SDBA eNews

July 16, 2026

News

SDBA Updates

SDBA Events

Online Education


call to action - FEDERAL

Tell Congress to Support the Main Street Capital Access Act

As community bankers, we know that relationships matter—and that includes our relationships with elected officials. One of the most effective ways we can advocate for our industry is by sharing how proposed legislation affects the banks and communities we serve every day.

The Main Street Capital Access Act includes several important provisions that would strengthen community banking by improving access to capital, reducing unnecessary regulatory burden, and helping banks better meet the needs of their customers and local economies.

The American Bankers Association (ABA) is encouraging bankers to contact their U.S. Representative in support of these key provisions, and we encourage South Dakota bankers to answer that call.

It only takes a minute to send a message using the pre-written advocacy tool below. You can personalize your message before submitting it.

Click here to take action!

Thank you for taking a few moments to make your voice heard. Your engagement helps ensure policymakers understand the essential role community banks play in strengthening South Dakota's communities and economy.

Back to Top

ABA Banking Journal: Vought calls for more CFPB oversight, says open banking proposal coming soon

July 15, 2026 

Vought calls for more CFPB oversight, says open banking proposal coming soonCongress should enact legislation to better define “unfair, deceptive, or abusive acts or practices” to avoid abuses by future regulators, and to fund the Consumer Financial Protection Bureau through congressional appropriation to make it more responsive to elected officials, CFPB Acting Director Russell Vought told House lawmakers today. He also said the bureau is close to proposing a new open banking rule.

Vought, who is also director of the Office of Management and Budget, appeared before the House Financial Services Committee for an often contentious hearing about the CFPB during his tenure. Republican committee members and Vought painted the CFPB as an often abusive, unaccountable agency that has cost consumers billions of dollars. Democrats alleged Vought had broken the law in his effort to defund and potentially eliminate the bureau, and that the agency has actually saved Americans billions.

CFPB reforms

Asked about what Congress could do to reform the CFPB, Vought said the current administration has concerns about the definition of abusiveness under UDAAP, and lawmakers may want to codify a better definition. The American Bankers Association and other parties sued the CFPB under the previous administration for changes to the UDAAP exam manual, arguing the agency had unlawfully expanded the statutory definition of “unfairness” to encompass discrimination. The CFPB last year agreed to drop its appeal of a federal court decision finding the changes unlawful.

Still, the most positive change would be to subject the bureau to congressional appropriation, Vought said. CFPB is currently unique among federal agencies in that its funding comes from the Federal Reserve.

“The degree to which (the CFPB) doesn’t have to come to Congress and have its budget approved, and dispensed to, is a massive, massive problem,” Vought said. “I think it’s the number one thing that I would point the committee to.”

Open banking

The CFPB has also been embroiled in legal fights over its implementation of Section 1033 of the Dodd-Frank Act, the “open banking” rule that requires banks and other financial institutions to make a consumer’s financial information available to them or a third party at the consumer’s direction.

Vought said the CFPB is “very close” to having a proposed rule to replace its previous 1033 rule. However, he noted that President Trump has nominated former CFPB Deputy Director Brian Johnson to serve as full-time director of the bureau. The agency is timing the release of the proposal with possible Senate confirmation of Johnson, he said.

“We are supportive of open banking as a concept, and we’re working hard on it,” Vought said.

Full Article 

Back to Top

ABA Banking Journal: House bill would increase transparency about small business lending program risks

July 14, 2026

Kentucky judge blocks enforcement of small business lending ruleA proposed bill supported by the American Bankers Association would require the Small Business Administration to provide and make public more details about 7(a) lending program risks.

SBA is currently required to conduct a yearly risk analysis of its flagship small business lending program and report the results to Congress. The 7(a) Program Risk Oversight Act, sponsored by Rep. Nydia Velázquez (D-N.Y.), would require SBA to break down program risk by loan size, how long a loan has been on the books, the age of the borrower’s business and the type of lender that originated the loan, according to a summary.

The bill also would add new reporting on enforcement actions and civil penalties tied to fraud, on loans the agency has determined were made fraudulently, and on loans that are falling behind on payments. In addition, it would require the SBA to post the report publicly within seven days of submitting it to Congress.

“While the SBA is currently required to send Congress an annual report on the risk in the 7(a) program, our committee’s investigation into the loan default rate makes clear that Congress and the public need more detailed information on the program’s performance to protect both the program and the small businesses that depend on it,” said Velázquez, who is ranking member of the House Small Business Committee.

In a statement, ABA President and CEO Rob Nichols commended Velázquez for introducing the bill, “which will strengthen the program by providing greater transparency in the outcome of 7(a) loans.”

Full Article

Back to Top

ABA Banking Journal: ABA urges OCC to coordinate with other regulators on stablecoin

The increasing influence of marketing analytics and data platforms highlights the trend of turning customer data into actionable insights.

July 12, 2026
Agencies propose anti-money laundering, sanctions requirements for stablecoin issuers

The Office of the Comptroller of the Currency needs to coordinate with other federal agencies to ensure that all stablecoin issuers are subject to the same regulatory expectations, the American Bankers Association said this week.

The OCC and other regulators are currently drafting rulemakings to implement the Genius Act. Each agency will oversee a different part of the payment stablecoin ecosystem, with the OCC the primary regulator of nonbank stablecoin issuers.

Earlier this week, ABA sent a letter to the FDIC encouraging it to coordinate with other agencies as it drafts rules for issuers under its jurisdiction. ABA included that letter in its comments to the OCC along with a summary of its requests. The association urged regulatory alignment among the agencies to ensure that no part of the stablecoin issuer sector enjoys a competitive advantage over the others. It also encouraged the agencies to align their timelines for implementing their rulemakings.

The Genius Act allows for stablecoin issuers to request to be subject to regulation by states with regulatory regimes “substantially similar” to those adopted by federal regulators. ABA said coordination between federal agencies “is therefore a precondition not only for coherence among the federal regimes but for the workability of the state pathway itself.”

Full Article

Back to Top

CISA News: Lessons from CISA’s Cyber Incident

The Homeland Security Information Network is used by government, international and private sector partners to share sensitive but unclassified information.

July 9, 2026 | Preston Werntz, Acting Chief Information Officer; Brad Libbey, Acting Chief Information Security Officer
cisaSharing experiences from incident response activities help other organizations learn from such experiences and enables them to take necessary precautions to prevent similar incidents from happening in their environments. For years, CISA has said this type of information exchange is critical to identifying trends and contributing to broader national awareness. Now, it is our turn.   On Friday, May 15, CISA began an internal incident response when an investigative reporter inquired about internal CISA Amazon AWS GovCloud Keys and other information being made available in a public repository. The reporter received this information from a security researcher whose company continuously scans public code repositories. 

Incident Response

Within moments of receiving this information, CISA’s Office of the Chief Information Officer (OCIO) took swift and comprehensive action to mitigate any exposure to CISA’s cloud resources and code repositories. 

Stop the Bleeding. CISA immediately and quickly worked to eliminate public exposure and prevent any further harm.

  • The reported public repository was taken offline and a copy was saved for later analysis. This repository was not part of CISA’s official GitHub but rather was a personal repository owned by a contractor.
  • CISA’s development environment was taken offline and associated credentials were reset. 
  • The individual who exposed the keys had their system access revoked. 
Understand Scope. By analyzing the copy of the public repository and associated cybersecurity telemetry, CISA found that:
  • The individual had uploaded copies of a CISA build and deployment repository to their personal GitHub account for the purpose of creating cloud infrastructure autonomously. This repository included CISA’s Infrastructure As Code and build code.
  • Additionally, the individual copied both admin and build credentials into their public repository.
Assess Impact. During the forensic investigation, CISA analysis of the log files determined that:
  • Leaked credentials were not used outside of CISA ‘s environments.
  • No customer or mission data was exposed.
Corrective Actions. CISA swiftly implemented appropriate measures: 
  • All credentials across all the environments where the individual was an administrator were rotated, not just the exposed credentials. 
  • CISA tuned the allow and deny lists for its code repositories.
  • CISA limited user ability to upload to public code repositories.  
After completion of these actions, CISA’s development environment was brought back online.

Reflection

Following an incident, it is important to conduct a “hot wash” and prepare an after-action report to reinforce effective practices and identify areas for growth. 

What Worked Well

  • Take External Reporting Seriously. It is important to take cybersecurity tips and external reporting seriously. In this instance, a security researcher, through an investigative reporter, notified CISA and continued to share information with the agency throughout the incident. We are thankful for their collaboration
  • Adopt Zero Trust Principles. This incident highlighted the effectiveness of applying granular Zero Trust principles to not only production systems but to development environments as well. Maintaining strong visibility and alerting across all environments was key to CISA’s successful incident response and for detecting any future unusual activity early.
  • Enhance Logging Capabilities. CISA’s SOC had the logs necessary to successfully investigate the incident. Furthermore, continuous improvement of logging capabilities remains a key element of a strong security program. To that end, CISA strategically identified further logging opportunities while conducting the incident response and has since implemented those additions to enhance visibility. 

What Can Be Strengthened

  • Tighten Controls on Public Repositories. CISA users had the ability to upload to public repositories. Following review of our Zero Trust tooling, CISA determined the best way to monitor and manage uploads was to leverage our endpoint detection and response (EDR) solution. This approach enables CISA developers to pull code from public repositories while reducing the risk of uploading intellectual property or sensitive content to public repositories. 
  • Monitor for Secrets in Repositories. No repository should contain secrets, yet secrets made it into CISA private repositories. CISA has since rotated all secrets and created an action plan to improve management of developer secrets and to better monitor for exposed secrets going forward.
  • Build Comprehensive Playbooks. It is important to prepare playbooks for all anticipated needs to ensure a rapid response if an incident occurs. CISA had missed creating a GitHub/Cloud playbook and, therefore, had to spend time building one during the early stages of the incident. CISA also encourages organizations to fine tune playbooks following any response, which CISA is practicing in this case.   
  • Simplify Incident Reporting Channels. Clear and distinct reporting channels are essential to ensure that incidents affecting the organization itself are handled differently from those involving its products or customers. In CISA’s case, these channels were not well defined, leading the security researcher to try multiple avenues – including emailing the contractor, submitting through CISA’s vulnerability disclosure platform (which is intended for vulnerabilities impacting the broader cybersecurity community), and ultimately involving a reporter. To reduce ambiguity, CISA is refining its reporting channels to make them easier and faster for researchers to use. Additionally, while many researchers rely on the security.txt file, organizations can ensure clarity by publishing reporting instructions in multiple prominent locations.
  • Bolster Development Environment Guardrails. A best practice for organizations is to consolidate developer environments, thereby ensuring consistent security controls, streamlining oversight, and reducing risk of unmanaged tooling.CISA had been advancing consolidation efforts when the incident happened, which affirmed that such guardrails are needed for strong development environment security.
  • Ensure Cryptographic Key Readiness. Cryptographic key agility isan often overlooked yet vital element of cybersecurity. The complexity of CISA’s systems and interconnections with federal and industry partners caused CISA’s key rotation to take longer than anticipated. Drawing on this experience, CISA encourages others to maintain mature and well-tested key-management capabilities.

Moving Forward

It is not a matter of “if”, but “when” a cybersecurity incident will happen to your organization. It is important to the broader cybersecurity community that we address these matters openly to strengthen trust and foster transparency. Such transparency unlocks opportunities for learning that will enhance not only CISA’s security posture but that of other organizations as well.  CISA shares our incident response experience and key findings in hopes that they will be useful to executives, leaders, and network defenders when assessing and strengthening their environments.

Full Article

Back to Top

sdba updates


2027 Scenes of South Dakota Photo Contest

2027 PHOTO CONTEST

If you've been meaning to submit your favorite South Dakota photos, now's the time! We can't wait to see the places, people, and moments that capture the spirit of our great state.

SUBMIT BY JULY 31

Back to Top

 

SDBA Events

2026 WBA Commercial Lending Development Program

August 20, 21 | September 14, 16 | October 15, 16 | November 5, 6 | VIRTUAL

This comprehensive program emphasizes the entire commercial loan life cycle and provides participants with current lending approaches, an updated focus on key analytics and regulatory issues. Designed for bankers already in the commercial lending field who would like to strengthen their credit skills, as well for those credit analysts moving into commercial lending, students will learn what it takes to successfully compete in the highly-competitive lending market. Best practices, case studies and exposure to industry experts will be included in the curriculum.  

Details + Registration

Back to Top

2026 LEAD STRONG: Women in Banking Conference

WIB 2026

Registration is OPEN for the 2026 LEAD STRONG: SDBA Women in Banking Conference, September 22-23 at the Sioux Falls Convention Center! 

Join banking professionals from across South Dakota for an energizing event designed to inspire growth, spark new ideas, and celebrate the power of leadership at every level. This year’s theme, Change the Game, challenges us to think differently, embrace new opportunities, and redefine what’s possible—for ourselves, our organizations, and our industry.

You’ll hear from presenters who are breaking barriers, creating impact, and leading change in banking and beyond. Whether you’re an emerging leader, a seasoned executive, or somewhere in between, you’ll leave with fresh perspectives, practical insights, and the confidence to make your next move.

Details + Registration

WOMEN OF IMPACT AWARD NOMINATIONS ARE DUE AUGUST 3

Back to Top

2026 SDBA IRA School

September 22-24 | Sioux Falls

The Secure Act impacts two main topics: RMDs and death distributions. The SDBA’s 2026 IRA School on September 22-24, which will be offered in person in Sioux Falls, SD, will address these relevant changes. In addition, IRAs are one of the most complicated areas of bank personnel responsibility, and it is not possible to learn and understand everything. Continual education is necessary to ensure confidence. Working with IRAs is a process and must start with a strong foundation. This school can provide this foundation through a comprehensive curriculum.

Details + Registration

Back to Top

Online Education

online ed

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training


Compliance Alliance logo

 

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters. 

Back to Top

UBB - sponsor
SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email