
News
SDBA Updates
SDBA Events
Online Education
Compliance Alliance
April 22, 2025

More than half of web traffic is now automated with financial institutions a top target for malicious bots, according to a new report by the cybersecurity firm Imperva. The firm found that in 2024, automated traffic surpassed human activity, accounting for 51% of all web traffic. Thirty-seven percent of traffic was the result of “bad bots,” which include malicious automated software that targets consumers and businesses.
The U.S. is the top target for bad bots with financial services the fourth most targeted industry, following travel, retail and education. However, financial services were the top industry for API attacks, in which bad actors attempt to break into a computer system to steal data. It was also the top industry for account takeover attacks, in which hackers gain access to a customer’s account.
“The proliferation of APIs in the industry has expanded the attack surface for cyber criminals who target API vulnerabilities such as weak authentication and authorization methods, to conduct account takeover and data theft,” the report concluded.
ABA Banking Journal: How banks can appeal to the Zoomer generation
A new generation is emerging into the economy and financial universe.
Gen Z is growing up — and so is its spending power. Members of the “Zoomer” generation are opening their first bank accounts and starting to make bigger financial decisions, such as applying for loans or investing. A recent MX survey found that Gen Z is far less likely to have a traditional bank account than Millennials or Gen X, so banks face new, steep obstacles when trying to get and keep their attention, alongside typical challenges like high interest rates and annual fees.
It’s important to understand that Gen Z is hypersensitive to inauthentic content. This generation seeks a banking experience that anticipates and accommodates its evolving financial needs. So, financial institutions must adapt and personalize their outreach strategies to target and win the ongoing trust of this less traditional audience.
How can banks appeal to members of an audience who have spent the majority of their lives in the digital space? Banks benefit when they meet members of Gen Z where they are and how they bank. Here’s how:
Speak Gen Z’s language without trying too hard
As with any customer segment, when communicating with Gen Z, it’s important to reframe your marketing tactics in language that feels natural. This doesn’t mean that entire campaigns will always have to be catered to Gen Z, but subtle shifts in language and tone can translate offers into words that will resonate with younger generations.
Here are two sets of messages promoting a new cash-back card. The second variant — no different in meaning from the first — would be more palatable for a younger audience.
- Introducing 3 percent cash back with no annual fee. You may already be pre-approved. It’s easy to check, and there’s no impact to your credit score.
- $0 annual fee. No cap. Are you pre-approved for our new cash back card? Checking won’t hurt your credit score at all.
While speaking Gen Z’s language is crucial to building new relationships, voice also needs to remain true to brand identity. Messaging that is consistent with brand values and feels authentic will go a long way in resonating with Gen Z. Authentic messaging will also distinguish bank brand in a crowded marketplace. Not only is it important to build a strong messaging standpoint that is consistent and authentic, but there is great value in ensuring the values and tones incorporated into that messaging remain consistent across all channels and campaigns.
Embrace Gen Z’s digital savvy
When working to appeal to a younger, more digitally-savvy audience, financial services organizations benefit when they evaluate their digital experiences to ensure they are as good as the in-person experience, or even smoother. This generation is much more likely to connect digitally first, and in-person second, if at all. It’s important to adapt your brand’s engagement strategy to resonate with Gen Z’s connected and mobile-first lifestyle.
Banks should meet Gen Zers where they are — on TikTok, YouTube and Instagram, for example — alongside regular standbys such as email and SMS. Banks must do more than just engage on their owned channels. Since Gen Z often trusts guidance and information from influencers, it’s worth identifying and engaging with a few who are relevant to your business. Additionally, ensure brand and messaging represent Gen Z values (i.e. economic disparities, the state of the climate and brand inclusivity) without sacrificing brand identity.
Gen Z wants to support banks and businesses that walk the walk with social responsibility. Inclusion and community are common themes this cohort values and seeks out in the brands they prefer.
When relevant to bank brand and brand values, employ narratives and emotions that honor Gen Z’s values. This approach not only enhances engagement but strengthens brand loyalty among this influential group of consumers.
Take, for example, someone who is opening a first bank account. By leaning into a community narrative and an intimate emotion, banks could offer a phrase such as: “Welcome to XX, so glad you’re here!” Alternatively, highlight a program for socially responsible investing, or utilize messaging that highlights diversity and equity; two values consistently shown to be appealing to this generation.
Deploy emotionally-intelligent marketing language
Like every generation before it, Gen Z consumers respond to emotion in messaging, especially when that emotion highlights their values, such as community, or their voice, such as excitement. By driving higher response and engagement rates, emotion-informed language is likely to drive stronger results than control language.
Excitement is a strong emotion for financial brands right now, making it a particularly good choice for Gen Z communications. Examples of infusing excitement into banking messages — with language that resonates for younger audiences — include: “Easy banking — we love to see it.” Or “Banking that passes the vibe check.” While seemingly complicated, there are so many emotions to lean into, and any one of these can be adapted to feel more in line with how Gen Z communicates.
The young adults who make up Gen Z are continuing to define themselves and influence the market as they join the workforce and attend school. Financial services companies have much to contend with. From capturing the attention of Gen Z amid the endless content they are bombarded with daily on their preferred channels to refining marketing messaging to speak to, rather than at, them; and continuously adjusting offers and language to grow with this segment. Banks hit the mark when they are ready to continuously test new options and approaches to best learn about and support such a wide age group. These strategies are a strong framework for engaging with Gen Z so bank brands can secure and hold onto this generation’s interest.
Full Article
ABA Banking Journal: Synthetic risk transfers: A risk and capital management tool for banks
Enhanced oversight and potential adjustments to capital requirements could impact the attractiveness and structure of SRT transactions.
April 2, 2025 | Yikai Wang
A synthetic risk transfer, sometimes also referred to as credit risk transfer or significant risk transfer in Europe, is a type of financial transaction in which banks maintain ownership of a credit exposure while transferring a portion of the credit risk to third parties in the form of a credit protection agreement.
The SRT market has been growing since 2010. According to Pemberton Asset Management, the number of SRT deals rose from 13 in 2010 to 115 in 2023. Global issuance of SRTs is expected to reach $30 billion by the end of 2024, according to Chorus Capital, a London-based alternative asset manager. Compared to Europe, U.S. banks’ adoption of SRTs is still nascent. U.S. banks currently only account for about 25 percent of global issuance volume.
The growth of SRT issuance is motivated by the capital rules under the Dodd-Frank Act, as SRTs help banks to optimize their capital by reducing risk-weighted assets. In a SRT transaction, the protection buyer (bank/note issuer) typically receives the initial issuance proceeds and has the financial obligation to make principal and interest payments on the notes, net of any protection payments they are owed under the credit protection agreement. Proceeds from the SRTs are deposited in a segregated collateral account and may be held in cash or invested in highly rated securities. This collateral acts as a financial buffer, ensuring the investor’s funds are protected even if the note issuer defaults.
Synthetic risk transfer example with assumption of tier 1 capital requirement of 10.5 percent.
SRTs are also designed to mitigate counterparty credit risk. For example, the major SRT structure, credit linked notes, requires dollar-for-dollar participation on both sides of the trade, which avoids the potential for amplification of risk through speculative trading.
The detailed SRT structure is illustrated in Figure 1 for a stylized bank. In the example, the SRT leads to a drop in Tier 1 capital from $10.5 million to $3.8 million. In exchange, the bank pays a premium for transferring credit risk out of its balance sheet. Through such a transaction, a significant portion of risk (from the mezzanine tranche in this example) can potentially be transferred outside of the regulated banking system. Private credit funds, pension funds, hedge funds and insurers are the typical SRT investors.
It is understandable that regulators are worried when a new and complex financial product emerges. Especially when it is sometimes opaque. However, it needs to be kept in mind this financial innovation also reflects regulatory intent and banks today take risks in a more selective manner. Therefore, it is still too early to worry about systemic risk from SRTs.
Also, the Federal Reserve has closely monitored the development of this new financial product, especially investors’ use of leverage, and examines each SRT transaction individually for approval. Going forward, the U.S. SRT market will likely continue expanding as banks seek capital relief. However, enhanced oversight and potential adjustments to capital requirements could impact the attractiveness and structure of SRT transactions.
Full Article
CISA News: Cryptocurrency Scams: What to Watch For
April 9, 2025 | Arica Kulm

Investment/Romance Scam
Michael had always wanted to invest in cryptocurrency, which he found interesting but didn’t know where to begin. One day, a woman on Facebook named Isabella direct messaged him to start a friendly conversation. Soon flirtation blossomed, moving from the social media site to messaging privately on WhatsApp. As they learned more about each other and their relationship deepened, Isabella eventually shared that she’d made money investing in cryptocurrency.
Isabella offered to teach Michael what she knew, providing a link to a site where he could purchase cryptocurrency. It appeared that Michael’s money was going into a wallet held on the Coinbase Exchange. However, unknown to Michael, the link Isabella provided wasn’t really to Coinbase but to a fake site. Initially, he made a small investment, which appeared to make significant gains. He made a few small withdrawals and, encouraged by the results, he invested larger and larger amounts. Michael invested most of his life savings and then watched as his money quickly tripled in value.
When Michael wanted to withdraw some of his money, he was informed that his account was frozen due to suspicion of money laundering and insider trading. Confused, Michael reached out to Isabella who also seemed confused. Michael then began receiving emails saying he had to pay a retainer fee to prove that he wasn’t insider trading. Panicked, Michael again messaged Isabella who pleaded with him to pay the fee so she wouldn’t lose her money as well.
Michael paid the 10 percent fee of the balance of his account and then received another email stating that he now owed a fine. Michael realized he’d been scammed but continued communicating with Isabella. Eventually, he began to realize she too was not real. When Michael last checked his account, the balance was $0.
Tech Support Scam
Linda was browsing through Facebook one day when a popup screen appeared, and a blaring sound came from her speakers. The popup message claimed her computer was infected with a virus and she needed to call for technical support. Concerned, Linda called the number on the screen and talked to Gabriel, who acted very helpful and explained that her computer protection was out of date. Linda’s computer was quite old, and she knew little about technology. So, she trusted Gabriel who instructed her how to give him remote access to her computer.
After a few hours, Gabriel fixed Linda’s computer and said her new protection would cost $299 and that he would call the next day to check on her. Linda provided Gabriel with her debit card information and believed her computer was fixed.
The next day, Gabriel called to make sure the computer was running smoothly and let her know she would be getting a $299 refund because after checking his records, he discovered she had previously had some protection on her computer. Gabriel then popped open a screen on Linda’s screen that appeared to be her bank account with the refund and an additional $50,000.
At this point, Gabriel seemed to panic and yelled at Linda saying she needed to return the money, or he would lose his job. She said she would get him a cashier’s check, but he insisted on cash, saying a cashier’s check would take too long. Linda refused to send cash and helplessly watched as Gabriel zeroed out her account on the screen before her. She screamed for him to return her money, so he returned the money in the accounts on her screen and said she needed to go to the bank to get $25,000 today and another $25,000 the next day to send to him.
It seems the reason she was targeted by the scammers was that they found her financial records and knew she had at least $50,000 in her account. As part of the tech support scam, they had access to her computer, then looked for and located her bank statements.
Linda lived in a small town, and it was late in the day, so the local bank was closed, forcing her to drive for miles to get cash. Gabriel then convinced her to drive five more hours to deposit the cash in a town with a Bitcoin ATM. Acting kindly, he walked Linda through the steps to deposit $25,000 into his crypto wallet account. He stayed on the phone with her the entire time, through the long drive and while she deposited the money.
The ATM would only accept $15,000 per day so Gabriel instructed Linda to return home, then he would call her in the morning to help her deposit the rest. He stayed on the phone with her the entire drive home and insisted she tell no one.
The next morning, after talking with her husband and then her local bank, Linda realized what had happened and did not answer Gabriel’s call. He called repeatedly and finally giving up after 13 attempts. In total, Linda lost $15,000.
Warrant Scam
One day, Steve got a call seemingly from his local sheriff’s office saying his warrant needed to be paid immediately, or he was going to be arrested. The caller-ID number on Steve’s phone indicated it was from the sheriff’s office. He didn’t want to be arrested, so he followed directions, went to a local cryptocurrency ATM, deposited cash and sent the funds to the requested wallet address. He brought the receipt to the sheriff’s office as requested, only to find out that he’d been scammed.
Same Story, Different Method
These three stories have one thing in common: scams involving cryptocurrency. These stories aren’t new. These and similar scams have been circulating for a long time with victims losing traditional currencies or gift cards. The difference is scammers are now using cryptocurrency to facilitate the scam. Cryptocurrency on its own isn’t a scam, people invest money in cryptocurrency for the same reason they invest in anything, hoping it will rise in value.
Cryptocurrency 101
Cryptocurrency is a digital currency, meaning it exists only electronically. It is decentralized in that no bank or other government authority backs or controls the currency. It is a direct transaction sent and received electronically between peers. Transactions are recorded on a blockchain, which is a digital public ledger of all transactions. The ledger is distributed, meaning it doesn’t exist on just one computer; anyone can download a copy of it onto his or her computer. The transactions on the blockchain are secured by encryption using cryptography.
The word ‘cryptocurrency’ is a combination of cryptography and currency. Cryptography uses complex mathematical algorithms, requiring massive amounts of computational power, to provide security for cryptocurrency transactions. ‘Miners’ generate new coins and confirm cryptocurrency transactions by solving those cryptographic algorithms.
Bitcoin was the first cryptocurrency, debuting in 2009, and remains the most popular. There are now more than 9,000 different cryptocurrencies,ii including Ethereum, Litecoin, Dogecoin and Monero. The top 20 cryptocurrencies make up approximately 90 percent of the total market. Bitcoin’s market cap is approaching $1 trillion, which is greater than the other 19 cryptocurrencies combined.iii
Purchasing Cryptocurrency
Cryptocurrency can be purchased using an app on your cellphone, on a website on your computer or by using a cryptocurrency ATM. Transactions are linked to individuals by their wallet address, which is a long string of numbers and letters.
Hardware Wallets: The Trezor Hardware Wallet is “a super secure, physical piggy bank for your cryptocurrencies,” according to the website (trezor.io). As a digital vault, the wallet enables online and offline transactions. If the wallet is lost, its data can be recovered by contacting Trezor.
Cryptocurrency exchanges help match buyers and sellers, or exchange one type of cryptocurrency for another. Available exchanges include Coinbase, Gemini, Crypto.com, BitMart and Binance. Exchanges can also be accessed via cellphone or computer and support a variety of payment methods, including cash, bank transfer, debit card, credit card and PayPal.
Cryptocurrency ATM machines—also known as Bitcoin ATMs or BTMs—can be found in many locations. In 2023, there were more than 63,000 BTMs in the U.S., some of which enable Bitcoin purchases only, and others also allow selling Bitcoin.iv Transactions in other cryptocurrencies must be made on an online exchange.
Purchasing from a BTM requires a wallet address. Methods of purchase include cash—which guarantees anonymity—and, depending on the BTM, credit cards and payment apps. As a result, these BTMs are the focus of scammers.
Another two considerations to note when using a crypto BTM are fees and purchase price. Transaction fees range from 3 to 20 percent, which could amount to $2,000 for a $10,000 purchase simply for using the machine. As well, be aware that many BTMs inflate the purchase price for Bitcoin from $48,040.70 on February 11, 2024, for example to $53,805.58, a 12 percent hidden fee.
Wallets
Transactions don’t have names connected to them but rather transaction identifiers, connecting a sending wallet and receiving wallet, as well as the transaction amount and timestamp. A cryptocurrency wallet is where a user’s public and private keys are stored. Unlike a traditional wallet that stores cash, a crypto wallet doesn’t store the actual currency but rather the keys to that currency. The public key is open to anyone in the system to see and allows users to receive transactions. The private key is matched with the public key and proves ownership of the wallet. The private key should be stored separately from the public key and kept secret.v
There are different types of wallets, hot and cold, the key differences being whether they are connected to the internet.
A hot wallet generally takes the form of an app or software installed on a computer that stores your private keys. There are web-based, desktop-based and mobile hot wallets, all of which are connected to the internet. Hot wallets are faster and more convenient to access than cold wallets and generally operate without cost. Storing large amounts of cryptocurrency in a hot wallet, however, is not recommended since they are vulnerable to attack.
Cold wallets are stored offline and are generally more secure than hot wallets. They can be hardware based, on paper or in a separate offline computer. Hardware wallets often resemble a small USB stick. Unlike a hot wallet, hardware wallets can cost anywhere from $50 to $200, a small price to pay for security if you own large amounts of cryptocurrency. Cold wallets take longer to access, so they are not ideal for making frequent trades. Paper wallets are a type of cold wallet in which you print out your public/private key pair. Sending money to a paper wallet requires the public key, while receiving money from a paper wallet requires the private key. The risk of having a paper wallet is losing or destroying the paper. Once lost, there is no possible way to recover any funds.
Anonymous?
Some types of cryptocurrency claim to be anonymous. However, Bitcoin is not anonymous in that the transaction ledger is public, so anyone can download a copy. There are many websites available, both free and fee-based, that assist in tracing transactions, albeit some are easier to use than others.
Since the ledger is public, making the transactions traceable, how are these scams so prevalent and hard to track down?
Scammers obscure the money trail by using virtual services called ‘mixers’—also known as tumblers, shufflers or blenders—that ‘mix’ the targeted user’s cryptocurrency with crypto assets from multiple addresses for a period of time before sending the assets at random periods to their destination addresses. A ‘shapeshifter’ is a type of mixer that takes this process one step further by converting the funds into a different cryptocurrency for added anonymity.
Even if a mixer of some sort isn’t used in the scam, other obfuscation techniques might be employed, such as connecting to the internet using a virtual private network (VPN), which enables the perpetrator to hide the originating IP address. Also, there are unfriendly and/or unregulated cryptocurrency exchanges, which might be offshore, that may not cooperate with law enforcement in providing customer information. If the funds end up in an exchange controlled by a foreign country that will not cooperate with U.S. law enforcement, little can be done.
Cryptocurrency Recovery Companies
Many companies claim to recover lost cryptocurrency for a fee. These companies may be able trace the cryptocurrency using the methods described above. While they may be able to see where lost cryptocurrency may have gone, no private company can recover funds, only a law enforcement agency may be able to recover lost funds. Contacting law enforcement should be your first step. Recovery companies charge fees to trace funds, law enforcement does not. If a recovery company charges an upfront fee with promises of recovery, they are not legitimate. Their fee schedule should be clearly stated along with their capabilities.
Some recovery companies can be of assistance to law enforcement agencies that are not knowledgeable about cryptocurrency or don’t have the funds for the costly tracing tools, but using their services comes with significant cost.
Cryptocurrency Scam Protection
The first rule to protect against scams is an old one: If it sounds too good to be true, it probably is.
If you are going to invest in cryptocurrency, only invest what you are willing to lose since cryptocurrency’s value is highly volatile. Unlike traditional investing in stocks and bonds, there are no businesses nor physical assets backing cryptocurrency with earnings or products. The value of cryptocurrency is built on supply and demand.
Investing in cryptocurrency is not inherently bad, but be sure to know what you are getting yourself into. To understand Bitcoin more thoroughly, please refer to Prof. Marcus Fries’s article, “CBDC vs Bitcoin: Privacy & Freedom or Total Control?” beginning on page 13. There is also a comprehensive whitepaper, “Bitcoin: A Peer-to-Peer Electronic Cash System” by Satoshi Nakamoto, Bitcoin’s alleged creator.vi
What not to do may seem obvious after reading these stories, but these scams are prevalent. The traditional romance scams are turning into investment scams where instead of flat out asking for money, scammers are encouraging their victims to invest. Another term for this is “pig butchering.” The scammers initiate contact and build a relationship with the victim before getting them to invest a small amount of money through a fake site. They often let victims withdraw a portion of the money to build trust before encouraging them to invest more and more. The term “pig butchering” comes from the fattening process, the manipulation to invest more and more, before cutting them off completely.
What to Watch For
Fake Investment Scams
Unsolicited Offers: Avoid unsolicited offers of investment assistance. The so-called expert or very attractive person messaging you on social media is likely a scammer. They make you feel special for choosing you or pretending to give you information no one else has. Beware of someone you have never met in person giving you investment advice. If it was such a great deal, everyone would know about it.
Unrealistically High Returns: No one can predict future returns on an investment. Guaranteed returns on any investment are a giant red flag. Scammers lure their victims with “per day” returns given as percentages that could sound realistic, such as 2 or 3 percent per day. However, 3 percent per day equals 1,095 percent per year, which is a highly unlikely return on any investment.
Paying a Tax: Taxes are paid to the IRS, not to withdraw money. If anyone asks you to pay a tax to withdraw funds, know that it is a scam.
Investment Sites: Only use trusted sites, never use a link that someone sends you. Research trusted exchanges and use their apps or websites.
Popup Ads
Don’t call any number that appears in a popup. These are often accompanied by a loud sound telling you that your device has been hacked or that its protection is out of date. These ads attempt to impersonate Microsoft, Google or other tech companies to get you to call their phone number. Take a picture or screenshot of the popup window and then close it and shut down your computer if necessary. If you are concerned there is a virus on your computer, take it to a computer repair shop to be scanned.
No legitimate business is going to demand you send cryptocurrency in advance–not to buy something, and not to protect your money. That’s always a scam.
Warrants
Government agencies won’t call, text or email you without warning to demand payment immediately. They will never ask for payment in gift cards or cryptocurrency. Caller ID can be manipulated, so don’t trust that the caller ID you see on your phone is legitimate. Look up the phone number on the agency’s website or another trusted online source or better yet, go to the local sheriff’s office. Do not share personal information with someone who contacts you unsolicited.vii
Other Variations
Grandparent Scam: A person gets a call from someone claiming that their loved one is in trouble. They have been hurt, arrested or otherwise need help. The scammer will often fake the loved one’s voice or claim that he or she can’t talk. The scammer creates a sense of urgency to try to get the person to act quickly.
Lottery Scam: A scammer calls, texts or emails that you have won the lottery. You just have to pay a fee to claim your prize.
Where to Find Help
A list of other cryptocurrency scams can be found here at the State of California’s Department of Financial Protection & Innovation.viii If you or someone you know falls victim to one of these scams, report it to your local law enforcement agency. Additionally, to help other people from becoming victims, scams can also be reported to government agencies, including the Federal Trade Commission, FBI’s Internet Crime Complaint Center and the U.S. Securities and Exchange Commission.
There are also handouts available online articulating details about what to look for and how to avoid some of the common scams, such as Online Dating Scam,ix Grandkid Scamsx and Lottery Scams.xi
Full Article
Why ACRE Matters 
The lingering effects of high inflation and supply chain disruptions are driving up the costs of operating America’s farms and ranches. At the same time, high interest rates are hampering profitability for farmers and putting homeownership out of reach for many rural Americans.
By lowering costs for rural borrowers, ACRE will bolster agricultural producers and rural communities during this agricultural downturn.

NEW EVENT | Banking Forward: Fall Forum 2025

We're launching a new Banking Fall Forum to bring together a select group of peers for meaningful conversation, collaboration, and connection. As the industry continues to evolve, it's more important than ever to share insights, discuss challenges, and explore opportunities in a focused, peer-driven setting. This event is designed to foster deeper relationships and generate actionable ideas through candid dialogue in a relaxed, small-group environment.
LEARN MORE!
GSB Financial Managers School
September 22-26, 2025 | Madison, WI
The Financial Managers School goes beyond the basics offering a learning environment aimed at giving you the practical tools you can bring back to your institution and implement immediately. You’ll learn innovative concepts and terminology of bank finance and asset/liability management as well as test practical implementation tools to help you profitably manage your institution’s balance sheet, enhance your strategic planning, and better communicate new strategies to your board and ALCO
Information & Registration
Online Education
Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.
GSB Online Seminars OnCourse Learning SBS Institute ABA Training
Compliance Hub for Trust Live Demo
May 6, 2025
Join us for a live demonstration of the benefits of membership with Trust for Compliance Alliance. This interactive virtual tour will provide an in-depth look at our tools for Trust as well as an overview of all of C/A’s additional services.
This meeting is presented by our Membership team, and will last about an hour. It is offered every Tuesday at 1:00pm respectively.
Register
Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.
SDBA eNews Archive
Advertising OpportunityLearn more about sponsoring the SDBA eNews
Questions/Comments
Contact the SDBA at 605.224.1653 or via email
|