Message from Commissioner Lise Kruse
 |
|
It has been another busy quarter at the North Dakota Department of Financial Institutions. As we look ahead, please mark your calendars for the 2026 DFI Bank Summit on October 27–28 in Bismarck. Planning is underway, and we look forward to sharing more details soon. I can confirm that artificial intelligence will be a featured topic, given both its opportunities and the fraud concerns it presents. We are pleased to welcome back Etay Maor, Sr. Director of Security Strategy at Cato Networks and an industry‑recognized cybersecurity researcher, who will share his latest insights.
In March, Deputy Jan Murtha and I traveled to Washington, D.C., where we met with our federal counterparts and congressional delegation. As chair of the CSBS Legislative Committee, I had the privilege of hosting the regulator meeting, which this year included a fireside chat with Miki Bowman. Her personable approach and thoughtful remarks always resonate with attendees. I was also honored to offer comments during the public session of the Financial Stability Oversight Council, emphasizing the continued need for collaboration, coordination, and consistency between state and federal regulators—something our bankers frequently raise in conversations.
I would also like to highlight the importance of participating in the CSBS Community Bank Sentiment Survey. This brief quarterly survey provides valuable, real‑time insight into community bankers’ economic outlook. As shared in recent communications, these results feed into the Federal Reserve’s FRED database and are increasingly referenced by economists and policymakers. The Annual Survey of Community Banks is more comprehensive and is available until June 30th. To date, South Dakota is beating us on participation!
Your participation in these surveys ensures that North Dakota’s voice is represented. As we often say, we don’t know what we don’t know. Broad input helps regulators and national decision‑makers see an accurate picture of conditions on the ground. This emphasis on strong community bank participation has long been a priority, echoing messaging from prior regulator outreach encouraging survey engagement to ensure a “true picture is presented in DC".
As we settle into another beautiful North Dakota summer, I hope each of you finds time to enjoy the fresh air and sunshine. This season always brings renewed energy, and I wish you moments to take it in during the coming weeks.
|
Commissioner Kruse Addresses Financial Stability Oversight Council
Commissioner Kruse recently addressed the Financial Stability Oversight Committee (FSCOC) meeting in Washington, D.C. regarding the Nonbank Financial Company Designation Guidance. As the FSOC State Banking Supervisor Representative, Kruse emphasized that any updates to the designation framework should be consistent, durable, and incorporate state supervisors’ experience, stating “State regulators are the primary prudential and market conduct supervisors of many nonbank firms. We bring deep, institution-specific knowledge and an ongoing supervisory presence that can materially inform the Council’s analysis." |
|
 |
2026 Q1 Community Bank Sentiment Index (CBSI) Score Remains Positive at 133
The Community Bank Sentiment Index is an index derived from quarterly polling of community bankers across the nation. As community bankers answer questions about their outlook on the economy, their answers are analyzed and compiled into a single number. An index reading of 100 indicates a neutral sentiment, while anything above 100 indicates a positive sentiment, and anything below 100 indicates negative sentiment.
The 2026 Q1 Community Bank Sentiment Index Number is 133. This represents a positive reading in sentiment by community bankers. Slipping one point from the value of 132 recorded in last quarter's survey, the overall index remains well above the neutral level of 100.
  The profitability, operations expansion, and franchise value components all increased and remained strongly in positive territory. However, the monetary policy and regulatory burden indicators dropped sharply by 13 points and eight points, respectively.
 Surveys
DFI encourages all North Dakota depository institutions to take the quarterly CSBS Community Bank Sentiment Index survey and the Annual Survey. View more data on the CSBS website.
North Dakota State-Chartered Bank Averages
 Opinion: OTR – Creating the Illusion of Government Efficiency Since 1973
by Corey Krebs, Assistant Commissioner
The National Credit Union Administration (NCUA) as a regulatory government agency is -unique as it has both chartering authority for federal credit unions and share insurance responsibilities for both state and federal credit unions. When Congress gave NCUA these dual responsibilities, it also gave NCUA the authority to pay some of the agency expenses from the Share Insurance Fund (SIF) to fund NCUA’s administration of the SIF. Since 1973, NCUA’s allocation of expenses to the SIF is known as the Overhead Transfer Rate (OTR), and is the amount claimed by NCUA to be “insurance related”.
Like any accounting methodology, flawed assumptions can, and do, result in nonsensical outcomes. The OTR has drifted far from fairness, transparency, and reason. Instead, it has become a tool that quietly shifts federal charter examination expenses onto the SIF, creating an illusion of NCUA operational efficiency by forcing state-chartered credit unions to foot an unreasonable share of the NCUA budget.
The problems with the methodology assumptions are numerous and complex, far more than can be covered here. Instead, let’s examine recent results of the methodology. In 2025, NCUA reduced its staff by 23% as a result of an executive order and the Department of Government Efficiency (DOGE) review. The agency has been clear it will spend substantially less time in state-chartered credit unions. In North Dakota, NCUA plans to participate in four examinations in 2026 compared to nine in 2025. Despite this pullback in NCUA state-chartered activity, the OTR actually increased by one basis point to 61.8% in 2026. This increase disproportionately passes overall agency savings to federal credit unions, lowering federal credit union operating fees about 25%. Meanwhile, state-chartered credit unions, through SIF, will be paying a greater portion of the NCUA bill, despite NCUA spending less time in state-chartered credit unions.
The Department has long asserted a more reasonable calculation is necessary, and based upon analysis of the data, assumptions, and congressional intent, believes an OTR closer to 50% is more reasonable and accurate. A 50% rate is higher than the OTR levels levied by NCUA from 1973 through 1985 but would be consistent with the OTR from 1986 to 2000. If 50% had been the OTR used over the past 25 years, the SIF would have saved an estimated $730 million, resulting in mandatory SIF dividends to all insured institutions. The $730 million obscures true financial performance and inefficiencies within the federal credit union assessment fee structure. It is not clear if the OTR methodology was part of DOGE’s review, but maybe it is time that it is.
State-Chartered Credit Union Averages
 DFI Communications: Accessibility Progress and How It Applies to Public Businesses
by Jennifer Skjod, Communications Director
We’re proud to share that the DFI has been working diligently to meet accessibility standards set for state and local government digital platforms. This effort includes ensuring that screen readers can interpret our documents and that audio/video content is fully captioned, making our content accessible for all users.
Why This Matters for Financial Institutions
Did you know the Americans with Disabilities Act (ADA) compliance isn’t limited to government entities? Title III of the ADA extends to businesses open to the public. DOJ guidance confirms that digital accessibility is required under Title III, and WCAG 2.1 Level AA is the de-facto benchmark for compliance. A few things to consider include:
-
Legal Obligations: As public accommodations under Title III, financial institutions are expected to conform to WCAG 2.1 AA standards.
-
Good Customer Service: Accessible digital services ensure all customers, especially those using screen readers or assistive technology, can independently access banking services.
-
Avoiding Risk: Inaccessible features can lead to exclusion for customers with disabilities and expose institutions to legal challenges.
By focusing on accessible design now, financial institutions affirm their commitment to serving every customer and stay ahead of evolving expectations in accessibility.
 Why Banks and Credit Unions Should Limit Public Internet Access to Office 365
by Keith Steinberg, IT Examiner
Banks and credit unions remain top targets for credential theft, account takeover, and business email compromise (BEC). While Office 365 (O365) provides strong security features, unrestricted public internet access significantly increases exposure to these threats. Limiting O365 access to trusted networks is becoming a best practice across the financial industry.
- Reduces Token Replay Attacks
- A token replay attack occurs when an attacker steals a user’s authentication token—essentially the “proof” that the user is already logged in. These tokens can be taken from infected devices, browser sessions, or malware. Once stolen, the attacker can reuse (or “replay”) the token to access O365 without needing a password or multi-factor authentication (MFA).
- If O365 is available publicly, attackers can replay the token from anywhere in the world and appear completely legitimate. Restricting O365 access limits where valid logins can originate, preventing stolen tokens from being used on external networks.
- Dramatically Lowers BEC Risk
- BEC remains one of the most financially damaging threats to banks and credit unions. Unauthorized O365 logins are a common starting point for:
- redirecting wire or ACH transfers
- executive or vendor impersonation
- fraudulent payment approvals
- Requiring VPN or private endpoints blocks unknown IPs by default, stopping many BEC attempts before they can escalate.
- Adds a Critical Layer Beyond Identity Controls
- Identity protections like MFA are essential, but attackers now use token theft and adversary‑in‑the‑middle tools to bypass them.
- Network restrictions create layered security—validating not just the user, but also the device and the network path.
- Strengthens Regulatory Alignment
- FFIEC, NCUA, and GLBA Safeguards guidance emphasize layered security, segmentation, and strict access control. Limiting public O365 access demonstrates strong risk mitigation and aligns with examiner expectations.
- Improves Monitoring and Incident Detection
- Public access generates large volumes of global login noise. Restricting access results in:
- higher‑quality security alerts
- easier detection of true compromises
- This leads to faster detection and lower operational risk.
Conclusion For banks and credit unions, unrestricted O365 access introduces avoidable opportunities for token replay, BEC, and account takeover. Restricting access to trusted networks significantly enhances security, reduces fraud risk, and aligns with regulatory expectations—all while strengthening protection for sensitive customer and institutional data.
Watch it on Replay
 |
|
If you missed our February webinar addressing how asset management builds a strong cybersecurity foundation, you can still view the recording. |
Litchfield-Marion "Money Hounds" Earn Third Place at National LifeSmarts Competition
 The NDDFI is happy to announce the Litchfield‑Marion Money Hounds earned a third‑place finish at the 2026 National LifeSmarts Championship in Orlando, Fla. The team represented North Dakota with impressive expertise, collaboration and grit while competing against top teams from across the country.
Pictured from left to right are Money Hounds team members Dakota Severance, Team Captain Charlie Enger, Kaitlyn Severance, Andrian Danilov and Gracie Enger. (Photo Credit: National Consumer League)
LifeSmarts, a program of the National Consumers League, supports our state’s commitment to building strong financial literacy skills for North Dakota students. We are proud to see these young consumers excel on the national stage!
LifeSmarts is a great organization to support. Opportunities to support a local team include offering a travel sponsorship, helping purchase team T-shirts or providing a meal during a team practice. Contact Katie Richard for more information on how to support a team.
Monthly Bulletin
The Department issues a monthly bulletin which details applications received and their status, including any action by the State Banking Board or the State Credit Union Board. The monthly bulletin is an effort to keep North Dakota citizens and other interested parties apprised of actions and activities conducted by our state-chartered financial institutions. They are located on our website at https://www.nd.gov/dfi/news-and-publications/department-bulletins.
|
Crypto ATM Consumer FAQs
 The NDDFI has introduced a new set of Consumer Crypto ATM FAQs to help residents better understand virtual currency kiosks and protect themselves from fraud. Released during April’s Financial Literacy Month, the resource explains how crypto ATMs work, what state law requires of operators, and how consumers can verify whether a company is licensed to do business in North Dakota.
The FAQs were developed in response to increased public interest in cryptocurrency and a rise in scams involving crypto ATMs. While many operators are legitimate, the department noted that scammers often pressure victims to deposit cash or send digital currency under false pretenses. Once funds are transferred, they are difficult to recover. Commissioner Lise Kruse said the goal of the new resource is to promote informed and safe use of these machines, not to discourage lawful activity.
The department highlights common red flags, including urgent requests for payment, unfamiliar individuals directing someone to use a crypto ATM, and instructions to scan unknown QR codes. No legitimate business or government agency will demand cryptocurrency payments to resolve a problem or protect funds. Residents are encouraged to verify requests, use official contact information and reach out to licensed operators’ customer support if they have concerns.
North Dakotans who believe they have encountered a scam should report it to law enforcement and the Attorney General’s Office and may also file a complaint with the department. The new Crypto ATM FAQs and additional financial literacy resources are available at nd.gov/dfi.
Watch for Crypto ATM Licensee FAQs in a future issue of this newsletter.
North Dakota Licensed Service Providers
Joint State Banking and Credit Union Board Meeting
A joint State Banking Board and State Credit Union Board meeting is scheduled for June 10, at 9 a.m. CT at the NDDFI office/BND in Room 201 located at 1200 Memorial Hwy in Bismarck. See details and subscribe to alerts on the NDDFI website.
Regular State Credit Union Board Meeting
The State Credit Union Board will hold a regular meeting on June 18, at 1 p.m. CT at the NDDFI office/BND in Room 115. See details and subscribe to alerts on the NDDFI website.
Regular State Banking Board Meeting
The State Banking Board will hold a regular meeting on July 1, at 1 p.m. CT at the NDDFI office/BND in Room 115. See details and subscribe to alerts on the NDDFI website.
|
