- Education & Events
- Advocacy
- Products & Services
- Membership
- Resources
- SDBANKER Magazine
- SDBA eNews
- SDBA eNews Archives
- Legislative Update/Bill Watch
- South Dakota Bank Directory
- Women in Banking
- Scenes of South Dakota Calendar*
- Holiday Signs
- Regulatory Report
- South Dakota Banking Code
- Record Retention Manual
- Advertising & Sponsorship Guide
- COVID-19 Resources
- Mental Health and Crisis Prevention
- About
|
ABA Banking Journal: Precision banking: The ‘digital twin’ advantageDigital twins serve as strategic planning models across a bank’s people, processes and technology.August 1, 2024 | Samah Chowdhury
So-called “digital twins” are dynamic, virtual replicas of complex systems. Organizations often use them for scenario planning because they blend real-world elements with simulations and a constant flow of data, helping evaluate the consequences of different decisions. For example, when BMO acquired 503 Bank of the West branches in 2023, it used Matterport’s capture services to create dimensionally accurate 3D digital twins of all the branch locations within three months. This technology enabled BMO to complete remote site assessments and operational tests within the model without service disruptions. The results: Over $500,000 saved in 15 months, 6,000 survey hours recouped across 503 locations, and branch resources and documentation centralized. The use of digital twins began in the 1960s when NASA used twin models to monitor and adjust spacecraft during space missions. Recently, the Biden administration announced a $285 million investment in digital twin technology for semiconductor manufacturing based on its potential to enhance efficiency, innovation, and resilience in the U.S. How do they work?A digital twin comprises three core elements: the physical system (product, process, network), a virtual model representing it and a data connection that updates the model in real time. The virtual model mirrors the physical system’s current state and behavior, continuously synchronized with data from sensors and internet of things devices. This setup allows the digital twin to simulate and predict the physical system’s performance under various conditions. Bringing all three components together requires several key technologies. First, the collection and use of data involves cloud computing and platforms for storage and processing. Second, AI and machine learning are needed to enable simulation models that provide advanced analytics and accurate virtual models. Lastly, augmented reality and virtual reality enable advanced visualization and interactions between the digital model and the physical system. What problem do digital twins solve?While data is the mantra of our modern age, data sets taken in isolation are of limited value because they tend to be sparse, noisy, and often indirect. Because systems exist across a web of components, any micro change results in a ripple effect, making accurately replicating a system extremely difficult. In banking, digital twin technology’s true potential is harnessed when integrated with a bank’s proprietary knowledge along with an inflow of external stimuli into decision-making models. With data flowing from multiple channels, using a mirrored environment enables precise contingency and incident response plans. When changes are made, other parts can adapt accordingly, simplifying coordination with business units and third parties. For example, a digital twin of a bank’s technology stack can predict outcomes of certain technology changes with the potential to evolve based on results from prior simulation runs. Digital twins can also mitigate risk across evolving fraud vectors through intelligent, comprehensive, data-driven strategic planning. In the banking industry, digital twins may seem like enhanced scenario analysis. And if this is what you’re thinking, we don’t blame you. But here is where the key difference lies: data. Traditional scenario analysis relies on static data while digital twins use real-time dynamic data and facilitate bidirectional data flow. This means that a digital twin can take insights it produced and trigger changes to optimize the physical system it replicates, whereas scenario analysis merely provides an output that must be reviewed and acted upon separately. Let’s look at a few potential use cases for banks:
Are digital twins a must-have for your bank?To answer this, consider whether the investment is appropriately weighed against the economic return of developing digital twins. Not every product, service, or process is complex enough to warrant the intense sensor data flow digital twins demand. If your bank decides to explore digital twin implementation, you might consider starting by identifying a complex problem. To maximize the value and effect of this technology, consider reserving it for problems characterized by a high degree of variability, situated within intricate systems, and involving outcomes that rely on accurate predictions. Currently, there are no purpose-built digital twin developers specific to the banking industry. Until there is significant demand, we recommend focusing on foundational elements, such as data readiness, to prepare for future applications of this technology. Samah Chowdhury is senior director of innovation strategy in ABA’s Office of Innovation. CISA NEWS: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware ReportJuly 29, 2024
Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released its annual "State of Ransomware 2024" survey report, which found that the average ransom payment has increased 500% in the last year. Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023. Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59% of organizations being hit, compared with 66% in 2023. While the propensity to be hit by ransomware increases with revenue, even the smallest organizations (less than $10 million in revenue) are still regularly targeted, with just under half (47%) hit by ransomware in the last year. The 2024 report also found that 63% of ransom demands were for $1 million or more, with 30% of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs. Unfortunately, these increased ransom amounts are not just for the highest-revenue organizations surveyed. Nearly half (46%) of organizations with revenue of less $50 million received a seven-figure ransom demand in the last year. “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume,” said John Shier,field CTO, Sophos. For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32% of organizations. This was closely followed by compromised credentials (29%) and malicious e-mail (23%). This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report. Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organization, with a higher rate of backup compromise (75%), data encryption (67%) and the propensity to pay the ransom (71%) than when attacks started with compromised credentials. The surveyed organizations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million when an attack started with compromised credentials and a greater proportion of attacked organizations taking more than a month to recover. Other notable findings from the report include:
“Managing risk is at the core of what we do as defenders. The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, its time organizations impose costs on the attackers, as well. Only by raising the bar on what's required to breach networks can organizations hope to maximize their defensive spend,” said Shier. Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:
Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion. Read the State of Ransomware 2024 report for global findings and data by sector on Sophos.com. ABA Newsbytes: ABA, associations: FCC should drop bank safety rating requirement for rural broadband program
The American Bankers Association on Monday joined the Independent Community Bankers of America and 75 state bankers associations in urging the Federal Communications Commission to discontinue its requirement that banks obtain certain types of Weiss safety ratings to be eligible to provide a letter of credit to telecommunications provider recipients of the FCC’s Rural Digital Opportunity Fund. The RDOF was launched in 2020 to expand high-speed broadband in rural areas of the U.S. The FCC currently requires banks issuing LOCs to telecommunications provider recipients of financial support from the program to maintain a Weiss bank safety rating of B- or higher. As a result, many banks learned in late 2023 that they could no longer issue LOCs because their safety ratings had dropped for no transparent reason, according to joint comments filed by the associations. The FCC issued a temporary waiver for the requirement earlier this year. Then in July, it proposed changing the requirement and requested public comment on possible revisions. In their comments, the associations said that the regulatory structure and supervision of banks should provide the FCC with a strong assurance that banks that issue a LOC do not present a risk of failure. The Weiss rating organization is not a nationally recognized statistical rating organization, or NRSRO, which is registered with the Securities and Exchange Commission, they noted. “There is no transparency as to the formula used for generating their bank safety ratings and several comments on their website raise concerns as to the reliability of their analysis.” The associations offered two options they said were superior to the Weiss rating system should the FCC insist on retaining a verification method. One option is to require an eligible bank to have a rating issued by an NRSRO that is equivalent to a BBB- or better rating by Standard & Poor’s. A second option would be an affidavit signed by a bank officer stating that the bank is “adequately capitalized” or “well capitalized” as of the date the LOC is issued, along with a requirement that the bank officer promptly notify the telecommunications provider customer if the bank’s capital ratio changes such that it is less than “adequately capitalized.” ABA Banking Journal: ABA Regulatory Policy and Compliance Inbox: Is that check altered or fictitious?And: Are banks required to notify customers eligible for early funds availability?August 8, 2024 | Leslie Callaway, CRCM, CAFP
Q/ My bank returned a large dollar check that the bank had paid in mid-November 2023 to the bank of deposit after determining that it was altered/fictitious, but it was denied as a late return. My bank then provided a letter of indemnification with another request for return of the funds. The bank of deposit responded that there are no funds to send back. Is there another option my bank can pursue? A/ Although bankers sometimes use the term “altered/fictitious” to capture checks that have been returned for a variety of reasons, the rules about returns for altered checks and counterfeit (fictitious) checks are different. Most important, the midnight deadline for “returns” applies to counterfeit checks and other checks with a forged maker signature but not to altered checks, which are subject to warranty claims that allow more time for a paying bank to make a claim. Thus, the bank must first determine whether the check was altered or a counterfeit. You can find more detail in a recent check fraud ABA staff analysis, but in brief:
Sometimes it is not clear whether a check is altered or counterfeit. Accordingly, Regulation CC (Expedited Funds Availability Act) provides that if there is a dispute about whether the check is altered or counterfeit and there is no paper check, there is a rebuttable presumption that the check is altered. Therefore, if you believe the check was altered and the bank of deposit believes the check was counterfeit, the bank of deposit has the burden of showing that the check was counterfeit. (Answer provided March 2024.) Q/ My bank is considering allowing customers to have early funds availability for their direct deposits (ACH deposits). The bank will make direct deposited funds available in customers’ accounts as soon as it receives information from a payor about the incoming deposits, rather than wait for the funds to post before making them available. While most customers will still have same-day or next-day availability, customers eligible for this program will have their deposits available up to two days earlier than the bank’s funds availability policy states. Because this is a positive change, does the bank need to notify all customers? A/ Yes, though advance notice is not required. Under §229.18(e) of Regulation CC (Expedited Funds Availability Act), when a change in the bank’s funds availability police expedites the availability of deposited funds, banks must send a notice of a change in the bank’s funds availability policy no later than 30 days after the change. Advance notice of a change is required if the change does not involve expediting the availability of funds. Note, however, that the notice requirements apply to consumer customers only. Notification to commercial customers is optional. (Answer provided March 2024.) Q/ Is flood insurance required for a loan when the property securing the loan or being purchased with the loan is located in a non-participating community? A/ No, but it may be prudent to do so. If the community does not participate in the National Flood Insurance Program, flood insurance is not required, but the bank must still provide the notice to the borrower. Additionally, the bank must review the requirements of any secondary market investors if it intends to sell the loan. See Applicability 1 and Mandatory 2 from the Interagency Questions and Answers Regarding Flood Insurance. (Answer provided March 2024.) Answers are provided by Leslie T. Callaway, CRCM, CAFP, senior director, compliance outreach and development at ABA. Answers do not provide, nor are they substitutes for, professional legal advice.
2025 South Dakota Bank Directory
Place your order for your 2025 SD Bank Directory! All member banks, associate members, and endorsed vendors receive one complimentary copy. 2024 Digital Innovations ConferenceAugust 27, 2024 | Hilton Garden Inn Sioux Falls South | Sioux Falls, SD
Technology and innovation have been transforming financial services since long before artificial intelligence and iPhones, and your role as an IT professional is ever-changing, especially in today’s environment. The SDBA Digital Innovation’s Conference is designed to provide support as you keep on top of technology trends, navigate the business of banking, and build and sustain your bank’s technology strategy—all to improve access and better serve your customers. This conference will provide you with an opportunity to learn from industry experts, network with IT colleagues, and visit exhibitors to see and experience the latest in products and services. 2024 SBA Minnesota Small Business Lenders ConferenceThursday, September 12, 2024 | 8:30 a.m. - 4:15 p.m. CDT | Bloomington, MNThe SBA Minnesota Lenders Conference is now the Minnesota Small Business Lenders Conference! The SBA loan programs should be a key part of every lender’s strategy. They are a proven tool for attracting new customers with competitive loans for business expansion and working capital needs. Don’t miss this full day of premier education sessions designed specifically to help you optimize your organization’s participation in SBA’s lending programs and build your network of SBA program and industry experts. Book your room by September 13. Question of the Week Q: When should a bank file a “continuing” SAR as opposed to an “amended” SAR? A: An amended report must be filed on a previously-filed FinCEN SAR new data about a reported suspicious activity is discovered and circumstances will not justify filing a continuing report; to that end, a continuing report may be filed on suspicious activity that continues after an initial FinCEN SAR is filed. Continuing reports should be filed on successive 90-day review periods until the suspicious activity ceases (but may be filed more frequently if circumstances warrant that.) Essentially, if there is new activity that occurred after the initial SAR filing, a continuing SAR is the way to go; if there is new discovery of related activity that took place prior to the filing of the initial SAR, then an amended SAR may be more appropriate. For further reference, please see the FinCEN SAR Filing Instructions. Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.
SDBA eNews Archive Advertising Opportunity Questions/Comments |
All member banks have been contacted by NFR (our publisher for the SD Bank Directory) regarding any updates your bank may have. Please complete the form and send it back ASAP so that our 2025 directory can be as current as possible.
