Thursday, December 4, 2025
We make bankers better!

Week of Nov. 24

November 25, 2025

In This Issue…

From Adrian’s desk …

By Adrian Beverage
OBA President & CEO

Just some random tidbits that might be of interest to our bankers this week!

•        •         •

The OBA board meeting for November is taking place today, along with our Government Relations Council and the board’s executive meeting. We try to get these meetings in right before Thanksgiving and then hold off on another one for each until the new year.

With so many meetings today, I’m going to have to keep this short, but I do want to make sure to wish everyone a happy Thanksgiving!

•        •         •

You know what wasn’t happy? Watching Nebraska play football this past Saturday. The ‘Huskers were blown out 37-10 by a Penn State team that doesn’t even have a head coach. Yeesh.

Back to top

FRAUD ALERT: Be informed on possible ATM attacks

Get ready Oklahoma as there has been a significant increase in ATM attacks predicted in the coming days and weeks.

Deep Insert Skimmers

Reports received of ATMs being targeted with deep-insert skimmers and pinhole cameras in a neighboring state.

WHAT TO LOOK FOR:

  • You will not see a deep-insert skimmer in the card-reader slot, but you may see additional facades/devices attached to the ATM above or next to the keypad, which is a pinhole camera.
  • Residue or damage where a facade piece containing the pinhole camera may have been.
  • Suspicious persons taking photos of the ATM or tampering with the machine.
  • There may be fault errors on the ATM if the skimmer is inserted incorrectly and cards get stuck or unable to read.

Examples of pinhole cameras, designed to look like part of the machine:

WHAT TO DO:

  • Regularly check your ATMs; take a photo of your skimmer-free ATM ahead of time to use as a guide in identifying variances.
  • If a skimmer or pinhole camera is detected, take the ATM down – DO NOT TOUCH OR REMOVE any pieces.  Leave the devices and call law enforcement and a technician.
  • If ATM cashout fraud occurs before the skimmer is detected – locate the common point of compromise (the ATM skimmer location).
    • File a police report.
  • Begin reviewing surveillance to determine when the skimmer was placed and/or removed – they are usually only placed for a few hours during the day.
    • Provide photos of the suspects, vehicle tag number (VERY IMPORTANT) and any details you can to law enforcement.
      • These crews usually case the ATMs earlier in the day or a couple days before – sometimes without obstructed faces.
    • Secure the compromised cards ASAP (used during the exposure window while the skimmer was on the ATM).
      • Contact your customers,and reissue cards – at the very least change the PIN numbers while you contact customers.

Direct Memory Access (DMA) Attacks

See the Active Security Alert published in April 2025 by Diebold Nixdorf. On Nov. 2, several ATMs in the Oklahoma City area suffered DMA attacks. During the cash-out, the suspect had the machine dispensing bills about every 40 seconds.

OBA suggests all member banks contact their ATM service providers to discuss options for protecting their machines from skimming, jackpotting and DMA attacks.

ATM DMA ATTACK – COUNTERMEASURES

  • Limit physical access to terminal.
    • 24/7 accessible terminals have inherit higher risk.
  • Monitor for suspicious activity.
    • Unexpected shutdowns/reboots – HW/SW events.
  • Disable unused ports in BIOS.
    • Ensure BIOS password management.
  • Harden software stack.
    • Intrusion protection/group policy/HW dependent HDE solutions.
  • Microsoft kernel DMA protection.
    • Requires IOMMU and Windows 10 LTSC 2019 or later.

We would also suggest contacting your insurance provider to determine what level of coverage you have for these types of attacks.

Back to top

OCC lessens BSA rules for community banks

The Office of the Comptroller of the Currency announced Monday it is ending Money Laundering Risk System data collection, easing Bank Secrecy Act examination procedures for community banks, and is seeking public feedback on core providers and other third-party service providers – all as part of an effort to support smaller institutions.

The OCC defines community banks as institutions with less than $30 billion in assets. According to a series of announcements:

  • Effective immediately, the OCC will no longer collect information from community banks through the Money Laundering Risk System. The agency said it has determined that there are alternative, less burdensome means of assessing community banks’ money laundering and terrorist financing risk.
  • The OCC issued a new bulletin establishing tailored BSA examination procedures for community banks “based on these banks’ generally low levels of money laundering and terrorist financing risk.” The new procedures will be effective for examinations beginning Feb. 1, 2026.
  • The agency also issued a request for information on community banks’ engagement with their core service providers and other essential third-party service providers. Specifically, the request “focuses on ensuring that community banks can remain competitive in a rapidly evolving marketplace, and includes questions on the challenges community banks face related to contract negotiations and terms, fees, billing practices, oversight, due diligence, innovation, core conversions, data access and modernization, and interoperability issues.”

Back to top

RSVP deadline to attend Oklahoma Bankers Hall of Fame ceremony is TODAY

The Oklahoma Bankers Hall of Fame induction ceremony is set for next week and the deadline to RSVP is TODAY!

R.S. “Brud” Baker, Sandra J. “Sandy” Bracken, Gary Huckabay and Lee Symcox will make up the 2025 class. The inductees were selected by a panel of bankers from across the state, and were voted on in September.

The ceremony will be held over lunch at 11:30 a.m. on Dec. 4 at the Oklahoma History Center, which is located at 800 Nazih Zuhdi Dr., in Oklahoma City. It will be hosted by the Oklahoma Bankers Association’s immediate past chair, Alicia Wade, who is COO of Sovereign Bank, in Shawnee.

If you are interested in attending the event, please RSVP by the end of today to the OBA’s Joan Anderson (joan@oba.com, 405-424-5252). The cost for an individual seat is $80 and $750 for a table of 10.

Additionally, contact Thi Pham (thi@oba.com, 405-424-5252) for sponsorship opportunities.

Click here to read the full release and more info on each of the to-be inductees.

Back to top

OBA education corner …

It actually felt like autumn on Saturday during all the college football games! Heck, just a week before, a person could have easily worn shorts outside while watching his or her favorite team matriculate the ball down the field. While the mileage on enjoying cooler weather may vary from person to person, make sure you take a little time to keep up with what’s happening on the continuing education front, including the following:.

  • BSA Reporting and Training for the Board, Dec. 2, webinar — BSA officer communication with the board starts with effective initial and ongoing training.
  • Most Common TRID Issues, Dec. 3, webinar — Learn to reduce the risks of noncompliance as we explore TRID hot spots, gray areas and frequently-violated provisions.
  • Understanding the Role of the Notary Public, Dec. 3, webinar — In this webinar, you’ll learn about notary public responsibilities and notarial acts, basic laws and liability.
  • Mobile Banking Compliance Considerations, Dec. 4, webinar — Let’s detail the do’s and don’ts of implementing and operating mobile banking services, review what the examiners are looking for in your program, and provide you with sample language for your risk assessment and policies.
  • Cybersecurity: C-Suite and Board Oversight, Dec. 4, webinar — The Gramm-Leach-Bliley Act of 1999 requires all financial institutions to implement an information security program commensurate with their size, complexity and use of technology. This became a responsibility of the board and C-suite.
  • Stablecoins CONTINUED: What the GENIUS Act Means for Your Financial Institution, Dec. 5, webinar — Stablecoins were just signed into U.S. law – financial institutions are now in the game. Reserve your spot today and start your journey to becoming a GENIUS about stablecoins!
  • Understanding Dormant Accounts and the Escheatment Process, Dec.  9, webinar — We will provide best practices for managing your unclaimed funds compliance program, including tips for dormant account due diligence.
  • Section 1071 (Small Business Data Reporting): Where Are We Now?, Dec. 9, webinar — Since the CFPB’s final rule implementing Section 1071 of the Dodd-Frank Act was finalized in 2023, there have been multiple lawsuits against the legality of the CFPB’s funding structure, putting Section 1071 on-hold.
  • Consumer Real Estate Loans, Dec. 11, webinar — Take this opportunity to expand your knowledge of current compliance rules and take your loan processing skills to the next level.
  • IRS Information Reporting: Rules and Forms, Dec. 16, webinar — It’s always necessary to stay on top of the many issues when it comes to tax reporting for financial institutions.
  • 2026 OBA Intermediate School, Session I-Feb. 26; Session II-June 1-5, Oklahoma City — This school is designed to prepare students to serve effectively and profitably the needs and desires of their banks and the banking public. A major objective of the program is to instill an appreciation for and an understanding of the operations and interrelationships of departments within a bank.

Back to top

© Copyright 2025, Oklahoma Bankers Association | Privacy & Security