Pub 17 2022 2023 Issue 5

JANUARY/FEBRUARY 2023 President’s Message Celebrate Nebraska’s Banking Industry

Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their ddata based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375 ould you like to transfor the anage ent of your infor ation security progra fro a daunting chore to a process that fuels better decisions? SBS can help! ��� e powers �nancial institutions to ma�e infor ed security decisions and trust the safety of their ddata based on a valuable infor ation security progra . To learn more, visit www.sbscyber.co today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375 ould you like to transfo t of your infor ation security ting chore to a process that isi s? SBS can ��� e powers �nancial i tit ti s t a�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn ore, visit w .sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375

CONTENTS 22 JANUARY/FEBRUARY 2023 EDITORIAL: Nebraska Banker seeks to provide news and information relevant to Nebraska and other news and information of direct interest to members of the Nebraska Bankers Association. Statement of fact and opinion are made on the responsibility of the authors alone and do not represent the opinion or endorsement of the NBA. Articles may be reproduced with written permission only. ADVERTISEMENTS: The publication of advertisements does not necessarily represent endorsement of those products or services by the NBA. The editor reserves the right to refuse any advertisement. SUBSCRIPTION: Subscription to the magazine, which began bimonthly publication in May 2006, is included in membership fees to the NBA. ©2023 NBA | The NewsLINK Group, LLC. All rights reserved. Nebraska Banker is published six times each year by The newsLINK Group, LLC for the NBA and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of the NBA, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. Nebraska Banker is a collective work, and as such, some articles are submitted by authors who are independent of the NBA. While Nebraska Banker encourages a firstprint policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. 8 PRESIDENT’S MESSAGE: CELEBRATE NEBRASKA’S BANKING INDUSTRY Richard J. Baier, President and CEO, Nebraska Bankers Association 12 WASHINGTON UPDATE: BEATING BACK A BAD IDEA How Bankers United to Play Defense Against Durbin Expansion Rob Nichols, President and CEO, American Bankers Association 14 CLIMATE CHANGE AND CLIMATE RISK MANAGEMENT FOR BANKS Julia A. Gutierrez, Director of Education, Compliance Alliance 16 WHAT CAN HISTORY TELL US ABOUT BALANCE SHEET AND MARGIN MANAGEMENT IN 2023? Andrew Okolski, Senior Financial Strategist, The Baker Group 22 COUNSELOR’S CORNER: A RESPONSE TO FEDERAL GRAND JURY SUBPOENAS, AND WHEN A SUBPOENA IS NOT NECESSARY Robert Kardell, Baird Holm, LLP 25 EDUCATION CALENDAR 26 TECH TALK: OUR STEPS TO BETTER BUSINESS CONTINUITY PLAN TESTING Cole Ponto, Senior Information Security Consultant, SBS CyberSecurity, LLC 26 4

To be successful in today's financial climate, you must have not only the proper partner, but also the proper approach to achieve high performance. TheBakerGroup is thispartner, andour approach is to offer sound strategies and accurate information to guide your institution to the next level. This is the reason we’ve been the industry’s recognized leader in innovation for more than forty years. To experience The Baker Approach in meeting your financial objectives, call your Baker representative or RyanHayhurst at 800.937.2257. Member: FINRA and SIPC www.GoBaker.com | 800.937.2257 Oklahoma City, OK | Austin, TX | Dallas, TX | Houston, TX Indianapolis, IN | Long Island, NY | Salt Lake City, UT | Springfield, IL The Baker Group LP is the sole authorized distributor for the products and services developed and provided by The Baker Group Software Solutions, Inc. The Baker Approach OUR SERVICES Investment Portfolio Services Balance Sheet Management Education Public Finance Strategic Planning Funding Bond Accounting/Analytics

LINCOLN BRUNING endacotttimmer.com 402-817-1000 Legal advice. Community banking experience. NEBankers.org/Health An independent licensee of the Blue Cross and Blue Shield Association. for Here you 233 South 13th Street, Suite 700 Lincoln, NE 68508 Phone: (402) 474-1555 • Fax: (402) 474-2946 nebankers.org RICHARD BAIER President and CEO richard.baier@nebankers.org KARA HEIDEMAN Director of Communications and Marketing kara.heideman@nebankers.org NBA BOARD OF DIRECTORS NBA EDITORIAL STAFF STEPHEN STULL NBA Chair (402) 792-2500 Nebraska Bank Dodge LYDELL WOODBURY NBA Chair-Elect (402) 359-2281 First Nebraska Bank Valley KATHRYN BARKER (402) 333-9100 Core Bank Omaha NICHOLAS BAXTER (402) 341-0500 First National Bank of Omaha Omaha CORY BERGT (402) 434-4321 Wells Fargo Bank, N.A. Lincoln JOHN DAUBERT (402) 323-8008 Security First Bank Lincoln DANIEL FULLNER (402) 454-1000 Madison County Bank Madison CURTIS HEAPY (308) 367-4155 Western Nebraska Bank Curtis KRISTA HEISS (308) 534-2877 NebraskaLand Bank North Platte ZACHARY HOLOCH (402) 363-7411 Cornerstone Bank York DONALD JIVIDEN (402) 759-8113 Heartland Bank Geneva ZAC KARPF (308) 632-7004 Platte Valley Bank Scottsbluff JOHN KOTOUC (402) 399-5088 American National Bank Omaha MARK LINVILLE (402) 337-0323 First State Bank Randolph KRISTEN MARSHALL-MASER (308) 384-5681 Five Points Bank Grand Island BRANDON MASON (402) 918-2332 Bank of the West Omaha JEREMY MCHUGH (402) 867-2141 Corn Growers State Bank Murdock KAYE MONIE (308) 368-5555 Hershey State Bank Hershey JAY PRESTIPINO (402) 392-2616 First Interstate Bank Omaha LUKE RICKERTSEN (308) 537-7181 Flatwater Bank Gothenburg KIRK RILEY NBA Past Chair (308) 784-2515 Waypoint Bank Cozad RYNE SEAMAN (402) 643-3636 Cattle Bank & Trust Seward TRAVIS SEARS (402) 323-1828 Union Bank & Trust Co. Lincoln JOSEPH SULLIVAN III (402) 348-6000 U.S. Bank, N.A. Omaha KELLY TRAMBLY (402) 756-8601 South Central State Bank Campbell 6

PMA Funding is a service of PMA Financial Network, LLC and PMA Securities, LLC (member FINRA, SIPC) (collectively “PMA”). PMA Securities, LLC is a broker-dealer and municipal advisor registered with the SEC and MSRB. ©2022 PMA Financial Network, LLC. All rights reserved. Funding Solutions That Meet Changing Times PMA Funding (PMA) is a leader in providing institutional funding options. One call gains access to: • Our experienced funding team (Over 100 years of combined experience) • Our large sources of political subdivision depositors (4,000+ public entities) The result: financial institutions have been able to diversify and manage their liquidity needs with greater flexibility by utilizing tailored funding solutions. PMA is more than just a depositor; we are your partner. Contact us today! 800.783.4273 | PMAFUNDING.COM Relax. We do the work.

PRESIDENT’S MESSAGE As Amanda and I enjoyed ringing in the new year with a group of close friends, I spent a few minutes thinking about the importance of using New Year’s Eve to celebrate the past year (in most cases) and to look ahead to the coming year with optimism. Too often in today’s technology-driven world, we do not spend enough time simply celebrating and reflecting upon our successes. I want to thank the more than 100 banks (63%) that recently completed the 2022 NBA Member Survey. Cumulative survey responses provide numerous reasons for celebrating the impact of Nebraska’s banking industry and your NBA. General insights garnered through the survey and related background research include: 1. Nebraska banks employ more than 17,000 Nebraskans, offering highly competitive pay, excellent benefits, positive work-life balance, and the ability to have a direct impact on the lives of their customers. 2. While the number of bank charters continues to decline through mergers and acquisitions, more than 1,050 branches across our state provide valuable banking services in 340 Nebraska communities. 3. Nebraska banks continue to have profound impacts on their customers and their communities: reporting banks contributed almost $400 million in community investments, donations and charitable contributions during 2021. This is an average of $4 million per survey participant. 4. Survey respondents reported volunteering 119,165 hours to community and charitable causes during 2021. This averages out to more than 1,200 volunteer hours per bank that responded. 5. More than 50% of participating banks rated the quality, value, and responsiveness of the NBA’s education and training programs as “excellent.” 6. Ninety-two percent of respondents were either satisfied or very satisfied with the NBA’s government relations team, with many comments specifically noting the NBA’s leadership on the opposition to the proposed purchase of a Nebraska bank by an Iowa credit union. Several banks also referenced the positive benefits of the recently implemented Single Bank Pooled Collateral Program. 7. An overwhelming number of respondents rated a variety of NBA communication tools like the NBA Update (89%), the NBA Compliance Update (88%), and the NBA Magazine (72%) as either “valuable” and “highly valuable.” 8. Products offered through NBA Benefit Programs, like the health plan, were consistently rated as “good” or “excellent” by more than 93% of respondents. Numerous Richard J. Baier, President and CEO, Nebraska Bankers Association Celebrate Nebraska’s Banking Industry 8

Since 1857, Cline Williams has devoted attention to the unique needs of the banking and nancial services industries. Since then, we have provided our clients with the resources they need in the areas that are most important to them – from lending and collections, to regulatory compliance, to mergers and acquisitions, and so much more. We’re more than a law rm. We’re a partner for your bank. LINCOLN I OMAHA I AURORA I FORT COLLINS I HOLYOKE WE’RE YOUR PARTNER IN BANKING. 2120 South 72nd Street, Suite 1200, Omaha 402.391.6777 www.crokerlaw.com respondents specifically noted the responsiveness of the NBA staff who support these programs and the importance of having an NBA staff advocate to help with claims navigation when needed. 9. Approximately 50% of respondents utilize NBISCO for insurance coverage. Seventy percent of these rated the knowledge and responsiveness of the NBISCO staff as “excellent.” 10. When asked about the issues that need NBA focus moving forward, the attraction and retention of banker talent was the number one priority. Participants also mentioned the need for pushing back against credit unions and Farm Credit, fighting regulatory overreach, young banker education, using enhanced cyber tools, having human resources assistance and consulting, helping address Community Reinvestment Act requirements, and offering Medicare supplement insurance coverage as a priority for the NBA and NBISCO. I am honored to work with an engaged NBA team that supports the work of our bank members in a professional and highly effective way. They truly epitomize exceptional customer service, typically with a smile and a hello (and sometimes a hearty laugh). Clearly, we have much to celebrate and even more to look forward to as we move into 2023!  9

• 70% of Strokes • 71% of Colon Cancers • 80% of Heart Disease • 91% of Diabetes Cases WHAT TO EXPECT: Comprehensive Lab Testing: Over 40 Tests Including Vitamin D, Testosterone, and A1C Height, Weight, Pulse, and Blood Pressure Measurements Personalized Health Risk Assessment and Report Consultation and Unlimited Coaching with a Registered Nurse, Dietitian, and Pharmacist There is NO COST to You All Conversations and Reports are Confidential Be Around for Your Kids and Grandkids PARTICIPATE IN A PREVENTIVE CARE CLINIC 877.345.7775 Winners announced April 10th, 2023 Contact Kirk Bowers at: 308.737.8414 to schedule a PCC at your location. *Four people will receive $250 each. Attend a PCC by March 31st, 2023. To learn more contact Wellness Partners at 877.345.7775. ARE PREVENTABLE THROUGH LIFESTYLE CHANGES Anyone who attends an NBA sponsored Wellness Partners Preventive Care Clinic gets the chance to win $250 CASH!*

A S S U R A N C E / T A X / A D V I S O R Y forvis.com Moving FORward requires VISion FORVIS is a forward-thinking professional services firm committed to unmatched client experiences. We anticipate our client’s needs and outcomes, preparing them for what’s next by offering innovative solutions. Created by the merger of BKD and DHG — a merger of equals — FORVIS has the enhanced capabilities of an expanded national platform and deepened industry intelligence. With greater resources and robust advisory services, FORVIS is prepared to help you better navigate the current and future dynamic organizational landscape. We are FORVIS. Forward vision drives our unmatched client experiences. Introducing FORVIS, forward vision from the merger of BKD and DHG FORVIS is a trademark of FORVIS, LLP, registration of which in the U.S. Patent and Trademark Office is pending.

Washington Update Rob Nichols, President and CEO, American Bankers Association Beating Back a Bad Idea: How Bankers United to Play Defense Against Durbin Expansion There’s a saying that “everything old is new again,” and that’s certainly an adage you can bank on in Washington, D.C. — especially when it comes to poor public policy proposals. A textbook example of this unfolded during the 117th Congress when our industry found itself once again facing a bad idea that we thought had been soundly defeated: placing restrictive routing mandates on credit cards, like those imposed on debit cards by the Durbin Amendment over a decade ago. The idea came in the form of a bipartisan bill — the so-called Credit Card Competition Act — introduced in the Senate by Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) and in the House by Reps. Peter Welch (D-VT) and Lance Gooden (R-TX). Bankers know all too well that the 2010 Durbin Amendment had disastrous consequences for banks and their customers: it increased the costs of checking accounts and debit cards and ultimately led to the elimination of popular debit card rewards programs. The Durbin Amendment’s most damaging provisions apply to banks of all sizes, causing a nearly 25% cut in the pertransaction debit card revenue earned by banks with under $10 billion in assets. At the same time, it helped line the pockets of large retailers who talked a big game about passing savings on to consumers — but 10 years’ worth of data tells us that simply isn’t what happened. In fact, the Federal Reserve published a study finding that only 1% of merchants lowered prices for consumers since the Durbin price controls took effect. 12

What’s more, the Credit Card Competition Act also goes several steps further than the Durbin amendment — not only would it require banks to add a second network to their customers’ cards, but it would limit them to options set by the Fed, unlike the Durbin Amendment, which allowed banks to choose between any two unaffiliated networks. The Credit Card Competition Act also requires banks to accept virtually any kind of transaction — functionally requiring them to onboard potentially many more than two networks, even networks that don’t meet basic data security standards. Given the potentially catastrophic effect the bill could have on community banks and bank customers — while providing no tangible cost savings or benefits for consumers — the industry sprang into action to set the record straight. Immediately following the bill’s introduction, ABA led a coalition of eight national financial services trade groups in issuing a statement of strong opposition to the bill. We then followed this up with numerous letters, op-eds, grassroots calls to action and co-branded ads with the Texas and Kansas bankers associations that ran in their respective districts. The efforts were amplified by an op-ed from the Florida Bankers Association and a creative “Don’t Let Congress Steal Your Credit Card Rewards!” social media campaign from the Missouri Bankers Association. In early December, we then expanded that effort into an all-out media blitz to stave off any last-minute efforts to attach the bill to a must-pass piece of year-end legislation. Every step of the way, our efforts at the national level were complemented by robust advocacy efforts by our partners at the state bankers associations, who stepped up to make calls, attend Washington fly-ins, pen letters and columns, and even appear on national TV to address our concerns about the bill. Together, we blanketed Capitol Hill with a succinct, united message: the Credit Card Competition Act is terrible public policy that should not be enacted. Our combined efforts proved the hollowness of this bill — it failed to attract a single cosponsor beyond the initial two in both the House and Senate or gain enough support to advance as a standalone measure. It was successfully blocked from any other bills moving through Congress as the lame-duck session came to a close. This win underscores the tremendous value of our state association alliance and demonstrates the power that our industry can have when we unite behind one message. It’s also an important reminder about vigilance. We can’t say for certain whether and how these bad ideas will rear their heads again in Congresses to come. But what we can say is that if they do, our industry will be ready to respond.  Email Rob at nichols@aba.com. 13

Julia A. Gutierrez, Director of Education, Compliance Alliance Climate change and risk management have become a hot-button topic for financial institutions in recent years because of rising concerns from policymakers, international organizations, financial regulators, and many others. This push for a more environmentally friendly world is leading to changes in organizational resources and operations, investor expectations, environmental activists, and even the expectations of the current administration. With all this focus on environmental safety, it is inevitable for financial institutions to consider the impacts and learn how to manage the risk. What Is Climate Change? Climate change is a change in global or regional climate patterns, specifically, a change in global or regional climate patterns from the mid-20th century through today, largely attributed to increases in atmospheric carbon dioxide levels produced by fossil fuel usage. It can be controversial, but whatever side of the fence you stand on, there are climate-related financial risks faced by banks, and managing that risk can be critical. What Type of Risk Should Financial Institutions Consider? According to various regulatory agencies, climate change and the transition to a low-carbon economy have been identified as contributors to emerging risks facing financial institutions and the overall financial system of the United States. The agencies indicate that banks will likely be impacted by physical and transition risks associated with climate change. Physical risks are considered harmful to people and property arising from acute, climate-related events: flooding, hurricanes, heatwaves, etc. Transition risks are considered stresses to financial institutions because of shifts in policy, consumer or business sentiments, or technological changes to limit the impact of climate change. Basically, transition risk is the risk due to the transition to a more environmentally friendly process or way of conducting business and operations. Financial institutions should also consider credit risk, market risk, liquidity risk, operational risk, and reputational risk, especially as they relate to the safety and soundness of their institutions. Principles for Managing Climate-Related Risk While there isn’t currently specific regulatory guidance for achieving compliance and managing the risk related to climate, we will likely see this type of guidance in the near future. Regulatory agencies have addressed the issues, requested feedback for managing the risk, and are looking at implanting regulatory requirements for large financial institutions, including banks with over $1 billion in assets. The OCC (Office of the Comptroller of Currency), along with other regulatory agencies, has released guidance, requests for information, and a set of principles financial institutions should consider in managing climaterelated risks. The information released by the OCC includes a set of general principles as well as specific areas of risk management. The general principles touch on governance – policies, procedures, and limits; strategic planning; risk management; data, risk measurement, and reporting; and scenario analysis. These principles provide guidance for developing an effective framework essential to the bank’s safe and sound operations. The principles outline expectations for board and senior management oversight, guidance for developing a written program, and the areas of consideration for planning, which should consider the bank’s overall business strategy, risk appetite, and financial, capital, and operational plans. It is also important that management is involved in overseeing the development and implementation process for identifying, measuring, monitoring, and controlling climate-related financial risk exposure within the bank’s management framework. Sound climate risk management is dependent upon the availability of relevant, accurate, and timely data; therefore, management should incorporate climate-related financial risk information into the bank’s internal reporting, monitoring, and escalation processes to facilitate timely and sound decision-making across the bank. The development of climaterelated scenario analysis is an important approach for identifying, measuring, and managing climate-related risks. To ensure this framework is effective and successful, financial institutions should consider a risk assessment process as part of their sound risk governance framework. This will ensure that the board and senior management can identify emerging risks to develop and implement the appropriate strategies to mitigate and manage the risks. The guidance issued by the OCC suggests that financial institutions should consider Climate Change and Climate Risk Management for Banks 14

incorporating climate-related financial risks when identifying and mitigating all types of risk. While the agencies will eventually elaborate on risk assessment principles, it is suggested that financial institutions consider credit risk, liquidity risk, other financial risk, operational risk, legal/compliance risk, and other nonfinancial risk. Conclusion While there is no specific set of guidelines for financial institutions to follow for climate risk, compliance, and management, this is an area that all banks should begin considering from a safe and sound banking standpoint. Future guidance will likely apply or be required of larger financial institutions; however, the guidance and risk considerations should be contemplated by institutions of all sizes. Risks can impact even smaller institutions, so taking a proactive approach rather than making a reactive response is the best plan of action. It is important that financial institutions stay abreast of the hot-button area of climate change and climate risk from a compliance and risk management perspective, as the society in which we are living continues to set a higher standard for an environmentally friendly world.  Banks must consider the various areas of risk, especially as they consider the safety and soundness of their institution. Julia A. Gutierrez serves as the Director of Education for Compliance Alliance, developing curriculum and presentations, as well as presenting at various schools and seminars, both live and in a livestream/ hybrid format. Julia brings over 20 years of financial industry experience to the Compliance Alliance team.

What Can History Tell Us About Balance Sheet and Margin Management in 2023? Andrew Okolski, Senior Financial Strategist, The Baker Group 16

*Data from Bloomberg and S&P Market Intelligence The global pandemic set into motion a series of historically unprecedented economic policies. Massive amounts of liquidity and stimulus from policymakers enabled a fast recovery, but at what financial cost? The side effect of those “easy money” conditions has been 40-year-high inflation that now must be fought through highly restrictive Fed behavior. Balance sheet managers have been left to deal with the resulting large swings in the interest rate and liquidity risks. Rapidly increasing cost of funds, stubborn loan rates, and ever-tightening margins are just a few of the most common worries for 2023. Reviewing industry figures from 2005 – 2007, the last time yields were around these levels, could help us better understand and prepare for what might be ahead. Just how much margin pressure should we expect from cost of funds in 2023? Well, if we look back at the last time the three-month treasury was north of 4%, the industry cost of funds was between 2% and 2.72%. While I don’t expect us to reach those levels in just 12 months, it is certainly possible, given wholesale funds near 5% and CD specials already north of 4%. For strategic planning, budgeting, and asset pricing purposes, we should be assuming a large increase in cost of funds over our current 0.37% level. Cost of Funds vs 3mo TSY - All Banks < $108 *Data from Bloomberg and S&P Market Intelligence Balance sheet managers have to remember that time is not their friend when it comes to managing margin. Increasing our average loan yield takes a good amount of time from the initial change in offering rates, especially for longer, fixed-rate loans that are already on the books and not repricing anytime soon. On the other side, increases in the cost of funds are felt immediately across all balances. The one main exception is CDs. However, with CD specials, we need to factor in deposit cannibalization from lower-rate deposit accounts. Gross Loan Yield vs 5yr TSY - All Banks < $108 17

One way we can begin to prepare for that eventual hit to margin is by reviewing our current asset pricing. The second chart shows just how much room we have to cover there. The last time the five-year treasury was around 4%, the industry’s gross loan yield was between 7.44% and 8.05%. With our current loan yield at just 5.08%, we have the opportunity to cover the majority (if not all) of next year’s deposit price increases. Keep in mind that these are gross loan yield figures. They do not include cost of servicing or provision for loan losses, both of which should be included in your internal pricing reviews. No matter how you look at it, there is an immediate need to begin increasing your yield on earning assets to get ahead of the expected cost of funds increases. The sooner, the better for loan pricing increases, given their lagged impact. Investment yields have done a nice job keeping up with interest rate movements but have recently fallen back versus wholesale fund levels. However, those dollars also offer significantly more downside margin protection for those with asset-sensitive ALM results. Regardless of how strong or weak your 2023 budget results look, these large shifts in loan yields and cost of funds need to be factored in. Although the Fed’s recent speed of rate change is unprecedented, this isn’t anything that the industry has not faced in the past. We have survived rate environments well above 5%. To date, we haven’t moved our asset and deposit prices at anywhere near the same pace, and it shows. At the end of the day, we operate on margin. So, neither cost of funds nor yield on earning assets matter by themselves. If we can catch up and keep our asset prices on par with overall interest rates, we should have more than enough room to pay proper deposit rates and still maintain our preferred 2.5%/3%+ margins. More than ever, it is critical that bank leadership takes a whole balance sheet approach, as understanding and utilizing wholesale markets (asset and funding) could significantly reduce some of these pressures. For those with ultracompetitive local loan markets, loan participations are readily available above 6% yields. What is clear is that IRR and liquidity pressures aren’t likely going away in 2023. However, with a more proactive approach to rate pricing and overall balance sheet strategic planning, it is possible to increase performance and separate your bank from the pack.  Andrew Okolski is a Senior Financial Strategist at The Baker Group. He works directly with clients in a broad range of areas, including ALM, education, portfolio management, interest rate risk management, strategic planning, regulatory issues, and wholesale market strategies for financial institutions. You can reach him at 800-937-2257, or andyo@GoBaker.com. WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.walentineotoole.com 402.330.6300 11240 Davenport St. • Omaha, NE 68154-0125 18

• No fee • No pre-payment penalty • P&I payments • Collateralized • Guarantors may be required • Competitive rates • Fixed or Floating • Minimal fee • No pre-payment penalty (after year 1) • Interest only first 5 years • Collateralized • Guarantors may be required • Competitive rates • Fixed or Floating • Origination fee: 1.5%-3% • Begins amortizing in year 6 • No collateral • No guarantors • No prepayment for first 5 years Other terms and conditions may apply. Advantages. Hybrid Stock Loans Designed to bridge the gap between a traditional stock loan and subordinated debt, our “Hybrid” bank stock loan provides an alternative lending product for community banks. Traditional Stock Loan Hybrid Stock Loan Subordinated Debt* *Offered through our investment subsidiary - First Bankers’ Banc Securities, Inc. Member FINRA & SIPC. INSTITUTIONAL USE ONLY. MEMBER FDIC mibanc.com ACH Audit BSA Audit Lending Compliance Audit Deposit Compliance Audit Directors’ Examination Interest Rate Risk Review Home Mortgage Disclosure Act (HMDA) Review Secure and Fair Enforcement for Mortgage Licensing (SAFE) Act Audit Loan Review Internal/External Penetration Test Internal/External Vulnerability Assessment Social Engineering Assessment IT Security Audit Business Continuity Management Audit AUDIT SERVICES mibanc.com/audit Our Team is ready to help. Contact John Hay or Jake Wolfe at 888-818-7206 Jake Wolfe jwolfe@mibanc.com John Hay jhay@mibanc.com Need help with Loan Reviews?

20

B A NK E R S ’ B A NK • OF THE WEST • WHERE COMMUNITY BANKS BANK TRACI OLIVER TARA KOESTER KELLY MALONE WE CHAMPION COMMUNITY BANKING YOUR ADVOCATES: Nebraska’s correspondent team BBWEST.COM 411 South 13th Sreet | Lincoln, Nebraska | 402-476-0400 21

COUNSELOR’S CORNER By Robert Kardell, Baird Holm, LLP A Response to Federal Grand Jury Subpoenas, and When a Subpoena is Not Necessary The Right to Financial Privacy Act and the Subpoena Requirement1 The records of a financial institution can be key for federal criminal fraud investigations. Bank records are sometimes the first records sought and can prove income, spending, location, monetary transfers, connections to other individuals or companies, and much more. The sheer amount of intelligence contained in financial records makes such information a primary focus for law enforcement and investigations of all types. The Right to Financial Privacy Act2 (“RFPA”) protects all customer information by establishing requirements for the federal government to obtain a customer's financial records. The RFPA states a financial institution shall not release any such information unless the documents are in response to a validly issued subpoena or court order: No financial institution, or officer, employees, or agent of a financial institution, may provide to any Government authority access to or copies of, or the information contained in, the financial records of any customer except in accordance with the provisions of this chapter.3 The five types of valid requirements are: • A customer authorized disclosure; • An administrative subpoena or summons; • A search warrant; 22

• A judicial subpoena; or • A formal written request.4 Every financial institution should ensure that the release of any information is reviewed by a legal or compliance professional to ensure that the request meets the above requirements. This restriction on the release of information applies to any information derived from such information and can extend to any discussions of such information.5 However, any information not derived from such protected information can be freely disclosed by the financial institution. Upon receipt of a subpoena or request which meets the requirements of the RFPA, a bank is required to turn over the records; there is no right of a bank to oppose or quash a validly issued subpoena or request: Upon receipt of a request for financial records made by a Government authority under section 3405 or 3407 of this title, the financial institution shall, unless otherwise provided by law, proceed to assemble the records requested and must be prepared to deliver the records to the Government authority upon receipt of the certificate required under section 3403(b) of this title.6 Restrictions on Notification Once a financial institution is served with a subpoena or other legal process, the financial institution may be restricted from notifying their customer that the customer’s records have been subpoenaed or may be part of a federal investigation. These restrictions automatically attach to any records which were requested with a grand jury subpoena. The statute specifically states: No officer, director, partner, employee, or shareholder of, or agent or attorney for, a financial institution shall, directly or indirectly, notify any person named in a grand jury subpoena served on such institution in connection with an investigation relating to a possible – (A) crime against any financial institution or supervisory agency or crime involving a violation of the Controlled Substance Act [21 U.S.C. 801 et seq.], the Controlled Substances Import and Export Act [21 U.S.C. 951 et seq.], section 1956, 1957, or 1960 of title 18, sections 5313, 5316, 5322, 5324, 5331, and 5332 of title 31, or section 6050I of title 26; or (B) conspiracy to commit such a crime.7 The regulations also allow a requesting agency to seek a delay in the notification to the affected customer. The regulation provides that: Nothing in this chapter … shall apply to any subpoena or court order issued in connection with proceedings before a grand jury, except that a court shall have authority to order a financial institution, on which a grand jury subpoena for customer records has been served, not to notify the customer of the existence of the subpoena or information that has been furnished to the grand jury, under the circumstances and for the period specified and pursuant to the procedures established in section 3409 of this title.8 Under Section 3409, a prosecutor can apply for a delay in the notification of the customer of the existence of the subpoena. The prosecution can ask for a delay of up to ninety (90) days9; and at the end of each ninety (90) day period the prosecution can request an extension of that non-disclosure order up to an additional ninety (90) days.10 When is a Subpoena Not Necessary The Bank Secrecy Act (“BSA”), ironically, requires financial institutions to report suspicious activity to the federal government and requires the government to provide a means for such information to be reported: Every bank shall file with the Treasury Department, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation.11 In response to the act, the Financial Crimes Enforcement Network (“FinCEN”) was established, which is responsible to collect reports and to create the network for the submission of the information. The regulations issued pursuant to BSA require that financial institutions (1) shall file a Suspicious Activity Report (“SAR”), (2) in a location determined by FinCEN, (3) no later than thirty (30) calendar days after the date of initial detection.12 The regulations also require the retention of information, including a copy of the SAR and any supporting documentation for a period of five (5) years.13 Under this provision, the supporting documentation is considered to have been filed with the SAR, and thus is part of the SAR. The financial institution is also required to make the supporting documentation available to any federal or state law enforcement or regulatory authority upon request.14 The request from a law enforcement authority or regulatory authority to review the supporting documentation is a regular request and a regular source of questions for banks. The requirements of requiring a subpoena, search warrant, or a summons seems to not be consistent with the requirement to share supporting information from a SAR with law enforcement. Due to the number of inquiries from law enforcement to review supporting documentation, FinCEN issued a memo to provide guidance15 (“Guidance”) to clarify what is and is not sharable with law enforcement and what is and is not considered supporting documentation. 23

The Guidance suggests that financial institutions should draft procedures for verifying that the requestor of the information is in fact a member of law enforcement. Once the requestor is verified, Disclosure of SARs to appropriate law enforcement and supervisory agencies is protected by the safe harbor provisions applicable to both voluntary and mandatory suspicious activity reporting by financial institutions.16 The Guidance continues on to define the meaning of “supporting documentation” as “all documents or records that assisted a financial institution in making the determination that certain activity required a SAR filing.”17 This included any spreadsheets, statements, reports, recordings, email messages, or other information which is related to the conclusion that the transaction required a SAR filing. The documents do not have to be indicative of a crime or even related to the account or person who is the subject of the filing, but any information which may have led to the conclusion that the SAR was required. The Guidance also notes that although the RFPA generally prohibits financial institutions from disclosing such information, there is no such prohibition in sharing such information with an agency exercising its “supervisory, regulatory or monetary functions”.18 The Guidance also states that FinCEN has interpreted these regulations under BSA to require financial institutions to provide supporting documentation “even in the absence of legal process”.  For more information, please contact Robert (Bob) Kardell, at 402.636.8313, bkardell@bairdholm.com, or visit bairdholm.com. The Right to Financial Privacy Act (“RFPA”) protects all customer information by establishing requirements for the federal government to obtain a customer’s financial records. Whatever Loan You Need, We Can Help. 34613 Member FDIC www.bell.bank Reg. O loans | Holding company loans & lines of credit | Equipment financing | Participation loans Whether your loan is large or small, get faster turnaround from our experienced correspondent team. Callie Schlieman Call me at 701.433.7430 – Based in Fargo 34613 AD Nebraska Bankers Association 2022_Callie.indd 1 4/7/22 11:58 AM 1 This article is only intended to cover the response of a bank to a federal grand jury subpoena. There are, of course, many other methods for law enforcement or regulatory agencies to seek access to information covered by the RFPA, such as intelligence requests, search warrants, regulatory requests, administrative requests, and many other such requests. Each type of request has its own unique legal requirements, disclosure or nondisclosure restrictions, exceptions, and compliance issues which should be discussed completely with your legal or compliance professional before a response is provided. 2 12 U.S. Code § 3401 et seq. 3 12 U.S. Code § 3403(a) 4 12 U.S. Code § 3402 5 “Financial records” are defined as “an original of, a copy of, or information known to have been derived from” a customer’s bank records. 12 U.S.C. § 3401(2). In Hunt v. SEC, 520 F. Supp. 580 (N.D.Tex.1981), the court held that the plain meaning of the language of § 3401(2) “clearly includes oral testimony relating to a customer’s relationship with a bank or financial institution.” Id. at 605. “We agree.” Anderson v. La Junta State Bank, 115 F.3d 756, 759 (10th Cir. 1997) 6 12 U.S. Code § 3411 7 12 U.S. Code § 3420(b) 8 12 U.S. Code § 3413(i) 9 12 U.S. Code § 3409(b)(1) 10 12 U.S. Code § 3409(b)(2) 11 31 CFR § 1020.320(a)(1) 12 31 CFR § 1020.320(b) 13 31 CFR § 1020.320(d) 14 IBID 15 FIN-2007-G003, issued June 13, 2007, https://www.sec.gov/about/ offices/ocie/amlmf/fin-2007-g003.pdf 16 ID at pg. 3 17 IBID 18 ID at pg. 3 24

800.228.2581 MHM.INC Now more than ever people want self-service options. With our core integrated ITMs we can make this a reality both in the lobby and in the drive-up of your branch. SELF-SERVICE BANKING March Supervisor Boot Camp Conference March 14–15 Lincoln, NE Bank Robbery Safety Tips Workshop March 21 Kearney, NE Bank Robbery Safety Tips Workshop March 22 Omaha, NE April Spring Agri-Business Conference April 4–5 Kearney, NE Principles of Banking Seminar April 12–13 Virtual Opening Business Accounts in Nebraska Workshop April 18 Virtual May NBA Annual Convention May 3–5 La Vista, NE EDUCATION CALENDAR For more information about these live and online education events and training tools, contact the NBA Education Center at (402) 474-1555 or nbaeducation@nebankers.org. You may also visit the NBA website at www.nebankers.org/education.html. 25

Systems that you rely on to keep your most critical processes functioning should be tested more frequently, allowing you to validate proper recoverability and the timeframes of that recovery. 26

Tech Talk Cole Ponto, Senior Information Security Consultant, SBS CyberSecurity, LLC Four Steps to Better Business Continuity Plan Testing Business continuity planning is a process that is vital to your organization. There is always the possibility that your organization’s critical business processes could be negatively affected for reasons that are often beyond your control, so it's best to be prepared. If a disruption occurs, it’s essential that your organization has a plan to address any potential issues and ensure that your organization can still serve your customers. However, if you’ve never enacted your plan, it’s hard to be confident that your plan will be sufficient. Testing your business continuity plan (BCP) helps to continuously improve your ability to recover successfully from various scenarios, whether it be a natural disaster or a communications failure. The good news is that there’s not just one way to test your BCP. Here are four steps to help you build a better business continuity plan testing program and ensure you are prepared for any situation that may come your way. Step One: Incorporate Different BCP Testing Methods You can utilize various methods to test the usability and effectiveness of your business continuity plan. Some of the possible test methods provided by the FFIEC include: • Tabletop Exercise: A tabletop exercise (sometimes referred to as a walk-through) is a discussion during which personnel review their BCP-defined roles and discuss their responses during an adverse event simulation. The goal of a tabletop exercise is to determine whether targeted plans and procedures are reasonable, if personnel understand their responsibilities, and if different departmental or business unit plans are compatible with each other. • Limited-Scale Exercise: A limited-scale exercise is a simulation involving applicable resources (personnel and systems) to recover targeted business processes. 27

The goal of a limited-scale exercise is to determine whether targeted systems can be recovered and whether personnel understand their responsibilities as defined in the plan. • Full-Scale Exercise: A full-scale exercise simulates the full use of available resources (personnel and systems), prompting a full recovery of business processes. The goal of a full-scale exercise is to determine whether all critical systems can be recovered at the alternate processing site and whether personnel can implement the procedures defined in the BCP. For example, a full-recovery exercise might simulate the complete loss of primary facilities. Step Two: Understand How Often to Test Although there is no hard-and-fast standard for determining how often to test your business continuity plan, some general guidelines are typically recommended. Note that each of these timeframes will depend on your organization’s industry, size, personnel, available resources, and current BCP maturity levels. Don’t take these timelines as gospel, as they are strictly that: guidelines. SBS recommends reviewing each of your emergency preparedness plans (business continuity, disaster recovery, incident response, and pandemic preparedness) throughout the course of a given year. Testing would typically include an annual tabletop test of all four individual EPP plans, testing multiple scenarios for threats you identify as a higher risk to your organization. Be sure to test the scenarios you believe to be the highest risk to your organization most frequently. You can 1 2 3 4 Incorporate Different Testing Methods Understand How Often to Test Include Your Vendors Document Your Testing 28

use your business continuity risk assessment to help identify which threats are particularly impactful/probable to the organization. Additionally, a limited-scale exercise is recommended at least annually, but such a test is largely dependent on the size and complexity of your organization and the maturity of your failover procedures. However, if your organization has any significant changes in processes, systems, or plan details, you may want to perform these tests more frequently. To reiterate, these timelines are highly dependent on your organization; it may not be feasible or logical to perform some of these tests at a particular frequency. Base this decision on your organization and its specific needs. If you are looking for somewhere to start and what should be prioritized for testing, refer to your business impact analysis. This is an excellent way to identify your most critical processes and the assets/systems you rely on the most. Systems that you rely on to keep your most critical processes functioning should be tested more frequently, allowing you to validate proper recoverability and the timeframes of that recovery. Most organizations benefit greatly by having a testing schedule that documents their plans. This allows for a strategic approach to testing involving the organization's processes, systems, and vendors to be deemed necessary. Step Three: Include Your Vendors During your testing cycle, you’ll want to ensure your critical vendor partners are included in the testing process to any extent possible. Involving your vendors in this process not only allows you to test to a greater degree of accuracy and usability but also allows your vendors a chance to provide feedback that may be valuable to your plans or testing process. Step Four: Document Your Testing Finally, be sure to document the results of any testing performed, along with any actionable findings from those tests. Following up on these items and incorporating recommendations is the most important process in the BCP testing lifecycle. Testing, documenting the results of your testing, and implementing processes to improve your BCP are the best ways to strengthen your organization’s response processes. Resources and Testing Options Numerous additional resources that your organization may use or participate in to continue maturing your BCP testing program are widely available. Scan the QR code for a list of organizations and resources to help you perform such testing on your own organization’s BCP: https://sbscyber.com/resources/four-steps-to-better-business-continuityplan-testing For more information, contact Robb Nielsen at 605-251-7375 or robb.nielsen@sbscyber.com. SBS helps business leaders identify and understand cybersecurity risks to make more informed and proactive business decisions. Learn more at sbscyber.com. 29

ONE LAST THING ... Did you know that you can enjoy your association news anytime, anywhere? Scan the QR code or visit: nebraska-banker.thenewslinkgroup.org Check it out! The new online article build-outs allow you to: • Stay up to date with the latest association news • Share your favorite articles to social channels • Email articles to friends or colleagues There is still a flipping book for those of you who prefer swiping and a downloadable PDF. 30

EXPERTS AT SUPPORTING FINANCIAL INSTITUTIONS Incorporate A Successful Investment Program In Your Bank I Securities and advisory services are offered through LPL Financial (LPL), a registered investment advisor and brokerdealer (member FINRA/SIPC). Insurance products are offered through LPL or its licensed affiliates. The bank and JFC advisor network are not registered as a broker-dealer or investment advisor. Registered representatives of LPL offer products and services using JFC Advisor Network and may also be employees of the Bank. These products and services are being offered through LPL or its affiliates, which are separate entities from, and not affiliates of, The Bank and JFC Advisor Network. Securities and insurance offered through LPL or its affiliates are: Not Insured by FDIC or Any Other Government Agency I Not Bank Guaranteed Not Bank Deposits or Obligations I May Lose Value Call JFC Advisor Network at 800-262-9538 to Learn More 9060 Andermatt Drive, Suite 101 Lincoln, NE 68526 www.jfcadvisor.com Toll-Free: 800-262-9535 Phone: 402-483-2555 A Successful Investment Program Can: Provide an opportunity to acquire new customers and cross-sell traditional banking products Offer customers a platform where all their financial needs are addressed Build high-end referral to your bank Present customers with robust wealth management solutions Provide an opportunity to acquire new customers Build high-end referral to your bank Offer customers a platform where all their financial needs are addressed Present customers with robust wealth management solutions A Suc essful Investment Program Can:

RkJQdWJsaXNoZXIy MTg3NDExNQ==