Table of Contents 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Pub.4 2023 Issue 4

ISSUE 4 2023 Official Publication of the Community Bankers Association of Kansas 12 10 REPORTS EVERY BANK SHOULD RUN 10 LENDERS COVERED BY NEW SMALL BUSINESS DATA RULE

CONTENTS Issue 4 | cbak.com © 2023 Community Bankers Association of Kansas | The newsLINK Group, LLC. All rights reserved. In Touch is published six times each year by The newsLINK Group, LLC for the Community Bankers Association of Kansas and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of the Community Bankers Association of Kansas, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. The Community Bankers Association of Kansas is a collective work, and as such, some articles are submitted by authors who are independent of the Community Bankers Association of Kansas. While In Touch encourages a first-print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. 4 FLOURISH By Rebeca Romero Rainey, President and CEO, ICBA 6 VALUE ADDED: HIGH BASELINE YIELDS ACCOMPANY SURPRISINGLY WIDE SPREADS By Jim Reber, President and CEO, ICBA Securities 8 MULTI-FACTOR AUTHENTICATION: HOW HAVING A LAYERED DEFENSE FOR YOUR BANK CAN HELP TO COMBAT CYBER THREATS By Mike Gilmore, Chief Compliance Officer, RESULTS Technology 10 LENDERS COVERED BY NEW SMALL BUSINESS DATA RULE By William J. Showalter, CRCM, CRP; Senior Consultant; Young & Associates, Inc.; Kent, Ohio 12 10 REPORTS EVERY BANK SHOULD RUN NOW By Paula S. King, CPA, Abrigo 16 CONGRATULATIONS! CBAK 2023 COMMUNICATOR AWARD WINNER! 18 ADOPTING A HOLISTIC FRAML APPROACH TO FIGHT FINANCIAL CRIME By Ankur Shah, Strategic Product Manager, CSI 19 NEW ASSOCIATE MEMBER 19 ANNOUNCEMENTS IN EVERY ISSUE: 22 ANNIVERSARIES 23 BANK TRAINING WEBINARS 24 OFFICERS AND DIRECTORS 24 PRODUCTS AND SERVICES REFERENCE LIST 8 18 12 3 In Touch

FLOURISH Where I’ll Be This Month I’ll be attending our summer board meeting, looking forward to planning for the future of this independent industry we represent. Connect with Rebeca on Twitter @romerorainey. We celebrated Independence Day, and I couldn’t help but reflect on the vital role community banks serve throughout this country. We represent Main Street America, creating a firm financial foundation for our nation’s consumers, small businesses, municipalities, local governments and more. It’s a position community banks take seriously, and one we are honored to hold on behalf of the communities we serve. When we think about the current economic environment, without a doubt, we can say that we’ve weathered this storm before. That’s what makes us unique: we are there for our customers regardless of the economic situation. Megabanks and credit unions nationwide are cutting back on balance sheet areas to tighten their bottom lines, while community banks stand ready to support local businesses and neighbors who are feeling the heightened effects of the ebbs and flows of the economy. Just look at how community banks responded to the global pandemic: by introducing tools and solutions to support small businesses in the Paycheck Protection Program (PPP). Or consider the consistent, forward-looking care community banks apply to their unique community base. From seasonal businesses and service-based and manufacturing organizations to a wide array of other models, community banks tailor their offerings to the needs of individual customers. That’s because community banks don’t just look to today’s returns; they commit for the long haul as a true partner, helping customers withstand market turbulence and come out successfully on the other side. It’s precisely in an environment like the one we have today that community banks flourish because they double down on relationship banking. That connection-based approach to finance becomes even more important in difficult economic times, because, above all, a community bank’s goal is to make a difference in the financial lives of those they serve. So, as you read this month’s issue, notice that our top lenders share one key attribute: a commitment to the customer relationship. They are helping their customers prepare for a wide variety of economic scenarios in ways that are best suited to that business or person. It’s about helping their customers make the right decisions for their financial lives and supporting them as they go. I’m proud to say that for nearly 250 years, community banks have served at the center of our nation’s finances. That’s because, to put a spin on the well-known John F. Kennedy Jr. quote, community banks ask not what their community can do for them, but what they can do for their community. And that’s a business model that will stand the test of time.  BY REBECA ROMERO RAINEY, PRESIDENT AND CEO, ICBA Community banks … commit for the long haul as a true partner, helping customers withstand market turbulence and come out successfully on the other side. 4 In Touch

Core and technology solutions backed by our unmatched support and customer care. At DCI, you’re not a number, you’re our rst priority. We’re here to support you every day, 24 hours a day. 100% U.S. BASED CUSTOMER SUPPORT 24/7/365

I f your responsibilities include your community bank’s bond portfolio, you’ve been confounded by several elements of its performance in the last 18 months. To the extent your portfolio has mortgage-backed securities (MBS) and government agency bonds, and the clear majority of all bonds owned by banks are in these two categories, they’ve certainly lost value since 2022. It is easy enough to put the “blame” on the Fed’s Federal Open Market Committee (FOMC), which as of this writing has taken overnight rates up fully 500 basis points (5%) since March of last year. However, something else has occurred in period that’s contributed to the decline in bond prices: Yield spreads have actually widened during this time frame, which is highly unusual for a rising rate scenario. It has aggravated the market losses in community bank portfolios, which stood at around 8% as of June 30. About one-fifth of the market losses can be attributed to spread widening. What’s going on here? Maybe it’s time to review why spreads widen and tighten, and why the various bond market sectors behave differently. If we can conclude with the notion that there are some opportunities for long-term benefit for your bank, all the better. Spread Basics First, a refresher on “spreads” in this context. It is the incremental yield for a collection of bonds, over and above the benchmarks. The benchmarks are comparable maturity Treasuries, which are presumed to be risk-free. (We don’t have time here to revisit the recent elaborate game of chicken over the debt ceiling. Notice I said “elaborate” and not “elegant.”) Incremental spreads on bonds will tend to widen as rates fall, as lower yields accompany an economy that is losing momentum. This slowdown brings with it a higher likelihood of debt service problems, so lenders, including bond investors, ask for additional yield protection. In 2023, there’s no slowdown, yet, and so the FOMC has now hiked overnight rates to their highest levels in 15 years in its quest to get inflation under control. And still, spreads are wider in virtually all bond sectors, so something different is in play. One factor is the Fed’s posturing related to its own balance sheet. Currently, the Fed is removing $95 billion per month from its own Treasury inventory. It has reserved the right to actually shed some of its $2.5 trillion MBS portfolio, but hasn’t yet. Another difference this time around is the well-documented decline in excess liquidity on bank balance sheets, which I hasten to add is not the same thing as deposit runoff. Globally, the banking sector has gone from too much uninvested cash, to probably about right. Again, this has removed some demand from the fixed-income markets as the banking sector has purchased very few bonds in 2023. Some Sectors Are Not Like Others The callable agency market gives us a good example of how spreads are historically wide. Way back in 2021 (hyperbole), a bond that matured in three years and could be called in a year (“3/1 callable” in bond-speak) would have had a stated rate of interest of around 0.50%, which was about 10 measly basis points (0.10%) over the curve. Today, the “coupon” for the same bond would be around 5.50%, which has a full 1% spread over the three-year Treasury. Similarly, popular mortgage securities have improved yields and spreads today over just a few months ago. A staple of community bank portfolios is a 15-year MBS issued by Fannie Mae or Freddie Mac. A “current coupon” pool has right at a 5% yield to maturity, again around 1% over the Treasury curve. A year ago? A current coupon would have been about 3.5%, and its spread around half of today’s. Act Now; Thank You It’s time to speak into the microphone and state that things can get worse before they get better. Which is to say, Treasury yields, and spreads, can continue to gap higher and wider before coming back in line. The Fed sure doesn’t sound like it’s finished with tightening, and even though banks are making use of wholesale funding sources to maintain liquidity levels, banks aren’t likely to become deluged with excess cash in the near future. Nonetheless, we have a baseline of yields (Treasury curve) that is at a 15-year high, coupled with spreads that are nearly unprecedented for this stage of the rate cycle. This causes me to suggest that your portfolio will thank you later for bonds you purchase in mid-2023. If more yield is considered good, then it’s summertime, and the livin’ is easy.  Endorsed Partner Jim Reber is President and CEO of ICBA Securities, ICBA’s institutional, fixed-income broker-dealer for community banks. He can be reached at jreber@icbasecurities.com. VALUE ADDED High Baseline Yields Accompany Surprisingly Wide Spreads CFO Forum Coming in August ICBA hosts its annual CFO Forum in Kansas City August 1415. Speakers from FORVIS and ICBA Securities will present a host of current issues pertinent to financial management of community banks. Up to 12 CPE credits are offered. To register, visit https://www.icba.org/events. Bank Strategy Webinar August 17 ICBA Securities’ exclusively endorsed broker Stifel presents its Quarterly Strategy Webcast on August 17 at 12 pm Central. The quarterly webcast provides insight on emerging balance sheets, investment, economic and regulatory developments. To register, contact your Stifel sales rep. BY JIM REBER, PRESIDENT AND CEO, ICBA SECURITIES 6 In Touch

IT COMPLIANCE & SECURITY FOR COMMUNITY BANKS Watch our video! www.resultstechnology.com/bank-solutions/ Managed IT Cybersecurity Backup & Business Continuity Audit & Exam Support IT Planning & Budgeting Security Awareness Training RESULTS Technology is a family-owned, award-winning provider of managed IT compliance, infrastructure & cybersecurity services for banks. We have been helping banks reduce risks and achieve operational efficiency for more than 20 years. RESULTS Technology | 12022 Blue Valley Parkway, # 524, Overland Park, Kansas 913.928.8300 | info@resultstechnology.com www.resultstechnology.com

BY MIKE GILMORE, CHIEF COMPLIANCE OFFICER, RESULTS TECHNOLOGY MULTI-FACTOR AUTHENTICATION How Having a Layered Defense for Your Bank Can Help to Combat Cyber Threats RESULTS TECH TALK Endorsed Partner As a leader and decision-maker at your bank, you know that technology is a doubleedged sword. It helps you work effectively, learn more about your customers, and make better decisions. But the online world also has the potential to destroy a business you’ve worked so hard to build. We live in a digital world — there’s no way to run a business without technology. So, the only option is to protect yourself as best as you can. One of the most effective ways to do this is with multi-factor authentication (MFA). You’ve probably heard about it before, and if you’re tired of hearing about it, don’t leave just yet! We’re going to debunk the common complaints about MFA and explain why it’s the single most important thing you could do for your bank’s security today. “But It Adds an Extra Step to All My Applications.” The biggest complaint with multi-factor authentication is that it bogs people down. You open up your email; you have to put in a code. If you want to access a document in Google Drive; you have to open an app and request a “token” (a number) to key in. While it may add a few seconds to your day, not implementing MFA could get you in legal trouble. The Federal Trade Commission recently updated the Safeguards Rule, which “requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.” MFA is one of those measures. In addition, the Federal Deposit Insurance Corporation (FDIC) strongly recommends MFA as well as a Managed Service Provider (MSP) that is experienced with banks and the special security needs that they require. And if that wasn’t enough to convince you, most cyber insurance requires the use of MFA. Luckily, a good MSP knows how to properly implement MFA to make it fast, easy, and secure. To get the security benefits of MFA without excessive inconvenience, there are strategies you can use. At RESULTS Technology, we recommend using push notifications. This way, you won’t have to wait or search for a code; it simply pops up on your screen with the option of remembering your device for 90-180 days. This takes away the constant code inputting and time drag. 8 In Touch

Mike Gilmore is the Chief Compliance Officer of RESULTS Technology and a Certified Information Systems Auditor (CISA) with more than 30 years of experience in the banking industry. RESULTS Technology provides IT services to community banks across the Midwest. In his role as CCO, Mike provides compliance and risk assessments, audit and exam support and policy documentation. He can be reached at mgilmore@resultstechnology.com. Is It Really That Effective? Yes, But Nothing Is Foolproof! When MFA was first gaining steam, Microsoft claimed it could stop 99.99% of data breaches. But like most things, especially when it’s concerning cybersecurity for banks, cybercriminals quickly got to work finding ways around it. So while you can’t have a near-perfect guarantee, MFA is still highly effective. Many bank employees may think that the biggest cybersecurity risk comes from a customer’s account being hacked or from someone accessing the bank’s main data frame. But hackers aren’t interested in those hard-to-reach targets. Instead, they might find an employee’s email login information and, without MFA, make it into their account. But that’s not their target — your employee’s compromised account is just the Trojan horse. With the credibility of an employee’s account, they’ll send emails to coworkers and customers. Once they have an email address and password, the attacker can eavesdrop on your email accounts. With the credibility of your employee’s account, they can quietly collect private data from your customers or internal staff for months without detection. Through this process, they can request private information, rewire payments to go into their own account or infect thousands of more computers with a phishing email. The possibilities are endless when it comes to social engineering. If they’re successful, your bank will risk everything from lost income due to reputational damage — in the age of information, mistakes are amplified, which could put your company at an extreme disadvantage. But with multi-factor authentication as a layer of your cyber defense, you could stop the criminal before they have a chance to wreak havoc. Do I Need a Paid Service, or Can I Get the Same Security for Free? If you’re feeling the strain of cyber threats but don’t have the resources to have a cybersecurity provider, most apps and tools have an MFA feature. To improve your security today, you should go through each of your vendors — VPN, Gmail, Outlook, Dropbox, DocuSign — anything you access online, and implement MFA. You won’t have to spend any money, and your cyber posture will have straightened up immediately. The downside to these free options is that there’s no guarantee of how secure the authentication process is. You won’t be able to track what devices are being used or who has access. Another downside is that they will all vary in how they’re implemented and used, so you’ll need to remember to audit your MFA security often to ensure it’s always in use. You’ll also have to log in and do the authentication for each app separately, which can be frustrating. Free options work in a cinch but shouldn’t be the extent of your MFA strategy. This is especially the case since not all systems provide a free option. Instead, try to collaborate with an IT provider that specializes in cybersecurity for banks. They’ll set up a paid version of MFA that coordinates between all your applications and gives you insight into the following: • What devices are connected to your accounts? • Who is accessing the system? • Is there unauthorized access? • Where are people logging in? A paid service will also allow you to remember devices for a few months at a time and set up an automated authentication process, so you don’t have to do any extra steps. Multi-Factor Authentication Is a Worthy Investment — Make the Most of It. When it comes to cybersecurity for banks, there’s no silver bullet. You need multiple layers of defense, and MFA should be one of them. It only takes a few seconds to do this extra step — and it could save you from a world of hurt. These days, you need MFA to protect yourself against rising cybercrime. If you neglect this essential security measure, you’re opening yourself up to the full brunt of reputational damage in the age of social media. In addition, the time you spend verifying your identity is nothing compared to the cost and hassle associated with recovering from a data breach.  Please reach out if you have any questions or need help at (913) 347-6497 or visit www.resultstechnology.com. 9 In Touch

Endorsed Partner LENDERS COVERED BY NEW SMALL BUSINESS DATA RULE BY WILLIAM J. SHOWALTER, CRCM, CRP; SENIOR CONSULTANT; YOUNG & ASSOCIATES, INC.; KENT, OHIO The Consumer Financial Protection Bureau (CFPB) has issued its final rule to implement the rule required by Congress that is intended to increase transparency in small business lending, promote economic development and combat unlawful discrimination. This is probably the last provision of the Dodd-Frank Act of 2010 to be implemented. The CFPB stated that it undertook significant planning to simplify implementation of the new rule and prepare for the submission of data from thousands of lenders. Many of these lenders already report mortgage data under the Home Mortgage Disclosure Act (HMDA). The CFPB recognizes that small business lending has important differences from mortgage lending. Background In 2010, Congress enacted requirements that would result in lenders making data available to the public about their small business lending activity in Section 1071 of the Consumer Financial Protection Act, as part of the Dodd-Frank Act. However, the CFPB did not issue rules to implement this requirement. The California Reinvestment Coalition sued the CFPB in 2019, leading to a court order requiring the CFPB to finalize the rule by March 31, 2023. The CFPB has undertaken significant planning to simplify implementation and prepare for the submission of data from thousands of lenders. While many of these lenders already report mortgage data, the CFPB recognizes that small business lending has a number of key differences from mortgage lending. After considering a wide range of feedback and thousands of public comments, the CFPB has finalized the rule and planning for implementation. Under the new rule, lenders will collect and report information about the small business credit applications they receive, including geographic and demographic data, lending decisions and the price of credit. The rule will work in concert with the Community Reinvestment Act (CRA), which requires certain financial institutions to meet the needs of the communities they serve. The increased transparency is expected to benefit small businesses, family farms, financial institutions and the broader economy. Covered Lenders The CFPB is defining the term “financial institution,” consistent with the definition in section 1071 of the Dodd-Frank Act, as any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization or other entity that engages in any financial activity. Under this definition, the requirements of the new rule apply to a variety of entities that engage in small business lending, including depository institutions (i.e., banks, savings associations and credit unions), online lenders, platform lenders, community development financial institutions (CDFI), Farm Credit System lenders, lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies), commercial finance companies, governmental lending entities and nonprofit nondepository lenders. Phased Implementation The CFPB considered a wide range of feedback and thousands of public comments in this rulemaking process. The agency finalized the rule and planned for implementation to take a phased approach. During its rulemaking process, the CFPB found that there were key differences in how large financial institutions would implement the rule, compared to relationship-based local lenders. The CFPB is adopting a tiered compliance date schedule because it believes that smaller and mid-sized lenders would have particular difficulties complying within the single 18-month compliance period in the original proposed rule. So, the final rule takes a phased approach that requires the largest lenders, which account for most of the small business lending market, to collect and report data earlier than smaller lenders. This phased schedule provides for compliance beginning as follows: • Lenders that originate at least 2,500 small business loans annually must collect data starting Oct. 1, 2024. • Lenders that originate at least 500 loans annually must collect data starting April 1, 2025. • Lenders that originate at least 100 loans annually must collect data starting Jan. 1, 2026. The term “covered financial institution” is a financial institution that originated at least 100 covered credit transactions for small businesses in each of the two preceding calendar years (with compliance phased in based on the loan volumes above). Only financial institutions that meet this loan-volume threshold are required to collect and report small business lending data under the final rule. For the phased implementation, lenders are to look at their lending in 2022 and 2023 to determine their coverage. For lenders in the third tier, if the financial institution did not originate at least 100 covered credit transactions for 10 In Touch

38545 Partner with us for: • Loan participation purchases and sales* • Bank stock financing • Bank executive and employee financing *We do not reparticipate loans. Tracy Peterson Call me at 480.259.8280 Based in Phoenix, Ariz. Serving Arizona, Colorado and Kansas Our Mission Is to Help You Succeed small businesses in each of calendar years 2022 and 2023 but subsequently originates at least 100 such transactions in two consecutive calendar years, it must comply with the requirements of this rule, but in any case, no earlier than Jan. 1, 2026. The new rule provides that covered financial institutions may begin collecting applicants’ protected demographic information one year before their compliance date to help prepare for coming into compliance with this final rule. The CFPB is also adopting a new provision to permit financial institutions that do not have ready access to sufficient information to determine their compliance tier (or whether they are covered by the rule at all) to use reasonable methods to estimate their volume of originations to small businesses for this purpose. While the new rule requires data collection and reporting for only those that make at least 100 loans annually, the rule will cover the vast majority of bank small business lending, based on the CFPB’s analysis. In addition, the CFPB notes that lenders originating less than 100 loans per year will still have to adhere to fair lending laws (even though they are not having to report this loan data). Final Rule & Additional Resources The final rule may be accessed by scanning the QR code. https://files.consumerfinance.gov/f/ documents/cfpb_1071-final-rule.pdf The CFPB has also developed a number of resources for financial institutions, including: • Filing Instructions Guide (FIG) for reporting the newly required data • Small entity compliance guide • Frequently asked questions (FAQ) • A set of Quick References • Sample data collection form from the regulation • Slide deck from a recent RegCast on the coverage of the rule Scan the QR code to access these resources. As the agency develops additional resources related to this rule, we can expect these to become available on this webpage. https://www.consumerfinance.gov/ compliance/compliance-resources/ small-business-lending-resources/smallbusiness-lending-collection-and-reportingrequirements/ To emphasize financial institutions’ obligations to collect this important data, the CFPB is also issuing a policy statement noting that it intends to focus its supervisory and enforcement activities in connection with the new rule on ensuring that lenders do not discourage small business loan applicants from providing responsive data, including responses to the requests to provide demographic information about their ownership. This policy statement is available by scanning the QR code. https://files.consumerfinance.gov/f/ documents/cfpb_1071-enforcement-policystatement.pdf Implementation Note It is possible that the implementation schedule spelled out in the final rule (discussed above) will be delayed. A lawsuit has been filed, petitioning the court to push the implementation dates back to allow more time for financial institutions to develop their compliance programs for this rule. So, the expected schedule may be delayed, or may not be. One thing to keep in mind is that, even if the implementation dates are pushed back, they will eventually arrive. Therefore, all financial institutions that are active in small business lending should proceed with their planning and implementation process to be ready to comply when the rule does become effective for their institution.  William J. Showalter, CRCM, CRP is a Senior Consultant with Young & Associates, Inc. (www.younginc.com), with over 35 years of experience in compliance consulting, advising and assisting financial institutions on consumer compliance and compliance management issues. He also develops and conducts compliance training programs for individual banks and their trade associations and has authored or co-authored numerous compliance publications and articles. Bill can be reached at (330) 678-0524 or wshowalter@younginc.com. 11 In Touch

10 REPORTS EVERY BANK SHOULD RUN NOW BY PAULA S. KING, CPA, ABRIGO Banking Management Reports for Today Financial institution executives are reporting increased or significant concerns about interest rates, credit risk and liquidity — worries that only add to the number of figurative plates they are spinning. How can banks quickly spot warning signs so they can act during volatile economic, industry and institutional conditions? Data-driven decisions for managing financial institution risk while driving growth and increasing efficiency are especially important given the recent failures of Silicon Valley Bank, First Republic Bank, and Signature Bank of New York. With headlines like “banking crisis” and “bank runs,” customers, employees and other stakeholders are looking for any sign that another bank is in trouble — even if the institution is not facing the unique circumstances leading to those banks’ collapses. Naturally, all financial institutions come under increased regulatory scrutiny after such newsworthy events as those, too. In addition, even before the recent banking troubles, regulators have emphasized the financial institution’s responsibility to provide leaders with information on key areas of planning, operations and risk management. An OCC Reference Guide to Board Reports and Information, for example, says that “directors should look at individual, peer and industry performance measures as well as the trend and interrelationships among capital, asset quality, earnings, liquidity, sensitivity to market risk and balance-sheet changes.” Financial Institution Information for Assessing, Managing Risk Where to start? Below are 10 reports banks should run and review to assess capital, growth and liquidity. The reports for banking management are grouped into three major areas of focus, while all are connected. Reports for Assessing Bank Capital Capital ratios reports assess the sufficiency of an institution’s ability to absorb losses. Regulators review them to assess safety and soundness. Shareholders care about them from an earnings and return viewpoint since increased capital needs can affect strategic planning, growth plans, dividends and, ultimately, stock price. A report that allows a financial institution to identify warning signs that it is approaching minimum regulatory requirements for capital compares the institution’s equity capital to assets and its total leverage ratio (core capital) with the minimum regulatory requirement (e.g., the Community Bank Leverage Ratio (CBLR) and the minimum Tier 1 leverage ratio). The capital ratios report helps ensure the institution maintains capital commensurate with the level and nature of risks to which it is exposed. Capital is impacted by growth and liquidity, so it is essential to look at these graphs holistically. In addition, keep in mind the necessity to drill down into these more general graphs to gain better insight into underlying issues. Continued on page 14 12 In Touch

Mortgage Investment Services Corporation 22316 Midland Drive • Shawnee, KS • 66226 • 913-390-1010 NMLS# 194708 • A Kansas licensed mortgage company #MC 0001182 Missouri Residential Mortgage Loan Broker Licence # 10-1912 Oklahome Mortgage Broker #MB001953 Colorado License #100044344 Nebraska Licensed Mortgage Company NMLS#194708 20+ Years! Depend On Us! For 20 years, community banks in the Midwest have depended on MISC’s expert mortgage services for their customers. • Free Loan Officer Training & Webinars •Offer all secondary market loan programs: VA, FHA, USDA/RD, Conventional & Jumbo •Earn more fee income with less risk Call or email today. Let’s discuss how MISC can help you! Joan Emas, Account Executive Andrew Holtgraves, Sr. Vice President Cell: 816-810-8878 Cell: 913-558-2555 Email: Joan@MISCHomeLoans.com Email: Andrew@MISCHomeLoans.com NMLS: #276932 13 In Touch

Growth Reporting on the Balance Sheet To Identify Imbalances Four reports focused on growth to run and review in comparison with peers are: • Asset growth rate • Loan growth rate • Deposit growth rate • Core deposit growth rate These reports show how a financial institution is growing components of each side of the balance sheet to identify potential imbalances that may prompt the need for additional funding or liquidity. Deposit analysis provides insight on surge balances as well as non-core versus core deposits, which are more stable sources of funding for loan growth. Core deposits in growth reports for financial institutions should be defined in a variety of ways. For example, the UBPR defines core deposits as the sum of demand deposits, all NOW and ATS accounts, MMDA savings, other savings deposits, and time deposits under $100,000. Still, it is vital to consider depositor behavior as well when defining what really is a core deposit. A report designed to identify growth opportunities as well as flag liquidity needs is one showing the loan pipeline according to when loans are projected to close and fund. Showing projected loan fundings over the next week, for example, helps the CFO or other staff involved in liquidity management to plan anticipated funding needs to support loan originations. This report requires (and therefore improves) communication between the credit and lending area of the bank and those responsible for liquidity management. Monitor Liquidity Risk With Regular Reporting Capital and liquidity go hand in hand, as the industry saw with the recent bank failures. In the case of Silicon Valley Bank (SVB), the bank needed liquidity fast due to significant depositor withdrawals and had to liquidate its securities portfolio. The sale depleted its capital because SVB was in a large unrealized loss situation on its held-to-maturity investment securities. Three types of reports to monitor liquidity risk are those evaluating: • Liquid assets • Core deposits • Short-term investments First, monitor liquid assets and those that can be liquidated quickly with few adverse consequences. Measure liquid assets as a percentage of total assets and evaluate this ratio relative to peers. Second, track core deposits as a percentage of total assets and evaluate this relative to peers. Core deposits should be assessed not only by deposit type (e.g., transactional accounts like CDs versus primary checking accounts) but also in terms of balances to identify surge balances. In addition, it’s useful to discern the migration of deposit funds from existing depositors (i.e., the movement of money out of money market funds to CDs versus new deposit money coming in). Continued from page 12 14 In Touch

Monitoring short-term investments is another important radar for liquidity risk and issues. Two reports to run are: • Short-term investments as a percent of total assets • Short-term investments vs. short-term non-core funding Again, comparing the bank’s ratios to those of peers provides useful context. The liquidity risk reports can identify areas of concern and help the institution prepare in the event it must liquidate any of the portfolio. Evaluating short-term investments can also identify the need to overhaul or adjust investment and liquidity policies to better pivot under more stressed economic environments. Additional Analytics for Guiding Financial Institution Decisions Additional analytics useful in the current environment include reports on investment growth, investment duration and unrealized loss positions in the investment portfolio. It is also important to consider the more granular aspects of the broader categories shown in the graphs herein. A good reporting solution allows the analyst to drill down into the underlying data and slice the data by product, individual customer, geographic location and more. All the reports above highlight areas that are especially key to monitor considering recent bank failures: capital, growth and liquidity. However, other reports beyond the scope of this article can help a financial institution and its directors assess and plan. For example, ongoing reports related to profit, asset quality and yields versus costs provide critical information for better managing the bank. Access Data for Bank Reporting As previously described, data can drive risk and growth decisions. A common challenge among banks, however, is being able to provide leaders with data that is actually meaningful. Many financial institutions store the information needed to spot trends and red flags across their core systems, spreadsheets, loan tapes and other disconnected data sources. Banks may lack the talent or infrastructure for dedicated data warehousing and data science. As a result, quickly and efficiently delivering basic snapshots focused on liquidity, capital and growth isn’t possible at these institutions, and it becomes even more complex as the bank grows. In addition, some forms of data yield little in the way of insights that can drive action. They simply add clutter to the noise of the workday. Financial institutions need help sifting through mountains of data so they can derive value and take action. A banking intelligence solution purpose-built for banks should combine analytics and intuitive dashboards to make it easier to make data-driven decisions. It should provide an improved understanding and point staff in the direction of opportunities to better manage credit risk, liquidity risk, market risk and compliance risk, including the effectiveness of the institution’s programs for preventing money laundering and fraud. For example, leveraging archived loans as well as loan pipeline data can provide an early warning system of concentration risk or a projection of future concentration risk so that management and the board can make proactive credit risk management decisions. Curated insights into sources of risk can show which customer types are contributing to additional work related to anti-money laundering/countering the financing of terrorism (AML/CFT) compliance. Visualizing the institution’s lending footprint can lead to improved targeting of growth areas. A banking intelligence system that provides dashboards that are based on roles within the financial institution paves the way for better decisions from the top down and from the bottom up. Unlike spreadsheets or complicated business intelligence tools, this kind of banking intelligence makes it easier to assess institutional performance, increase employee performance, unlock opportunities for growth and anticipate future risks.  A common challenge among banks, however, is being able to provide leaders with data that is actually meaningful. 15 In Touch

To browse the winning issue, please scan QR code. To see the list of winners on The Communicator Awards website, please scan QR code. Congratulations! 2023 COMMUNICATOR AWARD WINNER! CBAK We are very pleased to announce that the In Touch magazine earned the Award of Distinction for an association magazine. The Award of Distinction is presented for projects that exceed industry standards in quality and achievement and represents the best in marketing and communication. https://www.communicatorawards.com/winners/ https://in-touch.thenewslinkgroup.org/ pub-4-2023-issue-1/ This past year marked the 29th year of The Communicator Awards. This distinguished award is dedicated to recognizing excellence, effectiveness, and innovation across all areas of communication; they are the leading international awards program honoring talent in this highly acclaimed field. The Communicator Awards receives almost 5,000 entries from companies, agencies, studios, and boutique shops of all sizes, making it, globally, one of the largest award shows of its kind. They honor work that transcends craft; work that makes a lasting impact and provides an equal chance of winning to all entrants regardless of company or agency size and project budget. The goal is to reward excellence. The Awards provide winners and their clients the recognition they deserve and give communications and creative professionals proof and validation that their work is highly regarded by their peers within the industry.

IS YOUR COMMUNITY BANK SECURE? Meet Dina. Dina provides clients with the guidance they need to steer clear of card fraud all year long. Working together with ICBA Bancard partners, she ensures client banks are receiving the level of care and support they deserve. Even when she’s waiting to pick up her kid from practice, she’s scribbling notes on how we can better protect banks from fraud. By working with ICBA Bancard, your bank has Dina’s ongoing support. Learn more at icbabancard.org

Associate Member ADOPTING A HOLISTIC FRAML APPROACH TO FIGHT FINANCIAL CRIME BY ANKUR SHAH, STRATEGIC PRODUCT MANAGER, CSI As digital payments and online transactions increase, the risk of bad actors fraudulently using these channels is growing as well. The United Nations estimates that 3% to 5% of the global GDP — around $5 trillion — is laundered each year across the world. Fraudsters steal billions of dollars annually from organizations and individuals in the U.S. alone. But losing money is not the only risk that financial crime poses to organizations. If a bank falls victim to illicit activity, it risks reputational damage. That danger is compounded by regulatory risk. In an ever-evolving digital space, protecting against cyber criminals is a must. That’s why many financial institutions are merging their monitoring efforts into a comprehensive fraud and anti-money laundering approach, known collectively as FRAML. FRAML: Bringing Together Fraud and Anti-Money Laundering Fraud and money laundering are distinct financial crimes, but there is a reason the two are often connected. Financial fraud results in ill-gotten gains for a bad actor, and money laundering provides a way to place illegally obtained money into the global financial system without arousing suspicion. Understanding each crime individually is critical to comprehending the intersection where fraud and antimoney laundering meet. FRAML brings together the fraud and AML operations of an institution, helping to automate data sharing and better identify the lifecycle of customer risk that is created through both components. Using FRAML technologies allows your institution to analyze a vast amount of data transactions and consumer behaviors, providing a holistic risk profile. By creating these high-level, holistic risk profiles, your institution can better predict and prevent both fraud and money laundering components where they intersect. The combination of these functions often leads to stronger risk management and increased operational efficiencies. Fighting Financial Fraud Financial fraud is a broad term, describing any activity that deprives another person of money or other assets through deception or crime. It is one of the most common financial crimes in the world, with nearly $6 billion in consumer financial fraud losses reported to the U.S. Federal Trade Commission in 2020 alone. Fraud can be conducted in dozens of ways, from check fraud to phishing to identity theft, but all types of fraud involve access to a victim’s assets by a bad actor through unauthorized or illicit means. Criminals in the financial fraud space are taking advantage of new technologies to commit crimes more quickly and make them more difficult to prosecute. P2P fraud incidents are rising as fraudsters target payment apps such as Venmo and Cash App, with another $440 million in consumer losses reported in 2021, according to a Senate report. Understanding Money Laundering Money laundering is the conversion of profit from illicit activity into money that appears to be the product of normal business. Financial criminals use various methods to conceal the origin of their funds from businesses and law enforcement, but most launderers follow three common steps: • Placement is the insertion of illicit funds into the legitimate financial system. This can be accomplished several ways, including blending the illicit income into income from a legitimate source or falsifying documents indicating a business transaction that never took place. • Layering is separating the proceeds of criminal activity from its source — often through a series of complex transactions through multiple people, corporations and trusts. Illicit cash may be converted to money orders, bonds, wire transfers or even tangible goods like jewelry or art to further disguise the trail. • Integration is the return of the now legitimate-appearing money to the criminal as profit. Now that the proceeds of criminal activity are integrated into the legitimate financial system, the money can be used normally for any number of transactions. At this point, laundering becomes significantly harder to detect and prosecute, as the money appears to be stemming from standard sources of business. Due to its complexity, money laundering presents an incredible challenge for entities involved in the U.S. financial system. Every onboarded customer could potentially be involved in money laundering. Likewise, every new transaction processed could 18 In Touch

represent the flow of laundered money. Picking out which customers and transactions fall into these categories is like finding the proverbial needle in a haystack. That’s why it’s critical to have an effective AML solution to detect suspicious activity, stop the flow of laundered money and avoid costly regulatory fines — especially as BSA/AML scrutiny grows. Moving Forward with FRAML The fight against fraud and money laundering is never ending, and banks of all sizes can be overwhelmed by the sheer volume of criminal attempts and the complex regulations surrounding them. Failure to live up to this expectation to protect your customers’ data can lead to regulatory fines and reputational damage that causes further financial harm beyond the costs associated with fraud itself. But criminals are not the only ones evolving. New technologies are replacing outdated methods of monitoring, giving organizations an edge in stopping financial crime before it can cause financial, reputational or legal liability. And implementing a cohesive FRAML strategy is the most efficient and effective way to tackle fraud and AML compliance. Scan the QR code to read our white paper on incorporating the use of both AI and machine learning in your bank’s approach to FRAML.  https://www.csiweb.com/what-to-know/ content-hub/whitepapers/fraud-hitskeep-coming/ Ankur Shah is a Strategic Product Manager for the anti-money laundering (AML) and fraud offerings at CSI. He is a subject matter expert in investment banking operations and AML compliance. Before joining CSI, he was a senior product manager at SAS and Nice Actimize. Ankur has established proficiency in stakeholder and relationship management. ANNOUNCEMENTS Citizens Bank of Kansas (CBK), Kingman, is pleased to announce the addition of Gary Renberger and Sarah Keeny Moon to the Board of Directors. Mark Keeny and Kyle Russell are celebrating 30 years of banking leadership at CBK, congratulations! The Independent Community Bankers of America (ICBA) has recognized Stephanie Schwilling, Citizens Bank of Kansas in Winfield, as a 2023 40 Under 40 Community Bank Leader. Stephanie Schwilling joined CBK in 2014 and has advanced to her current role as Senior Branch Manager and Mortgage Loan Officer. Stephanie is passionate about giving back to the Winfield community. In addition to providing financial literacy within the schools and the community, Stephanie volunteers in a variety of organizations including Habitat for Humanity, Elevate, Rotary Club, Lion’s Club and Youth Entrepreneurs.  NEW ASSOCIATE MEMBER Allied Business Solutions We are Allied Business Solutions and for over 30 years we have helped organizations of all sorts and sizes save and collect money back on their telecommunication bills. We don’t work for the telecom companies; we work for our clients. With an extensive background in the telecom industry, we know all the tricks of the trade and what to look for. Our average monthly savings are over 30%, and we successfully get back refunds for all the wrongly and overbilled charges that have been going on for years! That’s tens of thousands of dollars put back into our client’s pockets! The best part is there are no out-of-pocket costs for our services. We only share a portion of the savings we find; if there are no savings, there is no cost. No changing of vendors, no risk, just huge rewards — our clients agree it pays to utilize Allied Business Solutions.  19 In Touch

Generate reports and receive alerts automatically Deliver, broadcast, and apply business requirements MONITOR & MANAGE Share. Verify. Trust trustexchange.com @b2btrust info@trustexchange.com All Third Party Vendor Needs in One Platform In the face of rapidly changing regulations, Trust Exchange helps banks keep pace with third party compliance CONNECT & COLLECT Work with clients, partners, or contractors Manage ongoing access to confidential documents from document owners COLLABORATE & SHARE Create groups to rapidly and accurately share information and documents through events Configure policies, set alerts, and time based triggers that keep data current and actionable ANNOUNCING CBA NEW ENDORSED PARTNER

G � VALLEY BANK WHAT IS YOUR TIME WORTH? • WORKDIRECTLYWITH THEOWNERS • RECEMLOANAPPROVAL WITHIN2 OR3 DAYS •AVOIDANNOYING COVENANTS • UM/TED ORNO ORIGINATION COSTS • LOW INTEREST RATES Bank Stock and Bank Holding Company Stock Loans Done the Simple Way Bank mergers, acquisitions loans and refinances E11chd1 01itorinsur1dtoatleast$250,000 Foder,I O.posil lnunnc• Corporation• www.dc.go• up to $50 million Call Rick Gerber or Ryan Gerber at l-866-282-3501 or email rickg@chippewavalleybank.com ryang@chippewavalleybank.com EQUAL HOUSING LENDER

ANNIVERSARIES Congratulations to the banks celebrating July and August anniversaries as chartered institutions! July 141 years, est. 1882 The Halstead Bank — Halstead 137 years, est. 1886 Wilson State Bank — Wilson 122 years, est. 1901 Union State Bank — Everest 121 years, est. 1902 First National Bank — Scott City 118 years, est. 1905 Valley State Bank — Syracuse 117 years, est. 1906 Plains State Bank — Plains 117 years, est. 1906 The First State Bank of Healy — Healy 105 years, est. 1918 GNBank, N.A. — Girard 57 years, est. 1966 Garden Plain State Bank — Wichita August 146 years, est. 1877 Howard State Bank — Howard 131 years, est. 1892 Baldwin State Bank — Baldwin City 122 years, est. 1901 Lyndon State Bank — Lyndon 24 years, est. 1999 Community Bank of Wichita — Wichita 22 In Touch

BANK TRAINING WEBINARS x www.fin-ed.info/cbak www.fin-ed.info/cbak 1 - A u g 2 - A u g 3 - A u g 8 - A u g 8 - A u g 9 - A u g 1 5 - A u g 1 7 - A u g 1 7 - A u g 2 2 - A u g 2 3 - A u g 2 4 - A u g 2 9 - A u g 3 0 - A u g 3 1 - A u g Old-School Check Fraud; New RDC Tricks IT Audit Options: How to Choose the Right One for Your Institution Marijuana Policy & Best Practices: Handling Employee Medical & Recreational Use What Reg E & the Nacha Rules Mean to You, Including Dealing with Discordant Rules Auto Loan Delinquencies: Reducing Defaults & Maximizing Recoveries Force-Placed Auto & Mortgage Insurance: Placement, Management, Guidance Working with Troubled Loans: Extensions, Deferments, Re-Aging, Refinancing & Incentives Measuring the ROI of Your Digital Marketing Strategy Job-Specific Compliance Training for Deposit Operations Workout & Liquidation of an SBA Loan SARs & Cyber Crimes Debit Card Payment Fundamentals The Green Book & Government Payments Explained Five Steps for E-SIGN Compliance Record Retention & Destruction Policy & Timeframes 5 - S e p 6 - S e p 7 - S e p 1 2 - S e p 1 3 - S e p 1 3 - S e p 1 4 - S e p 1 8 - S e p 1 8 - S e p 1 9 - S e p 2 0 - S e p 2 1 - S e p 2 5 - S e p 2 6 - S e p 2 6 - S e p 2 7 - S e p 2 8 - S e p ACH & P2P Payments: Perils & Protections Regulation CC for Tellers ECOA & Fair Lending: Examiner Hot Buttons ACH Return Reason Codes: Commonly Used & Misused Codes HMDA Part 1: Application Basics Countdown to New Beneficial Ownership Rules: Effective January 1, 2024 Your Consumer Borrower Filed Bankruptcy, Now What? Chapters 7 & 13 New Third-Party Risk Management Guidance New Policy Statement on CRE Accommodations & Workouts Traditional & Roth IRAs Part A: Eligibility, Contributions, Rollovers & Transfers Business Accounts: Setup, Management & Authority BSA for Operations Personnel Top ACH Audit Findings & Tips to Avoid Them FedNow Is Here Now! Understanding CAMELS Components & Risk Community Reinvestment Act: Fundamentals, Documentation & Proposed Rule Changes Lending to Nonprofit Organizations 23 In Touch

RkJQdWJsaXNoZXIy ODQxMjUw