AI-DRIVEN ELDER FRAUD Deepfakes: The Newest Threat 2025 • Issue 6 Your Board’s Cybersecurity Oversight Probably Isn’t Good Enough Embracing Innovation Banking Digital Assets Beyond GENIUS
40 YEARS STRONG Four Decades of Growth, Innovation, and Customer Commitment MIB proudly reflects on four decades of commitment to our customers and the communities they serve. Since its founding, MIB has focused on empowering community banks with innovative financial solutions, reliable support, and a steadfast dedication to their growth and success. As we look to the future, MIB is excited to continue increasing services and fostering strong, collaborative relationships. MEMBER FDIC Lending Services Operational Services Audit Services 40 years 800-347-4MIB mibanc.com * Audit Services are offered thru MIB Banc Services, LLC, a subsidiary of our holding company.
6 ©2025 Nebraska Independent Community Bankers (NICB) | The newsLINK Group LLC. All rights reserved. The Nebraska Independent Banker is published six times per year by The newsLINK Group LLC for NICB and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of NICB, its board of directors or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. The Nebraska Independent Banker is a collective work, and as such, some articles are submitted by authors who are independent of NICB. While a first-print policy is encouraged, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at (855) 747-4003. Nebraska Independent Community Bankers 1201 Lincoln Mall, Ste. 103 Lincoln, NE 68508 (402) 474-4662 nicbonline.com The Nebraska Independent Banker is a publication of The Nebraska Independent Community Bankers Association. 2025 • Issue 6 Take a Look INSIDE 11 20 NICB Executive Committee CHAIRMAN Jim Niemeier Citizens State Bank Friend PRESIDENT/CEO Dexter Schrodt SECRETARY Kelly Lenners First State Bank Nebraska Pickrell TREASURER Arnold Lowell CerescoBank Ceresco IMMEDIATE PAST CHAIRMAN Rick Heckenlively Points West Community Bank Sidney PRESIDENT’S MESSAGE 4 Closing the Year with Purpose and Momentum By Dexter Schrodt, President and CEO, NICB FLOURISH 6 Rising Concerns Over National Bank Trust Charters By Rebeca Romero Rainey, President and CEO, ICBA PORTFOLIO MANAGEMENT 8 Making a List, Checking It Twice Year-End Is Approaching. Here Are Some Seasonal Reminders. By Jim Reber, CPA, CFA, President and CEO, ICBA Securities 11 AI-Driven Elder Fraud Deepfakes: The Newest Threat By Terri Luttrell, CAMS‑Audit, CFCS, Compliance and Engagement Director, Abrigo 14 Your Board’s Cybersecurity Oversight Probably Isn’t Good Enough By Steve Sanders, Chief Risk Officer and Chief Information Security Officer, CSI 17 The Future of AI in Banking Exploring Opportunities and Overcoming Challenges By Patrick Murphy, President, RESULTS Technology 20 Embracing Innovation Banking Digital Assets Beyond GENIUS By Kirstin D. Kanski and Alex R. Schoephoerster, Spencer Fane LLP 24 Choosing the Right Retirement Plan for Your Small Business SEP, SIMPLE, or Individual (k)? By Jodie Norquist, CIP, CHSP, Ascensus 26 NICB Endorsed Partners 26 Associate Members 2025 27 Banker Showcase We Want to Feature You in Our Next Issue of The Nebraska Independent Banker! NEBRASKA INDEPENDENT BANKER 3
CLOSING THE YEAR WITH PURPOSE AND MOMENTUM By DEXTER SCHRODT President and CEO, NICB PRESIDENT’S MESSAGE As we approach the close of 2025, I am filled with gratitude and pride for what we have accomplished together. This season is a time for reflection, celebration, and anticipation; a chance to honor the progress we’ve made and to look forward with confidence to the opportunities ahead. This year, community banks have continued to demonstrate why they are the backbone of local economies. In the face of economic uncertainty, regulatory changes, and rapid technological evolution, you have shown resilience and adaptability. You’ve proven that even in challenging times, our mission to serve our customers and strengthen our communities remains unwavering. Every loan approved for a small business, every conversation that helped a family achieve its financial goals, and every investment in local growth — these are not just transactions; they are stories of impact. They are the reason community banking matters. And they are the reason we celebrate today. Our association exists to amplify your voice and support your success. This year, we have worked tirelessly to advocate for policies that protect the unique role of community banks. We’ve expanded educational programs and provided resources to help you navigate an increasingly complex financial landscape. The results speak volumes: stronger relationships, smarter strategies, and 4 NEBRASKA INDEPENDENT BANKER
a renewed sense of purpose. Together, we have not only weathered the storms but also seized opportunities to innovate and grow. That is worth celebrating. As we turn the page to a new year, let’s carry forward the momentum we’ve built. The challenges of tomorrow will require creativity, collaboration, and courage, but I am confident that we are ready. Here are a few priorities that will guide our work in the coming year: • Advocacy with Impact: We will continue to champion fair and balanced regulation that empowers community banks to thrive. • Innovation with Integrity: Technology is transforming banking, and we will help you adopt solutions that enhance efficiency without compromising the personal touch that defines our industry. • Education and Leadership: Our commitment to professional development remains strong. Expect new programs designed to equip leaders at every level with the tools they need to succeed. • Community Engagement: We will deepen our efforts to showcase the vital role community banks play in local prosperity, because your story deserves to be told. The holiday season reminds us of what truly matters: relationships, trust, and shared purpose. As you gather with family and friends, I encourage you to take pride in the work you’ve done. You have strengthened communities, supported dreams, and built a legacy of service that will endure for generations. From all of us at NICB, thank you for your dedication, your leadership, and your unwavering commitment to the values that make community banking extraordinary. May your holidays be filled with peace, joy, and the warmth of those you hold dear. Here’s to a bright, prosperous, and purpose-driven 2026. Together, we will continue to make a difference: one customer, one community, one success story at a time. From all of us at NICB, thank you for your dedication, your leadership, and your unwavering commitment to the values that make community banking extraordinary. NEBRASKA INDEPENDENT BANKER 5
FLOURISH RISING CONCERNS OVER NATIONAL BANK TRUST CHARTERS Over the past few years, we’ve witnessed an alarming upsurge in the number of nonbank financial technology firms applying for national bank trust charters. We can track this trend back to a shift in policy in 2021 (Interpretive Letter #1176) in which the Office of the Comptroller of the Currency (OCC) reinterpreted the trust charter to eliminate its exclusive focus on fiduciary activities and redefined it to create an opening for digital asset firms to apply. By REBECA ROMERO RAINEY, President and CEO, ICBA 6 NEBRASKA INDEPENDENT BANKER
Where I’ll Be This Month I’ll be meeting with the Council of Community Bank State Association executives, engaging and collaborating with the Bankers Bank Council and speaking at the Ole Miss Business 2025 Banking & Finance Symposium There are many fundamental issues with this interpretation, including: 1. Safety and Soundness Concerns: The digital asset providers applying for this charter bring unique risks that require sufficient supervisory and regulatory safeguards. Trust banks are not required to meet the same kinds of regulatory and capital standards that apply to federally insured full-service banks. Granting carte blanche to these higher-risk entities also exposes the banking system to deposit drainage and increased fraud. 2. Policy Inconsistency and Risk: The charter was designed for one purpose: conventional trust companies providing custodial services for trust beneficiaries. Opening up access to digital asset firms does not align with that intent or statutory parameters. That lack of policy consistency creates risks in the banking sector. 3. Unfair Competitive Market: Nonbank financial technology firms are using these charters to circumvent traditional regulatory requirements. The charters allow these firms to function like banks but without the regulations that are required of banks. This creates an uneven and risky playing field. ICBA has called on the OCC to rescind Interpretive Letter #1176 and undertake a formal rulemaking on the national trust charter to clarify its scope and alignment with congressional intent. We are also continuing to comment on individual applications as they come through; engaging repeatedly with the OCC to voice concerns; and providing education through media interviews, press releases, blog posts and more to keep a focus on this alarming trend. We need your help, too. Stay engaged on this topic. Comment on applications and remain aware of emerging issues. Educate your legislators. Armed with knowledge, we’ll be better able to respond. It will take our unified voices for this issue to be addressed. Fortunately, when it comes to advocating for the safety and soundness of our banking system, community bankers always rise to the challenge. NEBRASKA INDEPENDENT BANKER 7
PORTFOLIO MANAGEMENT MAKING A LIST, CHECKING IT TWICE By JIM REBER, CPA, CFA, President and CEO, ICBA Securities Since we started seeing Halloween decorations in August, I felt it was high time we started thinking about the holiday season. More specifically, as it relates to community banking. And still more specifically, about a checklist for the balance sheet. There are some seasonal items that bear attention prior to, and immediately after, year-end. So let’s take a look at what may be on the radar for the fourth quarter. Gain/Loss Harvesting I have the same access to industry-wide bank performance reports that any of you do, and I also make it a point to ask bankers how their years are going while traveling the country. The numbers and the commentary have been in sync this year, which isn’t always the case. It sure looks like 2025 is going to conclude favorably for community banks in general. By extension, that means a lot of you are going to be ahead of budget. That happy dynamic will naturally lead management teams to consider options for fine-tuning their earnings. There are some current variables that give bankers a lot of flexibility in timing their income recognition. For example, the average bond portfolio has a market loss of about 5%, which is the lowest percentage since March 2022. This means that some individual positions have gains, and some have losses. So there are probably some combinations of sale candidates that can produce the desired amount of realized income/loss. A friendly reminder: If your bank is looking for gains, make sure they are not from tax-free bonds. This brings up a related activity … Year-End Is Approaching. Here Are Some Seasonal Reminders. 8 NEBRASKA INDEPENDENT BANKER
SBA Secondary Market The Small Business Administration’s (SBA) flagship 7(a) program set a record of $37 billion of closed loans in fiscal 2025. This means more banks have more SBA products in their loan portfolios than ever, and the guaranteed portions (usually 75%) are probably the most liquid loans on a bank’s balance sheet. They can quickly be sold to one of the consortium of SBA poolers at substantial gains. Because the guarantees are always going to demand a premium in the secondary market (due to their full-faith-and-credit status and floating rate structure), many sellers will wait until the fourth quarter to sell, when the bank’s annual earnings are coming into focus. Inside scoop: The poolers are usually besieged with bid lists as the last quarter progresses, so most reduce their bids to smooth out their purchase commitments. Some years, it takes until February for market indigestion to subside. So the suggestion here is to sell your 7(a) loans as they’re closed to more efficiently capture the gains. Don’t wait until December. Risk Management Bankers know intuitively that best practices for risk management include regular assessment of projected cash flows, collateral positions, alternative funding sources and contingency funding plans. What may have changed in the last six months is the increased possibility of a lower interest rate environment for next year. Depending on a given bank’s asset/liability posture and its bond holdings, it could mean additional, and perhaps unwelcome, cash flows. A silver lining is that the average bank now owns its bonds at an average price slightly below par (99.86), so prepayments and calls should have little immediate impact on yields. There have been times in this decade when the average book price was nearly 103.00. Housekeeping Also, the ever-popular policy reviews are coming up on the tickler file. Examiners are wont to ask how recently your troika of policies (i.e., investment, interest rate risk and liquidity) has been updated. Lately, the liquidity policy has gotten a lot of scrutiny, as community bankers have told me. The good news is that there has been no significant literature from the regulators this year that would require a major rewrite. Your brokers and/or A/L modelers should be able to provide some templates, guidance and assistance if necessary. While you’re getting your board of directors to sign off on updated policies, management should ensure these items are fully documented: • Approved broker-dealers • Full list of vendors (with SOC-2 audits if applicable) • Director onboarding and continuing education • Minutes of committee and full board meetings • Execution of risk management strategies, such as interest rate swaps or loan sales • Rationale for, and economics of, bond swaps, with back testing if appropriate There you have an end-of-year checklist, just in case you’ve forgotten or run out of to-dos. Again, thanks to the favorable economic backdrop for most regions of the country this year and the careful stewardship by most community bank management teams, there don’t seem to be any dumpster fires to fight this year. I will update this column with some ideas on how to launch a successful 2026 as soon as I start seeing Easter decorations. Happy holidays! Jim Reber (jreber@icbasecurities.com) is president and CEO of ICBA Securities, ICBA’s institutional, fixed-income broker-dealer for community banks. NEBRASKA INDEPENDENT BANKER 9
| Bank Stock Loans | Loan Participations | ATM/Debit | International Services | | Cash Management | Securities Safekeeping | Merchant Services | 800-873-4722 | NE: 888-467-5544 | www.bbwest.com Where community banks bank Est. 1980 – 45 years of service to community banks “As a service provider exclusively focused on community banks, Bankers’ Bank of the West is here to help strengthen our clients and the communities they serve.” Across the western states and Great Plains, we’re the place where community banks bank. That’s because we provide the services, technology, and expertise to help you extend your resources, deliver for your customers, and stand out in your market. 5 reasons to partner with us BBW - President and CEO - Bill Mitchell 1. You can unlock efficiencies and cost savings. We can provide sophisticated solutions and economies of scale because we’re powered by hundreds of community banks across our region. 5. Our priorities are aligned with yours. 2. You can expand your capabilities. 4. We’ll never compete for your customers. 3. You can count on prompt, reliable service. • Independent loan review • Loan and credit administration consultation • Strategic planning facilitation • Management, staffing, & succession planning • Acquisition & expansion • BSA/AML compliance • Regulatory risk consultation President, Jim Swanson President, Anne Benigsen • Consulting • Phishing Tests • Vulnerability Management • Security Monitoring Cyber/information security, strategic planning, independent loan review, AND MORE. Consulting Services $ 8.45B assets under management $ 1.9B daily transaction value processed/settled Serving more than 60% of community banks across 7 states
As artificial intelligence (AI) continues to advance, fraudsters are leveraging these tools to exploit one of the most vulnerable groups in our communities, older adults. According to the FBI’s Internet Crime Complaint Center (IC3) data, there were $4.88 billion in losses from seniors in 2024. These numbers continue to trend upwards, and the rise of AI-driven elder fraud presents new risks to victims and financial institutions. AI-driven elder fraud involves scams that use artificial intelligence to make attacks against older adults more convincing, harder to detect and easier to carry out on a large scale. The increased threat requires both awareness and proactive mitigation by banks and credit unions to protect clients and maintain trust in their communities. The Evolving Tactics Behind Elder Financial Exploitation Historically, seniors have fallen victim to fraud schemes such as phishing, romance scams and complex investment schemes. Today’s fraudsters are taking scams to a new level by using generative AI tools — such as deepfakes and voice cloning — to impersonate loved ones and create compelling, urgent scenarios. A deepfake is a video, photo or audio recording that seems real but has been manipulated with AI. Perpetrators often extract voices from social media videos or manipulate photos to craft believable messages. These AI-powered deceptions can lead to hurried decisions by victims, resulting in panicked wire transfers, large cash withdrawals or the sharing of sensitive account credentials. In an example of an AI-enhanced grandparent scam, a fraudster might scan public social media profiles to learn a grandchild’s name, see that they are vacationing abroad and note that they call their grandparent “Nana.” Using a voice-cloning tool and this easily accessible personal information, the scammer can generate a frightened phone call from the “grandchild” claiming to be in legal trouble and urgently needing bail money. The voice’s Deepfakes: The Newest Threat AI-Driven ELDER FRAUD By TERRI LUTTRELL, CAMS‑Audit, CFCS, Compliance and Engagement Director, Abrigo NEBRASKA INDEPENDENT BANKER 11
realism and details make it alarmingly easy to convince the victim to send funds immediately, without stopping to verify the story. The nature of AI-driven elder fraud has made it more difficult to detect using traditional red flags. What once might have seemed suspicious can now appear legitimate, making staff training and innovative detection systems even more essential. What Financial Institutions Can Do Now Banks and credit unions are uniquely positioned to safeguard older adults through technology and personalized service. Here are some key actions institutions can take to prevent their clients from becoming victims: • Employ Robust Fraud Detection Software: Enhance fraud monitoring systems to flag unusual activity on accounts held by older adults, typically aged 60 and above. Use tailored parameters to detect anomalies like sudden large wire transfers, frequent ATM withdrawals or new payees that do not align with the client’s typical behavior. These targeted settings improve your institution’s ability to catch early signs of AI-driven elder fraud and take timely action. • Train Employees To Recognize New Scams: Equip front-line staff and fraud teams with practical training to identify signs of AI-driven elder fraud. These signs can include clients who appear anxious, confused or unusually secretive during large transactions, or those referencing family emergencies with limited or inconsistent details. Staff should know how to respond empathetically, ask clarifying questions and escalate concerns when needed. Regular training helps teams stay alert to evolving scam tactics and reinforces a culture of prevention. • Clarify Communication Protocols: Remind clients, especially seniors, that your institution will never request sensitive information like passwords or social security numbers by phone, email or text. Understanding communication methods is critical as AI-driven scams increasingly use cloned voices and urgent messages to pressure victims. Make it clear that legitimate staff will not use threats or demand immediate action. Encourage clients to hang up, verify requests by calling a published number and ask questions. Reinforcing this message during visits, alerts and outreach helps build confidence and reduce the risk of fraud. • Build Trust Through Relationships: Strong relationships with long-time clients are key to spotting and preventing fraud. Encourage staff to visit clients when something feels off, using a conversational tone to avoid alarming or upsetting the client. For example, saying, “That’s a larger transaction than usual. Is everything okay?” can open the door for a helpful discussion. Building trust before issues arise makes it easier to address concerns if signs of elder fraud appear later. Understanding Regulatory Expectations Financial institutions are expected to play a central role in identifying and reporting elder financial abuse. With AI-driven elder fraud rising, examiners and enforcement agencies may scrutinize how effectively institutions adapt to emerging typologies. The Financial Crimes Enforcement Network (FinCEN) has named fraud one of its national AML/CFT priorities, emphasizing the importance of proactive detection and reporting. Filing a suspicious activity report (SAR) is just one component; maintaining a culture of vigilance and continuous training is equally critical. Institutions integrating fraud detection with anti-money laundering (AML) processes are better positioned to respond quickly to evolving threats. AI and machine learning can enhance monitoring by identifying unusual behavioral patterns that are common in modern fraud cases. While operational functions may remain separate, collaboration between fraud and AML teams is essential. Working in silos is no longer effective in detecting complex, AI-driven fraudulent activity. Community Education Can Prevent Losses Technology is essential, but it is not the only solution. Many cases of AI-driven elder fraud can be avoided through targeted education and outreach. Consider hosting in-person fraud awareness sessions at senior centers, places of worship or branch locations, where trusted staff can explain how fraudsters use AI to manipulate voices, images and personal information. Partnering with local organizations or law enforcement can add credibility and help reach broader audiences. Institutions can also distribute printed guides or quick-reference tip sheets that walk through common scam scenarios, what to look out for and how to respond. Posting short educational videos on your website or sharing alerts through account notifications and email campaigns reinforces these lessons and helps keep seniors informed between visits. A consistent focus on community education builds trust and positions your institution as a proactive ally in fraud prevention. As fraud tactics evolve with AI, so must the strategies used to stop them. 12 NEBRASKA INDEPENDENT BANKER
Practical Tips To Share with Clients Educating seniors with simple, actionable steps can go a long way in preventing AI-driven elder fraud. Consider sharing the following guidance during outreach efforts or in printed materials at branches: • Confirm Unexpected Requests: If someone claims to be a relative in trouble or a representative from the bank, urge clients to hang up and call back using a known, trusted number, never the one provided in the message or call. • Be Cautious With Links and Urgent Messages: Remind clients not to click on links, download attachments or send money based on a single phone call, text or video, even if the message appears to come from a loved one. AI tools can make fake messages seem personal and convincing. • Enable Account Alerts: Encourage seniors to set up text or email alerts for large transactions or unusual activity. These real-time notifications can provide an early warning and allow for quick intervention. • Review Account Activity Regularly: Suggest checking account statements frequently or enrolling a trusted family member to help monitor for suspicious transactions. Sharing these tips in clear, non-technical language can empower clients to act confidently and avoid becoming victims of increasingly sophisticated fraud attempts. Protecting Seniors in the Age of AI As fraud tactics evolve with AI, so must the strategies used to stop them. Financial institutions have a unique opportunity, and responsibility, to protect older clients through education, collaboration and well-equipped fraud detection programs. By combining personal relationships with innovative technology and ongoing awareness efforts, banks and credit unions can serve as a first line of defense against AI-driven elder fraud. Staying informed and proactive today means safeguarding trust and financial well-being for the seniors who rely on you tomorrow. Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. 800.228.2581 MHM.INC Now more than ever people want self-service options. With our core integrated ITMs we can make this a reality both in the lobby and in the drive-up of your branch. SELF-SERVICE BANKING NEBRASKA INDEPENDENT BANKER 13
YOUR BOARD’S CYBERSECURITY OVERSIGHT PROBABLY ISN’T GOOD ENOUGH Most bank boards struggle with cybersecurity oversight because they don’t know what questions to ask, how to interpret the answers or whether their security measures are actually working. Directors may approve cybersecurity budgets without understanding if those investments actually reduce risk, or they may review incident reports without grasping whether response times meet industry standards. They can describe their cybersecurity framework but often can’t explain what their institution does with the results. The challenge is compounded further when cybersecurity is presented as a jargon-filled IT issue rather than the business-critical risk it represents, creating a dangerous gap between regulatory expectations and board-level understanding that leaves institutions vulnerable not just to cyber threats but to regulatory scrutiny. Whether you’re a director seeking to understand what your institution’s NIST Cybersecurity Framework (CSF) or ISO framework results actually mean for your risk profile or an executive preparing risk dashboards, security briefings and incident reports for your board, the ultimate risk assessment strategy is to provide practical approaches that close the cybersecurity literacy gap. Board cybersecurity literacy doesn’t mean directors must become technical experts. But it does require structured questioning, clear reporting that translates technical risks into business impact and honest assessment of organizational maturity. By STEVE SANDERS Chief Risk Officer and Chief Information Security Officer, CSI 14 NEBRASKA INDEPENDENT BANKER
The Framework Transition Challenge The Aug. 31, 2025, sunset of the FFIEC Cybersecurity Assessment Tool (CAT) forces smaller institutions to adopt more complex frameworks. The leap isn’t incremental … it’s substantial. But the transition is long overdue; many mature organizations should have already moved beyond the CAT’s simplified approach to adopt more comprehensive frameworks. The CAT provided a simple rating system that scored your cybersecurity maturity from one to five across different domains like cyber risk management, controls and threat intelligence. The NIST CSF requires significantly more work: comprehensive risk assessments across five core functions, detailed control documentation and ongoing measurement of outcomes rather than simple numerical ratings. That makes it less user-friendly for small banks, but risk assessment should never be contingent on how easy it is to complete. Community banks also face a severe shortage of qualified cybersecurity professionals. This isn’t just an inconvenience; it’s a fundamental challenge that boards must address strategically. Smaller organizations may need to spend money bringing in external expertise to complete assessments. That’s not a sign of weakness. It’s a recognition that resource constraints make professional oversight frameworks even more critical. These knowledge gaps among bank boards are prominent. A director once told me their institution scored well on their cybersecurity assessment, but when I asked what specific improvements resulted from those findings, they couldn’t answer. That disconnect between completing an exercise and achieving real security maturity represents exactly what needs to be addressed to develop real cybersecurity preparedness. Five Essential Board Responsibilities Directors don’t need to understand the technical details of firewalls or encryption. But they do need to fulfill five essential oversight responsibilities: 1. Understand Your Security Posture Board members should ask management to explain the cybersecurity framework in plain English, request summaries of the security posture — both strengths and weaknesses — and understand the top five security improvement priorities for the coming year with specific, measurable goals. For executives preparing these briefings, present framework results as a narrative, not a checklist. Translate technical findings into business risks with a clear improvement roadmap. Your directors can’t provide effective oversight if they can’t understand what you’re telling them. 2. Ask the Right Questions The questions directors ask matter more than whether they understand every technical answer. Focus on these: How do we compare to peer institutions? What is the business impact associated with our three highest-rated risks? How do we validate that our controls are actually working? That last question is particularly important. Too many institutions assume that because they implemented a control, it must be working. Executives should come prepared with peer benchmarking data. Quantify risk in dollars and customer impact, not technical metrics. Include validation results, not just implementation status. 3. Set Clear Expectations Directors need to define the institution’s acceptable risk tolerance for different types of threats, establish a reporting The Uncomfortable Truth About Board Cybersecurity Literacy Here’s what I’ve observed after years of working with bank boards: Most of them generally don’t meet expectations when it comes to cybersecurity oversight. That’s not an indictment of their dedication or intelligence. It’s simply a recognition that cybersecurity has evolved faster than board education. Many directors can tell you which framework their institution uses — whether it’s the NIST CSF, ISO standards or something else. But when you dig deeper and ask what they’re actually doing with that framework, you often get blank stares. Completing an assessment means nothing if you can’t articulate what you learned from it and what you’re doing to improve. The critical question isn’t “Did we complete our assessment?” It’s “What have we done with the results?” NEBRASKA INDEPENDENT BANKER 15
cadence and format that enables informed decisions and insist on explanations in business terms, not technical jargon. If you can’t understand what you’re being told, you can’t provide effective oversight. Executives should ask the board to define their risk appetite explicitly. Propose a reporting rhythm that balances staying informed without overwhelming directors. Test materials on non-technical colleagues first. 4. Evaluate Resource Allocation The board should review whether the cybersecurity budget matches the institution’s stated risk appetite. You can’t credibly tell regulators and customers that security is a priority while underinvesting in it. When spending doesn’t match stated priorities, it’s only a matter of time before that gap is exploited. Executives should show budget trends and compare spending to peer institutions and industry benchmarks. Be transparent about skills gaps. If bringing in outside expertise for assessments, explain why that’s a strength. Present how security investment connects dollars spent to risks mitigated. 5. Assess True Security Maturity Directors shouldn’t accept “we completed the assessment” as proof of security. Ask what management has done with the framework results to strengthen security. Most importantly, evaluate whether security is treated as a strategic advantage or just a compliance checkbox. For executives, lead with outcomes, not activities. Show how framework findings drove specific improvements. Demonstrate measurable progress year over year. Make the strategic case for security as a competitive differentiator, not just regulatory obligation. Putting It Into Practice Consider developing a one-page dashboard that answers the questions boards really need to know: “What are our top three risks? What are we doing about them? How do we compare to peers?” This kind of clear, focused reporting enables both effective oversight and productive board conversations — without drowning directors in technical details or forcing executives to explain the same concepts repeatedly. Steve Sanders serves as CSI’s chief risk officer and chief information security officer. With more than 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber risk oversight. 100 South Phillips Avenue, Sioux Falls (605) 335-5112 | Teresa Thill advantage-network.com HELPING GROW YOUR NON-INTEREST INCOME As a regional leader in providing financial institutions with EFT services, we have solutions to help you grow your non-interest income. • Debit card services • Card production • Marketing support • ATM services • Fraud monitoring From conversion onto the Network to daily operations, our team of local experts will have your back every step of the way. Reach out, and let’s start a conversation! 16 NEBRASKA INDEPENDENT BANKER
Exploring Opportunities and Overcoming Challenges By PATRICK MURPHY, President, RESULTS Technology Artificial intelligence is poised to reshape the future of financial services. From personalized customer experiences to faster fraud detection, the potential of AI in banking is far-reaching — but so are the risks. Financial institutions, particularly community and regional banks, must navigate a complex web of ethical, regulatory and operational challenges to use AI responsibly. Let’s explore how AI is transforming specific areas of banking, examine key concerns such as bias and compliance, and discuss practical steps for safe and effective adoption. AI in Banking: A Game-Changer for Financial Services The integration of AI in banking is already enhancing how institutions operate, make decisions and serve customers. While larger banks have been early adopters, community and regional institutions are increasingly embracing AI-driven solutions that align with their scale and compliance needs. According to the American Bankers Association, the use of AI in banking must balance innovation with transparency, fairness and control. Key Opportunities for AI in Banking Customer Experience and Personalization AI tools, such as chatbots, virtual assistants and intelligent routing systems, are making banking more accessible and responsive. With AI, banks can provide 24/7 customer support, anticipate client needs and personalize offers based on behavior and preferences. For example, predictive analytics can suggest relevant financial products or offer budgeting insights based on transaction history — delivering a tailored experience at scale. Risk Management and Fraud Detection AI in banking offers powerful enhancements to fraud detection and risk modeling. Machine learning algorithms analyze patterns in real-time, detecting anomalies that may signal potential fraud. These systems evolve continuously, improving accuracy with each transaction. The Federal Reserve has recognized AI’s potential to improve risk detection while urging caution to maintain fairness and accountability in automated decision-making. Credit Scoring and Financial Inclusion AI is enabling more nuanced credit assessments that go beyond traditional credit scores. By analyzing alternative The FUTURE of AI in BANKING NEBRASKA INDEPENDENT BANKER 17
data, such as payment history on utilities, rental agreements or even behavioral data, banks can offer credit to previously underserved populations. This helps expand financial inclusion, but it must be handled with care to prevent discrimination or the misuse of personal information. Operational Efficiency and Automation Routine back-office tasks, such as document processing, compliance monitoring and loan origination, are increasingly being automated using AI-powered systems. Banks are reducing manual workloads and reallocating staff to higher-value work, improving both speed and accuracy. For community banks, automation via AI in banking can be a strategic way to compete without significantly increasing headcount or overhead. Key Challenges and Risks of AI in Banking Algorithmic Bias and Discrimination One of the top concerns is bias embedded in AI models. If historical data reflects unequal treatment, AI systems may reinforce these patterns, potentially leading to discriminatory lending or customer service outcomes. Banks are expected to regularly evaluate model fairness, document their processes and address unintended impacts — especially when deploying consumer-facing AI applications. Transparency and Explainability AI systems often function as “black boxes,” where even the developers may not fully understand how a model reaches its conclusions. For regulated institutions, explainability is not optional — regulators expect clear justifications for decisions impacting consumers. According to the FDIC, banks should be prepared to explain AI-driven decisions, particularly when they affect loan eligibility or account closures. Data Privacy and Usage The success of AI in banking depends on access to large volumes of high-quality data. However, improper use of customer data— even for seemingly helpful purposes — can erode trust and lead to regulatory scrutiny. Institutions FAQs: AI in Banking Q1: Can small community banks afford to implement AI? Yes. Many AI tools are scalable and built into platforms banks already use (e.g., CRM systems, document management). Community banks can start with targeted solutions such as intelligent chatbots or fraud detection. Q2: Are there specific regulations governing AI in banking today? Although no AI-specific regulations exist yet, banks are still subject to existing laws governing fair lending, privacy and model risk management. Agencies like the FDIC and the OCC are actively issuing guidance on the use of AI in financial services. Q3: How do banks ensure AI models are not biased? Banks are expected to test for bias regularly using statistical fairness metrics, document model development processes, and perform impact assessments — especially when AI influences lending or account decisions. Q4: What’s the biggest mistake banks make with AI? Jumping in without proper governance. AI should be treated like any other critical infrastructure — governed by policy, subject to internal audit and deployed with documented controls. 18 NEBRASKA INDEPENDENT BANKER
must ensure that data collection and use align with customer expectations and comply with relevant privacy laws, such as the Gramm-Leach-Bliley Act. Compliance and Regulatory Uncertainty AI regulation in banking is evolving. The lack of standardized AI compliance rules creates ambiguity. Regulators are increasingly requiring banks to demonstrate governance over AI systems, including the documentation, testing and monitoring of bias or risk. Best Practices for AI Adoption in Banking To realize the benefits of AI in banking while minimizing risks, institutions should consider the following practices: 1. Start with Controlled Use Cases: Begin with low-risk areas such as internal automation or customer support before extending to high-stakes areas like lending or fraud detection. 2. Build an Internal AI Policy: Define clear guidelines around data usage, model governance, fairness testing and risk assessment. Ensure these policies evolve in tandem with technological advancements and regulatory changes. 3. Involve Compliance and Risk Teams Early: Ensure your risk, legal and compliance experts are part of the design and deployment process. Their input will help shape AI systems that meet regulatory and ethical standards. 4. Stay Informed: Monitor updates from banking authorities such as the Office of the Comptroller of the Currency (OCC), the FDIC, and the ABA for guidance on AI use and upcoming regulations. 5. Prioritize Explainability: Favor AI tools and vendors that offer transparency, documentation and model explainability. This will reduce friction with examiners and support internal auditing efforts. Strengthen Your Bank’s IT Strategy with RESULTS Technology The future of banking technology holds great promise, but realizing that promise requires a combination of responsibility, collaboration, and a sustained commitment to secure and strategic implementation. By starting with thoughtful use cases, developing robust internal governance, and staying aligned with regulators, banks can leverage technology to serve customers better, mitigate risk and drive innovation. Dive into an immersive, educational experience at ICBA LIVE. From powerful keynote speakers and substantive learning labs to high-energy networking events and cutting-edge fintech showcases, ICBA LIVE offers educational tracks for every role. Anchored in purpose. Powered by learning. 60+ Educational Learning Labs. In-depth learning and practical strategies tailored to today’s banking challenges. Banker Roundtables. Peer- and expert-led discussions where bankers exchange ideas, challenges, and best practices in an open, collaborative setting. Inspirational Keynotes. Dynamic speakers share powerful stories and insights to energize and motivate community bankers for the year ahead. Bank Director Specialty Programming. A focused program designed to equip bank directors with governance insights and strategic guidance. Attend eligible ICBA LIVE learning labs and earn Continuing Professional Education (CPE) credits. Early bird deadline ends Nov. 21 Register at ICBA.org/live Chart Your Course at ICBA LIVE 2026 March 6-9 San Diego Convention Center NEBRASKA INDEPENDENT BANKER 19
EMBRACING Innovation Banking Digital Assets Beyond GENIUS By KIRSTIN D. KANSKI and ALEX R. SCHOEPHOERSTER, Spencer Fane LLP This year began with an executive order stating the Trump Administration’s policy to establish the U.S. as a global leader in the responsible growth and innovation of digital assets and related blockchain technologies. In July, President Trump signed into law the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins), 12 U.S.C. §§ 5901 et seq., which recognized a dual federal-state regulatory framework for payment stablecoin issuers, while also codifying related foundational definitions, such as “money” and “digital assets.” The digital asset ecosystem — and looming regulatory frameworks — are much larger than the issuance and remittance of fully reserved payment stablecoins. On July 31, 2025, the President’s Working Group on Digital Asset Markets released a 160-page report, titled “Strengthening American Leadership in Digital Financial Technology,” which begins: “The American story is one of innovation. From the railroads that linked sea to shining sea, to the internet that connected the entire world, American entrepreneurs have led the buildout of next-generation technologies in every generation since our founding. Crypto should be no different.” Federal Reserve Governor Michelle Bowman, vice chair for supervision, gave a speech on Aug. 19, 2025, at the Wyoming Blockchain Symposium titled “Embracing Innovation,” referencing the “seismic” and transformative shift in society and the banking industry that is underway and the “reframing” of supervision and regulatory mindsets. Recognizing safety and soundness in the banking system will always be the paramount focus, she noted an equal need for the banking industry to innovate to serve its consumers, businesses and communities, and to foster economic growth. Despite past inertia in the adoption of blockchain technologies, Governor Bowman stated, “Change is coming.” Her response to those in banking who express concern about new technologies being a threat to the banking sector was: “We must choose whether to embrace the change and help shape a framework that will be reliable and durable — or stand still and allow new technology to bypass the traditional banking system altogether.” From her perspective, “the choice is clear.” This article provides a high-level overview to inform the question of what “crypto” is, followed by a brief summary of the pending legislation and rulemakings that will continue to add clarity to the ability of banks to engage with the digital asset ecosystem. Lastly, a review of the existing regulatory guidance reveals which activities are currently considered “legally permissible” and within the “business of banking,” culminating in considerations that banks can explore when formulating a long-term strategy as the digital asset ecosystem and the law of permissibility continue to evolve. 20 NEBRASKA INDEPENDENT BANKER
What Is Crypto? The word “crypto,” as used today, has undergone an interesting evolution, one that is understood by few and not clearly defined, despite its mainstream adoption. The Digital Assets Working Group Report defines the term “crypto” for purposes of the report as an entire “ecosystem and technologies built around digital assets and blockchains, including the users, developers, businesses and enthusiasts engaged in these domains.” Notably, the word crypto is not referenced or used within the body of Satoshi Nakamoto’s 2008 white paper, “Bitcoin: A Peer-to-Peer Electronic Cash System,” which was the impetus for the subsequent launch of the bitcoin distributed public ledger. Rather, in the words of the now infamous creator of bitcoin — fueled in 2008 by the global financial crisis — “what is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a third party.” This spurred modern-day interest in the application of blockchain technologies to launch payment systems and “cryptocurrencies” beyond the original bitcoin protocol. Before cryptocurrency became mainstream, there was cryptology, a long-studied field that included cryptography as a means of creating code for secure communication, including by the U.S. government. According to the U.S. Department of Commerce, “public-key cryptography was invented in 1976.” According to the National Institute of Standards and Technology (NIST), in “today’s connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission and in storage.” Crypto has rapidly evolved in scope and application from shorthand for the “cryptographic proof” used to validate blockchain transactions, to shorthand for the countless varieties of “cryptocurrencies” launched since 2009, to now embracing an entire ecosystem of developing technologies, markets, and the varied stores of value and payment rails upon which they run. Although regulatory frameworks and mainstream adoption may feel new, the underlying concept of distributed ledgers as payment vehicles is not. Nakamoto’s white paper cites articles published in the 1980s, 1990s and early 2000s within the cryptology field relating to studies on how to digitally time-stamp documents through cryptographic means. However, it wasn’t until Nakamoto’s white paper proposed the use of cryptography, together with a decentralized and distributed ledger to create a digital asset that did not rely on intermediaries for settlement, that the bitcoin blockchain protocol became globally adopted in a decentralized manner through network effects. That global adoption only further ignited innovation and the exploration of borderless and trustless global ledgers, leading to the GENIUS Act, regulating stablecoins and pending market structure legislation. Digital assets are built on blockchain technology. The Bank for International Settlements published a working paper in 2023 titled “Distributed Ledgers and the Governance of Money,” exploring the economics and feasibility of various models of future global decentralized payment systems built on blockchain, and their limits, noting, “[M]oney, whether it be in the form of clay pots, precious coins or banknotes, is a social convention that serves as a record of goods sold or services rendered in the past. … [Today’s] centralized record-keeping system has been effective. However, the advent of blockchain technology and the concept of a free universal ledger of all past transactions, offers an alternative monetary system that eliminates the need for intermediaries …” In its simplest form, money is a medium of exchange requiring a ledger. Blockchain technologies innovate new ways to maintain a ledger and track exchanges of value quickly, efficiently and without third parties. When talking about any strategic or business use case for blockchain technology, digital assets or crypto in all forms, it is critical to understand not only the newly created legal definitions, but also the underlying technologies, applications, and applicable laws and regulations as the ecosystem develops. For all these reasons, it is essential to openly question and explore precisely what crypto means and how the term is being used. Further Clarity To Come Despite rapid-fire developments since the Executive Order was issued and the passage of the GENIUS Act — which kicked off an entire industry discussion on stablecoins — there is much more regulatory clarity to come that banks need to form a robust, effective, long-term digital assets strategy. Of note: 1. Working Group Recommendations. The Digital Asset Working Group Report includes over 100 policy and legislative recommendations to Congress and the relevant agencies that touch the crypto-ecosystem, digital assets and related markets. Specific to the banking sector, the report calls for specific guidance on the activities banks are most likely to engage in (custody, third-party relationships, stablecoin reserves and holding digital assets as principal); technology-neutral and principles-based risk management guidance, which could include the development of NIST-based or NIST-like standards; clarifying AML/CFT compliance expectations; and capital and liquidity management guidance. 2. GENIUS Act Implementation and Regulations. Although GENIUS was signed into law on July 18, it does not take effect until July 2026, at the earliest, once implementing regulations have been passed. The GENIUS Act requires a “coordinated” rulemaking process to occur within one year, involving numerous federal and state regulators, including the Department NEBRASKA INDEPENDENT BANKER 21
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy MTg3NDExNQ==