Member Login
Search

SDBA eNews winter

January 23, 2025

News

SDBA Updates

SDBA Events

Online Education

ABA Banking Journal: ABA, associations urge lawmakers to preserve pass-through business deduction

January 22, 2025

ABA comments on proposal to improve accounting in tax credit structures

The American Bankers Association today joined the S Corporation Association and more than 230 associations in support of legislation to make permanent the Section 199A tax deduction for pass-through business income.

The deduction was enacted in 2017 to encourage job creation and new investment by private businesses, and it will expire at the end of this year absent congressional action, according to a joint letter by the associations. Many banks — particularly community banks — are organized as S-corporations.

The Main Street Tax Certainty Act would make the deduction permanent. The bill is expected to be reintroduced Thursday in the Senate by Sen. Steve Daines (R-Mont.) and in the House by Rep. Lloyd Smucker (R-Pa.).

“Pass-through businesses are the backbone of the American economy,” the associations said. “They account for 95% of all businesses and employ 63% of all private sector workers. They also form the economic and social foundation for thousands of communities nationwide. Absent their efforts, those communities would face a future of lower growth, fewer jobs and more boarded-up buildings.”


Full Article

Back to Top

ABA Banking Journal: Trump revokes Biden orders on AI, climate-related financial risks

January 21, 2025

Trump revokes Biden orders on AI, climate-related financial risks

As part of a sweeping action revoking multiple Biden-era policies, President Trump yesterday rescinded a 2023 executive order directing federal agencies to review and possibly draft new rules governing the use of artificial intelligence across multiple sectors of the economy, including financial services. Trump also rescinded a 2021 executive order seeking more disclosure of financial risks linked to climate change.

Among other things, the order by former President Biden encouraged agencies to use their authority to address financial stability risks posed by AI. It also required the developers of many AI systems to share their safety test results and other critical information with the U.S. government, set standards and best practices for detecting AI-generated content as a tool for fighting consumer fraud, and establish an “advanced” cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software.

Some parts of the Biden-era order have already been completed. For example, it directed the Treasury Department to submit a report on best practices for financial institutions to manage cybersecurity risks posed by AI. The report was released in 2024. Trump did not revoke a more recent order by Biden directing government agencies to update their IT and cloud services policies to strengthen cybersecurity.

The 2021 order on climate change directed government agencies to push for “accurate disclosure of climate-related financial risk,” and directed financial regulators to consider measures to enhance climate-related disclosures.

Full Article
Back to Top

CISA News: Employees Enter Sensitive Data Into GenAI Prompts Far Too Often

The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises.

CISAJanuary 17, 2025 | Kristina Beek, Associate Editor, Dark Reading

A wide spectrum of data is being shared by employees through generative AI (GenAI) tools, researchers have found, legitimizing many organizations' hesitancy to fully adopt AI practices.

Every time a user enters data into a prompt for ChatGPT or a similar tool, the information is ingested into the service's LLM data set as source material used to train the next generation of the algorithm. The concern is that the information could be retrieved at a later date via savvy prompts, a vulnerability, or a hack, if proper data security isn't in place for the service.

That's according to researchers at Harmonic Security, who analyzed thousands of prompts submitted by users into GenAI platforms such as Microsoft, Copilot, OpenAI ChatGPT, Google Gemini, Anthropic's Clause, and Perplexity. In their research, they discovered that though in many cases employee behavior in using these tools was straightforward, such as wanting to summarize a piece of text, edit a blog, or some other relatively simple task, there were a subset of requests that were much more compromising. In all, 8.5% of the analyzed GenAI prompts included sensitive data, to be exact.

Customer Data Most Often Leaked to GenAI

The sensitive data that employees are sharing often falls into one of five categories: customer data, employee data, legal and finance, security, and sensitive code, according to Harmonic Security.

Customer data holds the biggest share of sensitive data prompts, at 45.77%, according to the researchers. An example of this is when employees submit insurance claims containing customer information into a GenAI platform to save time in processing claims. Though this might be effective in making things more efficient, inputting this kind of private and highly detailed information poses a high risk of exposing customer data such as billing information, customer authentication, customer profile, payment transactions, credit cards, and more.

Employee data makes up 27% of sensitive prompts in Harmonic Security's study, indicating that GenAI tools are increasingly used for internal processes. This could mean performance reviews, hiring decisions, and even decisions regarding yearly bonuses. Other information that ends up being offered up for potential compromise includes employment records, personally identifiable information (PII), and payroll data.

Legal and finance information is not as frequently exposed, at 14.88%, however, when it is, it can lead to great corporate risk, according to the researchers. Unfortunately, when GenAI is used in these fields, it's for simple tasks such as spell checks, translation, or summarizing legal texts. For something so small, the consequences are incredibly high, risking a variety of data such as sales pipeline details, mergers and acquisition information, and financial data. 

Security information and security code each compose the smallest amount of leaked sensitive data, at 6.88% and 5.64%, respectively. However, though these two groups fall short compared to those previously mentioned, they are some of the fastest growing and most concerning, according to the researchers. Security data inputted into GenAI includes penetration test results, network configurations, backup plans, and more, providing exact guidelines and blueprints as to how bad actors can exploit vulnerabilities and take advantage of their victims. Code inputted into these tools could put technology companies at a competitive disadvantage, exposing vulnerabilities and allowing competitors to replicate unique functionalities.

Balancing GenAI Cyber-Risk & Reward

If the research shows that GenAI offers high-risk potential consequences, should businesses continue to use it? Experts say they might not have a choice.

"Organizations risk losing their competitive edge of if they expose sensitive data," said the researchers in the report. "Yet at the same time, they also risk losing out if they don't adopt GenAI and fall behind."

Stephen Kowski, field chief technology officer (CTO) at SlashNext Email Security+, agrees. "Companies that don’t adopt generative AI risk losing significant competitive advantages in efficiency, productivity, and innovation as the technology continues to reshape business operations," he said in an emailed statement to Dark Reading. "Without GenAI, businesses face higher operational costs and slower decision-making processes, while their competitors leverage AI to automate tasks, gain deeper customer insights, and accelerate product development."

Others, however, disagree that GenAI is necessary, or that an organization needs any artificial intelligence at all.

"Utilizing AI for the sake of using AI is destined to fail," said Kris Bondi, CEO and co-founder of Mimoto, in an emailed statement to Dark Reading. "Even if it gets fully implemented, if it isn't serving an established need, it will lose support when budgets are eventually cut or reappropriated."

Though Kowski believes that not incorporating GenAI is risky, success can still be achieved, he notes.

"Success without AI is still achievable if a company has a compelling value proposition and strong business model, particularly in sectors like engineering, agriculture, healthcare, or local services where non-AI solutions often have greater impact," he said.

If organizations do want to pursue incorporating GenAI tools but want to mitigate the high risks that come along with it, the researchers at Harmonic Security have recommendations on how to best approach this. The first is to move beyond "block strategies" and implement effective AI governance, including deploying systems to track input into GenAI tools in real time, identifying what plans are in use and ensuring that employees are using paid plans for their work and not plans that use inputted data to train systems, gaining full visibility over these tools, sensitive data classification, creating and enforcing workflows, and training employees on best practices and risks of responsible GenAI use.

Full Article

Back to Top

ABA Banking Journal: New infographics provide advice for identifying money mules, check fraud

January 22, 2025

New infographics provide advice for identifying money mules, check fraud

The American Bankers Association Foundation and the U.S. Postal Inspection Service today released three new infographics on money mule scams and check fraud as part of their shared ongoing initiatives to protect consumers from scams. The first infographic teaches consumers how to detect and avoid falling victim to a money mule scam. The second infographic provides advice for bank staff on how to spot money mules. The third infographic teaches small business owners how to protect themselves from check fraud.

“These two types of fraud have been on the rise in recent years,” ABA Foundation Executive Director Lindsay Torrico said. “Raising awareness of what people should be looking for is more important now than ever.”

The infographics are part of an ongoing collaboration between the U.S. Postal Inspection Service and the ABA Foundation announced in 2024.

“The mission of the U.S. Postal Inspection Service is to safeguard our community from criminals who look to exploit them said, Gary Barksdale, chief postal inspector for the U.S. Postal Inspection Service. “That’s why the partnership between the Postal Inspection Service and the ABA Foundation is critical to ensuring consumers and businesses are aware of these scams – so they can prevent the losses that follow these attacks.”

Money mule scams

In a typical money mule scam, criminals use another person’s bank account to transfer and launder illegally acquired money. The person whose bank account is used may be a victim, unaware of the crime entirely, or they may be complicit in the fraud. Criminals often recruit through online job ads, social media, enticing — though fake — investment opportunities, prize offers or dating websites.

To avoid becoming a victim of a money mule scam, the U.S. Postal Inspection Service and ABA Foundation recommend that consumers:

  • Do not use your own bank account, or open one in your name, to receive or transfer money for an employer or anyone else.
  • Do not accept or endorse a check that is not in your name, even if a friend or employer asks you to do it.
  • Do not incorporate a fictitious business to deposit a check corresponding to a similarly named business.
  • Never pay to collect a prize or transfer money from your prize “winnings.”
  • Never send money to online love interests, even if they appear to send you money first.
  • Do not listen to anyone offering you a great cryptocurrency investment or asking you to deposit money into a Bitcoin ATM.
  • Never purchase cryptocurrency or gift cards on behalf of, or for, someone you met online or over the phone.
  • Never share your bank passcodes, including one-time verification codes, or provide anyone with access to your bank account, online credentials, debit card number or PIN.
  • Always monitor your accounts and report suspicious activity to your bank.

Check fraud

To commit check fraud, criminals may steal and alter an existing check, or they may produce counterfeit checks to allow for unauthorized withdrawals. Bad actors often target business accounts over personal accounts because of large transaction volumes, more funds and higher liquidity, making it easier to cash higher dollar counterfeit or altered checks — and more difficult to detect fraudulent transactions and overdraft issues.

Small businesses should take the following steps to protect against check fraud:

  • Adopt an employee need-to-know policy to limit access to sensitive information and business checks.
  • Talk to your bank about services to monitor business account activity, such as fraud prevention programs (FPPs). FPPs can require and request verification for all checks drawn against specific accounts to detect and prevent fraudulent activity.
  • Explore the use of a positive pay product with your bank to add another layer of validation protection to the check process.
  • Confirm that all financial instruments drawn from your business accounts are received by the intended recipients. Any outstanding items should be flagged.
  • Use the letter slots inside your local Post Office for your outgoing mail or hand it directly to a letter carrier.
  • Pick up your mail promptly after delivery. Don’t leave it in your mailbox overnight. If you do not have weekend hours, coordinate with your local Post Office to hold any weekend mail until the following business day.

Full Article

Back to Top

ABA Banking Journal: Marketing Money Podcast: What the AI buzz means for banks

Episode 178 | Trends vs. Reality: Olympics, AI, and Banking

podcast

SDBA EVENTS

SDBA Peer Groups Can be a Game-Changer for Bankers

In the fast-paced world of banking, staying ahead of industry trends, regulatory changes, and emerging technologies can be daunting. That’s where the power of peer groups comes in—offering an invaluable opportunity to connect, learn, and grow alongside your colleagues. The South Dakota Bankers Association (SDBA) provides peer groups in a variety of areas that are the perfect platform for bankers to share ideas, exchange thoughts, ask questions and network. There is no cost to participate in these groups.  All peer groups are currently email-based, allowing members to communicate on an as-needed basis.

There are currently peer groups for:

  • Compliance
  • CRA
  • Education
  • ERM
  • Fraud
  • HR
  • Mortgage
  • Security
  • Technology

If you are interested in joining one of these groups, click here.  Please be sure to specify which group(s) you are interested in joining.  We will reach out to all peer groups with further information after we update them the end of February.

Don’t miss out on this opportunity to connect with your colleagues!  If you have any questions, please reach out to us at [email protected] or call 605.224.1653.

National School for Experienced Ag Bankers

June 23-26, 2025 | Spearfish

Ag SchoolThe National School for Experienced Ag Bankers is a seminar for experienced ag bankers who want to further develop their ag lending skills, learn new skills, confirm existing methodology and meet fellow bankers who share the same career path. Taught by a nationally-recognized faculty of bankers, academics and other real-world ag banking practitioners, this program is focused on ag lending opportunities and challenges that are relevant to ag bankers from across the United States.

Information and Registration

GSBC Annual School Session

July 13-25, 2025 | University of Colorado Boulder

Apply by April 1, 2025

In the Annual School Session, students take courses that are designed and regularly updated to tackle relevant topics in the community banking industry. Students attend three consecutive annual two-week sessions at CU Boulder and have numerous opportunities to network with bankers from Colorado and across the country.

Admission & Fees | Scholarship Opportunities

Online Education

online edParticipating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute

ABA Training

 Compliance Alliance logo

Question of the Week

Q: With the bank getting more and more hemp-related businesses as customers, should we be worried about money-laundering implications if any of these businesses are in a state where marijuana-related activity is legal, but are transferring it to our bank - where it is not?   

A: Broadly speaking, the act / crime of money laundering involves taking illegally derived proceeds and concealing their illegal source in order to use the funds to perform legal or illegal activities, by-passing those funds through a series of transactions or transfers. Codified under Section 1956(a) of the US Code, to be criminally culpable for money laundering, a defendant must: 

"[...] conduct or attempt to conduct a financial transaction, knowing that the property involved in the financial transaction represents the proceeds of some unlawful activity, with one of the four specific intents discussed below, and the property must in fact be derived from a specified unlawful activity."  US DOJ - Money Laundering Overview 

As outlined, a necessary element of money laundering is that the funds / property must be derived from unlawful activity, so, in the event of a hemp business lawfully deriving income in a jurisdiction where such business is legal - then transferring those funds - it would seem that element would be missing; though, ultimately, this would be a legal determination dependent on the specific facts of the scenario,  rather than a compliance-related decision. 

Nevertheless, the scenario of a hemp-related business may still present uniquely associated risks, as has been highlighted by FinCEN in its recently issued guidance on the matter: 

"As noted in the December Hemp Statement, because hemp is no longer a Schedule I controlled substance under the CSA, financial institutions are not required to file a Suspicious Activity Report (SAR) on customers solely because they are engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations. For hemp-related business customers, financial institutions are expected to follow standard SAR procedures and file a SAR if the financial institution becomes aware, in the normal course of business, of suspicious activity.”  FIN-2020-G001 

So, as touched upon, if the bank is unsure of the origins of the business in question's proceeds, or suspects that these funds may be derived from some illicit activity - following the bank's SAR procedures would be required. As with any of the bank's customers, the regulatory expectation would be for the bank to tailor its BSA/AML programs to reflect the risks associated with the customer’s particular risk profile and file reports required under the BSA. For further insight, Compliance Alliance’s recent webinar on the subject, An Overview of Marijuana and Hemp Banking | CA, is a great resource on the subject. 

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

Back to Top
 SDBA eNews Archive
View past issues of the SDBA eNews
Advertising Opportunity
Learn more about sponsoring the SDBA eNews
Questions/Comments
Contact the SDBA at 605.224.1653 or via email