financial institutions to take steps to enhance both the physical security and hardware security of ATMs, such as installing threat sensors that alert personnel to suspicious activity and enabling hard drive encryption. The agency encourages financial institutions that have identified suspicious activity to contact their local FBI field office, and to report the activity to the FBI Internet Crime Complaint Center. Each report should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Back to TopABA Banking Journal: Treasury releases first of AI resourcesFebruary 23, 2026
The Treasury Department has released the first two of six planned resources to help the financial services sector safely deploy artificial intelligence. The AI Lexicon defines key AI-related terms based on definitions from various industry standards and government resources with the goal of improving sector communications, on aspects ranging from risk management to contract negotiation. The Financial Services AI Risk Management Framework, or AI RMF, is a retooling of the National Institute of Standards and Technology’s AI RMF that is specifically tailored for financial services. The FS AI RMF consists of four parts — an AI adoption stage questionnaire, a risk and control matrix, a user guidebook, and a control objective reference guide. The resources were developed by the Artificial Intelligence Executive Oversight Group, a private-public partnership that brought together financial institution executives with federal and state regulators and other stakeholders to identify gaps in the financial sector’s use of AI. The Treasury Department plans to release all six resources by the end of the month. Full ArticleBack to TopCISA News: Payroll pirates are conning help desks to steal workers' identities and redirect paychecksFebruary 11, 2026 | Jessica Lyons
Attackers using social engineering to exploit business processes, rather than tunnelling in via techExclusive When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer. In December 2025, managed detection and response outfit Binary Defense's threat research group ARC Labs investigated a security incident in which a thief redirected a physician's salary into their own account using a very simple attack that started with a help-desk call. "This was a combination of exploiting people and processes rather than technology," Dwyer, the deputy CTO and head of Arc Labs, told The Register in an exclusive interview. "It's technology-adjacent. This was identity theft from pure-play social engineering into exploiting a weaker-than-advised process internally to gain access." In a report shared exclusively with The Register, Dwyer and co-authors Danny Dubree and Eric Gonzalez detailed how the attacker used compromised credentials belonging to a shared mailbox at a healthcare facility. Binary Defenses’ incident responders can't say for certain how the attacker obtained the credentials. Dwyer said his team found no evidence of phishing and assumes the miscreant obtained the email login info from an earlier breach. Once the attackers gained access to the mailbox, they snooped around and determined whose identity to assume when calling the help desk to request a password and multi-factor authentication (MFA) reset. In this case, the attacker pretended to be a physician locked out of their account and thus unable to treat patients. "The call basically went that this person can't log into their account, they have patients they need to see right now, they need to get immediate access," Dwyer said. The fake physician's name and access-level checked out, so the help desk employee reset the password and MFA token. This gave the attacker access to the account, which enabled the rest of the payroll scam to play out.
"And this is where things get very, very interesting," Dwyer said. "Over the last year where we've seen these sort of incidents, it has followed traditional business email compromise attack flows." In one such attack targeting university employees and documented by Microsoft, the digital thieves compromised employee accounts to gain access to HR platforms like Workday and then diverted employees' direct-deposit paychecks. The attackers gained initial access through phishing emails, stole MFA codes via an adversary-in-the-middle phishing link, and then accessed the victims' Microsoft Exchange Online inboxes before hijacking their Workday profiles and sending paychecks to attacker-controlled accounts. 'Identity is the new perimeter'"Everything happens through that access, through that mailbox in that Microsoft account," Dwyer said, adding that the attack targeting the physician looked different. After "recovering" the medico’s identity from the help desk social engineering call, the attacker authenticated from the healthcare organization's own virtual desktop infrastructure, registered new authentication devices to the account, and logged into the Workday payroll system. Once they had logged into Workday, the crook changed the banking and direct deposit details to re-route the physician's paycheck into an attacker-controlled account.
Using the company's own virtual infrastructure allowed the attacker to bypass security detections because the logins appeared to be a legitimate internal user with a trusted endpoint and internal IP address. "With this one, the big thing that really stood out is that the attackers seem to be aware of the detection strategies against them," Dwyer said. "This attack was carried out purely outside of email and leveraging the trusted access through the VDI infrastructure. By abusing the organization's own virtual desktop infrastructure, so from a security tools point of view, everything looks normal and trusted." The organization wasn't even aware that it had been compromised until the physician asked why they hadn’t been paid. "It isn't always about technology hacking," Dwyer said. "This is about process exploitation and the hijacking of identities, which makes it extraordinarily hard to identify malicious versus normal identity behavior. Identity is the new perimeter, and this is a new threat vector in which your persona needs to be treated like a privileged asset, rather than just your computer or your phone." In addition to underscoring the security threats around using shared mailboxes, this incident shows how payroll and HR platforms should be viewed as a high-value target for attackers, Dwyer added. For defenders, this requires treating payroll information as a telemetry stream for threat detection and treating payroll changes as high-risk financial events. "The good news is we already have a model around this – lessons learned from wire fraud and pay and accounts payable fraud applies here," Dwyer said. "Changes that are made to direct deposit information should have to be confirmed in some mechanism, there should be a temporary holding period while it goes through some sort of fraud detection review, or something along those lines." While organizations have the technology to do this, they don't necessarily have the processes in place to address this type of security and business risk, he added. "Organizations need to consider direct deposit as a legitimate, viable threat vector," Dwyer said. "If I was a business leader, I would want to get ahead of this, because I wouldn't want to get into some sort of arbitration with an employee over a lost paycheck." ® Back to Top |
The Office of the Comptroller of the Currency today released a proposed rule to implement the Genius Act, including how it would handle the law’s prohibition on paying interest or yield on payment stablecoins.
SESSION HIGHLIGHTS
