Issue 1 2022-2023 OVER A CENTURY: BUILDING BETTER BANKS — Helping Coloradans Realize Dreams Page 10 Banker Sunsetting, Self-Service, and Planning for the ATM of the Future
©2022 The Colorado Bankers Association is proud to present Colorado Banker as a benefit of membership in the association. No member dues were used in the publishing of this news magazine. All publishing costs were borne by advertising sales. Purchase of any products or services from paid advertisements within this magazine are the sole responsibility of the consumer. The statements and opinions expressed herein are those of the individual authors and do not necessarily represent the views of Colorado Banker or its publisher, The newsLINK Group, LLC. Any legal advice should be regarded as general information. It is strongly recommended that one contact an attorney for counsel regarding specific circumstances. Likewise, the appearance of advertisers does not constitute an endorsement of the products or services featured by The newsLINK Group, LLC. Jenifer Waller President & CEO Alison Morgan Director of State Government Relations Brandon Knudtson Director of Membership Lindsay Muniz Director of Education Rita Fish Communications & Office Manager Margie Mellenbruch Bookkeeper* Craig A. Umbaugh Counsel* Jim Cole Lobbyist* Melanie Layton Lobbyist* Garin Vorthmann Lobbyist* Andrew Wood Lobbyist* * Outsourced 140 East 19th Avenue, Suite 400 Denver, Colorado 80203 Office: 303.825.1575 Websites: coloradobankers.org smallbizlending.org financialinfo.org colorado-banker.thenewslinkgroup.org Contents Over a Century BUILDING BETTER BANKS— Helping Coloradans Realize Dreams 18 6 2 A Word from CBA Chairman Navigating Success Through Tumultuous Times 4 The Society of Bank Executives: The Power of Peer Networks 6 Third-Party Relationships: Due Diligence Guidance for Community Financial Institutions Engaging Fintechs 10 Sunsetting, Self-Service, and Planning for the ATM of the Future 12 Effective Credit Risk Monitoring in the Post-Pandemic Economy 14 Cyber Awareness: Decreasing the Cost of a Cybersecurity Attack 18 How Banks Should ‘Weaponize’ Their Balance Sheets: A Q&A with Piper Sandler’s Scott Hildenbrand 20 Driving an Optimal Payments Experience 22 Mitigating CRE Risk in a Volatile Market 22 Colorado Bankers Association The July • August 2022 1
A Word From CBA By Mark Hall, SVP, Sr. Community Bank Division Leader, Vectra Bank, 2022-2023 CBA Chairman Navigating Success Through Tumultuous Times We have all heard the political pundits and experts tell us that “post-pandemic,” the economy will perform in such-and-such a way. The past few years have not performed as any of us could have predicted ten, or even five, years ago. Would any of us have considered the potential for $10 per gallon of gas or the increasing cost of a weekly trip to the grocery store? These are unprecedented times, and it is at times such as this that we can rely upon CBA to provide value to the membership. It is an honor to be elected by the membership to be the 2022-23 Chairman of the Colorado Bankers Association. These may not be ideal economic times to be chairman of CBA, but it will be exciting, nonetheless. There remain opportunities to make a positive difference for our industry and Colorado. Through 20 years in banking, I have experienced the challenges of economic highs and lows. We enter this latest downturn with regulatory agencies focused on further restricting the means by which we conduct our business. Now more than ever, we need CBA to be at the forefront of advocacy and our watchdog for regulatory stability. As a well-regarded and respected association, CBA will represent the voice of our industry as we navigate through these challenging times in Colorado and our nation. During my tenure as chairman, it is my goal for CBA to focus on four areas: Advocacy and Government Relations: CBA is a leader and provides a strong, reliable voice at the state house in Denver and in D.C. on behalf of the financial service industry. During the next year, CBA’s work to protect the interest of banking in Colorado and before Congress and regulators will be critical. Education and Professional Development: A tremendous member resource is education and professional development offered through CBA. I am a 2016 graduate of the Center for Banking Advocacy. This is an excellent program for introducing and engaging bankers in the legislative and advocacy process. Over the next year, CBA will expand its professional development program with increased participation from member banks. Membership: CBA staff is responsive to the membership and provides exceptional customer service. Over the next year, they will continue to support our member banks, so your membership is more than you ever expected. For a robust and diverse association, we will continue to grow our member banks. Banker Resources: Our CBA staff accomplishes so much with so few staff on hand. My goal is to begin an online Banker Resource which will be a catalog of content that can be shared by our members and teach banks and bankers how to leverage and utilize resources within CBA. More information on this project will follow in the months to come. We have strong leadership with Jenifer Waller at the helm, and she has built a solid team to support the mission of improving the quality of the Colorado banking industry and enhancing its ability to compete effectively and efficiently. I am excited to share this next year with you. I am encouraged that with CBA as a partner and advocate, we can conduct good business for Colorado and continue to promote a sound and competitive banking environment. My goal is to begin an online Banker Resource which will be a catalog of content that can be shared by our members and teach banks and bankers how to leverage and utilize resources within CBA. Feature www.coloradobankers.org 2
The Society of Bank Executives: The Power of Peer Networks By Dr. Paul Godfrey William and Roceil Low Professor of Business Strategy BYU Marriott School of Business As you know, leading a bank today has never been more challenging; to borrow a phrase from an old General Motors advertisement, “It’s not your father’s bank.” You and your team work harder than ever to generate income through traditional lending activities and a growing portfolio of services. If that isn’t difficult enough in a post-pandemic, politically-charged, inflationary environment, you find yourself swimming in change, from climate investing and disclosures to cryptocurrencies to ever-evolving ransomware risks. Bank leaders need to sharpen a different set of skills to master today’s challenging environment, and successful leaders understand the critical role a vibrant peer network plays in providing perspective, identifying solutions, and accelerating learning. We’ve engineered the Society of Bank Executives around the connection between meeting today’s challenges and creating a vibrant peer network that leads to solutions and success. The Art of Running a Bank The training bank executives receive on the way up the organizational ladder typically focuses on “blocking and tackling” – the hard skills that constitute the “science” of running a bank. But the challenges that keep you up at night require knowledge and skill in the “art” of leading a bank – things like building teams, trust and culture, motivating, mentoring and coaching, and creating and deploying strategy. The Society of Bank Executives helps you develop and expand these critical skills, not just amass information. This development happens the same way we truly learn any skill – through an intentional, peer-supported process that engages us “many times in many ways.” We host premier content experts virtually to expand your knowledge of the art of leadership. Then we hold a two-day in-person event, where you’ll apply the skill in simulated and real situations. We’ll put you in a group setting where you’ll work with other bank executives on a skill-based case study, and you’ll create an action plan www.coloradobankers.org 4
for your bank to focus on over the next month. You can leverage your peer group for advice and feedback, and you’ll return the favor by helping them formulate realistic and robust plans. You’ll complete the process by reflecting on your experience with that same peer group. This simple, iterative process of Learn-Apply-Reflect forms the foundation of the Society’s development program. The Society spreads this process over a six-month period, covering two skills per calendar year. The Power of an Intentional Network We all have a loose network of people to whom we turn for advice. Fewer of us have a vibrant professional network with executives who understand and have experienced the challenges we face in banking, and who we can be open with and turn to because they are noncompeting peers. A vibrant network doesn’t grow out of random or one-off connections; it comes about as we intentionally develop meaningful relationships with others, grounded in solving real problems and challenges. In today’s hyper-busy world, you don’t build a vibrant network by attending cocktail parties or networking events, but rather through sustained interactions where you work on creating change, both in yourself and in your bank. The aforementioned in-person event – held twice annually in conjunction with our skill development program – will help you expand this vital network. In small group settings, you’ll work with other bank executives on applying the skill and creating a plan to continue to develop it in the future. In your peer group, you’ll seek and provide advice and feedback, as well as strengthen your own network. Peer groups will rotate on a regular basis to further strengthen your opportunity to network with other executives in meaningful ways. You’ll also have the opportunity to deepen those relationships through participation in joint activities, meals, and informal discussions over the two days. If you are not managing “your father’s bank,” then your father’s approach to developing peer networks and executive skills probably won’t lead to success in today’s banking environment. The goal of the Society is to help you, your executive team, and your bank to learn, grow, and thrive in an ever-changing and complex marketplace. Dr. Paul Godfrey is the Development Advisor to the Society of Bank Executives. Learn more and apply now at executives.bank. July • August 2022 5
By Brad Birkholz, Senior Manager and James Siegel, Senior Manager Plante Moran Third-Party Relationships: Due Diligence Guidance for Community Financial Institutions Engaging Fintechs New federal guidance has clarified steps community financial institutions should take when contracting with a financial technology service provider. Banks that rely on fintechs, and those considering new relationships, should take time to understand the expectations. Today’s community financial institutions see more opportunities than ever to enter into relationships with a new generation of financial technology (fintech) companies, including those offering robotic process automation solutions. Community financial institutions are no strangers to engaging technology companies that assist with various business needs – such as core systems and IT infrastructure – but these next-generation fintech partnership opportunities present new risks because the products and services they offer are new to the marketplace. Until recently, the regulatory guidance governing third-party risk management expectations for financial institutions has been spread across several different federal agencies. Fintech relationships are often (although not always) customer-facing partnerships. They enable community financial institutions to provide a new product or service, access a new customer base, or enhance efficiencies. www.coloradobankers.org 6
The expectations could vary depending on whether the institution was regulated by the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB), or the Federal Deposit Insurance Corporation (FDIC). This year, the agencies released proposed interagency guidance on risk management for financial institutions entering into third-party relationships, followed shortly afterward by a guide for community banks that need to conduct due diligence on fintechs. Community financial institutions need to understand this recent guidance and take action to ensure that their third-party risk management programs properly address the relevant risks in fintech relationships. A new type of third-party relationship Partnering with a fintech can be a different risk management experience than partnering with other IT Continued on page 8 providers. Many community financial institutions have developed third-party risk management processes for their relationships with traditional technology partners. These traditional technology partners have typically provided “standard” IT solutions focused on basic day-to-day “back-office” functions like processing transactions. They usually offer these fundamental services to institutions for less than it would cost each bank to keep the process in-house. Fintech relationships are often (although not always) customer-facing partnerships. They enable community financial institutions to provide a new product or service, access a new customer base, or enhance efficiencies. Financial institutions can’t necessarily depend on their technology partners to educate them on the process of partnering with a fintech. These companies are nimble organizations that can change dramatically in short spans of time. As fintechs race to get their products to market ahead of their competition or launch a new version with the latest enhancements, compliance with federal banking regulations probably won’t be their top priority. Their culture and business processes may vary greatly from the community financial institutions they partner with and from the traditional technology companies that community financial institutions are used to working with. New guidance for managing these new relationships In response to the rise of this new type of relationship between community financial institutions and fintech companies, the federal regulatory agencies that oversee America’s financial institutions issued proposed interagency guidance on managing risk in thirdparty relationships. Shortly thereafter, that regulatory language was followed by a guide focused specifically on helping community financial institutions understand how to conduct due diligence on fintechs under the new guidance. The guide offers relevant considerations, potential sources of information, and helpful examples on the following six key due diligence topics: • Business experience & qualifications • Financial condition • Legal & regulatory compliance • Risk management & controls • Information security • Operational resilience This action by regulators should streamline the third-party due diligence expectations for all financial institutions. July • August 2022 7
Your Payments Partner Shouldn’t Cost Customers an Arm and a Leg If your institution is looking to create a merchant services program or change payment processors, Fitech by Deluxe can help you increase residual income while keeping limbs intact. Fitech provides payment solutions for almost every business vertical, including the modern technology needed to support each. From contactless payment solutions and system agnostic hardware to business solutions like HR/Payroll programs, the technology and resources your merchants need are readily available and can easily be integrated with your banking platform. After all, the banks that control how their small businesses get paid, control where the deposits go. Couple these solutions with customized programs for you and your merchants, and you’re both armed with the tools to get a leg up on the competition. Ready to grow your commercial portfolio? Contact us today. www.fitech.com Erin Jester, Director of Sales ejester@fitech.com 559.908.4010 Continued from page 7 The guide should help community financial institutions understand how their processes may need to be modified to perform due diligence on their relationships with fintech companies. Two types of community financial institutions At this point, there are two types of community financial institutions in the United States: those that have relationships with third-party fintech companies and those that are going to have relationships with third-party fintech companies. For those with existing contracts, this guidance serves as a wake-up call that the third-party risk management used in the past for relationships with traditional technology partners needs to be reviewed to make sure that they are properly vetting fintech providers. For those that don’t yet have relationships with fintech companies, the guide highlights six key due diligence areas in which their thirdparty risk management process should be reviewed and possibly enhanced before entering into agreements with these service providers. For many community financial institutions waiting for this guidance in order to start considering relationships with fintechs, the availability of these new expectations could be just the push needed to get them into the market. Still, many community financial institutions aren’t well versed in this relatively new guidance and the potential impact it could have on their third-party risk management programs. Community financial institutions need to read and understand this new joint regulatory guidance. Many will need to update their third-party risk management programs to specifically address fintechs and their risks. Those with fintech relationships in place need to determine how this guidance affects their existing relationships and take additional steps to address any gaps. As an accounting and consulting firm known for our breadth and depth of technical knowledge and industry expertise, Plante Moran can help your institution with this process, either by performing thirdparty compliance reviews of potential fintech companies or reviewing a financial institution’s third-party risk management processes for compliance with the new expectations. If you have any questions about this guidance, please contact Plante Moran. www.coloradobankers.org 8
TIRED OF BORROWINGMONEY BEINGMORECOMPLICATED AND DIFFICULT THAN IT NEEDS TO BE? Bank Stock and Bank Holding Company Stock Loans Done the Simple Way Bank mergers, acquisition loans and refinances up to $50 million » Call Rick Gerber or Ryan Gerber at 1-866-282-3501 or email rickg@chippewavalleybank.com ryang@chippewavalleybank.com 1. Calling us is the first step. 2. You email us the appropriate documents of information. 3. CVB preparing the loan documents generally within 5 to10 days. 4. Meeting the customer. We will come to you to sign loan documents. 5. CVB wires the funds. 6. Wow that was easy.
By Joe Woods, SVP Marketing & Partnerships Dolphin Debit Sunsetting, Self-Service, and Planning for the ATM of the Future As if maintaining your ATM fleet didn’t come with enough headaches and expenses, the imminent sunsetting of the most widely used ATM hardware/software in the U.S. is forcing banks to re-evaluate their fleet and ATM strategy going forward. Two of the largest ATM manufacturers in the U.S. have announced plans to discontinue support, or “sunset,” their most popular ATM products. This means roughly 50% of U.S. ATMs will need to be replaced or upgraded within the next two years and it comes with a hefty price tag. Chances are your bank falls into the majority that will be required to pour additional investment into an ATM fleet that already comes with a laundry list of expenses and tedious management tasks that eat away at precious staff time and capital. While banks weigh their options on how to handle the sunsetting of their ATMs, it’s also important to keep in mind the shift we see in the financial services landscape. Meaning: how do your ATMs fit into the digital era and the self-service expectations of your account holders? What hardware should you be considering to future-proof your investment? When and where should new machines factor into your plans? The list goes on. How and when to invest in ATM fleets is becoming a growing topic as banks of all sizes are looking to the future, laying out their plans for “digital branch transformation” and incorporating more advanced and sophisticated ATMs into those plans. These new machines may be deposit-taking ATMs, “future-proofed” ATMs with equipment that streamlines upgrades when needed, or they could be the top of the line: Interactive Teller Machines (ITMs). Which asks the new question: Should ITMs be implemented into your plans? We see heightened interest in banks eager to leap to ITMs, and who can blame them? This is the direction the financial services world is being pulled by digital consumers who demand convenience and self-service. ITMs also allow banks to extend service hours, increase their footprint with mini-branches, and reduce staff and overhead costs per transaction. But, ITMs come with www.coloradobankers.org 10
www.bell.bank Member FDIC 35344 Partner with Bell for: Participation loans Bank stock and ownership loans Holding company loans and lines of credit Reg. O loans to bank employees, insiders or directors Equipment financing Find the terms and flexibility you need on large or small loans at Bell, with faster turnaround from an experienced team dedicated to correspondent lending. Whatever Loan Amount You’re Looking For, We Can Help. Tom Ishaug Call me at 701.451.7516 – Based in Fargo, N.D. Serving North Dakota, South Dakota, Minnesota 35344AD Colorado Bankers Association 2022_Tom.indd 1 3/31/22 4:33 PM a significant investment, so many banks are taking an interim step into a future-proofed ATM carrying hardware that is easily upgraded for seamless ITM conversion down the road. The looming sunsetting of ATMs means the clock is ticking, and pressure is being put on banks to make buying decisions regarding their ATM fleets. But, as we have discussed, decisions made now will have a big impact on consumer service capabilities for years, and investment should be carefully considered to align with your long-term ATM/ITM strategy. With staff and budgets stretched thin, your bank simply may not have the capacity to prioritize your ATM/ITM strategy. You’re not alone, and there are options available to help guide your institution through the changing ATM/ ITM technology and self-service expectations. ATM Outsourcing, ATM Managed services, ATM-As-AService, or any other way you want to define the solution makes more sense now than ever. Change is rapid, and consumer expectations are shifting. Now is the time to adapt and position your financial institution for success in the digital era. Dolphin Debit’s fully funded, turnkey approach to ATM outsourcing has proven to be the ultimate tool for financial institutions to seamlessly adopt new ATM/ITM technology and maneuver ATM sunsetting plans without sacrificing precious capital. Whether you have ATMs looming sunset, outdated machines, or want to explore ITMs, Dolphin Debit will provide the capital necessary to upgrade machines or replace them with brand new equipment on your behalf. A suite of ATM management services combined with expert consulting removes the burden of operations from staff. It assures your ATM/ITM strategy is poised to align with your short and long-term institutional goals. While banks weigh their options on how to handle the sunsetting of their ATMs, it’s also important to keep in mind the shift we see in the financial services landscape. July • August 2022 11
By John McKay, Senior Manager and Kevin Garcia, Senior Manager Plante Moran Effective Credit Risk Monitoring in the Post-Pandemic Economy As COVID-19 continues to affect individuals, communities, and global economies, financial institutions must continually adapt their credit risk monitoring strategies to effectively identify as quickly as possible those loans that have increased in risk. These strategies can help. The COVID-19 pandemic forced individuals and businesses to continually adapt to a “next normal,” and financial institutions are no exception. While credit risk in the banking industry has, for the most part, remained surprisingly stable throughout this volatile time, the pandemic has driven significant changes in the way financial institutions evaluate credit risk and monitor for signs of deterioration in their existing loan portfolios. Loan approval is just the beginning of credit risk monitoring Prior to COVID-19, most financial institutions could reliably determine how they would monitor a loan’s performance and assess changes in the borrower’s risk profile when they approved the loan. Lenders could use the information gained from the application process to determine what tests could effectively monitor the loan and how frequently to apply them. Tried and true methods could range from an analysis of tax returns and financial statements on an annual basis for low-risk loans to more frequent and thorough tools such as covenant compliance checks, evaluation of borrowing base certificates, or the preparation of quarterly or even monthly financial statements. Smaller or less risky loans may be handled on an exception basis only, requiring action only when adverse information is received, such as notification of a judgment, lien, or low credit agency score. The pandemic has driven home to lenders just how quickly the quality of a loan can deteriorate and how www.coloradobankers.org 12
ineffective some of the common tools can be at identifying changes in risk. In addition to the standard reporting requirements that community lending institutions have relied on to monitor the ongoing risk associated with a loan, the following indicators have come to the forefront during the pandemic as helpful early warning signs of potential problems: • Rent rolls that provide information on tenants and rents in commercial property can be extremely helpful in assessing the ongoing repayment capacity of the borrowers. They can be particularly useful during the first quarter of the year as a proxy for annual tax return reporting, which is frequently delayed by extensions of the filing date. • Verification of liquidity for borrowers or guarantors is considered a significant factor in the underwriting decision. • Use of Smith Travel Research, or “STR,” reports for hotel/motel borrowers monitors trends in occupancy, average daily rates, and competitive market position. • Site inspections verify property condition and occupancy, which also helps detect any potential deferred maintenance and needed capital expenditures. • Field audits verify accounts receivable and inventory for borrowing base lines of credit. Communication is key In light of the ongoing macroeconomic pandemicdriven challenges affecting commercial and agricultural enterprises, it’s critical for lenders to combine continued credit risk diligence with enhanced borrower communications. Financial institutions can get a much better understanding of changing risk profiles when they talk to borrowers on topics including: • Constraints on production or service delivery due to supply chain disruptions, such as a lack of raw materials, component parts, or labor; • Unexpected weather events such as hurricanes, floods, or wildfires that affect industrial output; • Inflation pressures affecting costs of production and the (in)ability to pass these increased costs on to end consumers; and • Crop insurance for agricultural production. It’s also important to remember that even when these challenges don’t apply directly to a specific borrower, they can still indirectly impact the supply chain or customer base that a borrower counts on. For instance, if a large customer of a borrower is affected by a natural disaster or a COVID-19 outbreak, that customer may be unable to purchase products as previously agreed. Don’t overlook the basics Lastly, it’s important for financial institutions to remember the following monitoring items that may have been put on the back burner while they were addressing the more immediate risks brought about by the pandemic: • Succession planning for small business or family-owned enterprises where management is concentrated in one or among a few key personnel; • Tax implications that could arise from the Build Back Better Act or other future legislation. These basic components of credit risk haven’t disappeared just because businesses have been struggling with more immediate day-to-day challenges of the pandemic. Without a doubt, the pandemic has touched just about every aspect of the business operations of our clients, and the lending area is no exception. It’s important your credit risk monitoring process relies on both time-tested and newly relevant tactics to help your credit management team remain vigilant in the pandemic landscape. WE MAKE IT EASY LET OUR TEAM HELP YOU SECURE THE DEAL AND LOWER YOUR RISK • UP TO 90% OVERALL FINANCING • UP TO 25 YEAR TERM • FIXED-RATE PREFERREDLENDINGPARTNERS.COM | 303.861.4100 Leveraged financing and refinancing of owner occupied real estate and long-term equipment. Most for-profit small businesses eligible. SBA defines businesses with net profit after tax <$5.0 Million and tangible net worth <$15.0 Million as small. July • August 2022 13
By Stephen J. Cosentino, CIPP and Perry L. Glantz Stinson, LLP Cyber Awareness: Decreasing the Cost of a Cybersecurity Attack www.coloradobankers.org 14
Class action plaintiffs have plenty of ammunition when pointing a finger at a company holding consumer data. An attack occurs, typically because of a security vulnerability and/or a novel method, and plaintiffs have a somewhat easy avenue to establish causation. For that reason, many companies and banks understandably focus their efforts on beefing up their information security policies and procedures. Pro-active banks and other companies wisely engage cybersecurity forensic consultants, procure quality cyber liability insurance, and ramp up their response plans to help establish reasonable precautions that can help counter causation arguments. However, with the rising number of data breaches in recent years exposing millions of consumer data records to potential identity thieves, the supply of consumer information – Social Security numbers, account numbers and other personal information – on the black market has exploded. That makes damages difficult to prove in data breach cases because of the high likelihood that the individual's personal data is out there somewhere. It was only a matter of time before creative damages theories would arise in these cases. In a recent decision, a federal district court certified a class in a case based upon a data breach in which a massive amount of personal identifiable information (PII) was stolen over the course of several years. One notable element of this class certification order is that it is founded, at least in part, on a novel theory of damages. This theory is based on the premise that the amounts charged by the Continued on page 16 July • August 2022 15
Engage in a data mapping exercise to have a full understanding of where all of your consumer personal information is stored and who has access to it. company that suffered the data breach would have had to have been reduced if the relevant market consumers were aware of the company’s failure to protect consumer data. In other words, if the market knew this company was subject to the ongoing data breach, it would have had to lower its prices in order to attract customers. Thus, the theory is that the members of the class should be able to recover these theoretical overcharges for payments they made to the defendant company during the ongoing data breach. This theory of damages allows for recovery without any evidence of the actual misuse of a consumer’s PII as a result of the data breach. The case in which this theory of damages has been accepted involves the price charged for hotel rooms; however, one can easily imagine how this might apply to other industries, e.g., airline ticket prices. With the high level of security involved in air travel today, a great deal of information most people consider very confidential is required to purchase a ticket on an airplane. If one airline made no promise to protect the PII collected from their customers, it would probably have to charge much less per ticket than a competitor using state-of-the-art data breach protections. Who would knowingly provide their confidential information to the clutches of the dark web? A similar analogy can be made in the banking industry. If it was known that a bank was subject to a data breach or a ransomware attack, arguably, even a complete waiver of fees charged for banking services would not keep customers at the bank while their confidential financial information – and maybe their money – is siphoned off. Could this theory of damages subject a bank that suffers a data breach to a complete disgorgement of fees collected from all of the customers impacted by the breach? As this theory of damages continues to play out in court, companies can take steps to minimize its viability. Experts in the cybersecurity field often start their presentations with the phrase “It is not if but when a cybersecurity incident will occur.” There is certainly some truth to that statement. Threat actors increasingly deploy sophisticated attacks that focus on weaknesses in both people and in systems. Making your bank 100% protected is nearly impossible; however, engaging in proactive measures consistent with best practices in the banking industry can go a long way to establish that data protection efforts are a significant part of the cost of doing business. With threat actors using more sophisticated phishing attacks and payment fraud schemes, it is important to provide ongoing cybersecurity awareness training to employees to counter new attacks. Employers should keep thorough records of your training and the amount of time and expense involved. Access controls, encryption, intrusion detection and vendor diligence should make up a significant part of the time and expense your bank contributes to its information security program. Access can be a difficult issue with employees working remotely and wanting the flexibility to use mobile devices. Each device presents an additional point of vulnerability, emphasizing the need for mobile device management, multi-factor authentication, technical measures preventing local storage and other controls. Encrypted data is usually an exception under data breach notification laws. Failing to encrypt data in transit and in storage makes for an easy argument by class action plaintiffs. While many banks have an internal information security team or use an information security vendor to monitor intrusions, sophisticated threat actors develop new attacks every day. Consider engaging a firm that also does cyber forensic investigations, as they will often have recommendations for the latest threat detection technology. Both regulators and plaintiffs' attorneys almost always make an issue of the amount of time it takes between the first indication of a security incident and notifications to consumers and regulators. Usually, there is a good reason for some of this delay: It takes time to investigate and determine whether a breach actually occurred and the scope of the incident. Samples of data from ransomware attackers and other threat actors are unreliable, resulting in significant time spent to determine what may have been exposed. However, there are many parts of this process Continued from page 15 www.coloradobankers.org 16
Denver | Fort Collins | Greeley WWW.CP2LAW.COM COAN, PAYTON & PAYNE, LLC PROVIDES A FULL RANGE OF LEGAL SERVICES TO THE BANKING INDUSTRY. R. Clay Bartlett G. Brent Coan Natalie Curry Amanda T. Huston Steven Mulligan Michael C. Payne Brett Payton Julie Trent Matthew L. Chudacoff that can be controlled and expedited by your bank. Have a cyber-forensic firm engaged and on retainer. Make sure you fully understand your insurance coverage and how to quickly invoke it. Engage other vendors, like notice services and call center services, ahead of time to make the notice process more expedient. Hire a PR firm to help get ahead of messaging. Engage in a data mapping exercise to have a full understanding of where all of your consumer personal information is stored and who has access to it. Conduct run-throughs of your cyber incident response plan to ensure that it can be quickly invoked and followed. Finally, with this new theory of damages gaining steam, it may make sense to address it in your customer contracts. Have your customers acknowledge that while the bank is committed to protecting your personal information, and goes to great expense to do so, no information is 100% secure. Data breaches are inevitable, but with a solid prevention program and good documentation on all of the internal and external costs of your program, you will have a much better defense that the ticket was worth the price of admission. Stephen J. Cosentino, CIPP, is a partner at Stinson LLP in the firm's Kansas City office. He may be reached at steve.cosentino@stinson.com. Perry L. Glantz is a partner at Stinson LLP in the firm's Denver office. He may be reached at perry.glantz@stinson.com. To advertise in this magazine, contact us today. 801.676.9722 | 855.747.4003 thenewslinkgroup.org sales@thenewslinkgroup.com It’s your time to grow. July • August 2022 17
By Rob Blackwell Chief Content Officer IntraFi Network The end of the great deposit flood may soon be nigh. Since the pandemic, banks have been saturated with liquidity due to a flight to safety and government stimulus. In December 2019, just before the pandemic started, total commercial bank deposits were roughly $13.3 trillion. Within a few months, by May 2020, they had jumped 16% to $15.4 trillion. By April 2022, they were over $18 trillion. While initially beneficial, the influx of deposits is proof of the adage that you really can have too much of a good thing. Banks have been awash in liquidity without much loan demand to deploy it. But with the Federal Reserve raising rates and rate-sensitive customers beginning to pull their deposits, bankers are wondering how sticky those customers — and deposits — will be. Combined with geopolitical events and the fact that the pandemic remains ongoing, the future is uncertain. So what should banks be doing now, and how can they best prepare no matter what happens next? On our podcast, Banking with Interest, we sat down with Scott Hildenbrand, chief balance sheet strategist at Piper Sandler, to find out the answers to those questions. Following is our conversation, edited for length and clarity: The Fed raised rates by 50 basis points at the last meeting and signaled it could keep moving aggressively until inflation is under control. How do you see things playing out? The bond market appears to be pricing in 10 to 12 rate hikes over the next couple of years, though I doubt we’ll get that many. Bank loan activity is a signal for growth in the economy and loan-to-deposit ratios are hovering near all-time lows. I’m more concerned with how quickly rates increase. There are 50-bps hikes priced into each of the next two meetings, and it will be interesting to see what that does to banks’ balance sheets. What's going to be the impact on deposit betas as rates rise? And does the size of the bank matter? I think it does. Big banks rely less on spread, so I doubt they’ll have to change deposit rates much. But smaller banks do rely — heavily — on spread business. Those institutions will probably feel some pressure over the next six to 12 months. But even they have some time. How Banks Should ‘Weaponize’ Their Balance Sheets: A Q&A with Piper Sandler’s Scott Hildenbrand www.coloradobankers.org 18
That said, I don’t believe cost of funds is driven by the Fed. It’s driven by the LTD ratios of a bank’s main competitors. It’s all supply and demand. But right now, banks are artificially large, so regardless of what their competitors do, they might just let their balance sheets shrink to a more normal size, with better capital levels. How sticky will all this liquidity be? It’s hard to say. The deposit landscape has changed, so we can't make assumptions based on historical trends. But depositors are starting to realize that they’re losing money by letting it sit in a bank while inflation spikes and rates head north. They want to know what they can earn from their banks. I’m actually less concerned with depositors running out the door than I am with them shifting from non-interest DDAs into some form of money market account. If deposits leave, should banks focus on increasing their deposit base or locking in wholesale funding? Both. I’m a huge advocate of wholesale funding as a tool to manage interest rate risk, grow earnings, and invest back into the institution. It should be in every bank’s playbook. It also enables banks to determine which part of the curve to be on without bothering their customers. In a highly unpredictable world, it’s something banks can control relatively easily? Yes, and that uncertainty is why I’m also a little bit bullish on buying bonds right now. There could be a ton of rate hikes over the next 24 months, and beyond that, the yield curve is basically flat. A lot of bankers aren’t concerned about higher rates in two years. They’re actually concerned that rates could drop, and we have a recession. I’d argue that banks should be buying bonds. Earning a little less now and taking on a little more interest rate risk might be a tough sell to their boards, but when you think about the lack of loan demand, it makes sense. What other advice would you give banks? It’s all about weaponizing your balance sheet. Banks should focus on answering three questions: What hurts? What helps? And what are we going to do about it? That’s the best way to fight market volatility. ALCO members should start by understanding which parts of the yield curve matter most to their institutions. This will enable them to reduce exposure where necessary and design strategies around smaller moves in the shape of the curve that are more actionable. They should already know what they’re going to do with every 10-to-15 basispoint flatter or steeper, so when the time comes, all they have to do is execute. They don’t need to write a memo or assemble a special committee to watch rates. Too many banks are reactive — they wait for rates to go higher, then add insurance to hedge against rising rates. There are a lot of behaviors banks can stop, too: They should stop treating all risk as interest rate risk (yield curve risk is far more important), stop treating ALCO meetings like a dentist appointment to get through as quickly and painlessly as possible, stop looking backward and start looking forward. What are the best- and worst-case scenarios for the industry? Best-case scenario is loan demand picking up. Some spread widening in lending would be great, because banks have time before deposit costs go up. Banks could make a lot of money with loan growth and higher interest rates on the short end of the curve. Worst-case scenario is the Fed hikes rates a bunch of times, LTD ratios stay where they are, and we get stuck in a world of stagflation, where things look a lot like they have over the past ten years. I’m concerned that we’ve seen the belly of the yield curve up over 100 basis points in a short period, and most banks don’t have the loan demand to capture that full interest rate move. So, we’re likely going to have a slight correction on credit. In the meantime, there are no more PPP fees coming through the door. Add it all up and it could be a tough year — even with the rate increases. It’s all about weaponizing your balance sheet. Banks should focus on answering three questions: What hurts? What helps? And what are we going to do about it? That’s the best way to fight market volatility. July • August 2022 19
By Brian Scott Chief Growth Officer Primax Driving an Optimal Payments Experience When it comes to payments processing providers, banks don’t always know they have options outside their core processor. There are many innovative payments fintech providers that can offer more capabilities than a core processor – which means banks could be missing out on available features and benefits that could give them an edge with their cardholders. By partnering with providers who can offer a full suite of robust features – not just core processing services – the cardholder experience could improve significantly, driving further retention of your customers seeking these capabilities with their payments experience. This will also help to ensure you’re getting the most value for your investment. When considering the best payments processor for your bank, it’s important to look for top-of-the-line payments processing – as well as these seven capabilities that can help drive an optimal experience for your customers. 1. Integration enhances the user experience. An innovative partner will be able to collaborate with your IT team to ensure a seamless cardholder experience. Partners should look to build a relationship with core system providers to eliminate inefficiencies and streamline support services. Additionally, coordinating with technology partners, digital platform development teams and APIs will help provide the driving force for innovative changes, ultimately lowering operational costs and enhancing customer experiences. 2. Digital capabilities with user-centric framework. When it comes to mobile and online banking platforms, users want and expect personalization, flexibility and comprehensive card management tools. Features like alerts and controls, digital issuance, www.coloradobankers.org 20
When it comes to mobile and online banking platforms, users want and expect personalization, flexibility and comprehensive card management tools. card credentials access and mobile wallet support can make a payments provider stand out. Users expect to be able to access their information through their channel of choice, so cross-platform integration, parity between experiences and a robust administrative tool are imperative to provide users the seamless experience they now demand. 3. Increased automation to improve efficiency. Accessing customer debit and credit card account data doesn’t have to be a headache for your front-line staff. Look for a partner who can offer single-point, realtime access to your cardholder data, minimizing the need for staff to reference multiple systems and data repositories. This lowers service costs, increases backoffice efficiency and raises cardholder satisfaction. 4. Essential fraud and risk mitigation capabilities. Balancing fraud management and a positive customer experience can be challenging for financial institutions, especially when the tactics being used by hackers are growing increasingly more sophisticated every day. As fraud attempts become more refined, so must risk mitigation tactics. Partnering with a payments processor that can offer enhanced fraud services and provide customized risk management strategies can help ensure your customers and your bank stay safe and protected. Innovative payments providers have found ways to integrate data from every transaction, interaction and event to predict and prevent customer fraud while expertly recovering any losses. 5. Data and analytics offer actionable insights. Data management requires more than just collecting information on cardholders. A robust data and analytics program requires analysis and interpretation of your data to better understand customer behavior and identify actionable insights, delivering highlypersonalized experiences and comprehensive data protection. Detailed reporting can help provide a deeper understanding of customer behavior and identify growth opportunities, while predictive analytics can provide best-in-class scoring models that uncover key insights to guide precise and informed decisions. 6. Contact center with a multi-channel approach. Your bank’s contact center is often the hub of your communications, support services and fraud protection services. Having a partner to help you deliver the highest level of service through your contact center can improve customer experiences, prevent fraud losses and increase your revenue. Fintech payments partners can integrate with your core processor to create a seamless extension of your bank’s unique brand for both card support and account services across multiple channels and platforms. 7. Ability to elevate your business growth potential. The hallmark of a great partner is not just in its ability to provide exceptional products and services, but also to be a trusted advisor, ready to help you elevate your business growth potential. This can be done by leveraging resources such as data scientists to help you understand and use cardholder data, marketing experts to help execute growth marketing campaigns and strategic consultants to help with product optimization and to identify areas of high growth potential, such as commercial card portfolios. With banks now realizing that it’s no longer enough to only provide the bare minimum in payments processing, finding a partner who can offer a comprehensive suite of products and solutions has never been more important. Ensuring that you’re giving your customers the best possible user experience – while driving full-service solutions – will ultimately help you retain your existing customer base while paving the way for future growth. Brian Scott partners with industry leaders in payments and community financial institutions to create competitive payments programs, helping financial institutions position themselves competitively in their own communities and maintain profitability throughout their payments programs. Brian spent 23 years in the highly competitive consumer payments marketplace and is a recognized leader in payments solutions and innovative technologies. He is a frequent speaker on the future of payments, new payments trends, mobile banking, alternative payments, and how new payments technologies will transform the current banking space. July • August 2022 21
By Russ Mabry Senior Consultant Moran Construction Consultants Mitigating CRE Risk in a Volatile Market With the ever-growing concern of rising construction costs, it is imperative to understand what’s happening in the market, the impact it can have on your next deal and how to mitigate the risk. According to a recent analysis by the Associated General Contractors of America, construction material costs have increased by 20% year-over-year from January 2021 to January 2022. This is the largest recorded material cost increase since 1970. Due to recent geopolitical events, persistent demand and the continuing supply chain issues, the trend of inflation and rising construction costs are projected to continue for the foreseeable future. In this time of uncertainty, it is more important than ever to properly structure CRE transactions with a focus on industry best practices and risk mitigation to move deals forward. Rising Costs & Price Volatility Since the start of the pandemic, a multitude of factors have been attributed to the material cost increases the industry is experiencing today. To better understand how to identify and mitigate this risk, let’s look at some of the main contributing factors: • Inflation: Costs for construction materials, like most other goods today, continue to rise. Take lumber for example: over the past year, lumber experienced record highs followed by sharp drops; however, www.coloradobankers.org 22
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy MTU2Mjk4Mw==