ABA Newsbytes | FinCEN, SEC propose requiring investment advisers to collect customer identifications

The Securities and Exchange Commission and Financial Crimes Enforcement Network today proposed a new rule to require SEC-registered investment advisers and exempt reporting advisers to adopt customer identification programs, or CIPs. In a joint statement, the agencies said the rule requires advisers to adopt a written CIP program and implement risk-based procedures for verifying customer identity so they can have “a reasonable belief” about the true identity of their customers.

The proposed rulemaking complements a separate FinCEN proposal in February to designate advisers as “financial institutions” under the Bank Secrecy Act and subject them to anti-money laundering/combating the financing of terrorism requirements and suspicious activity report filing obligations, the agencies said. The new proposal is generally consistent with the CIP requirements for other financial institutions, such as brokers or dealers in securities and mutual funds, they added.

“Criminal, corrupt and illicit actors have exploited the investment adviser sector to access the U.S. financial system and launder funds,” FinCEN Director Andrea Gacki said. “This proposal would help investment advisers better identify and prevent illicit actors from misusing their services while advancing a harmonized set of CIP obligations.”

Link to original article.

Read the proposed rule.

Read a fact sheet about the proposal.

ABA Banking Journal: House lawmakers urge Fed to repropose Basel III endgame capital rules

Pressed by House lawmakers, Federal Reserve Vice Chairman for Supervision Michael Barr today declined to commit to reproposing the Basel III endgame capital rules if there are substantial changes to the proposal before it is finalized. Barr and FDIC and OCC top officials appeared before the House Financial Services Committee for the first of two days of congressional oversight hearings. Most of the hearing focused on a recent report finding widespread sexual harassment and discrimination at the FDIC, but lawmakers also questioned regulators on the capital proposal, with committee members concerned about its economic impacts should it go into effect.

“This proposal will severely reduce financing and access to capital for small businesses, making it harder for them to secure funding to hire workers, maintain their operations and expand operations,” Rep. Roger Williams (R-Texas) said. “This could result in a domino effect, stifling economic growth in local communities where these banks are often a driver of entrepreneurship.”

Barr and other Fed officials have previously said that broad and substantial changes will be made to the Basel proposal in response to the public comments received about it. However, Barr was questioned by lawmakers on whether the Fed would repropose it, which would subject the proposal to a second round of public comment and review. Barr didn’t commit to any course of action. “We haven’t made a decision on process yet,” he said. “We’re really focused right now on getting the substance right.”

Also during the hearing, Rep. Brad Sherman (D-Calif.) asked Barr about potential changes to the Fed discount window and whether the agency is looking at requiring some banks using the program to post collateral equivalent to a large percentage of their uninsured deposits, as reported by the Wall Street Journal last month. Again, the vice chairman was noncommittal about a course of action. “We’re working through the substance of that now,” Barr said. “We are looking at a range of measures to make sure that banks are ready to use the discount window.”

Lawmaker shares concern about Reg II proposal’s effect on banking access
Lowering the cap on debit card interchange fees will hinder a bank’s ability to offer low- and no-cost bank accounts to low- and moderate-income Americans, Rep. David Scott (D-Ga.) said. Scott questioned Barr on the Fed’s proposal to revise Regulation II to lower the cap. Barr didn’t commit to any course of action, saying the agency is still reviewing public comments.

Scott also asked Barr whether the Fed shares concerns expressed by banks about the effects of lowering the cap on their ability to offer low- and no-cost bank accounts. Again, Barr said the agency is still reviewing comments. “I don’t have an answer to your question yet, but those are the kinds of comments we’ll take quite seriously,” Barr said.

Link to original article.

ABA Op-ed: It’s Time to Reform the Suspicious Cash Transaction Threshold

In the waning days of World War II, the Treasury Department required banks to report to the government when customers made unusually large cash transactions, with the goal of stopping black marketers from harming overseas supply efforts. In 1945 Treasury considered $10,000 to be an unusually large cash transaction—equivalent to more than $170,000 today.

With limited exemptions, banks are still bound by the $10,000 threshold. This outdated standard sweeps in a massive number of reports on currency transactions by law-abiding customers—more than 20.5 million in 2022 alone, and the number seemingly rises each year.

In 1945, a person strolling into a bank with $10,000 would definitely raise eyebrows. In 2024, a cash sale of a used car or boat, a cash gift to a relative, or cash proceeds from an established restaurant or bar can easily exceed $10,000. As digital and other electronic payment methods are increasingly adopted, this could change, but cash still accounts for more than a fifth of all consumer payments in the U.S., and the vast majority of these transactions are legitimate. Law enforcement must also keep an eye on the misuse of cryptocurrency by illicit actors. In 2022 the value of such transactions was $39.6 billion.

The constant threat of criminals seeking to use the U.S. financial system requires vigilance, but this artificially low threshold is diverting resources from fighting financial crimes. According to a recent American Bankers Association bank survey, for more than a quarter of banks, currency transaction report filings in 2023 consumed between a quarter and a half of their Bank Secrecy Act compliance resources.

The $10,000 threshold is no longer useful. Bankers don’t want to take useful tools away from law enforcement. Nearly 90% of banks reported they received no follow-up to a currency transaction report in 2023.

Plus, if a bank detects anything suspicious involving a cash transaction, it must also file a suspicious activity report. In 2022 banks filed 20.5 million currency transaction reports, but only 1.8 million suspicious activity reports. This means roughly 91% of the former were likely transactions made by law-abiding customers.

But while only a few currency transaction reports are based on suspicious activity, the reporting requirements themselves can trigger suspicious activity. Of the 1.8 million suspicious activity reports filed in 2022, more than 500,000 were for “structuring”—making a series of transactions under $10,000 to avoid triggering a report—a “crime” that exists largely because of the artificially low dollar threshold. It invites efforts to evade it.

These reporting rules are ripe for reform. Banks want to work with regulators and law enforcement to help identify money launderers, traffickers, fraudsters and sanctions evaders. And they should, but the outdated $10,000 threshold stops efficient work by bogging the system down with millions of irrelevant reports on law-abiding customers.

Ms. Trew is the American Bankers Association’s counsel for Bank Secrecy Act, anti-money-laundering and sanctions policy.

Link to original article.

CISA News: Do you have a fitness app?

The scale at which some fitness apps collect significant amounts of data on users has been revealed by new analysis - including those that can share the information with so-called ‘data harvesters’.

The data collected includes individual’s precise locations and financial information to the photographs they’ve taken. In fact, out of the 10 apps analysed, seven collected photos from users and five collected the precise current location of users.

The vast majority of users will most likely know that the apps they have on their phone legitimately store certain personal information, such as email addresses and their names. However, the lengthy Ts & Cs that come with each download means they may not be aware of quite how much information they give away.

What data are apps collecting?
Researchers at data protection service Incogni analysed 10 apps on the Google Play Store on 27 March - Strava, Fitbit, AllTrails, Calm, Flo, Runna, MyFitnessPal, Headspace, Calorie Counter, ShutEye.

They noted the wide range of user information the apps collected and shared (such as Precise location, Name, Email, Health info, Fitness info, Photos, App interactions, Other user-generated content, Other actions, Crash logs, Diagnostics, Other app performance data, Device or other IDs).

The results showed that fitness apps Fitbit and Strava collected the most amount of personal information and all but three of the apps (Fitbit, Fl, Calorie Counter) shared data with third parties.

Running coach app Runna collected 13 data points and shared all of them with third parties - including users’ precise location, name and email addresses, photos, and health and fitness information. The hiking app AllTrails collected and shared eight data points about the people who use it.

Seven out of 10 apps analysed collected users’ photos (FitBit, Strava, AllTrails, Flo, Calorie Counter, Runna, MyFitnessPal), and five collected their precise current location (Fitbit, Strava, AllTrails, Runna, MyFitnessPal). This means app developers could ‘see’ where people regularly travel to or even their home.

Fitbit was found to have collected the most amount of data points about their users, collecting 21 different types of information. Strava collected 19 different types.

Should we be concerned?
Data collection is something users should be aware of. Brokers can collect information from apps, social networking sites, and blend this with other publicly available information - this data can even be used in background checks by employers or checks by insurers.

Darius Belejevas, head of data protection service Incogni, comments: “Apps that record and track exercise data can be a great motivational tool that millions of Brits use to get more out of their workouts, eat better, keep running or just keep active. But without realising it, many of us are giving away personal data that doesn’t just show how many calories we’ve eaten or steps we’ve walked, but also reveals the precise location where and when we took those steps.

Click here to continue reading the original article. 

Additional ABA cybersecurity-related resources

Treasury Department launches cybersecurity initiative for financial services

The Treasury Department has launched a new public-private partnership to provide what it said is a more comprehensive approach to defending the financial system from cyberattacks. The new initiative, called “Project Fortress,” will involve information sharing and tools that financial institutions can use to scan for cyber vulnerabilities, according to the agency.

Project Fortress stems from a 2023 executive order from President Biden directing agencies to take steps to improve the nation’s cybersecurity across a range of industries. Through the partnership, the Treasury Department will offer two free tools to financial institutions. The first is the Cybersecurity and Infrastructure Security Agency Cyber Hygiene tool, which scans an organization’s internet-facing systems to identify known exploited vulnerabilities and provide actionable feedback. The second is the Treasury’s new Automated Threat Information Feed, which provides financial institutions access to a tailored list of cyberthreats identified by government agencies, international partners and participating financial institutions.

The Treasury Department is also pledging to prioritize its national security tools and law enforcement to go after actors targeting cyber vulnerabilities. The department announced earlier this week that it had sanctioned Dmitry Yuryevich Khoroshev, a Russian national and a leader of the Russia-based LockBit group, for his role in developing and distributing LockBit ransomware.

Link to original article.

Webinar: How Project Fortress can protect your bank from cyber attacks - June 6, 2-3 p.m. CDT

Cyber attacks have been a persistent threat to the banking industry, and the perpetrators are becoming even more sophisticated. As banks build out protocols to protect themselves and their customers, the U.S. Department of the Treasury has developed a compilation of free tools to support the financial services sector.

Project Fortress is a new effort to support bankers in their battle against cyber threats. Join a conversation, led by ABA’s Paul Benda and Deputy Assistant Secretary and Treasury Chief AI Officer Todd Conklin, exploring the capabilities of these tools and how banks can access these free services. The webinar is free for all banks — ABA members and non-members — and will include Q&A.

Full details and registration information here.

Addressing the Deepfake Risk to Biometric Security

A Hong Kong bank recently fell victim to an impersonation scam in which a bank employee was tricked into transferring $25.6 million to thieves after a video call with the bank CFO and other colleagues. But none of them were real people — all were deepfakes created with the help of artificial intelligence.

This incident illustrates how cybercriminals can use deepfakes to trick humans and commit fraud. It also raises concerns about the threats that deepfakes pose to biometric authentication systems.

The use of biometric markers to authenticate identities and access digital systems has exploded in the last decade and is expected to grow by more than 20% annually through 2030. Yet, like every advance in cybersecurity, the bad guys are not far behind.

Anything that can be digitally sampled can be deepfaked — an image, video, audio, or even text to mimic the sender’s style and syntax. Equipped with any one of a half dozen widely available tools and a training dataset like YouTube videos, even an amateur can produce convincing deepfakes.

Deepfake attacks on authentication come in two varieties, known as presentation and injection attacks.

Presentation attacks involve presenting a fake image, rendering, or video to a camera or sensor for authentication. Some examples include:

Print attacks
2D image
2D paper mask with eyes cut out
Photo displayed on a smartphone
3D layered mask
Replay attack of a captured video of the legitimate user

Deepfake attacks
Face swapping
Lip syncing
Voice cloning
Gesture/expression transfer
Text-to-speech
Injection attacks involve manipulating the data stream or communication channel between the camera or scanner and the authentication system, similar to well-known man-in-the-middle (MITM) attacks.

Click here for the full article.

Orders for 40 & 50 Years of Service Awards/Memorial Service for 2024 Convention Deadline is May 17

As part of the 2024 SDBA Annual Business Meeting, held during the 2024 NDBA/SDBA Annual Convention in Fargo, ND, June 3-5, the SDBA will honor and recognize bankers with 40 or 50 years of service in banking. While service award plaques may be ordered at any time throughout the year and can be awarded at the bank, awards that will be recognized during the Annual Business meeting need to be ordered by 5:00 p.m. CDT, Friday, May 17, 2024. Regardless of how and when awards are issued in 2024, all bankers who have served the banking industry for 40 or 50 years (or longer) will be recognized during the meeting. Click here to complete the form. For questions or clarification on anything, please call 605.224.1653 or email [email protected]. 

Early Bird Registration for 2024 NDBA/SDBA Annual Convention ends on May 17

Don't miss your chance to be LIMITLESS at the 2024 NDBA/SDBA Annual Convention, held in Fargo, ND, June 3-5! Early bird registration rates end on Friday, May 17. The NDBA is offering an exclusive offer to first-time convention attendees, too! For the low price of just $195, first-time convention attendees can register for the full event! Bankers strive tirelessly to positively impact people and communities despite regulatory challenges, economic uncertainties, and technology shifts. Bankers throughout North and South Dakota know the boundless pursuit of doing good. While rapid change is certain, banking as a people business remains the same. Bankers face headwinds, solve problems, and see hope...always. Click here for full convention details and to register!

REGISTER TODAY: 2024 SBA Minnesota Small Business Lenders Conference | September 12

Upcoming Events

Women in Banking Power Hour | May 29 | Zoom

Are you wondering about the 2024 Women in Banking event? Do you miss your other WIB friends and colleagues? Are you ready to cut out early and join us for our second Women in Banking POWER HOUR? Join us virtually at 3:30 CDT/2:30 MDT on 5/29 for a Lead Strong: Women in Banking POWER HOUR (and a half).

Because we are GRATEFUL for all of you. Because we are GRATEFUL for our awesome industry. Because we are GRATEFUL to be done with work an hour and a half early on 5/29, we are offering this FREE, hour-and-a-half session. For these 90 minutes, we’ll be “Banking on GRATITUDE”.

Melissa Hiatt, MA, CDWF, CDTLF, Strengths Communicator will present Unleashing the Superpower of Gratitude. There’s a difference between toxic positivity and the practice of gratitude. Gratitude does not deny the pain, the hardship, or the struggle, but stands in the midst of it. Gratitude keeps fear from growing and keeps our feet rooted to what is true today. As a result of this session, participants will be able to: define vulnerability as risk, uncertainty, and emotional exposure; identify the three most common methods used to protect oneself from vulnerability (perfectionism, numbing, foreboding joy); learn to counter perfectionism with self-compassion, numbing with mindfulness, and foreboding joy with gratitude.

GRATITUDE is associated with a myriad of benefits, both mental and physical. Feeling thankful can improve sleep, mood and boost your immune system. It can also decrease depression, anxiety, and chronic pain symptoms. Ummmm… YES PLEASE! Engage with colleagues in exploring and expressing gratitude. Just imagine how well you’ll sleep tonight!
We would like to RECOGNIZE our amazing workgroup who have been involved in planning this September’s event. Wondering what’s on tap for WIB this year? We’ll tell you! We think you’re going to like what’s coming.
We are THANKFUL to have this opportunity to network with our friends and colleagues. Say hello to old friends and meet someone new.

Registration is required to help us manage our Zoom numbers; however, there is no cost to attend. Here are the details:

Date: Wednesday, May 29, 2024
Time: 3:30-5:00 p.m. CT | 2:30-4:00 p.m. MT
Fee: Free and open to all bankers! (Registration is required, however.)
Platform: Zoom - Link will be sent out 24 hours prior to event.

Information and Registration

Virtual Credit Analyst Development Program | October 7- November 21 | Virtual

The Credit Analyst Development Program is designed for credit analysts, credit officers, credit administrators, commercial loan officers/managers, loan review officers, branch managers and management trainees. In order to obtain the greatest benefit from this course, participants should have a general understanding of accounting and have a basic understanding of financial statement and credit analysis.

Having learned how to interpret and analyze a bank’s financial statements, participants will gain deeper insight into the factors affecting bank performance. Later sessions in this course will address ways in which performance may be hindered or improved by funding strategies and risk management. Ultimately, participants will be able to review a bank’s financial statements to identify strengths and weaknesses and be able to recommend changes that will lead to improved performance.

In the final session of this course, participants will put what they have learned into practice. Participants will analyze a new data set, rate the bank’s performance and suggest strategic adjustments that might benefit the bank.

Information and Registration

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team.

 SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email