Member Login
Search

SDBA eNews spring

August 21, 2025

News

SDBA Events

Online Education

Compliance Alliance

ABA: ABA, associations: Keep credit card routing mandates out of defense bill

August 20, 2025

ABA unveils key policy priorities for 2025

The American Bankers Association yesterday joined seven financial sector associations in voicing strong opposition to adding credit card routing mandates to an unrelated defense spending bill.

In a joint letter to House and Senate leaders, the associations urged lawmakers to reject efforts to add the Credit Card Competition Act and a related “commissary interchange” study amendment to the National Defense Authorization Act for fiscal year 2026. CCCA sponsors Sens. Dick Durbin (D-Ill.) and Roger Marshall (R-Kan.) have attempted to add the text of their bill to the NDAA in the past, as the defense spending bill is considered must-pass legislation.

“We are deeply concerned that these controversial provisions, which are unrelated to national defense, would harm consumers, disadvantage small financial institutions and even undermine the financial well-being of military families,” the associations said. “Simply put, the Durbin-Marshall interchange proposals do not belong in the NDAA, and we respectfully urge that they be excluded from any final defense authorization bill.”

Congress is currently in recess but will reconvene in early September.

Read more

Back to Top

ABA: Bank registration open for #BanksNeverAskThat, #PracticeSafeChecks campaigns

ABAABA’s scam prevention campaign, #BanksNeverAskThat, and our check fraud campaign, #PracticeSafeChecks are returning this fall — with new materials including social media posts and videos, check safety tips and resources for small business customers, digital graphics and more.

Full Article

Back to top

ABA: ABA urges agencies to rescind 2023 CRA rule, make process improvements

August 18, 2025
ABA faults banking regulators for confusing CRA rule rollout

The American Bankers Association today expressed support for rescinding the 2023 Community Reinvestment Act final rule and reinstating the 1995 rule, saying that while the older rule isn’t perfect, “it is more closely aligned with congressional intent and is more workable than the 2023 rule.”

The Federal Reserve, FDIC and the Office of the Comptroller of the Currency in July issued a joint proposal to rescind the 2023 CRA rule. In a letter to the agencies, ABA said that while it agreed the CRA rule needed to be updated to reflect changes in consumer behavior and technology, the 2023 regulatory change were not consistent with the CRA statute. ABA, the U.S. Chamber of Commerce and five national and state associations sued banking agencies last year for exceeding their statutory authority in implementing the rule.

“In addition, the rule’s complexity was a pronounced departure from the original goal of CRA modernization, which was to clarify — not complicate or overhaul — the CRA regulatory framework,” ABA said.

ABA instead offered several recommendations to improve the CRA examination and supervision process. They include making public internal agency “guidance” for bank examiners, more transparency in the bank examination process, and creating a list or database of CRA-qualifying activities to take out the guesswork for banks.

“We reiterate our support of the proposed rescission and recodification of the 1995 rule and urge the agencies to implement the process improvements described above as part of the transition back to the 1995 framework,” ABA said.

Full Article

Back to Top

CISA News: Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

August 2025 

CISA

Update (08/12/2025): CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker.

Update (08/07/2025):CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786.

CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service. 

While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise.  

  1. Organizations should first inventory all Exchange Servers on their networks (organizations should leverage existing visibility tools or publicly available tools, such as NMAP or PowerShell scripts, to accomplish this task).
  2. If using Exchange hybrid, review Microsoft’s guidance Exchange Server Security Changes for Hybrid Deployments to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).
  3. Install Microsoft’s April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft’s configuration instructions Deploy dedicated Exchange hybrid app.
  4. For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft's Service Principal Clean-Up Mode for guidance on resetting the service principal’s keyCredentials.
  5. Upon completion, run the Microsoft Exchange Health Checker with appropriate permissions to identify the CU level of each Exchange Server identified and to determine if further steps are required.

CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use.   

Organizations should review Microsoft’s blog Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions for additional guidance as it becomes available. 

Disclaimer:  The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

This product is provided subject to this Notification and this Privacy & Use policy.

Full Article

Back to Top
 

EVENTS

Lead Strong: Women in Banking Conference

September 9-10, 2025 | Sioux Falls

WIB 2025

Lead Strong: Women in Banking is your signature annual celebration of powerhouse women in finance! This year’s conference invites you to Color Outside the Lines—to embrace your creativity, defy limitations, and boldly write the story only you can tell. Just like every great story, each journey is unique, full of unexpected turns, brilliant moments, and fresh pages waiting to be filled.

Together, we’ll explore how to step beyond expectations, break free from “shoulds,” and discover the power of living and leading with authenticity. Through engaging sessions, empowering speakers, and hands-on experiences, you’ll gain the tools and inspiration to take charge of your narrative and design a future that reflects your passions, purpose, and potential.

Whether you're picking up the pen for the first time or rewriting an old chapter, this is your moment to make your mark—bold, bright, and beautifully outside the lines.

Register Today!

Back to Top

Banking Forward: Fall Forum 2025

October 1, 2025 | Hilton Garden Inn South Sioux Falls

Banking Forward

We’re excited to launch the 2025 Fall Bankers Forum, a brand-new event designed to bring together industry leaders and banking professionals for a powerful exchange of ideas, strategies, and solutions. 

This newly developed forum will focus on three critical areas—technology, fraud prevention, and mortgage lending—providing a fresh platform for insight and collaboration. The event kicks off with a high-impact general session featuring a keynote speaker who will deliver forward-looking insights into the evolving financial landscape.

NOTE: Hotel room block releases August 31

Details & Registration

Back to Top

2025 Succession Planning Online Workshop Series

November 3 & 17, 2025 | Zoom

This two-part workshop series is designed to help community banks establish a robust succession planning process. Participants will learn how to create a comprehensive succession plan, conduct talent assessments to identify skills gaps, and develop personalized development plans for their successors, focusing on leadership, management, and technical skills.

Details & Registration

Back to Top

Online Education

online ed

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Compliance Alliance logo

Question of the Week

Q: What are the record retention requirements for emails between employees and customers? And are we required to keep physical copies of the emails, or can we keep them solely in an electronic format?

A: Email retention isn’t really “one-size-fits-all” - or, said differently - there’s no universal timeline that fits every message in your inbox. Instead, retention tends to depend on the actual content of the specific message.

For example: an email tied to Regulation B (say, related to an adverse action) would likely fall into the purview of § 1002.12, and won’t follow the same retention rules as one discussing BSA (for instance, regarding a CTR), which would be within the scope of 31 CFR 1010.306. Essentially, each topic plays by its own regulatory clock.

As to the paper vs. electronic retention – though this too may generally come down to the content of the email – in most cases, banks are generally permitted to retain records in electronic format, provided the electronic records meet legal standards for accuracy, accessibility, and retention – and, unless a specific law or regulation requires physical ("wet" or “paper”) copies for a particular type of record.

So, what is the smart play? Always start with the content. Ask: “What’s this email really about?” That should typically point you to the right retention schedule and help keep your records in line with both compliance and best practices.

To help with that, we have the following tools that help serve as guides to record retention schedules (broken down by department): Record Retention Schedule Cheat Sheet and Record Retention Policy.

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

C/A Cyber Institute Overview

 

Back to Top

 

 

SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email