Member Login
Search

SDBA eNews

August 25, 2022

Compliance Management Systems and Enterprise Risk Management Conference

The SDBA will be partnering with Michigan Bankers Association to bring you a hybrid “Compliance Management Systems and Enterprise Risk Management” opportunity. Compliance Management Systems (CMS) and Enterprise Risk Management (ERM) are closely aligned and essential to maintaining stability, integrity, and an impactful community presence. A robust CMS would not be complete without an Enterprise Risk component, and vice versa. Additionally, ERM continues to increase in regulatory focus for banks of all sizes. As a result, we’ve incorporated ERM into the curriculum for a fully integrated learning experience. Participants will understand how Compliance and Enterprise Risk Management differ, how they come together, and the hot topics to ensure success.

What you will learn: 

  • Introduction to Compliance and Enterprise Risk Management
  • Building a Sound Compliance Management Program
  • What is Enterprise Risk Management?
  • Vendor Management: Managing the Risk and the Relationship
  • Effective Policy Development and Training
  • Marketing and Advertising Compliance
  • Consumer Complaints and Response Program
  • Risk Assessments and Mitigation
  • Change Management
  • Preparing for an Examination
  • Cybersecurity and Information Security
  • Compliance Hot Topics and Open Forum

To register or find out more information, click here

#BanksNeverAskThat Free Webinar

The #BanksNeverAskThat national anti-phishing campaign returns this October. Make your participation a success, encourage other banks to join and get ready for the Oct. 3 launch by attending the free webinar on August 31, 2022. ABA experts, along with bankers who participated in last year’s campaign, will discuss:

  • An overview of phishing scams, and why your bank should amplify the issue to customers
  • Campaign highlights, new content and results to date
  • The benefits of participating in #BanksNeverAskThat to your bank and customers
  • How to register your bank to participate, and when to take action
  • Best practices for deploying the ready-made assets on your social media platforms

Speakers

  • Peter Cook, Chief Communications Officer, American Bankers Association
  • Paul Benda, SVP, Operational Risk & Cybersecurity, American Bankers Association
  • Caitlin Croswell, Director, Social Media, American Bankers Association

To register for the event click here. 

First Dakota National Bank Goes “Above and Beyond”

Neighbors helping neighbors is one of the reasons small town South Dakota is such a great place to live. The May 12 derecho swept through the eastern portion of the state and left an overwhelming amount of destruction in its path. Salem was one of the hardest hit communities that day.

Jeremy Grady, bank president of First Dakota National Bank in Salem, drove around after the storm had passed to view the widespread damage within and surrounding the Salem area and immediately asked himself, what needs to be done first? He rounded up several First Dakota National Bank employees (not only from Salem, but also surrounding communities) that were willing to take time away from their office, roll up their sleeves and get to work. Volunteers came together bringing their own tools and off-road vehicles to help in any way they could. After their boots hit the ground, they provided several-hundred hours of debris cleanup throughout the week following the storm.

One particular producer outside of Salem, Mark Huls had a significant amount of damage to his home, garage, grain bins, barns and even lost a few pigs. He shared about the cleanup efforts from First Dakota National Bank:

Jeremy Grady called me to extend an offer to help, and with how much work needed to be done, I welcomed the extra hands. Eight to ten men arrived at our place the next day and I couldn’t believe all they did. The team of volunteers had a General and a plan. They got right to work and picked up an entire field of debris in a few hours. Most of the cleanup happened without me even present – I was there when the guys showed up and left one of my sons to help in one of our tractors, then I left to go finish planting with my other son. Some bankers helped run tractors and loaders and others picked up debris and made piles of steel and wood. They couldn’t have been more helpful or more efficient. When they finished up for the day, the volunteers headed back to town, and shortly thereafter Jeremy Grady stopped by to drop off pizza to our family for supper, when it should have been the other way around to thank the workers for all their help. I know the First Dakota National Bank crew continued to help out others in the following days. They went above and beyond; these men deserve all the credit you can round up.

Jeremy stated, “We are a small-town community and people go to work and get things done.” Salem continues to work towards building back what was lost. Jeremy Grady said he plans to organize another cleanup day later this year after the crops are out of the field.

Order your 2023 Scenes of South Dakota Calendars before September 1!

The SDBA is now taking orders for the 2023 Scenes of South Dakota Calendars! 

Orders placed by September 1 will receive the low price of $1.55 per calendar. After September 1 price will be $1.75 per calendar. Each order will have an additional $25.00 production charge (layout for press run, in-house press proof, boxing, labeling), plus shipping. Orders cannot be accepted after September 15. 

CISA News: Password Tip

We have many user IDs and passwords.  Email, multiple email systems, network access, banking, social media sites, etc.  Do not re-use passwords. If one site gets hacked and your user ID and password are compromised, if you re-use that password on other sites, you are now potentially opening access to those other applications that are using the shared password.  Be creative – use unique passwords on every site. Use a password manager if you need a way to track them individually. 

Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors

SUMMARY

The FBI is warning financial institutions and investors about cyber criminals creating fraudulent cryptocurrency investment applications (apps) to defraud cryptocurrency investors. The FBI has observed cyber criminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency. The FBI has identified 244 victims and estimates the approximate loss associated with this activity to be $42.7 million. The FBI encourages financial institutions and their customers who suspect they have been defrauded through fake cryptocurrency investment apps to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

THREAT

Cyber criminals are creating fraudulent cryptocurrency investment apps to exploit legitimate cryptocurrency investments, defrauding US investors and causing reputational harm to US investment firms. Innovative financial institutions offer mobile apps to enhance user experience and increase legitimate investment. Cyber criminals seek to take advantage of the increased interest in mobile banking and cryptocurrency investing. The FBI has observed cyber criminals using the names, logos, and other identifying information of legitimate USBUSs, including creating fake websites with this information, as part of their ruse to gain investors. Financial institutions should warn their customers about this activity and inform customers as to whether they offer cryptocurrency services.  Between 22 December 2021 and 7 May 2022, unidentified cyber criminals purporting to be a legitimate US financial institution defrauded at least 28 victims of approximately $3.7 million. The cyber criminals convinced victims to download an app that used the name and logo of an actual US financial institution and deposit cryptocurrency into wallets associated with the victims’ accounts on the app. When 13 of the 28 victims attempted to withdraw funds from the app, they received an email stating they had to pay taxes on their investments before making withdrawals. After paying the supposed tax, the victims remained unable to withdraw funds.  Between 4 October 2021 and 13 May 2022, cyber criminals operating under the company name YiBit1 defrauded at least four victims of approximately $5.5 million. The cyber criminals convinced the victims to download the YiBit app and deposit cryptocurrency into wallets associated with the victims’ YiBit accounts. Following these deposits, 17 victims received an email stating they had to pay taxes on their investments before withdrawing funds; all 4 victims could not withdraw funds through the app.  Between 1 November and 26 November 2021, cyber criminals operating under the company name Supayos, AKA Supay2 , defrauded two victims by instructing them to download the Supay app and make multiple cryptocurrency deposits into wallets associated with their Supay accounts. In November 2021, the cyber criminals told one victim he was enrolled in a program requiring a minimum balance of $900,000 without his consent; upon trying to cancel the subscription, the victim was instructed to deposit the requested funds or have all assets frozen. 

RECOMMENDATIONS

The FBI recommends financial institutions take the following precautions:

  • Proactively warn customers about this activity and provide steps customers can take to report it.
  • Inform customers as to whether the financial institution offers cryptocurrency investment services or other related services and methods to identify legitimate communications from the institution to customers.
  • Inform customers whether the financial institution has a mobile application.
  • Periodically conduct online searches for your company’s name, logo, or other information to determine if they are associated with fraudulent or unauthorized activity.

The FBI recommends investors take the following precautions:

  • Be wary of unsolicited requests to download investment applications, especially from individuals you have not met in person or whose identity you have not verified. Take steps to verify an individual’s identity before providing them with personal information or relying on their investment advice.
  • Verify an app is legitimate before downloading it by confirming the company offering the app actually exists, identifying whether the company or app has a website, and ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.
  • Treat applications with limited and/or broken functionality with skepticism.

FDIC Issues Representment Guidance

The FDIC released guidance last week regarding the issue of representment, or the practice of charging multiple non-sufficient funds fees for transactions presented multiple times against insufficient funds in a customer’s account.  The guidance, which is similar to the recommendations in an article in the agency’s Supervisory Insights publication, applies only to FDIC-regulated institutions.  

According to the FDIC, banks are encouraged to pursue a range of “risk-mitigating activities” regarding NSF fees, including eliminating the fees; declining to charge more than one NSF fee for the same transaction, regardless of whether the item is re-presented; conducting a comprehensive review of policies and practices related to re-presentments; and clearly communicating to customers the amount of fees and when those fees will be imposed.  The agency noted that if institutions self-identify re-presentment NSF fee issues, they are expected provide restitution to affected customers and “promptly” correct NSF fee disclosures and account agreements.

The guidance also recognizes an institution’s proactive efforts to self-identify and correct violations, noting that, “Examiners will generally not cite (unfair or deceptive acts or practices) violations that have been self-identified and fully corrected prior to the start of a consumer compliance examination.”  In instances where institutions have been unable to access accurate ACH data for re-presented transactions beyond two years, the FDIC will accept a two-year look-back period for restitution.

To read the guidance, visit: https://www.fdic.gov/news/financial-institution-letters/2022/fil22040.html

Op-ed: Durbin-Marshall credit card plan would hurt local banks, consumers

Legislation in Congress giving merchants broad say over which credit card routing networks they use puts consumers’ financial information at risk and could spell the end of popular rewards programs, Julie Huber, EVP of Equity Bank in Wichita and regional representative of the Kansas Bankers Association board, wrote in a recent op-ed for The Wichita Eagle.

Senate Bill 4674, introduced by Sens. Roger Marshall (R-Kan.) and Dick Durbin (D-Ill.), would mandate that merchants can choose how card transactions are routed so that they can choose a cheaper payment rail, but cheaper isn’t necessarily better, Huber said. There is a cost for maintaining secure networks, and the cheaper alternatives may not be able to support rewards programs. “Just imagine that you use your credit card to make a purchase, thinking that you will be receiving points, only to find out that the store where you bought the item diverted your purchase to a different routing rail and so no points were awarded to you,” she wrote.

Huber noted that Durbin previously led a successful charge to force banks and credit unions to offer at least two routing networks for debit card transactions, to deleterious effect. “It made checking accounts and debit cards more expensive for your local bank to offer and it virtually eliminated debit card rewards for consumers,” she wrote. “The Federal Reserve’s own economists did a study following implementation of the original Durbin mandate and found that only 1% of merchants lowered prices for consumers, in contrast to 22% of merchants that raised prices.”

“As a 30-year community banker, I firmly believe history will repeat itself if the Marshall-Durbin legislation is adopted and applied to credit card transactions,” Huber wrote.

  Compliance Alliance logo

QUESTION OF THE WEEK

Q.  When we make a new loan that is to be secured by a property that already secures another loan, can we rely on an existing flood cert that is less than 7 years old, or do we need a new certification? Is the certification loan specific? This is not a renewal or an extension of an existing loan.

A.  The flood certification is property-specific, not specific to a loan. You could reuse the flood determination as long as it is less than 7 years, the flood determination was recorded on the standard flood hazard determination form, there have been no map revisions or updates since the date of the determination, and you are the same lender that requested the prior determination.  

42 USC 4104b: Standard hazard determination forms (house.gov)  

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call (888) 353-3933 or email [email protected] and ask for our Membership Team.

For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

 SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews.

Questions/Comments
Contact Haley Juhnke, SDBA, at 605.224.1653 or via email.