Pub 4 2023 Issue 6

ISSUE 6 2023 Official Publication of the Community Bankers Association of Kansas 4 THANK YOU AND HAPPY HOLIDAYS 19 TRAINING: THE FOUNDATION OF EFFECTIVE COMPLIANCE

CONTENTS Issue 6 | cbak.com © 2023 Community Bankers Association of Kansas | The newsLINK Group, LLC. All rights reserved. In Touch is published six times each year by The newsLINK Group, LLC for the Community Bankers Association of Kansas and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of the Community Bankers Association of Kansas, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. The Community Bankers Association of Kansas is a collective work, and as such, some articles are submitted by authors who are independent of the Community Bankers Association of Kansas. While In Touch encourages a first-print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. 4 THANK YOU AND HAPPY HOLIDAYS 5 FLOURISH CRYPTOCURRENCY: A SOLUTION WITHOUT A PROBLEM By Rebeca Romero Rainey, President and CEO, ICBA 6 MORTGAGE MÉLANGE VOLATILE RATES CREATE A CORNUCOPIA OF OPTIONS By Jim Reber, President and CEO, ICBA Securities 8 SAVE THE DATE! CBA 46TH ANNUAL CONVENTION & TRADE SHOW 10 RESULTS TECH TALK THE HUMAN FIREWALL By Mike Gilmore, Chief Compliance Officer, RESULTS Technology 13 CBA MEMBERSHIP APPRECIATION TAILGATE 14 THE 2024 COMMUNITY BANKERS FOR COMPLIANCE PROGRAM 15 ANNIVERSARIES 16 SURVIVING VERSUS THRIVING IN TODAY’S MARKET By DCI 19 TRAINING: THE FOUNDATION OF EFFECTIVE COMPLIANCE By William J. Showalter, CRCM, CRP, Senior Consultant; Young & Associates, Inc.; Kent, Ohio 24 AI IN LENDING DECISIONING AND UNINTENDED DISCRIMINATION By Shelli J. Clarkston, Spencer Fane, LLP IN EVERY ISSUE: 27 OFFICERS AND DIRECTORS 27 PRODUCTS AND SERVICES REFERENCE LIST 30 BANK TRAINING WEBINARS 6 19 13 3 In Touch

This time of year, our thoughts turn gratefully to our members and partners who make our success possible. We thank you for all that you do and wish you all the best this holiday season and beyond. Shawn,Nikki and Yvonna 4 In Touch

FLOURISH In today’s environment, we hear a lot of hype about different technologies. That buzz leads to oversaturation, which can leave us questioning, “Am I missing something?” when we don’t feed into the frenzy. When it comes to cryptocurrency, this is certainly the case. I’m frequently asked in interviews about ICBA’s thoughts on cryptocurrency, inclusive of stablecoins and central bank digital currency (CBDC), and I typically respond by asking, “What problem are we trying to solve with it?” That will often leave the interviewer stumbling for a response because the answer is truly unclear. While we have heard a wide range of rationale, those concepts don’t seem founded in need as much as in justification. Here are three that easily spring to mind: 1. The claim that it will provide support for global payments is particularly baffling. With a currently unregulated entity, global collaboration and compliance standardization will be essential to ensure that transactions remain safe, secure and legitimate. In short, it’ll take a mountain of global collaboration to make that possibility realistic. 2. The thought that cryptocurrency will enable faster payments is equally troubling. Instant payments platforms are already available in the U.S. — you can’t get much faster than that. 3. The concept of a payments system that’s completely anonymous and frictionless is another point of contention. That anonymity easily can lead (and has led) to illicit payments, so it may not be what it’s cracked up to be. Whether it’s nonbank payment providers like PayPal, states that want to issue their own stablecoins, CBDC or a piece of legislation trying to create a regulatory framework, this is a space to keep a handle on. Know that ICBA is observing and advocating on your behalf. As a financial services industry, we can’t fall victim to shiny object syndrome; we need to keep peeling back the onion to determine what we are solving for and, from ICBA’s perspective, how that can be done in a way that works with and for community banks. With emerging technology, knowledge is power, which is why we’re offering ongoing opportunities to stay in the know on cryptocurrency’s evolution. We encourage you to remain up to speed on developments, whether through digital asset courses with Community Banker University (CBU) or our payment team’s online analysis. We will keep providing information that helps you know how cryptocurrency is living up to the hype — or, more than likely, not. On a personal note, I wanted to thank all of you for being part of this collective community bank journey; we couldn’t do it without you. Have a wonderful holiday season, and please take time to celebrate all you do for your communities. I know they are, as are we, grateful for you. BY REBECA ROMERO RAINEY, PRESIDENT AND CEO, ICBA As a financial services industry, we can’t fall victim to shiny object syndrome. Connect with Rebeca on X @romerorainey. Where I’ll Be This Month I’ll be spending time in our new Atlanta office and kicking off a round of meetings with executives from core service providers, continuing to advocate for community bank needs in this space. Cryptocurrency: A Solution Without a Problem 5 In Touch

MORTGAGE MÉLANGE Volatile Rates Create a Cornucopia of Options BY JIM REBER, PRESIDENT AND CEO, ICBA SECURITIES Endorsed Partner I’m going out on a limb here, but one day, mortgage rates will not only quit rising; they will actually begin to fall. When that happens, community bank bond portfolio managers will have to deal with a host of factors (most of them positive) they haven’t seen in a while, if ever. The sheer scale of the Fed’s tightening has produced a number of mortgagebacked securities (MBS) that appear to be custom-built for a flat or falling rate environment. So, just in time for Thanksgiving, let’s take a stroll around the MBS supermarket to see what’s on your favorite brokers’ shelves. Crowd Pleasers This column will focus on 15-year MBS and alternatives, as those are clearly the 6 In Touch

preference of depositories. You might find the above subheading a bit ironic, as there are precious few 15-year pools being created now. Between record-high housing prices and loan rates we haven’t seen since 2007, the average P&I payment has increased by 67% for new purchases in just 18 months. That’s taken a lot of 15-year borrowers out of the market. In fact, it’s been more than a year since there has been a net growth in that sector; recent production levels are down over 90% from the peak in April 2021. Despite the relative lack of supply, yield spreads on 15-year paper are historically wide, even though prepayment risk is low. But why are yields still attractive? Several probably temporary factors: lack of depository buyers, liquidation of several notable failed bank portfolios (which had very few short MBS pools), the debt ceiling showdown and the Fed’s winding down of its portfolio. A reasonable case can be made that spreads will begin to narrow, which sets up the 15-year sector to outperform others, mortgage-related or otherwise. Main Course Some of you will say you already have enough (too much?) exposure to 15-year pools. What’s the next best option? For the past few months, mortgage strategists from Stifel have been suggesting hybrid adjustable rate mortgage (ARM) pools. These securities have a “fixed-to-float” structure, and the investor can pick the term of fixed period from three to 10 years. With the inverted yield curve, the shorter “roll date” securities have higher initial yields and lower effective durations, both of which bargain hunters seek. Many other measures of relative value favor hybrids over straight pass-throughs: lower prices, wider spreads, better total returns. About the only metric that would favor the MBS over the hybrid is liquidity, which is a conversation worth having with your brokers. Another favorite entrée is a well-structured collateralized mortgage obligation (CMO). One of the benefits of a CMO over the “collateral,” which is the MBS used to build out the various classes of an issue, is that an investor can choose tranches with specific coupons, prices, cash flows and principal payment windows that better fit the community bank’s needs. Finally, while supplies of these MBS alternatives are limited, brokers should be able to locate some offerings of both given reasonable parameters. This includes securities bearing the GNMA label, which many investors like for the full-faith-andcredit, 0% risk-weighting feature. Just Desserts The final item on this month’s menu has been offered before (see Independent Banker March 2023), but now with a few additional ingredients. Rarely, if ever, have such a wide range of pass-through rates on mortgage securities been available simultaneously. This gives a portfolio manager a delectable set of options. The only selections that are not available at the moment are premium MBS; par (100.00) and discount pools are what the market is serving. The good news is that discount pools can be found at virtually any price. As of this writing, 15-year 4.0% pools are priced with a 96 handle, while 15-year 2.0%s are in the 86 range. (Disclosure: Be aware that the lower the coupon, the tighter the yield spreads.) You can also take this one step further with the CMO market. It’s possible to locate a given tranche with a significantly discounted price, even though the collateral is more “current coupon.” This could potentially create an opportunity for some improved cash flow if and when rates begin to recede, as the newer loans with 7%-plus borrowers’ rates will be the most responsive to refinance opportunities. In Epicurean terms, it “tastes great, less filling.” There, you have an enticing bill of fare for November. Straight pass-throughs with wide yield spreads, hybrid ARMs with great total return characteristics and well-built CMOs can create a veritable smörgåsbord for your community bank’s bond portfolio. Jim Reber (jreber@icbasecurities.com) is President and CEO of ICBA Securities, ICBA’s institutional, fixed-income broker-dealer for community banks. Education On Tap Mortgage Analytics Monthly Stifel Mortgage Strategy produces an MBS Prepayment report monthly that is available to all ICBA members. This report contains commentary and a comprehensive look at the overall MBS market with tables, charts and graphs. To begin receiving copies, contact your Stifel rep. The sheer scale of the Fed’s tightening has produced a number of mortgage-backed securities (MBS) that appear to be custom-built for a flat or falling rate environment. 7 In Touch

SAVE THE DATE! CBA 46th Annual Convention & Trade Show JULY 17-20, 2024 Margaritaville Lake Resort Lake of the Ozarks CONTACT US TODAY! 801.676.9722 sales@thenewslinkgroup.com Your Customers Are Too. Advertising Space Available. QR Code 8 In Touch

Core and technology solutions backed by our unmatched support and customer care. At DCI, you’re not a number, you’re our rst priority. We’re here to support you every day, 24 hours a day. 100% U.S. BASED CUSTOMER SUPPORT 24/7/365

BY MIKE GILMORE, CHIEF COMPLIANCE OFFICER, RESULTS TECHNOLOGY THE HUMAN FIREWALL A recent study by a security awareness training platform showed that the average rate at which employees of small banks clicked on phishing emails was 25% (the rate for bigger banks is even worse!). Ransomware (malware that encrypts your data and only provides a decryption key if you pay a ransom) continues to be a threat to banks. This malware can hide in links in emails, as hidden code in email attachments or even embedded in seemingly safe websites. If technology can’t filter out all the sources of malware, it is critical to train employees on how to recognize and avoid these hidden traps. A well-designed Security Awareness Training program turns everyone in your company into a “human firewall.” What Does an Effective Training Program Look Like? An effective security awareness training program should illustrate with real-life examples the danger of social engineering and the importance of constant vigilance to avoid malware infections. The training should be attended by everyone in your organization who has access to the internet, repeated at least annually (we recommend every six months) and should be part of the standard onboarding process for new employees. To ensure that the training “takes,” the program should include regular social engineering tests. The easiest way to do this is to use a service to send your own unannounced phishing emails to see who “clicks.” In the programs that we administer at RESULTS Technology, we typically see about a 15% hit rate on phishing emails sent out before training is initiated. This dramatically drops to less than 5% after training is completed. Over time, the hit rate creeps back up, so it is important to refresh training regularly. Here are a few training tips to pass along to get your program going: • Do not open attachments unless you are 100% certain of the sender and the purpose of the attachment. When in doubt, pick up the phone and call. RESULTS TECH TALK Endorsed Partner 10 In Touch

Mike Gilmore is the Chief Compliance Officer of RESULTS Technology and a Certified Information Systems Auditor (CISA) with more than 30 years of experience in the banking industry. RESULTS Technology provides IT services to community banks across the Midwest. In his role as CCO, Mike provides compliance and risk assessments, audit and exam support and policy documentation. He can be reached at mgilmore@resultstechnology.com. • If you suspect a malicious sender, you can utilize header analyzers like one from MX. This can be a valuable tool to verify a sender’s address. Scan the QR code to verify an address. https://mxtoolbox.com/EmailHeaders.aspx • If you are expecting an attachment but are not 100% sure of its safety, there is another free tool by VirusTotal that will help analyze its safety. Scan the QR code to analyze an attachment. Do not provide it with any potentially sensitive PII documents as that is always a concern, but if you want to be sure if something is safe or not, this is a fantastic tool. https://www.virustotal.com/gui/home/upload Remember, even with the best firewall, antivirus and fully security-patched systems, you are still vulnerable to malware and phishing attempts. Proper security awareness training is key to a comprehensive cybersecurity program. As always, don’t hesitate to contact us if you need help or have questions. • Never click embedded links in messages without hovering your mouse over them first. • Look for “fake” domains. Note that www.microsoft.com and www.support.microsoft.software.com are two different domains (and only the first is an actual Microsoft site). • Always check the email “From” field to validate the sender. The “From” address may be spoofed. • Do not “unsubscribe” — it is easier to delete the email than to deal with the security risks. • Do not respond to spam in any way. Use the “Delete” button. • Do not open any email attachments that end with .exe, .scr, .bat, .com or other executable files you do not recognize. • Always check for so-called “double-extended” scam attachments. A text file named “safe.txt” is safe, but a file called “safe.txt.exe” is not. • Alert coworkers and friends of suspicious emails. RESULTS provides its employees with a Microsoft Outlook Plug-In called Catch Phish. This gives them a quick, easy way to analyze a potential phishing attempt and report it to the rest of the staff. • Do not whitelist your own domain; this allows actors to bypass spam filtering by impersonating your domain. • Do not respond to chain emails; that alerts potential malicious actors that you are receptive to targeted emails. • Let employees know that they are being tested. There’s nothing as embarrassing as being the one employee caught in a phishing test. You can even have a little fun with it. At RESULTS, if someone clicks on a phishing test, they are the lucky recipient of our Big Mouth Billy Bass trophy that sings “Take Me to The River.” It’s embarrassing but fun. 11 In Touch

IT COMPLIANCE & SECURITY FOR COMMUNITY BANKS Watch our video! www.resultstechnology.com/bank-solutions/ Managed IT Cybersecurity Backup & Business Continuity Audit & Exam Support IT Planning & Budgeting Security Awareness Training RESULTS Technology is a family-owned, award-winning provider of managed IT compliance, infrastructure & cybersecurity services for banks. We have been helping banks reduce risks and achieve operational efficiency for more than 20 years. RESULTS Technology | 12022 Blue Valley Parkway, # 524, Overland Park, Kansas 913.928.8300 | info@resultstechnology.com www.resultstechnology.com

CBA MEMBERSHIP APPRECIATION TAILGATE Thank You to Our 2023 Tailgate Sponsors! Bank Compensation Consulting FHLBank Topeka First National Bank of Hutchinson QwickRate RESULTS Technology Security 1st Title Varney & Associates, CPAs, LLC 13 In Touch

THE 2024 COMMUNITY BANKERS FOR COMPLIANCE PROGRAM Your solution for compliance challenges is here! Offering flexibility across employee departments, CBA recognizes that job responsibilities change frequently within some banks and for this reason, membership is granted to banks, not individuals. This enables you to send bank representatives as the topics relate directly to their positions. These employees typically come from the customer service, lending or operations departments in the bank. The CBC program is priced to enable your bank to send additional employees with substantial savings. We offer three levels of service: CBC Basic Program, CBC Extended Program and the CBC Enhanced Program to ensure that your employees receive the level of training they need. CBA OF KANSAS MEMBERS RECEIVE 60% OFF THE ENROLLMENT FEE! Presented by Are you a Member of ICBA, and hold the Community Banker University Compliance Certification? Receive CPE credits for your participation in live events. To learn more and register today, scan the QR code. https://www.cbak.com/about-us/compliance-tool/

FMSI www.fmsiconsulting.com 913.955.3355 FMSI is a small business founded and located in Kansas, specializing in assisting community banks to succeed, a mission consistent with core CBA values. We have partnered with community banks for nearly 25-years providing core advisory services including asset/ liability, investment, and liquidity management. FMSI advisors actively assess market conditions and bank balance sheets of different size, mix, and capital levels. Market conditions are constantly changing presenting opportunities and challenges for CBA member banks. Interest rates are increasing for the first time in nearly a decade and now is a perfect time to partner with a trusted, industry leader. Establishing an FMSI relationship provides confidence your bank is optimizing the balance sheet, deploying necessary strategies, maximizing profitability, and managing balance sheet risks. FMSI is a Kansas CBA Endorsed Provider ANNIVERSARIES Congratulations to the banks celebrating December anniversaries as chartered institutions! 139 years, est. 1884 First National Bank & Trust — Phillipsburg 137 years, est. 1886 Conway Bank — Conway Springs 134 years, est. 1889 Kansas State Bank — Overbrook 114 years, est. 1909 Farmers State Bank — Phillipsburg 110 years, est. 1913 Johnson State Bank — Johnson 62 years, est. 1961 Security State Bank — Scott City 89 years, est. 1934 First State Bank & Trust — Tonganoxie 15 In Touch

SURVIVING VERSUS THRIVING IN TODAY’S MARKET BY DCI Community bankers have long been community changers. Through their service to small businesses and local economies, their impact on the lives of their customers and neighbors is undoubtedly far-reaching. Nevertheless, the community of community bankers and changers is, in and of itself, changing rapidly — enough for some to declare it under attack. Why is that? Today’s digital age has posed, to some extent, challenges for all financial institutions. Not least of which, however, are community banks. Many in the community banking industry watch as digital evolution takes wind and ask themselves, “How am I to keep up?” They face the challenge of providing a competitive rate of return. They wonder how to maintain efficient operations with limited resources. Often, they turn to what they perceive as the only clear solution: merging. They do this because one look at today’s technology tells them they are being left behind, and in some cases, they are. The question is not whether technology renders community banks vulnerable in today’s market, but rather, what are we to do about it? Driven by the passionate belief that community banking is worth fighting for, we look beyond the bounds of the traditional core ecosystem to find our answer: opportunities to innovate and diversify income streams. Consider these examples: • BaaS • Fintech partnerships • Digital banking/expanded market reach • Robust product offerings In capitalizing on these opportunities, the importance of choosing the right technology partner is stronger than ever. For community bankers who want their foot in the door of new markets, a trusted partnership yielding new technologies, product offerings, and more is invaluable. Accordingly, the answers to the following questions must inform community bankers’ decisions: 1. Which partner can provide the most consistently innovative and agile technology? 2. Which partnership will equip my bank with the most robust set of product offerings and capabilities? 3. Which partner recognizes the true value of community banking and intends to uphold and build on my bank’s identity and legacy? 4. Which partner can be trusted to expertly guide this journey and deliver the information my bank needs to excel in the digital age? As community bankers make the careful choice of whom to partner with in charting their future course, settling for a provider who falls short in their answer to one or more of these questions is simply not enough. Too often, for example, a provider will attempt to sell community bankers the assurance of technology that is not yet live. They market the anticipation of forward-thinking innovation without the active, proven products to back it. Remaining mindful of such deception is important. When a partnership signifies an investment in the continued success of a community bank, there is no room for false promises. In exceeding expectations through ever-evolving, cutting-edge technology, a community bank’s partner should of course augment the products and services offered both locally and digitally. Trusted guidance and a customized, consultative approach should help determine exactly how that is executed. Doing so successfully, however, demands a commitment to customer-centricity. Larger institutions may have the technological advantage, but a community bank’s dedication to strong customer relationships will always be its greatest differentiator. As such, a technology partner who recognizes, values, and upholds this standard of people-first banking is essential — that is how community banking endures and prospers. Sarah Fankhauser, President and CEO of DCI (the privately-owned developer of core processing, digital banking and Fintech processing solutions), shares her insight on the matter, saying, “DCI’s community banking partners might come to us for our technology, but our commitment to customer service is why they stay. In addition to innovative offerings, finding a technology provider who cares enough to be your partner through it all is what makes a successful collaboration. It’s the difference between surviving versus thriving in today’s market.” The task of adapting and advancing in a financial landscape where technology dominates is certainly a challenge for community banks. More than that, however, it is an opportunity. By embracing innovation and building partnerships with trusted technology providers, community banks can expand their reach, diversify their income streams, and thrive in the digital age. With regard to the challenges ahead, there is no doubt that leveraged technology and a continued commitment to customer service will lead this vital force for our economy far. Rest assured: the future of community banking is bright. To learn more, please visit www.datacenterinc.com. Associate Member 16 In Touch

Mortgage Investment Services Corporation 22316 Midland Drive • Shawnee, KS • 66226 • 913-390-1010 NMLS# 194708 • A Kansas licensed mortgage company #MC 0001182 Missouri Residential Mortgage Loan Broker Licence # 10-1912 Oklahome Mortgage Broker #MB001953 Colorado License #100044344 Nebraska Licensed Mortgage Company NMLS#194708 20+ Years! Depend On Us! For 20 years, community banks in the Midwest have depended on MISC’s expert mortgage services for their customers. • Free Loan Officer Training & Webinars •Offer all secondary market loan programs: VA, FHA, USDA/RD, Conventional & Jumbo •Earn more fee income with less risk Call or email today. Let’s discuss how MISC can help you! Joan Emas, Account Executive Andrew Holtgraves, Sr. Vice President Cell: 816-810-8878 Cell: 913-558-2555 Email: Joan@MISCHomeLoans.com Email: Andrew@MISCHomeLoans.com NMLS: #276932 17 In Touch

Human connection, powered by innovation. Don’t let your customer relationships be confined to just your branch. Lynq™ by Agent IQ is a personal digital relationship banking platform that uses built-in AI to deliver a cutting-edge self-service for your customers while also offering the ability to connect with a personal banker—when technology just can’t be human enough. Visit agentiq.com to learn more. We are proud to be a newly endorsed partner of: Community Bankers Association of Kansas CBA CBA

TRAINING: THE FOUNDATION OF EFFECTIVE COMPLIANCE BY WILLIAM J. SHOWALTER, CRCM, CRP, SENIOR CONSULTANT; YOUNG & ASSOCIATES, INC.; KENT, OHIO We have all heard the old maxim, “How can you expect them to do things right in the first place if you don’t tell them how to do it.” That is particularly true in the area of compliance. You cannot expect employees to comply with the plethora of laws and regulations that impact banking today if you have not given them appropriate instruction on what is required of them. This is accomplished through compliance training. Training is the foundation or bedrock on which you can build a compliance program that should flourish in the current compliance environment. Regulators expect financial institutions to manage their compliance function and any risk area effectively. In addition, within the past 20-plus years, the industry moved into a new age for compliance management — one calling for a new management model or paradigm where more responsibility and involvement are pushed down to the front lines rather than being retained centrally by a single compliance officer or department. For this paradigm to work, those on the front lines must be well-versed in the compliance responsibilities that their jobs entail. What is effective and works will vary from one institution to another, but we will try in this article to point you in the right direction to set up a successful compliance training program. We will help you ferret out how to approach this process and give you ideas on how to tackle such training and end up with a positive experience for both the trainer and the trainees. Reasons To Train The reason you want to train your staff in compliance matters is to move toward the ideal of having them do the compliance-related aspects of their jobs right the first time, every time. Making your compliance function work this way will take you a long way toward good risk management — reducing the risk of noncompliance. Education of the bank’s board of directors, management and staff is essential to maintaining an effective compliance program. Board members should receive sufficient information to enable them to understand the bank’s compliance responsibilities and Endorsed Partner 19 In Touch

the need for adequate resources (staff, technology, software, etc.) to meet those obligations. The federal banking supervisors have identified a number of risk categories they expect financial institutions to monitor and manage. Compliance is an important factor in at least a few of the following recognized classifications: • Compliance risk: Identified first by the Office of the Comptroller of the Currency (OCC) as a separate risk category, this is the risk to earnings or capital from violations of the requirements of laws, regulations, prescribed practices, ethical standards or other rules. This risk can also arise in areas of uncertainty where laws or regulations are ambiguous or untested. Compliance risk is one part of the “legal risk” identified by the Federal Reserve Board (FRB) in its risk rating system. • Transaction or operational risk: This classification of risk is recognized by regulators in their published standards. It is the risk to earnings or capital from problems with service or product delivery and can arise from inadequate information systems, operational problems, breakdowns in internal controls, fraud or unforeseen disasters. • Reputation risk: Negative public opinion or publicity can lead to risk to earnings or capital through litigation, decline in customer base, revenue reductions, reduced ability to offer competitive products, other financial loss or reputation damage. The prudent financial institution will strive to avoid problems in these areas (and other risk categories identified by the banking supervisors). An important component of this risk-avoidance process is training for all employees that is appropriate to their particular jobs, and it must include compliance issues that affect them. Effective compliance training also supports another ideal of compliance management in the current era — decentralizing and fixing accountability for compliance performance standards. It is most effective and efficient for a financial institution to “push down” responsibility for compliance performance as close to the front line as possible. This has to involve a buy-in by line managers and staff. But you cannot expect them to see the importance of these issues if you do not provide them with adequate information. Neither can you expect them to perform well if you have not given them the tools and knowledge needed to succeed. Good training furnishes the information necessary for the accomplishment of that goal. Who and What To Train The first order of business in structuring a compliance training program is to assess the needs of the institution. Among the questions you should ask in this exercise are: • What types of products and services are offered? • What regulations impact these processes? • What is the current knowledge level of the staff involved in these various areas? • How much turnover or migration within the institution occurs? • Where have problems been identified in the past by compliance monitoring, audits and examinations? • What is the pace of new product development and introduction? • What are the areas where regulatory change is occurring (and expected)? • Where are the risks to the institution? • Which risks are higher priorities? These are at least some of the questions that must be answered in this initial assessment phase. Actually, the needs assessment should be an ongoing, dynamic process since neither the institution nor the regulatory environment is stagnant. One result of the needs assessment will be a list of laws and regulations that must receive particular emphasis in the compliance training to come. This list will likely include Truth in Lending (Regulation Z), Fair Lending (Regulation B and the Fair Housing Act), Real Estate Settlement Procedures Act (Regulation X), flood insurance and other laws and regulations for lending training. Deposit and operations topics likely will include Truth in Savings (Regulation DD), Expedited Funds Availability (Regulation CC), Electronic Fund Transfers (Regulation E) and the Bank Secrecy Act (BSA), among others. Another product of the needs evaluation will be a listing of departments, functional areas and job positions that should be targeted by compliance training. This list should include loan officers, underwriters, originators and other customer-contact and loan documentation staff in the lending area. Deposit personnel who need to receive compliance training, include customer service representatives, tellers, new accounts staff, bookkeeping personnel and all other customer-contact staff. Choosing Format and Media Once the “what” and “who” have been ascertained, then you can move on to how you will do it. Here you have a wide variety of choices and decisions: • Will you handle the training internally, or will you use outside trainers or events (seminars, schools, etc.)? • Will you use online programs, classroom-style sessions or individual consultations? • Will compliance training be presented separately or integrated into other job-related instruction? The teaching method selected will depend a lot on the culture of your institution. Is individualized, on-the-job type training Education of the bank’s board of directors, management and staff is essential to maintaining an effective compliance program. 20 In Touch

The level of instruction needs to be geared to the breadth of compliance knowledge and understanding among the target audience. You do not want to bore the knowledgeable by dwelling too long on basic information, nor do you want to go over the heads of the novices by speeding past the basics right to detailed, high-level issues. Another potential problem area is in gearing the content to the audience. Credit card personnel are not likely to be very interested in (or in need of) information about the right of rescission and mortgage servicing transfer notices. Similarly, mortgage-lending staff will not be drawn into instruction on tabular credit card application disclosures and open-end periodic statements (unless they are also involved in home equity line lending). Teaching Style A crucial issue for instructor-presented (as opposed to computerbased or similar format) training is the selection of the instructor. You want to have someone comfortable with presenting to and teaching others and, preferably, someone with experience in training. In larger institutions, the training department can help in this effort, perhaps with the compliance officer attending to handle questions that probe deeper into a rule’s requirements or into more complicated situations. If no such experienced training resources are available, the institution should consider turning to outside consultants to provide this crucial instruction to its employees. In fact, outside vendors can handle most of the preparation as well as the presentation. Your involvement is cut back to one of coordinating facilities and handout materials and in helping set the subject matter and scope of the training. The professional trainer tackles most of the other jobs, including the one of actually teaching the intricacies of the particular rule(s). When To Train All employees need to receive at least some basic compliance training as part of their initial job training. As with any training, the level of detail depends on the particular position and job grade. Periodic refresher training must also be given to all employees. Some rules require this, such as the Bank Secrecy Act and Expedited Funds Availability regulations. However, even when the norm? Or are online training programs widely utilized? Or are training sessions often presented in larger, classroom-style settings? Or is there a mixture of these and other methodologies (memoranda, manuals, etc.)? Another factor in the methodology decision is the wide availability of online training programs, many at low or no cost. Various national and state bankers associations make many online training programs available to their members at no additional cost. Beyond these offerings, a number of vendors provide online programs available to bankers covering all areas of banking, including compliance issues. A successful training program likely will encompass some variety in teaching media. Different ways of teaching work better in different situations, and some are chosen by the necessity of the moment’s needs or the pressure of immediate problems. Also, some methods work better for some subjects and in some situations than others. One element that should be included in any training process is some type of testing. You need to have some way of measuring the success of any training, and you should keep records of these results. The testing outcomes can point to issues that need further attention or to particular staff members who need more help to understand the rules that they must master. Many online training programs blur the distinction between training systems and reference/performance support systems. These systems will be easy to update, contain the tests and permit both initial self-paced training and ongoing just-in-time learning and support. Organizing Information Besides the choices in teaching media and methodology, there are alternatives to how compliance information can be organized for presentation. In some situations, instruction organized by regulation makes sense, particularly when a new regulation is released, when major changes are made in an existing one, or when compliance reviews or examinations reveal problems in a particular area. However, many times it is easier for the students to learn to apply regulatory requirements if a more transactional approach is taken or if compliance issues are woven into other job-related training. 21 In Touch

not required explicitly, the financial institution supervisors expect that the expertise of all employees will be maintained by an appropriate amount of ongoing training. Such regular retraining is also in the institution’s best interest to help minimize the risk of noncompliance and can be an integral part of your risk management program. Beyond the routine refresher training, any time a new rule is issued or an existing one is changed, all affected personnel need to be updated on the new requirements and expectations and how they must implement them. Keeping Records Part of any training program should be an appropriate method of keeping records. At its most basic level, this will provide documentation of who received what compliance training and when. Records that can be kept might include sign-up sheets for in-person training, completion and testing results for online programs, sample training materials and so forth. Maintaining appropriate records allows the bank to make sure it is keeping up with compliance training needs throughout the bank and that all affected personnel are receiving (and completing) appropriate training. A side benefit of good records is that the bank can demonstrate to examiners how it is meeting their expectations in this area. The Bottom Line As we have discussed, appropriate training is crucial to success in managing the risks associated with the profusion of consumer protection laws and regulations. The elements we have reviewed can also be applied to training in other areas or aspects of employees’ jobs, not just to compliance. Effective training is a good preventative measure to avoid or reduce noncompliance and its associated risks. It also can contribute to better levels of customer service as staff members become familiar with what is expected of them and why particular disclosures must be given, or information must be collected. Not least among the benefits, knowledgeable employees performing their jobs right the first time can significantly reduce the operating costs of the institution, slashing expenditures for correcting errors or oversights and preventing costs associated with litigation or regulatory enforcement actions. William J. Showalter, CRCM, CRP is a Senior Consultant with Young & Associates, Inc. (www.younginc.com), with over 35 years of experience in compliance consulting, advising and assisting financial institutions on consumer compliance and compliance management issues. He also develops and conducts compliance training programs for individual banks and their trade associations and has authored or co-authored numerous compliance publications and articles. Bill can be reached at (330) 678-0524 or wshowalter@younginc.com. IT’S ABOUT THE CONTACT US TODAY TO PLACE YOUR ANNOUNCEMENT AD Call 801-676-9722 or scan the QR code to fill out the form. Place QR Code Here Employees are motivated when they are recognized and feel valued. It’s about… ▷ Who to congratulate ▷ Who to acknowledge ▷ Who to thank for a job well done This magazine is a great platform to celebrate your team’s accomplishments! 22 In Touch

Is your community bank secure? Meet Dina. Dina provides clients with the guidance they need to steer clear of card fraud all year long. Working together with ICBA Payments partners, she ensures client banks are receiving the level of care and support they deserve. Even when she’s waiting to pick up her kid from practice, she’s scribbling notes on how we can better protect banks from fraud. By working with ICBA Payments, your bank has Dina’s ongoing support. Learn more at icbapayments.com

AI IN LENDING DECISIONING AND UNINTENDED DISCRIMINATION BY SHELLI J. CLARKSTON, SPENCER FANE, LLP With the advancements in artificial intelligence (AI) technology, businesses around the world are considering how they can use AI to improve efficiency and advance business goals. Financial institutions are no exception. While AI can bring many efficiencies and advancements to the way business is conducted, in the highly regulated financial services industry, there are many considerations that need to be addressed by financial institutions seeking to use AI. In the context of lending, there are many credit decisioning technology platforms advertised to improve, automate and eliminate bias in credit decisioning. However, the issue of bias is not so straightforward and regulatory agencies are not backing away from this issue. The Consumer Financial Protection Bureau (CFPB) stated, “Tech marked as ‘artificial intelligence’ and as taking bias out of decision-making has the potential to produce outcomes that result in unlawful discrimination.”1 On April 25, the CFPB and other federal agencies released a joint statement regarding the use of advanced technologies, including AI.2 CFPB Director Rohit Chopra stated, “Today’s joint statement makes it clear that the CFPB will work with its partner enforcement agencies to root out discrimination caused by any tool or system that enables unlawful decision-making.” The Equal Credit Opportunity Act (ECOA) of 1974, which is implemented by Regulation B, applies to all lenders. The statute prohibits financial institutions and other firms engaged in the extension of credit from discriminating against a borrower on the basis of sex, marital status, race, color, religion, national origin, age (provided the applicant has the capacity to contract), because all or part of the applicant’s income derives from any public assistance program, or because the applicant has, in good faith, exercised any right under the Consumer Credit Protection Act. So how could AI, which is designed to create efficiencies and fairness and improve the lending process, run afoul of the ECOA? To answer this question, we must consider the data being used to make lending decisions. These technology platforms rely on voluminous datasets to power their algorithmic decisionmaking. We have all heard the adage “bad data in, bad data out.” In other words, incorrect data input creates bad results. Algorithmic bias describes errors in a technology system that create unintentional unfair outcomes. As applied to lending, algorithmic bias could result in one group of applicants receiving some advantage or disadvantage when compared to other applicants, even where there is no relevant difference between the two groups. This bias is created because of erroneous assumptions in the machinelearning process. When the algorithmic bias results in different treatments or impacts disfavoring applicants based on characteristics prohibited by the ECOA, the result is algorithmic discrimination, which, even if generated by a technology platform, still violates the ECOA. Associate Member 24 In Touch

As a financial institution utilizing these technologies, it will be crucial for your institution to conduct appropriate due diligence on the technology service provider, which should include a review of the third party’s algorithmic impact assessments, which should include disparity testing results and mitigation information. The federal regulatory agencies made it clear in their June 9 Interagency Guidance on Third-Party Relationships: Risk Management publication that, especially when using new technologies, financial institutions have heightened responsibilities, given the increased risk of such technologies and third-party relationships, to ensure the technologies being provided comply with applicable laws and regulations. Failure to complete a thorough due diligence review will very likely result in serious negative consequences, especially if it is discovered that the technology results in algorithmic discrimination. Shelli J. Clarkston is an Of Counsel attorney in the Kansas City, Missouri office of Spencer Fane, LLP. She can be reached at (816) 292-8893 and sclarkston@spencerfane.com. If your financial institution wants to take advantage of the latest innovations in AI, what steps need to be taken to ensure there are no ECOA violations? The federal government has provided instruction to designers, developers and deployers of these technologies to protect against algorithmic discrimination. “Designers, developers, and deployers of automated systems should take proactive and continuous measures to protect individuals and communities from algorithmic discrimination and to use and design systems in an equitable way. This protection should include proactive equity assessments as part of the system design, use of representative data and protection against proxies for demographic features, ensuring accessibility for people with disabilities in design and development, pre-deployment and ongoing disparity testing and mitigation, and clear organizational oversight. Independent evaluation and plain language reporting in the form of an algorithmic impact assessment, including disparity testing results and mitigation information, should be performed and made public whenever possible to confirm these protections.”3 38545 Partner with us for: • Loan participation purchases and sales* • Bank stock financing • Bank executive and employee financing *We do not reparticipate loans. Tracy Peterson Call me at 480.259.8280 Based in Phoenix, Ariz. Serving Arizona, Colorado and Kansas Our Mission Is to Help You Succeed 1. Consumer Financial Protection Bureau, CFPB and Federal Partners Confirm Automated Systems and Advanced Technology Not an Excuse for Lawbreaking Behavior, April 25, 2023. 2. See Joint Statement on Enforcement Efforts Against Discrimination and Bias in Automated Systems. 3. The White House, Algorithmic Discrimination Protections, Blueprint for an AI Bill of Rights, August 22, 2023. 25 In Touch

G � VALLEY BANK WHAT IS YOUR TIME WORTH? • WORKDIRECTLYWITH THEOWNERS • RECEMLOANAPPROVAL WITHIN2 OR3 DAYS •AVOIDANNOYING COVENANTS • UM/TED ORNO ORIGINATION COSTS • LOW INTEREST RATES Bank Stock and Bank Holding Company Stock Loans Done the Simple Way Bank mergers, acquisitions loans and refinances E11chd1 01itorinsur1dtoatleast$250,000 Foder,I O.posil lnunnc• Corporation• www.dc.go• up to $50 million Call Rick Gerber or Ryan Gerber at l-866-282-3501 or email rickg@chippewavalleybank.com ryang@chippewavalleybank.com EQUAL HOUSING LENDER

ABSTRACTING Security 1st Title Wichita, KS . . . . . . . . 316-267-8371 ACCOUNTING/TAX RETURNS Allen, Gibbs & Houlik, L.C. Wichita, KS . . . . . . . . 316-267-7231 Varney & Associates, CPAs, LLC Manhattan, KS . . . . . . . 785-537-2202 ACH *SHAZAM Johnston, IA . . . . . . . . 515-288-2828 ADVERTISING SPECIALTIES *Works24 Brian, Edmond, OK . . . . . 800-460-4653 ALARMS & SECURITY PRODUCTS Federal Protection Springfield, MO . . . . . . .800-299-5400 Oppliger Banking Systems, Inc. Lenexa, KS . . . . . . . . .800-487-7875 ARTIFICIAL INTELLIGENCE *Agent IQ Drew, Austin, TX . . . . . . 830-708-9370 ASSET LIABILITY MANAGEMENT *Financial Management Services, Inc. (FMSI) Chuck, Overland Park, KS. . . ..913-955-3355 *QwickRate Dan, Marietta, GA . . . . . . 800-285-8626 ATM EQUIPMENT (NEW/USED) Federal Protection Springfield, MO. . . . . . . .800-299-5400 Oppliger Banking Systems, Inc. Lenexa, KS . . . . . . . . . 800-487-7875 AUCTION Purple Wave Manhattan, KS . . . . . . . 785-537-7653 BACK ROOM SERVICE Modern Banking Systems Ralston, NE . . . . . . . . . 800-592-7500 BALANCE SHEET CONSULTING *Financial Management Services, Inc. (FMSI) Chuck, Overland Park, KS . . . 913-955-3355 BANK OPERATIONS The Baker Group Oklahoma City, OK . . . . . 800-937-2257 *QwickRate Dan, Marietta, GA . . . . . . 800-285-8626 BANK/PEER PERFORMANCE *QwickRate Dan, Marietta, GA . . . . . . 800-285-8626 BANKRUPTCY Spencer Fane, LLP Overland Park, KS . . . . . .800-526-6529 BANK STOCK LOANS & LOAN OVERLINES Commerce Bank Kansas City, MO . . . . . . . 800-821-2182 *S&P Global Stacy, Charlottesville, VA . . . 434-951-4419 BOND ACCOUNTING First Bankers Banc Securities Overland Park, KS . . . . . . 913-469-5400 *ICBA Securities Corporation Jim, Memphis, TN . . . . . . . . . . . .800-422-6442 COMPLIANCE ASSISTANCE/REVIEWS *Advanced Business Solutions (ABS) Sandy, Olathe, KS . . . . . . 913-340-7041 Allen, Gibbs & Houlik, L.C. Wichita, KS . . . . . . . . 316-267-7231 *BHG Bank Group Tom, Syracuse, NY . . . . . . 315-372-4510 *MPA Systems David, Fort Worth, TX . . . . 888-233-1584 Purple Wave Manhattan, KS . . . . . . . 785-313-2094 Varney & Associates, CPAs, LLC Manhattan, KS . . . . . . . 785-537-2202 Young & Associates, Inc. Kent, OH . . . . . . . . . 800-525-9775 Products and Services Reference List Joe Rottinghaus Chairman Conway Bank Tanner Johnson Chairman-Elect Swedish-American Bank Tom Pruitt Secretary/Treasurer Peoples Bank & Trust Company Irv Mitchell Immediate Past Chairman Wilson State Bank DIRECTORS Josh Bailey Security State Bank Kent Culbertson First National Bank and Trust Cheri Fahrbach First National Bank of Hutchinson Brandon Lee Union State Bank Margaret Nightengale Grant County Bank Jack Rowden Citizens State Bank Steven Suellentrop Legacy Bank Jim Wayman ESB Financial Michele C. (Mickey) Lundy Past Chairman Tampa State Bank STATE ICBA DIRECTOR Blake Heid First Option Bank CBA STAFF Shawn Mitchell President and CEO shawn@cbak.com Nikki Dohrman Senior Vice President/ Executive Director nikki@cbak.com Yvonna Hansen Vice President of Member Services yvonna@cbak.com Stuart Little Little Government Relations, LLC 2023 CBA OFFICERS AND DIRECTORS Officers and Directors The following CBA Associate Members are ready to serve you when you need them. Please keep this list handy, and the next time you’re looking for a specific service, you’ll know where to look first! Remember, this is just a sampling of what each company provides. The “*” represents an agreement for a specific endorsed product with that company. Not all products that these companies offer are endorsed by CBA. To see a detailed list and explanation of endorsements, visit CBA at www.cbak.com. Keep in mind that the services listed by each company on this page may only be a sampling of the many services they offer. By their CBA Associate Membership, these companies have shown their commitment to serving community banks. Please look to these companies first, whenever possible, to meet your banking needs. 27 In Touch

RkJQdWJsaXNoZXIy ODQxMjUw