Oahe Data

Digital Footprint Audit

Four Bands Community Fund, Inc.
Date: 2026-04-12 Entity Type: Nonprofit (CDFI) Audit Type: Public Index Reconnaissance

Contents

Purpose

This audit maps the publicly indexed digital footprint of Four Bands Community Fund across federal agency databases (CDFI Fund, EDA, USDA, FEMA, EPA), nonprofit transparency portals (ProPublica, Charity Navigator, GuideStar), certificate transparency logs, the Wayback Machine, and the entity's own web properties.

What can anyone with a search engine learn about your organization in 30 minutes?

For a Native CDFI managing $53M+ in cumulative lending, leading a $45M federal coalition, and holding seats on the Federal Reserve Board and USDA Equity Commission, the answer to that question has implications for donor confidence, regulatory relationships, and the communities you serve. This audit identifies what is exposed, where it lives, and what it reveals when assembled.

Methodology

The following public data sources were queried using only standard search tools and publicly accessible APIs. No unauthorized access was performed or attempted.

Governance & Sensitive Documents

#DocumentHosted OnRiskNotes
1EDA Build Back Better Concept Proposal Narrativeeda.govMEDIUMFull strategic proposal revealing partnership plans, priorities, and coalition structure for $45M award
2CDFI Fund Case Statementcdfifund.govLOWHosted as a model example for other Native CDFIs — intentional publication by the funder
3CDFI Fund Impact Story: Thinking Localcdfifund.govLOWFeature profile on business growth support programs
4CDFI Fund Impact Story: Making Wavescdfifund.govLOWFinancial literacy program featured

Assessment: LOW

No confidential, internal, or restricted documents were found indexed on any domain. The EDA concept proposal is the most substantive third-party-hosted document. The CDFI Fund documents are positive and intentional.

Personnel & PII Exposure

No results. Zero employee rosters, phone directories, org charts, or member lists found in any file format.

Assessment: CLEAN

Financial Documents

#DocumentHosted OnRiskNotes
1ProPublica Nonprofit Explorer — Full 990 filingspropublica.orgLOWAll Form 990 filings from 2001 to present. Revenue ~$6M FY2022, executive compensation $139K
2Charity Navigator — 4-Star Rating (95%)charitynavigator.orgLOWTop-tier nonprofit rating with financial breakdown
3GuideStar/Candid Profileguidestar.orgLOWOrganizational transparency profile
4Cause IQ Financial Trendscauseiq.comLOWMulti-year financial trend data

Assessment: LOW

Financial exposure is entirely through legally required nonprofit transparency channels. The 4-star Charity Navigator rating and modest executive compensation are positive signals.

Wayback Machine Archive

MetricValue
Total unique pages archived4,869
Total unique PDFs/documents archived156+
Earliest snapshot2002-06-20
Most recent snapshot2026-04-07
Hosting platform detectedWordPress (migrated from static HTML circa 2017)

Notable Archived Documents

#URLTypeNotes
12006 Audited Financial StatementsPDFFull audited financials — sensitive
22009 AuditPDFFull audit — sensitive
3Vogel Congressional Testimony (Jan 2022)PDFSenate Banking Committee testimony
4Banking Testimony (Nov 2011)PDFFinancial services testimony
5CRA Testimony — Fiddler (2010)PDFCommunity Reinvestment Act testimony
6Restoring Self-DeterminationPDFPolicy/advocacy paper
7Customer Intake Packet (Fillable)PDFFillable loan intake form with field structure
8Investor Loan ApplicationDOCWord format — may contain document metadata

Additional archived content: 30+ individual entrepreneur profiles (personal names and business details of CRST community members), Making Waves financial literacy materials, Chamber of Commerce materials, job postings, legacy static HTML pages from 2002.

Assessment: MEDIUM-HIGH

The Wayback Machine preserves a 24-year corpus with the most significant items being audited financial statements and individual entrepreneur profiles. WordPress plugins include revslider and js_composer, which have had significant historical vulnerabilities.

Certificate Transparency

PropertyValue
Total certificates found22
Certificate issuer(s)Go Daddy Secure Certificate Authority - G2
Earliest certificate2017-06-09
Most recent certificate2026-02-24
Wildcard certs?No
Renewal patternMixed — apex annual, pay subdomain ~90-day rotation

Subdomains Discovered

#SubdomainFirst SeenNotes
1fourbands.org / www.fourbands.org2017-06-09Primary site, annual renewal
2pay.fourbands.org2025-05-05Payment portal, 90-day cert rotation — likely PCI-DSS compliant
3point.fourbands.org2021-10-08DNS no longer resolves — may be decommissioned

Assessment: LOW

Three subdomains, all through GoDaddy, with no wildcard certificates and no evidence of shadow IT.

Funding & Contract Records

#RecordSourceAmountAgency / FunderNotes
1Build Back Better Regional ChallengeEDA~$45M (coalition)U.S. Commerce / EDALead/fiscal sponsor of 9-CDFI coalition
2CDFI Fund NACA Awards (11 awards)CDFI Fund$4.6M+ cumulativeU.S. TreasurySince 2001
3CDFI Fund ERP AwardCDFI Fund$1.5MU.S. TreasuryEquitable Recovery Program
4USDA Native American Relending PilotUSDA Rural Dev.$3M (2022)USDASection 502 mortgage relending
5Bush Foundation grantsBush FoundationUndisclosedPrivateIncluding Bush Prize for Community Innovation (2013)
6Northwest Area FoundationNWAFUndisclosedPrivateLong-term partner
7Robert Wood Johnson FoundationRWJFUndisclosedPrivate2024 coalition research
8Yield Giving (MacKenzie Scott)Yield GivingUndisclosedPrivateGift recipient
9Trust for Civic LifeTrust for Civic LifeUndisclosedPrivateCurrent grantee
10FHLB Des Moines / Sunrise Banks (2026)FHLBShare of $122,500Federal/BankingMarch 2026 matching grant

Assessment: LOW

The funding portfolio is fully reconstructable from public sources. The organization operates as a single 501(c)(3) with no hidden subsidiary structures.

Legal Entity Registration

#ResourceSourceNotes
1ProPublica — EIN 46-0456528IRS / ProPublica501(c)(3), NTEE code S30, incorporated 2000
2GovTribe Vendor ProfileSAM.govRegistered federal vendor
3SD Dakota At Home ListingSouth DakotaState social services directory

Litigation: None found. Zero cases across Justia, CourtListener, JudyRecords, and general web search.

Regulatory: Active CDFI certification with "Policy Plus" distinction. Case statement hosted by CDFI Fund as exemplar. Compliant with federal Single Audit requirements.

Assessment: CLEAN

An exceptionally clean legal and regulatory profile. Zero litigation, 95% Charity Navigator score, and model CDFI status.

Infrastructure & Technical Surface

DNS Configuration

RecordValueSignificance
A198.12.235.156GoDaddy shared hosting
MXfourbands-org.mail.protection.outlook.comMicrosoft 365 for email
NSns41.domaincontrol.com, ns42.domaincontrol.comGoDaddy DNS
TXT (SPF)v=spf1 include:spf.protection.outlook.com include:spf.mandrillapp.com include:_spf.salesforce.com -allHard fail SPF — authorizes Outlook, Mandrill, Salesforce

Infrastructure Profile

PropertyValue
Hosting platformGoDaddy shared hosting (Apache)
CMSWordPress 6.8.1
PHP version7.4.33 (EOL since November 2022)
Email providerMicrosoft 365 (Exchange Online)
CRMSalesforce
Transactional emailMandrill (Mailchimp)
CDN/ProxyNone
Security headersNone (missing HSTS, X-Frame-Options, CSP)

Assessment: MEDIUM

The organization invests in business-tier SaaS (M365, Salesforce) but runs WordPress on end-of-life PHP with no security headers or CDN layer.

Disaster & Environmental

FEMA Declarations Affecting Service Area

#DeclarationDateTypeNotes
1FEMA-4842-DR2024-11-01Severe storms, straight-line winds, floodingTribal declaration; SBA disaster loans triggered
2EM-35362020-03-13COVID-19 PandemicEmergency assistance through May 2023
3FEMA-4440-DR-SD2019-06-07Severe winter storm, floodingDewey & Ziebach Counties designated
4FEMA-4186-DR-SD2014Severe storms, tornadoes, floodingBoth counties designated for Public Assistance
5FEMA-23372009Severe storms, floodingBoth counties among 14 declared

EPA Records

#RecordNotes
1Cheyenne River Basin Superfund SiteMercury and heavy metals from Black Hills mining
2Landfill Fire Superfund actionsOn-reservation removal actions
3Eagle Butte Wastewater NPDES PermitThree waste stabilization ponds, 67.4 acres
4Air Quality Monitoring ($406K)PM2.5, trace metals, mercury vapor monitoring

Assessment: MEDIUM-HIGH

The Cheyenne River Sioux Reservation has recurring disaster exposure and environmental challenges that directly affect Four Bands' borrowers and service area.

Media & Public Narrative

Key Coverage

#ArticleDatePublicationKey Points
1Matching grants for SD nonprofits2026-03DRGNewsFHLB Des Moines grants
225th Anniversary celebration2025Lakota TimesEmployment rose from 49.2% to 51.3% on reservation
3Data transforms Indigenous finance2024-08Sweet Grass ConsultingData sovereignty presentation at Housing Summit
4Rewriting the rules2022ImpactAlpha$5.5M annual lending, 1% delinquency, 57% female business owners
5$45M coalition award2022-09U.S. Commerce DeptLargest single investment in Native CDFI industry

Leadership

#NameRoleNotes
1Lakota VogelExecutive Director (since 2015)Federal Reserve Bank of Minneapolis Board. USDA Equity Commission. Senate Banking Committee testimony.
2Stewart Sarkozy-BanoczyFounder / Board Vice ChairFounding ED (1999-2002). Now CEO of World Ocean Council.
3Tanya FiddlerFormer ED / Co-founderFirst Executive Director of Native CDFI Network.

Assessment: CLEAN

Uniformly positive public narrative. Exceptional institutional credibility through executive director's board appointments and congressional testimony.

Risk Summary

Scorecard

CategoryAssessmentKey Finding
Governance & DocumentsLOWOne strategic document on EDA servers
Personnel & PIICLEANNo PII exposure detected
Financial DocumentsLOWStandard nonprofit transparency through 990 filings
Wayback ArchiveMEDIUM-HIGH156+ PDFs including audited financials and entrepreneur profiles
Certificate TransparencyLOW3 subdomains, narrow surface, no shadow IT
Funding & ContractsLOWFully reconstructable portfolio; no hidden structures
Legal & RegulatoryCLEANZero litigation; model CDFI status
InfrastructureMEDIUMPHP 7.4.33 EOL; no security headers
Disaster & EnvironmentalMEDIUM-HIGH5+ FEMA declarations; Superfund exposure
Media & NarrativeCLEANUniversally positive; exceptional leadership credibility
Overall Footprint Assessment: MODERATE

Recommendations

Immediate Actions

  1. Upgrade PHP to a supported version. PHP 7.4.33 has been end-of-life since November 2022. Upgrade to PHP 8.2+ or migrate to managed WordPress hosting.
  2. Add security headers. Configure HSTS, X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy.
  3. Audit WordPress plugins. Ensure revslider, js_composer, and all 16 detected plugins are current. Remove unused plugins.
  4. Resolve orphaned subdomain. point.fourbands.org has certificate history but no DNS resolution.
  5. Review Wayback Machine exposure. Consider whether the 2006/2009 audited financial statements warrant a takedown request.

Ongoing Monitoring

  1. Set up Google Alerts for "Four Bands Community Fund" to track new third-party indexing.
  2. Periodically audit wp-content/uploads/ for unintentionally public documents.
  3. Monitor certificate transparency logs for unexpected certificate issuance.

Strategic Considerations

  1. Consider a CDN layer. Cloudflare (free tier) adds DDoS protection and security headers with zero migration.
  2. Domain authority. Consider whether a .nsn.gov domain would better reflect institutional standing.
  3. Entrepreneur profiles. The 30+ archived PDFs naming community members represent a data stewardship consideration.

What This Means

Donor and grant transparency means your funding portfolio, tax filings, and program outcomes are publicly assembled in ways that shape how funders and the public perceive your organization. For Four Bands Community Fund, this transparency is overwhelmingly a strength — a 4-star Charity Navigator rating, a model case statement hosted by your federal regulator, Senate testimony, and a Federal Reserve board appointment all tell a story of institutional excellence. The areas requiring attention are technical (an aging web platform) and historical (archived documents from an earlier era of the organization's web presence). Neither undermines the strong public narrative — but both are worth addressing to match the organization's infrastructure to its institutional standing.

Prepared by Oahe Data
This audit is provided as an informational assessment of publicly available data. No unauthorized access was performed or attempted.