Early this October, we attended the conference of the Southwest Association of General Counsel in Santa Fe. This is a yearly meeting where around 200 exceptional banking attorneys gather from across Texas and the southern U.S. to Santa Fe to dig into the scintillating details of the most recent changes to banking law and the banking M & A scene. As you might guess, our bank-lawyer-and-guest meetings were full of camaraderie, long words, dry wit, magic tricks, and hot air balloons. (We’ll let you decide whether you believe all that or not.)
In any case, here are a few key points from the conference that our banking and business clients might find helpful or interesting.
Cybersecurity
Banks are 300 times more likely to experience a cyber-attack than other types of institutions. This is a sobering thought and a continued focus for most of our bank clients. The FFIEC Cybersecurity Assessment Tool has been sunset as of Aug 31, 2025. If you haven’t already, pick a new tool to help with your cyber security assessments and risk assessments. Here are a few to look at:
- National Institute of Standards and Technology (NIST): Cybersecurity Framework 2.0 – industry standard, high level, any industry
- NIST Cybersecurity Framework 2.0
- Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity
- Performance Goals: CISA
- Cyber Risk Institute (CRI) Profile: CRI
- Center for Internet Security (CIS) Critical Security Controls (CSCs): CIS CSCs
Fraud Continues to Rise
Payments fraud continues to escalate and morph. Newer phishing and account takeover attacks include using AI generated voice overs to impersonate business owners or staff. The attacker calls the bank or takes a call back from the bank and
answers in the voice of the bank’s well-known customer. For our banks who are developing security controls, make sure your call-in and call-back procedures have strong, detailed verification procedures to cut through an imposter’s facade.
Reconsider Sending Checks in the Mail
Checks are regularly stolen from mailboxes and mail drops of all kinds. Thieves follow up by altering checks, counterfeiting them, or misusing the account and routing information printed on the front of the check. Consider using a courier, like FedEx, to send checks or don’t send checks at all.
Use Dual Controls
Dual controls is an arrangement where two people are required to authorize and send a payment order. Having dual controls in place goes a long way to preventing account takeovers, employee fraud, payment mistakes, and other types of fraud losses. The process can be an annoyance, but an annoyance may be worth saving $10,000s or $100,000s of dollars in fraud losses.
Mitigating Payment Fraud Risks for Banks
Some institutions have begun requiring their business customers to indemnify the bank against fraud where the customer has refused to use appropriate fraud controls like dual controls, positive pay, or payment blocks and filters tools. Fraud continues to be a persistent issue in payments, and we expect the trend to continue.
Careful with Treasury Checks
Treasury checks in theory stopped on September 30, 2025, based on Executive Order 14247. If you are given a treasury check for deposit or otherwise, evaluate carefully or refuse them. There is a good chance you received a fake.
Corporate Governance
Move from Delaware. Firms are beginning to look to Texas, Nevada and other states instead of Delaware for their corporate home. Some changes in the way courts look at directors’ duties in Delaware have made other states look more favorable from a corporate governance perspective. It doesn’t hurt that many corporate filings are more easily handled on an electronic basis in states other than Delaware.
No One-Size-Fits-All
The FDIC has moved away from requiring a one-size-fits-all approach to corporate governance for banks. This change recognizes that banks come in many sizes and shapes and that oversight, accountability, reporting, and authority may need to be handled in different ways at different institutions.
Mergers and Acquisitions
2025 has seen an uptick in merger transactions from 2024. There are 133+ deals announced to date. Some banks have taken the opportunity to change charters in a more friendly regulatory environment. Banks are looking at mechanisms for increasing capital, including through subordinated debt and sale leaseback transactions with their branches.
Fintech Scene
Fintech Banks. 130-140 banks are looking at working with fintech partners in one capacity or another. Some fintechs are pursuing special purpose depository institution charters to support their service offerings.
Retailers Are Aggressively Adopting Agentic AI Commerce
This means that retailers are building the website rails and infrastructure necessary to let buyers use an AI tool to go out and buy things for them. It is expected that numerous issues will spill over into the banking world. For example, we may see disputes where a consumer claims a debit card purchase was the unauthorized activity of an AI agent.
