- Education & Events
- Advocacy
- Products & Services
- Membership
- Resources
- SDBANKER Magazine
- SDBA eNews
- SDBA eNews Archives
- Legislative Update/Bill Watch
- South Dakota Bank Directory
- Women in Banking
- Scenes of South Dakota Calendar*
- Holiday Signs
- Regulatory Report
- South Dakota Banking Code
- Record Retention Manual
- Advertising & Sponsorship Guide
- COVID-19 Resources
- Mental Health and Crisis Prevention
- About
|
News
SDBA UpdatesSDBA Events
Online EducationCompliance AllianceABA Banking Journal: CFPB proposes to streamline small-business data collection ruleNovember 12, 2025
The Consumer Financial Protection Bureau is proposing revisions to its small-business lending data rule to scale back the scope of data collection, saying that adopting a “longer-term” approach that allows for the future addition of more data points would be the best way to enforce the regulation. The CFPB released a final rule in 2023 to implement Section 1071 of the Dodd-Frank Act, which requires financial institutions to report data on small-business lending. Several lawsuits followed, including one brought by the Texas Bankers Association and American Bankers Association, which resulted in a stay of the mandatory compliance dates for members of the associations pending the outcome of the case. In a proposed rule to be released on Thursday, the CFPB said it plans to start with “more modest requirements” focused on core lending products, lenders and data. The bureau said it plans to take an “incremental approach” in which the rule could be revisited in the future to add more data points to the collection requirements, if needed. Among the revisions, the proposed rule would remove the following discretionary data points added by the 2023 final rule: Application recipient and method, denial reasons, pricing information and number of workers. Other proposed changes include:
The CFPB will accept public comment on the rule for 30 days following publication in the Federal Register. ABA applauds proposed revisionsIn a statement, American Bankers Association President and CEO Rob Nichols welcomed the proposed rule, saying that the original rulemaking “exceeded the bureau’s legal authority and constrained banks’ ability to make small business loans that are so essential to economic growth.” “This is one of many recent regulatory reforms advanced by the CFPB that will unleash America’s banks, allowing them to better serve their customers and communities while avoiding excessive compliance costs,” Nichols said. “While we welcome these important changes to the rulemaking, we also continue to urge Congress to fully repeal Section 1071 so that banks of all sizes can remain focused on providing credit to small businesses.” Back to TopABA Banking Journal: House votes to end government shutdownNovember 12, 2025
The House today voted 222-209 in favor of a Senate deal to reopen the government. Shortly afterward, President Trump signed the bill into law. The current shutdown started on Oct. 1. Earlier this week, eight Democratic senators split with their party to strike a deal with Republicans to bring the standoff to an end. The Senate deal combines three funding measures with a stopgap funding bill that would reopen the government through Jan. 30. It also would reverse the Trump administration’s decision to lay off more than 4,000 federal employees during the shutdown, including the 81 employees at the Community Development Financial Institutions Fund, according to the CDFI Coalition. The American Bankers Association was among the organizations calling for an end to the shutdown. “The time has come to end the shutdown and the damage it’s doing to the U.S. economy and to communities,” ABA and seven financial sector associations said in a joint statement. “We urge lawmakers to support this agreement, bring the shutdown to an end and resolve their remaining policy differences with the government open and functioning.” Back to topABA Banking Journal: Bowman: Regulation preventing banks from engaging in economic innovationsNovember 4, 2025
The economy has changed significantly since the 2008 financial crisis, but regulation is holding back banks from fully engaging with those changes, Federal Reserve Vice Chair for Supervision Michelle Bowman said today. During a Q&A at a Santander Bank conference in Madrid, Spain, Bowman spoke about her approach to regulation and supervision. She said that some of the regulatory changes put in place after the financial crisis were important, but the economy has “changed tremendously” since then and regulators have not provided the flexibility banks need to adjust to that change. “We’ve seen a number of different innovations and different engagements that I think our banks in particular would like to be a part of, but they’re inhibited from doing so because of the regulatory environment, and things that we created or calibrated during the post-financial crisis years may or may not still be fit for purpose,” she said. Bowman pointed to artificial intelligence as one technology that could transform banking. She also pointed to digital assets, particularly with the recent passage of the Genius Act, which directs the Fed and other agencies to establish a regulatory framework for payment stablecoins. “In parallel with that, I think it is important that banks are able to engage fully with digital assets if they want to, because we want to make sure that they’re not left behind,” Bowman said. “We also want to make sure they’re engaging in a way that separates those digital assets on their balance sheets from their regular business activity, so we can ensure that safety and soundness remains but they can also offer the kind of services their customers want.” Back to TopCISA News: Malware Now Uses AI During Execution to Mutate and Collect Data, Google WarnsNovember 5, 2025 | Eduard Kovacs
For some time now cybercriminals and state-sponsored threat actors have been leveraging AI to develop and enhance malware, plan attacks, and create social engineering lures. The cybersecurity industry has also observed and demonstrated the potential for malware to utilize AI during execution. For instance, the PromptLock ransomware, which made headlines a few months ago over its use of AI to generate scripts on the fly and perform various actions on compromised systems, is an experimental proof-of-concept developed by researchers. However, Google researchers have come across several other pieces of malware that use AI during an attack. While some of them have been described as “experimental threats”, such as PromptLock, others have been used in the wild. Another experimental AI-powered malware seen by Google is PromptFlux, a dropper that can “regenerate” itself by rewriting its code and saving the new version in the Startup folder for persistence. “PromptFlux is written in VBScript and interacts with Gemini’s API to request specific VBScript obfuscation and evasion techniques to facilitate ‘just-in-time’ self-modification, likely to evade static signature-based detection,” GTIG researchers explained. One of the pieces of malware seen in the wild is FruitShell, a reverse shell written in PowerShell that enables arbitrary command execution on compromised systems. The malware includes hardcoded AI prompts designed to bypass detection and analysis by AI-powered security solutions. Another malware family highlighted by GTIG is PromptSteal, a Python-based data miner that leverages the Hugging Face API to query the Qwen2.5-Coder-32B-Instruct LLM in order to generate one-line Windows commands for collecting system data and documents from specific folders. The last example highlighted by Google is QuietVault, a credential stealer developed in JavaScript designed to collect NPM and GitHub tokens. The malware uses an AI prompt and AI command-line interface tools installed on the compromised host to look for other secrets on the system. “While still nascent, this represents a significant step toward more autonomous and adaptive malware,” GTIG researchers said, later adding, “We are only now starting to see this type of activity, but expect it to increase in the future.” Google’s report also describes other aspects related to the use of AI by threat actors. The tech giant has seen how threat actors are using prompts that can be described as ’social engineering’ to bypass AI guardrails. The company also warns that the underground marketplace for AI tools is maturing. Its researchers have seen multifunctional tools designed for malware development, phishing, and vulnerability research. “While adversaries are certainly trying to use mainstream AI platforms, guardrails have driven many to models available in the criminal underground,” explained Billy Leonard, tech lead at Google Threat Intelligence Group. “Those tools are unrestricted, and can offer a significant advantage to the less advanced. There are several of these available now, and we expect they will lower the barrier to entry for many criminals.” In addition, nation-state actors linked to China, Iran and North Korea have continued to use Google’s Gemini to enhance reconnaissance, data exfiltration, command and control systems, and other components of their operations. Back to Top |
Google’s Threat Intelligence Group (GTIG) has seen several new and interesting ways in which malware has been leveraging artificial intelligence, going beyond its use for productivity gains.
