News

• ABA Banking Journal: Trump nominates CFPB director
• ABA Banking Journal: ABA, consumer group urge action by voice service providers to combat fraud
• ABA Banking Journal: Seeing More Check Fraud and Scams? These Educational Online Toolkits Can Help
  
• CISA News: Drilling Down on Uncle Sam's Proposed TP-Link Ban

SDBA Updates

• 2026 Holiday Signs
• 2026 GSBC Bolder Banking Scholarship Program

SDBA Events

• 2026 Midwest Economic Forecast Forum
• 2026 Understanding Bank Performance
• 2026 SDBA State Legislative Day
• 2026 Dakota School of Lending Principles

Online Education

• Additional Educational Opportunities

ABA Banking Journal: Trump nominates CFPB director

President Trump has nominated Stuart Levenbach to lead the Consumer Financial Protection Bureau, according to a congressional filing. However, a bureau spokesperson told Politico that the nomination was a “technical” maneuver to allow Office of Management and Budget Director Russ Vought to continue leading the agency as acting director without a Senate confirmation.

Levenbach comes from the energy sector and is currently associate director of natural resources, energy, science and water at OMB, according to his LinkedIn profile. He was chief of staff at the National Oceanic and Atmospheric Administration during Trump’s first term and also served as a senior advisor on the White House Council of Environmental Quality and National Economic Council.

Trump originally nominated former FDIC Board Member Jonathan McKernan as CFPB director, but he dropped out of the nomination process to become undersecretary of domestic finance at the Treasury Department. The CFPB has been without a full-time director since the departure of Rohit Chopra earlier this year, with Vought instead serving as acting director.

Vought has sought to terminate most of CFPB’s staff, which prompted a lawsuit from the union representing bureau employees. The Department of Justice recently filed a memo in the lawsuit stating that the bureau will exhaust its available funding early next year. The DOJ also argued the bureau cannot withdraw funds from the Federal Reserve without a congressional appropriation – a position that the bureau’s defenders dispute.

Back to Top

ABA Banking Journal: ABA, consumer group urge action by voice service providers to combat fraud

The American Bankers Association yesterday joined other industry trade groups and a consumer rights organization in urging the Federal Communications Commission to require voice service providers to take specific actions to shore up the existing call authentication framework – commonly known as the ‘STIR/SHAKEN’ framework – to better protect consumers against fraud. The comment responds to the FCC’s request for feedback on the efficacy of the STIR/SHAKEN framework.

In a joint letter, the groups note that Congress required the establishment of STIR/SHAKEN to reduce the number of illegal calls consumers receive, but the volume of illegal automated calls remains high, with recent data showing a resurgence in 2025 after a brief decline in 2024. The letter urges the FCC to take several steps to improve the efficacy of STIR/SHAKEN, including:

• Require voice service providers utilizing legacy calling technology to transition to internet protocol (IP) networks within a certain date. STIR/SHAKEN only works over IP networks, and bad actors exploit the “gap” in caller ID authentication schemes.
• Bar an individual who led a voice service provider that facilitated illegal calls from establishing a new entity in order to continue to facilitate illegal calls.
• Strengthen the “Know Your Customer” standards that voice service providers must follow before they accept a caller as a customer and allow the customer to originate calls.
• Eliminate the remaining exemptions under STIR/SHAKEN that allow providers to “sign” calls without fully complying with STIR/SHAKEN’s requirements.

Full Article

Back to top

The Federal Reserve: Seeing More Check Fraud and Scams? These Educational Online Toolkits Can Help

November 1, 2025 | The Federal Reserve

Payments fraud continues to grow and impact individuals and organizations alike. According to the Federal Trade Commission, consumers reported losing more than $12.5 billion to fraud and scams in 2024, up 25% from the prior year. Additionally, check fraud was among the primary drivers of fraud events in 2024 despite declining check volumes, according to the annual Federal Reserve Financial Services Financial Institution Risk Officer Survey, also published in 2024.

Two online toolkits released by the Federal Reserve throughout 2025 can help educate your organization’s internal audiences about these important topics—and in turn, help you educate your customers. Increased awareness may help individuals and organizations better protect themselves against financial losses.

The Scams Mitigation Toolkit and Check Fraud Mitigation Toolkit are intended to support education and increase awareness about scams and check fraud, enable the payments industry to better identify and fight them, and foster industry collaboration on fraud and scams mitigation. (These newer toolkits complement a Synthetic Identity Fraud Mitigation Toolkit that was released in 2022.)

Each online toolkit contains insights, educational videos and downloadable resources on scams or check fraud, divided into modules by topic for ease of navigation. There also are “test your knowledge” quizzes in some modules for an interactive experience. Here are highlights of what you will find in these toolkits.

Scams Mitigation Toolkit

While scams may be defined in different ways, the Federal Reserve finds value in a common understanding of what they are within the payments industry. As a result, the Fed engaged with payments and fraud experts in 2023 to develop and publish an operational definition of scams: the use of deception or manipulation intended to achieve financial gain.

This growing, evolving threat impacts individuals, businesses and entire economies. Consequences include financial, emotional and psychological tolls. In some cases, the stolen money fuels global organized crime.

The Scams Mitigation Toolkit includes the following modules:

• Toolkit Module 1: Scam Basics — Explains what scams are, why you should care, and how and why scams occur.
• Toolkit Module 2: Scam Tactics and Impacts — Provides examples of how criminals fool us using technology (e.g., generative artificial intelligence, malware); force action through fear, threats and other tactics involving emotional manipulation; and use successful scams to perpetrate other types of fraud.
  • Test Your Knowledge: Can You Spot the Scam? Test your ability to detect scams by reviewing three scenarios.
• Toolkit Module 3: Scam Prevention and Detection — Among other topics, summarizes scam prevention basics, defenses and considerations when seeking to detect scams.
• Toolkit Module 4: ScamClassifier^SM Model — Highlights a voluntary classification structure that uses the agreed-upon scams definition as a basis to support consistent and detailed classification, reporting, analysis and identification of scams and related trends.
• Toolkit Module 5: Scam Scenarios — The ability to classify scams can help support consistent classification and reporting, assist with better identification of trends, and help improve detection and mitigation.
  • Test Your Knowledge: Can You Classify These Scam Scenarios? Challenge yourself to accurately classify various types of scam examples using the ScamClassifier model, which uses a series of questions to differentiate and classify scams and attempted scams by category and type.
• Toolkit Module 6: Scam Information Sharing — Discusses how shared information on current scam trends, known bad actors, data or risk signals can help disrupt criminals’ schemes. This module includes a downloadable resource previously published by a Fed-led industry work group, Scams Information Sharing Industry Work Group Recommendations.

The toolkit also includes recommendations on how industry stakeholders can combat scams, from being both vigilant and skeptical, to understanding the technology and tactics criminals use—which, in turn, can help potential victims pause to question unsolicited messages and offers.

Check Fraud Mitigation Toolkit

Check fraud is a financial crime that involves the unauthorized use of a paper or electronic check. Its consequences include financial losses; operational disruptions; and eroding trust in financial institutions due to negative customer experiences and questions about whether fraudulent checks should have been prevented, cases resolved more quickly, or if safer practices by the payments issuer could have resulted in more timely, accurate payments.

The Check Fraud Mitigation Toolkit includes the following:

• Toolkit Module 1: Check Fraud Basics — An overview of check fraud methods, types and schemes (how the fraud is facilitated), all of which are important for prevention, detection, associate training, customer education and awareness.
  • Test Your Knowledge: Can You Identify the Type of Fraudulent Check? Different types of fraudulent checks can be difficult to identify because criminals continue to become more sophisticated in their schemes. Review three common check fraud scenarios to see if you can identify the various types of fraudulent checks.
• Toolkit Module 2: Check Fraud Schemes — Check fraud could be the result of authorized party fraud, where the account holder willingly sends or writes a check for the purpose of committing fraud — or unauthorized party fraud, where criminals use stolen checks or account information for their own financial gain.
• Toolkit Module 3: Preventing and Detecting Check Fraud — Learn about how people, processes and technology can work together to mitigate check fraud and to become familiar with common practices for preventing and detecting fraudulent checks.

The toolkit also includes recommendations on how industry stakeholders can combat check fraud, starting with understanding potential check vulnerabilities and fraud scenarios. Possibly the most important of all: arming financial institutions’ employees, customers and external partners with proactive education and knowledge about check fraud to help prevent, detect and mitigate it.

Full Article

Back to Top

CISA News: Drilling Down on Uncle Sam's Proposed TP-Link Ban

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

The Washington Post recently reported that more than a half-dozen federal departments and agencies were backing a proposed ban on future sales of TP-Link devices in the United States. The story said U.S. Department of Commerce officials concluded TP-Link Systems products pose a risk because the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.

TP-Link Systems denies that, saying that it fully split from the Chinese TP-Link Technologies over the past three years, and that its critics have vastly overstated the company’s market share (TP-Link puts it at around 30 percent). TP-Link says it has headquarters in California, with a branch in Singapore, and that it manufactures in Vietnam. The company says it researches, designs, develops and manufactures everything except its chipsets in-house.

TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision.

“TP-Link vigorously disputes any allegation that its products present national security risks to the United States,” Ricca Silverio, a spokeswoman for TP-Link Systems, said in a statement. “TP-Link is a U.S. company committed to supplying high-quality and secure products to the U.S. market and beyond.”

Cost is a big reason TP-Link devices are so prevalent in the consumer and small business market: As this February 2025 story from Wired observed regarding the proposed ban, TP-Link has long had a reputation for flooding the market with devices that are considerably cheaper than comparable models from other vendors. That price point (and consistently excellent performance ratings) has made TP-Link a favorite among Internet service providers (ISPs) that provide routers to their customers.

In August 2024, the chairman and the ranking member of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party called for an investigation into TP-Link devices, which they said were found on U.S. military bases and for sale at exchanges that sell them to members of the military and their families.

“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” the House lawmakers warned in a letter (PDF) to the director of the Commerce Department. “When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”

The letter cited a May 2023 blog post by Check Point Research about a Chinese state-sponsored hacking group dubbed “Camaro Dragon” that used a malicious firmware implant for some TP-Link routers to carry out a sequence of targeted cyberattacks against European foreign affairs entities. Check Point said while it only found the malicious firmware on TP-Link devices, “the firmware-agnostic nature of the implanted components indicates that a wide range of devices and vendors may be at risk.”

In a report published in October 2024, Microsoft said it was tracking a network of compromised TP-Link small office and home office routers that has been abused by multiple distinct Chinese state-sponsored hacking groups since 2021. Microsoft found the hacker groups were leveraging the compromised TP-Link systems to conduct “password spraying” attacks against Microsoft accounts. Password spraying involves rapidly attempting to access a large number of accounts (usernames/email addresses) with a relatively small number of commonly used passwords.

TP-Link rightly points out that most of its competitors likewise source components from China. The company also correctly notes that advanced persistent threat (APT) groups from China and other nations have leveraged vulnerabilities in products from their competitors, such as Cisco and Netgear.

But that may be cold comfort for TP-Link customers who are now wondering if it’s smart to continue using these products, or whether it makes sense to buy more costly networking gear that might only be marginally less vulnerable to compromise.

Almost without exception, the hardware and software that ships with most consumer-grade routers includes a number of default settings that need to be changed before the devices can be safely connected to the Internet. For example, bring a new router online without changing the default username and password and chances are it will only take a few minutes before it is probed and possibly compromised by some type of Internet-of-Things botnet. Also, it is incredibly common for the firmware in a brand new router to be dangerously out of date by the time it is purchased and unboxed.

Until quite recently, the idea that router manufacturers should make it easier for their customers to use these products safely was something of an anathema to this industry. Consumers were largely left to figure that out on their own, with predictably disastrous results.

But over the past few years, many manufacturers of popular consumer routers have begun forcing users to perform basic hygiene — such as changing the default password and updating the internal firmware — before the devices can be used as a router. For example, most brands of “mesh” wireless routers — like Amazon’s Eero, Netgear’s Orbi series, or Asus’s ZenWifi — require online registration that automates these critical steps going forward (or at least through their stated support lifecycle).

For better or worse, less expensive, traditional consumer routers like those from Belkin and Linksys also now automate this setup by heavily steering customers toward installing a mobile app to complete the installation (this often comes as a shock to people more accustomed to manually configuring a router). Still, these products tend to put the onus on users to check for and install available updates periodically. Also, they’re often powered by underwhelming or else bloated firmware, and a dearth of configurable options.

Of course, not everyone wants to fiddle with mobile apps or is comfortable with registering their router so that it can be managed or monitored remotely in the cloud. For those hands-on folks — and for power users seeking more advanced router features like VPNs, ad blockers and network monitoring — the best advice is to check if your router’s stock firmware can be replaced with open-source alternatives, such as OpenWrt or DD-WRT.

These open-source firmware options are compatible with a wide range of devices, and they generally offer more features and configurability. Open-source firmware can even help extend the life of routers years after the vendor stops supporting the underlying hardware, but it still requires users to manually check for and install any available updates.

Happily, TP-Link users spooked by the proposed ban may have an alternative to outright junking these devices, as many TP-Link routers also support open-source firmware options like OpenWRT. While this approach may not eliminate any potential hardware-specific security flaws, it could serve as an effective hedge against more common vendor-specific vulnerabilities, such as undocumented user accounts, hard-coded credentials, and weaknesses that allow attackers to bypass authentication.

Regardless of the brand, if your router is more than four or five years old it may be worth upgrading for performance reasons alone — particularly if your home or office is primarily accessing the Internet through WiFi.

NB: The Post’s story notes that a substantial portion of TP-Link routers and those of its competitors are purchased or leased through ISPs. In these cases, the devices are typically managed and updated remotely by your ISP, and equipped with custom profiles responsible for authenticating your device to the ISP’s network. If this describes your setup, please do not attempt to modify or replace these devices without first consulting with your Internet provider.

Back to Top

2026 Holiday Signs

The SDBA offers holiday signs that banks can print and display to notify customers when the bank will be closed for standard holidays. The signs are set up to be printed on 8.5x11" paper and are provided as a high-resolution pdf file. Banks may print these signs and use as they see fit.

2026 Holiday Signs

2026 GSBC Bolder Banking Scholarship Program

The Graduate School of Banking at Colorado (GSBC) and the SDBA are partnering to recognize community banks across South Dakota that are redefining what it means to serve customers and communities boldly.

Through the Bolder Banking Scholarship, GSBC will award one SDBA member bank for its innovative, community-driven approach to banking. The recipient bank will then select a rising star employee to attend GSBC’s flagship Annual School Session in Boulder, Colorado, using the scholarship toward tuition. SDBA member banks may nominate themselves or another bank demonstrating innovation and bold leadership in banking.

Nomination deadline: February 1, 2026  |  Recipient announced: March 1, 2026

Submit a Nomination

Learn more about GSBC and the Bolder Banking Scholarship at www.GSBColorado.org.

Back to Top

2026 Midwest Economic Forecast Forum

Wednesday, January 14 | 11:00 a.m. - 12:45 p.m. CST

Prepare for 2026 by joining an economic discussion with Federal Reserve Bank President Neel Kashkari. Time will be allowed for open Q&A during this virtual event.

Bankers are encouraged to invite their business clients and local community leaders to tune in to these economic insights together. Individuals or group registration rates are available.

Details & Registration

Back to Top

2026 Understanding Bank Performance

January 8, 9, 15, 16, 22, 23, 29, 30 | 10am-12pm CST

Participants will learn how to assess and analyze a bank’s financial performance by working with data from real institutions. Using financial statements from one sample financial institution along with statements from their own banks, participants will become familiar with the ins and outs of balance sheets and income statements and learn how to apply key performance metrics to the data presented in these documents.

Having learned how to interpret and analyze a bank’s financial statements, participants will gain deeper insight into the factors affecting bank performance. Later sessions in this course will address ways in which performance may be hindered or improved by funding strategies and risk management. Ultimately, participants will be able to review a bank’s financial statements to identify strengths and weaknesses and be able to recommend changes that will lead to improved performance.

In the final session of this course, participants will put what they have learned into practice. Participants will analyze a new data set, rate the bank’s performance and suggest strategic adjustments that might benefit the bank.

Details & Registration

Back to Top

2026 SDBA State Legislative Day

February 11, 2026 | Pierre

SDBA’s Legislative Day offers a valuable opportunity to stay informed on state and federal legislation impacting the banking industry. Attendees can expect insightful discussions, networking, and direct engagement with key policymakers.

Details & Registration

Back to Top

2026 Dakota School of Lending Principles

April 7-10, 2026 | Pierre

The Dakota School of Lending Principles, hosted by the South Dakota Bankers Association and co-sponsored by the North Dakota Bankers Association on April 7-10, 2026, in Pierre, S.D., is a learning event with one foot grounded in the classroom and one foot in the bank. This school allows students to learn the theory and process of basic lending and then put this knowledge to work in actual nuts and bolts sessions.

The school provides basic instruction appropriate for loan officer trainees, loan support personnel and personal bankers. To ensure exposure to bank structure and terminology, it is recommended that applicants have a minimum of six months lending experience or one year of loan department experience. Applicants not meeting the suggested prerequisites will be contacted to discuss admission qualifications.

Loan Modules

In the four modules on loan types, learn the lending process by studying elements applicable to each loan type: terminology, the application process, interviewing, investigation, credit analysis, loan structure, decision communication and selling. Case studies and exercises provide hands-on learning experience.

Details & Registration

Back to Top

Online Education

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.