JULY/AUGUST 2023 Meet 2023‑2024 NBA Chair LYDELL WOODBURY
Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375 Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375 Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375
233 South 13th Street, Suite 700 Lincoln, NE 68508 Phone: (402) 474-1555 • Fax: (402) 474-2946 nebankers.org RICHARD BAIER President and CEO richard.baier@nebankers.org KARA HEIDEMAN Director of Communications and Marketing kara.heideman@nebankers.org NBA BOARD OF DIRECTORS NBA EDITORIAL STAFF LYDELL WOODBURY NBA Chair (402) 359-2281 First Nebraska Bank Valley BRADLEY KOEHN NBA Chair-Elect (402) 420-0560 Midwest Bank Norfolk/Lincoln KATHRYN BARKER (402) 333-9100 Core Bank Omaha NICHOLAS BAXTER (402) 341-0500 First National Bank of Omaha Omaha CORY BERGT (402) 434-4321 Wells Fargo Bank, N.A. Lincoln JILL DAVIS (402) 434-1690 U.S. Bank Lincoln CURTIS HEAPY (308) 367-4155 Western Nebraska Bank Curtis KRISTA HEISS (308) 534-2877 NebraskaLand Bank North Platte ZACHARY HOLOCH (402) 363-7411 Cornerstone Bank York JEFF KANGER (402) 858-1253 First State Bank Nebraska Lincoln ZAC KARPF (308) 632-7004 Platte Valley Bank Scottsbluff JOHN KOTOUC (402) 399-5088 American National Bank Omaha MARK LINVILLE (402) 337-0323 First State Bank Randolph KRISTEN MARSHALL-MASER (308) 384-5681 Five Points Bank Grand Island BRANDON MASON (402) 918-2332 Bank of the West Omaha JEREMY MCHUGH (402) 867-2141 Corn Growers State Bank Murdock KAYE MONIE (308) 368-5555 Hershey State Bank Hershey AARON OTTEN (402) 371-0722 Elkhorn Valley Bank & Trust Norfolk KEVIN POSTIER (402) 723-4441 Henderson State Bank Henderson JAY PRESTIPINO (402) 392-2616 First Interstate Bank Lincoln LUKE RICKERTSEN (308) 537-7181 Flatwater Bank Gothenburg RYNE SEAMAN (402) 643-3636 Cattle Bank & Trust Seward TRAVIS SEARS (402) 323-1828 Union Bank & Trust Co. Lincoln STEPHEN STULL NBA Past Chair (402) 792-2500 Nebraska Bank Dodge KELLY TRAMBLY (402) 756-8601 South Central State Bank Campbell NICHOLAS VRBA (402) 727-0213 RVR Bank Fremont ANDREW WITT (402) 504-4000 Dundee Bank Omaha WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.walentineotoole.com 402.330.6300 11240 Davenport St. • Omaha, NE 68154-0125 4 Nebraska Banker
HEALTH BOOST IS A TEAM APPROACH To managing your blood sugar, offering individualized tools and support to improve your health. What’s Next? If you have questions about the program, or to see if you qualify, please send an email to msiebrandt@wellness-partners.org or call us at 877.345.7775 and ask for Marti. *Not all services are offered in every state due to licensing restrictions. Please contact us to see if you qualify. 877.345.7775 Regular Visits with our Registered Dietitian Learn how to make food your ally in health! Access to Our Team of Specialists* Exercise Physiologist, Mental Health Professional, Registered Dietitian, and Registered Nurse. Free A1c Tests The number of kits you receive will be based on your A1c at your Preventive Care Clinic. Free or Reduced-Cost Diabetic Medications If you meet certain criteria, you may be eligible for free or reduced-cost diabetic medications. Our Program Consists of the Following Components:
CONTENTS EDITORIAL: Nebraska Banker seeks to provide news and information relevant to Nebraska and other news and information of direct interest to members of the Nebraska Bankers Association. Statement of fact and opinion are made on the responsibility of the authors alone and do not represent the opinion or endorsement of the NBA. Articles may be reproduced with written permission only. ADVERTISEMENTS: The publication of advertisements does not necessarily represent endorsement of those products or services by the NBA. The editor reserves the right to refuse any advertisement. SUBSCRIPTION: Subscription to the magazine, which began bimonthly publication in May 2006, is included in membership fees to the NBA. ©2023 NBA | The NewsLINK Group, LLC. All rights reserved. Nebraska Banker is published six times each year by The newsLINK Group, LLC for the NBA and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of the NBA, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. Nebraska Banker is a collective work, and as such, some articles are submitted by authors who are independent of the NBA. While Nebraska Banker encourages a first-print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. 8 MEET 2023‑2024 NBA CHAIR LYDELL WOODBURY 12 WASHINGTON UPDATE PARTNERS IN THE FIGHT AGAINST ELDER ABUSE Rob Nichols, President and CEO American Bankers Association 15 UCC ARTICLE 12 COMING TO A STATE NEAR YOU? Theo Kelly, Associate General Counsel Compliance Alliance 19 TECH TALK DATA FLOW DIAGRAMS 101 Cody Delzer, SVP Information Security Consultant and Lynda Hartup, Senior Information Security Consultant SBS CyberSecurity, LLC 22 COUNSELOR’S CORNER DIGITAL ASSETS: NEW TYPES OF UCC COLLATERAL Jacqueline Pueppke, Nicholas Buda and Justin Sheldon Baird Holm, LLP 25 2023 EDUCATION CALENDAR 8 22 6 Nebraska Banker
PRESIDENT’S MESSAGE I always enjoy when Tim Burns visits our bank. The knowledge he has of the banking industry and the services MIB provides to community banks, helps our bank to be able to offer additional products and services to our bank customers. We consider Tim, and MIB, to be an important part of our banking family. Tim Burns with customer Kurt Pickrel of Fullerton, Nebraska Bank Stock Loans — Acquisition, Capital Injection, and Shareholder Buy Back/Treasury Stock Purchase Officer/Director/Shareholder Loans ( Reg-O) Participation Loans Purchased/Sold — Commercial, Commercial Real Estate, Agricultural, and Special Purpose Loans Leases Midwest Image Exchange – MIE.net™ Electronic Check Clearing Products Information Reporting – CONTROL Electronic Funds Cash Management and Settlement Federal Funds and EBA Certificates of Deposit International Services/Foreign Exchange Safekeeping Directors’ Exams Loan Review Compliance Audits IT Audits Lending Services Operational Services Audit Services WHY ? Kurt Pickrel, President First Bank and Trust of Fullerton mibanc.com MEMBER FDIC Contact Tim Burns 402-480-0075
Meet 2023‑2024 NBA Chair LYDELL WOODBURY What makes you feel fulfilled? For Lydell “Woody” Woodbury, it’s being able to positively impact those around him. He’s able to do this, in large part, through his career in banking. Woodbury is the Chairman and CEO of First Nebraska Bank and is currently serving a one-year term as Chair of the Nebraska Bankers Association. Coming from humble beginnings, Woodbury felt that college, much less a career in banking, was not attainable. With six siblings, finances at his home in southwest Minnesota were tight. “What my parents lacked in financial resources, they more than made up for in teaching us about work ethic,” Woodbury said. Upon graduation, he applied to enter the military. In March of 1977, Woodbury joined the U.S. Army. His training involved managing and scheduling maintenance for the motorized equipment assigned to the units he was attached to. Additionally, he was responsible for ordering and tracking inventory of replacement parts and dispatching vehicles for use by other unit personnel. He completed basic training at Fort Dix, NJ, before moving to Fort Lee, VA, for advanced individual training. Following that, he was assigned to Fort Ord, CA. After 13 months at Fort Ord, he was assigned to the 24th Maintenance Company at Panzer Kaserene, Bobligen, West Germany. After 15 months in Germany, he separated from the Army in the same place his military training began. Following his honorable discharge, he applied to a two-year accounting program at Pipestone Area Vocational Technical Institute. However, during the interview he was told, “You might have too much personality to be an accountant.” Woodbury took that to mean that he should focus on a career with the opportunity for daily interaction with other people and went across the hall to interview for the ag banking program instead. The rest is history. “I found out that I really enjoyed the banking aspect of the ag banking program. It was still a two-year program; it still mixed the numbers with other approaches and encouraged interpersonal interactions,” Woodbury said. He said there are some parallels between the military and banking. There are certain rules you must follow and expectations from those you work with and for. Just like his fellow soldiers expected him to conduct himself with integrity and honor, customers also expect bankers to handle themselves in the same way. “There’s an expectation that you’re going to look after their situations as you would your own,” Woodbury said. 8 Nebraska Banker
Before the financial crisis in the 1980s, working as a banker brought respect, admiration and opportunity. Woodbury entered the banking industry in 1982. The 1980s were tumultuous for the banking industry, with high inflation, rising interest rates, high energy costs and political turmoil. “Well, in the ‘80s, you know, [the banks] were vilified. There were other people, other customers that highly respected the banks because they did what was necessary, and it helped protect their business,” Woodbury said. When the financial crisis hit in 2007 and 2008, banking and bankers once again were portrayed as villains in the media. However, during the crisis, banks were doing everything they could to help their customers stand on steady financial ground. “Community banks were caught up in the backwash of the 2007-2008 investment banking and housing crisis. So they were portrayed in the media as being part of the problem and not as what they really were: the solution to the challenge that was being faced throughout the country,” Woodbury said. As NBA Chair, Woodbury represents bankers across Nebraska. He desires to give back to the industry that has supported him during his over 40-year career. He intends to accomplish this by advocating for the banking industry at all levels: local, state and national. At a local level, Woodbury has a passion for connecting with future bankers at the high school and post-secondary education levels. He also speaks to area organizations that seek financial literacy advice. On the state level, he is engaged with Nebraska state senators and regulatory agencies regarding rules and regulations that impact the banking industry. Federally, Woodbury is committed to outreach with elected officials when the opportunities arise, sharing firsthand stories and examples of how proposed and current laws and regulations impact NBA members. During his term, his main focus is to address the challenges related to the shrinking labor pool and attracting new employees to the industry. “We need to continue to work towards developing a workforce program and recruitment tool that benefits all of our banks throughout our state. We face a challenge in the banking business that’s just like everybody else that owns and operates businesses in the state, and that’s that the labor pool is small. We’ve got to attract people to the industry,” Woodbury said. To kickstart Woodbury’s goals of attracting new talent to the banking industry, the NBA launched the “Bank on Your Future” initiative this past May to better connect with students of all ages and share the diverse range of career opportunities available within the banking industry. He hopes bankers across the state will mentor students and help them develop the skills and knowledge they need to succeed. “This challenge is not just a responsibility of senior management or HR — it’s something that every one of us can, and must, contribute to. We can all visit schools to talk about the diverse range of careers. We can mentor students and offer internships to give them a taste of what it’s like to work in our industry. Mentoring and developing the next generation of bankers benefits all of us. It’s time for us to give back to the industry that has given us all so much,” Woodbury said. Woodbury also commented that bankers are well-positioned to have a positive impact on the communities they serve. And one of the best parts? As a banker, you help 9 Nebraska Banker
people’s dreams come true, which also has a positive impact on your life. And those types of relationships stick with you. Woodbury distinctly remembers a father-son duo who were First Nebraska Bank customers in financial distress during the mid-1990s. They were in a cattle feeding/farming operation together, but the operation could not support both of them. They asked Woodbury for advice, and he suggested that the father maintain the farming operation while the son got a job in town; then, when the father was ready to retire, the farm would still be there for the son to return to. Woodbury said the father and son implemented the plan he had suggested, and it was working very, very well. Then, the son decided to leave farming and liquidated. Later on, he and his wife looked to purchase a home but experienced difficulties financing it. The father mentioned this to Woodbury, who said to have the son come see him. “He and his wife came in. I said, ‘Let me help you get through this. Let’s fix this.’ And they said, ‘Well, we didn’t think you’d help us because the bank took a loss when we liquidated.’ And I said, ‘Look, you did everything you said you were going to do. You were honorable people; we want to do business with honorable people. Now we’re going to do what we said we’d do — we’re going to support you,’” Woodbury recalled. Unfortunately, the son had a tragic accident and lost his life. “But the father still remembers that conversation. He still calls me up. We still visit about the impact [the plan] had on him and his family and how positive it was,” Woodbury said. Banks are one of the first places that people go when seeking monetary support for projects throughout the community, but they’re not always looking primarily for financial contributions. “Sometimes they’re just looking for the bank to endorse whatever they’re trying to do to give them some legitimacy or some chops, so to speak, when they go out and talk to other people, which is a testament to how we’re viewed — that our endorsements, our support, is sought after,” Woodbury said. “If you get into banking just because you want a paycheck, you’re going to be disappointed. You’re never going to feel fulfilled,” Woodbury said. He emphasized the importance of being driven to give back, volunteer and provide counsel. When you look at the growing, thriving communities in our great state, you find that they have a strong community banking presence and are willing to put forth resources to “move the needle” on worthwhile projects. Bank employees are strong community stakeholders who volunteer their time and talents to improve the lives of their neighbors and friends. Woodbury said, “I really believe that this is important to commit to if you pursue a career in banking. If you really want to have a career where you can have self-satisfaction that what you’re doing makes a difference, banking is a great place to be.” MORE ABOUT WOODY Woody has been active in the NBA, serving on the NBA Board of Directors, Chair of the Government Relations Committee and as a member of the NBA BankPAC and NBA Education Advisory Committees. He is also a graduate of the Kansas/Nebraska Schools of Banking. At the local level, Woody has also assumed many volunteer leadership roles that have allowed him to make a positive impact in his community. He served as Chairman of the Elkhorn Valley Economic Development Committee and led Stanton Economic Development, as well as the Emerson Development Corporation. Additionally, he has been actively involved with the Elks Club and the Knights of Columbus. 10 Nebraska Banker
Member FDIC Traci Oliver Eric Hallman Tara Koester Bankers’ Bank of the West We champion Community Banking bbwest.com | 800-873-4722 www.bbwest.com YOUR NEBRASKA RELATIONSHIP MANAGERS As a bankers’ bank we strive to help with every level of service and expertise. That is why we service anything from loan participations, merchant services, ATM/debit and much more, because we aim to answer your questions with, “…yes, we can do that too!” 11 Nebraska Banker
WASHINGTON UPDATE Partners in the Fight Against Elder Abuse 12 Nebraska Banker
fight against elder financial exploitation — to have a solid understanding of the red flags that can signal when an older customer is potentially being exploited. This might look like an older customer making sudden or unusual changes to their account, like adding new contacts located overseas, making uncharacteristic attempts to wire large sums of money or seeming fearful of or submissive to a caregiver or family member. This year, the ABA Foundation has partnered with the FBI to create a new guide for bankers to help them recognize, respond and report suspected elder financial exploitation to the proper authorities. The guide outlines red flags, provides steps bankers can take if elder abuse is suspected and includes a list of agencies and other partners that can provide additional resources. The ABA Foundation also offers its popular Safe Banking for Seniors program — a free national program that provides bankers with helpful tools and resources to connect with their local communities to discuss topics like avoiding scams, preventing identity theft, choosing a financial caregiver and more. Any bank in the country, member or non-member, can access these free resources by registering at www.aba.com/ seniors. You can also access a comprehensive list of resources for older Americans at www.aba.com/olderamericans. Finally, the ABA continues to support the fight against fraud more broadly through its award-winning #BanksNeverAskThat campaign. The consumer-facing awareness campaign aimed at educating the public about the types of information banks would never ask them to disclose over the phone or via text or email will be back this fall, complete with updated resources. Check it out at www.aba.com/banksneveraskthat and register to join the more than 2,200 banks across the country doing their part to protect their customers. We observed World Elder Abuse Awareness Day on June 15 — but working to protect seniors from financial exploitation is an ongoing responsibility for all bankers. Email Rob at nichols@aba.com. Seniors are often targeted for their accumulated wealth, and these scams can be financially and mentally devastating to the victims. Each year in mid-June, we observe World Elder Abuse Awareness Day (WEAAD) — a day intended to call attention to the pervasive and worsening problem of elder abuse, including financial exploitation. According to a 2022 FinCEN advisory, elder fraud scams affect at least 10% of older adults in the U.S. annually. But because fraud and scams are often significantly underreported, it means that the actual percentage of victims is likely much higher. Elder financial exploitation generally falls into one of two categories. The first is elder theft, in which a trusted individual, like a family member or caregiver, steals from an older person by forging checks, stealing retirement or Social Security benefits, using credit cards or bank accounts without permission or other means. The second is elder scams, in which a stranger succeeds in coercing an older adult into transferring money to them through tech support scams, romance scams or other impostor scams. Seniors are often targeted for their accumulated wealth, and these scams can be financially and mentally devastating to the victims. In fact, the average loss per older adult was just over $35,000 in 2022, according to the FBI’s Internet Crime Complaint Center. In worst cases, seniors may lose their life savings or their homes. That’s why it’s critical for bankers — who are on the front lines in the Rob Nichols, President and CEO American Bankers Association 13 Nebraska Banker
BankTalentHQ is a premier online career center dedicated to connecting top talent with banking employers across the United States. Our mission is to support the growth and success of the banking industry by facilitating connections and empowering career advancement. The Ultimate Talent Solution for Banks! 14 Nebraska Banker
UCC Article 12 Coming to a State Near You? In 2022, the Uniform Law Commission (ULC) introduced amendments to the Uniform Commercial Code (UCC), including a new Article 12 (UCC-12). Already introduced in over 29 states, this new Article seeks to govern certain transfers of Controllable Electronic Records (CERs). The 2022 amendments also updated Article 9 to contemplate the perfection of security interests for digital assets. So far, these amendments have been enacted in seven states: Alabama, Colorado, Indiana, Nevada, New Mexico, North Dakota and Washington. The federal government has not yet created a legal framework for digital assets, although the Basel Committee on Banking Supervision (BCBS) did introduce its Prudential Treatment of Cryptoasset Exposure guidance late last year. It may be many years before banks see legislation enacted by the federal government and potentially years longer until a regulatory framework is in place (think of the substantial delays in promulgating regulations associated with Dodd-Frank, e.g., 1033 and 1071). States have begun to fill in these gaps to address market concerns about the lack of structure and guidance for commercial transactions involving digital assets. New provisions under UCC-12 include rules for transactions involving new types of digital assets like cryptocurrency and non-fungible tokens (NFTs). The Article calls these assets “controllable electronic records” or CERs. CERs are defined as, “a record stored in an electronic medium that can be subjected to control under Section 12-105. The term does not include a controllable account, a controllable payment intangible, a deposit account, an electronic copy of a record evidencing chattel paper, an electronic document of title, electronic money, investment property or a transferable record.” (UCC 12-102(a)(1)). The UCC now defines “controllable account” and “controllable payment intangible” under Article 9 (UCC9). These are representative of tethered assets akin to an electronic promissory note. “Controllable account” means those that are “evidenced by a controllable electronic record that provides that the account debtor undertakes to pay the person that has control under Section 12-105 of the controllable electronic record.” (UCC 9-102(a)(27A)). And “controllable payment intangible” means “a payment intangible evidenced by a controllable electronic record that provides that the account debtor undertakes to pay the person that has control under Section 12-105 of the controllable electronic record.” (UCC 9-102(a)(27B)). One of the biggest concerns for lenders in dealing with CERs, controllable accounts and controllable payment intangibles is undoubtedly the method of attachment and perfection, as well Theo Kelly, Associate General Counsel Compliance Alliance 15 Nebraska Banker
as the priority of their security interest. UCC-9 has now been updated to reflect these new rules. Like non-electronic accounts and payment intangibles, lenders may perfect their security interest in CERs either by establishing control or by filing a financing statement. However, control prevails in a priority battle vs. a financing statement on its own. (UCC 9-331). Other important considerations in the new UCC provisions are the take-free and the governing law rules. The take-free rules of UCC-9 are akin to the “holder in due course” rules from UCC Article 3 (UCC-3). “Qualifying purchasers” take priority over an earlier security interest, even if perfected. (UCC 12-104(e)). And, under the governing law provision, if there is no logical jurisdiction, the parties to the agreement may choose the jurisdiction. If no jurisdiction is agreed to, the governing law will be the District of Columbia. (UCC 12-107(c)). Banks that have delved into crypto-assets are likely familiar with the Joint Statement on Crypto-Asset Risks to Banking Organizations released earlier this year, which reiterates the Agencies’ position “that issuing or holding as principal cryptoassets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices. Further, the agencies have significant safety and soundness concerns with business models that are concentrated in cryptoasset-related activities or have concentrated exposures to the crypto-asset sector.” Of course, this statement was viewed as a response to the November 2022 downfall of FTX. Suffice to say, the Agencies expect a good deal of partnership and cooperation with them when proposing, and prior to beginning, new cryptoasset-related activities. So, banks now have a little guidance regarding risk-weighting crypto-assets, a little guidance from the Agencies, and a little guidance from the UCC (at least in some states). What’s next? Banks should continue to monitor these changes in their applicable jurisdictions, particularly banks that have already begun to enter the crypto-asset space. Consider how these ASSURANCE / TAX / ADVISORY forvis.com Moving FORward requires VISion FORVIS is a forward-thinking professional services firm committed to unmatched client experiences. We anticipate our client’s needs and outcomes, preparing them for what’s next by offering innovative solutions. Created by the merger of BKD and DHG — a merger of equals — FORVIS has the enhanced capabilities of an expanded national platform and deepened industry intelligence. With greater resources and robust advisory services, FORVIS is prepared to help you better navigate the current and future dynamic organizational landscape. We are FORVIS. Forward vision drives our unmatched client experiences. Introducing FORVIS, forward vision from the merger of BKD and DHG FORVIS is a trademark of FORVIS, LLP, registration of which in the U.S. Patent and Trademark Office is pending. changes will affect existing loan agreements, including the grace period in Article 13 (UCC-13) to renegotiate pre-existing loan agreements regarding the method of perfection. Policies, procedures and training should be updated to reflect the bank’s position on crypto-asset lending and custody services, even to simply state that the bank does not engage in crypto-asset activities. Contemplate and implement the requisite security standards and vendors for custody of CERs, controllable accounts, and controllable payment intangibles. Review the tax consequences and reporting obligations for crypto-asset transactions. Identify the risks associated with future laws and regulations that will affect the bank’s loan agreements and other services, and design controls and contract language to mitigate those risks to the extent possible. Theodore Kelly serves as Associate General Counsel for Compliance Alliance. He holds a Bachelor’s Degree in Political Science from The Ohio State University, a Master’s in Business Administration from Franklin University, and a Juris Doctor from Capital University Law School. Theo began his professional career serving in the United States Marine Corps in communications security and, later, the Ohio Army National Guard as a Military Police Platoon Leader. More recently, Theo served as first-line of defense at the largest bank in the world from 2015-2017 and led Ethics & Compliance operations at a Texas-based Fortune 500 company from 2017-2021. Policies, procedures and training should be updated to reflect the bank’s position on crypto-asset lending and custody services, even to simply state that the bank does not engage in cryptoasset activities. 16 Nebraska Banker
800.228.2581 MHM.INC Now more than ever people want self-service options. With our core integrated ITMs we can make this a reality both in the lobby and in the drive-up of your branch. SELF-SERVICE BANKING Single Source is your 1 Partner, 1 Solution, 1 Source for architecture, construction, and furnishing of community banks. We are a proven leader in building design and construction across the upper Midwest. Call Jim today for a free consultation on your project! 319-232-6554 112 W. Park Lane Waterloo, IA 50701 www.Single.Source.Net 1 Integrated team serves all your needs, so you benefit from: Fast Delivery Better Quality Cost Savings Singular Responsibility Reduced Change Orders Reduced Risk 1 Source, Full Service Architecture Construction Interior Design Master Planning Site Development Spacial Planning Budgeting Project Administration Project Management Budgeting Value Added Engineering Nebraska State Bank, Broken Bow 17 Nebraska Banker
Doing more with less. It’s today’s banking mantra. What if while you’re meeting with frontline staff, you could also be completing two monthly projects? Learn how budgeting for top-tier support and guidance can save your program money. That’s Bankers Alliance. info@bankersalliance.org or (833) 683-0701. Holding Company of Compliance Alliance and Review Alliance C M Y CM MY CY CMY K LET’S GET STARTED www.dbeinc.com 800-373-3000 sales@dbeinc.com EXPERIENCE THE DBE DIFFERENCE ATM | ITM | TELLER CASH AUTOMATION | COIN + CURRENCY | ATM MARKETING VIDEO + DIGITAL BANKING | SERVICE | REMOTE SERVICES + PATCHING SERVICES 18 Nebraska Banker
Data Flow Diagrams 101 Cody Delzer, SVP Information Security Consultant and Lynda Hartup, Senior Information Security Consultant SBS CyberSecurity, LLC Have you recently been through an audit or exam and received a recommendation to develop data flow diagrams (DFDs)? Have you recently completed a cybersecurity assessment using the FFIEC’s Cybersecurity Assessment Tool (CAT) and noticed that creating data flow diagrams is a CAT Domain 4: External Dependency Management requirement under the assessment factor of “Connections”? If either of these exercises left you confused and wondering what you should do next, you’re not alone. So, what is a DFD? Although creating data flow diagrams is a Baseline Cybersecurity Maturity control, meaning that all financial institutions are expected to have them, organizations are struggling to develop and even determine the importance of developing a DFD. Quoting directly from the “IT and Business Environment Representations” section of the FFIEC Architecture, Infrastructure, and Operations Handbook (2021): A data flow diagram is a graphical representation of the flow of data internally through the entity’s network(s), business units, products and software, and to third parties, as applicable. Data flow diagrams and network diagrams may include similar information (e.g., critical hardware) but have different purposes. Data flow diagrams show how the entity’s data flows between critical hardware on the network, not just where a piece of hardware resides. In smaller or less complex IT environments, data flow diagrams and network diagrams may be combined. In larger or more complex IT environments, the entity generally has multiple data flow diagrams and network diagrams broken out in a variety of ways (e.g., lines of business, geographic locations, network segments and business functions). Data flow diagrams may include the following: • Storage locations of data (i.e., data at rest), especially sensitive data, and where data flow between equipment and systems (i.e., data in transit) • Data sharing between applications • References to network diagrams for details of internal and external connectivity • Specific operational or business processes and any single points of failure • Data flow within the entity (e.g., operational or business process interaction and interdependencies) and between the entity and its third-party service providers The “IT and Business Environment Representations” section of the FFIEC Architecture, Infrastructure, and Operations Handbook (2021) also discusses network diagrams. No one should be faulted for incorrectly assuming their network diagrams counted as a data flow diagram. However, a DFD is an entirely different requirement and serves a different, but very useful, purpose. Let’s break down a data flow diagram. A DFD should: • Supplement an organization’s understanding of information flow within and between network segments as well as across the institution’s perimeter to external parties • Identify data sets and subsets shared between systems • Identify applications sharing data • Highlight the classification of data being transmitted Why Data Flow Diagrams Are Important Keep in mind that the FFIEC CAT requirement for DFDs falls into Domain 4, which covers vendor management. Why would the requirement for a DFD fall into the vendor management category? The answer is simple: financial institutions are now more reliant than ever on vendors to perform day-to-day operations. More information is being stored, transmitted and processed outside your network than inside. And the big question here is this: do you know where your data is going once it leaves your network? How To Start Creating Your Data Flow Diagrams The crux of the DFD problem is that most organizations don’t know where to start. Having already defined what a DFD entails, the next step is identifying which vendors are storing, transmitting and processing your data outside your network. One of the most effective ways to begin creating a TECH TALK 19 Nebraska Banker
Figure 1: Sample Data Flow Diagram 20 Nebraska Banker
DFD is to look at your critical business processes, which you should (hopefully) have identified as a part of your business impact analysis. Let’s take wire transfers as an example. It’s important to step through the flow of each process and identify where your customer information is being sent. There are typically numerous ways to initiate a wire transfer, whether it be in person, over the phone, via email or through a business online banking platform. Where does your customer information go after the request is initiated? Through which entity or vendor does it pass? Where does it end up? This line of questioning will lead you to the DFD answers you seek. Start by creating data flow diagram(s) that depict: • The actors involved at different steps in a critical business process, as identified in your business impact analysis (including people, technology and third parties) • Whether or not that actor stores, transmits or processes customer information • The points at which customer information enters or exits the network perimeter • How the information flows between each actor throughout the business process Following this model, your DFD(s) will: • Help you understand where your customer information flows across the perimeter to external parties. Notably absent here are network segment flows; feel free to add those if you’d like, but one could argue they are covered in network diagrams. • Identify to which external party’s customer information (the data set discussed above) is being transmitted • Identify applications, systems and vendors sharing your customer information There you have it! Data flow diagrams need not be difficult. For a sample DFD, see Figure 1. In fact, a good DFD should help your organization have a much better understanding of where your data is actually going once it leaves your network and who is touching it along the way. Be consistent in your approach and ensure it’s well grounded in solid risk assessment data (business impact analysis/IT risk assessment). Colorectal cancer is the third most common cancer among Nebraskans. Early detection saves lives, so doctors recently lowered the recommended screening age from 50 to 45. BCBSNE health benefits cover screenings and preventive treatments at no extra cost. OVER 45? GET SCREENED Visit NebraskaBlue.com to connect with a coach and schedule a screening today. An independent licensee of the Blue Cross and Blue Shield Association. LINCOLN BRUNING endacotttimmer.com 402-817-1000 Legal advice. Community banking experience. 21 Nebraska Banker
Digital Assets: New Types of UCC Collateral Jacqueline Pueppke, Nicholas Buda and Justin Sheldon Baird Holm, LLP Bitcoin? A crypto currency represented by a cartoon dog, known as dogecoin? A non-fungible token (NFT) featuring a LeBron James dunk against the Houston Rockets in 2021 selling for over $387,000?1 What are these assets, and what happens if a borrower wants your bank to accept them as collateral for a loan? Cryptocurrency and NFTs are well-recognized types of electronically created assets, known as digital assets. The driving force behind digital assets is the idea that “centralized” governance creates security risks because a single entity — for example, a bank — administers and controls the so-called ledger (paper or electronic database) for the assets held by the entity. In contrast, digital assets are “decentralized” and created through a peer-to-peer network of computers, commonly known as a distributed ledger, that tracks and records electronic transfers to validate who owns or has the power to buy, sell or otherwise transfer the digital asset. Blockchain is a well-known example of a distributed ledger system stored across a number of digital networks.2 The IRS defines a digital asset as “any digital representation of value which is recorded on a cryptographically secured digital ledger or any similar technology.”3 Of particular importance is the concept that there is no physical asset; rather, there is only an electronic “record” that serves as evidence of the asset. Uniform Commercial Code (UCC) Article 12,4 which was adopted by the Nebraska legislature in 2021 and became effective on July 1, 2022 (Article 12), establishes the rules for perfecting security interest in so-called controllable electronic records (or CERs, for short), which are electronic records evidencing ownership of a digital asset created with underlying technology that allows the record to be subject to control by a third party. Under Article 12, control of a CER exists if: (A) the CER or the underlying technology system in which it is recorded (i.e., blockchain or other distributed ledger), gives the secured party: (i) the power to derive substantially all the benefit from the controllable electronic record, (ii) the exclusive power to prevent others from deriving substantially all the benefit from the controllable electronic record, (iii) the exclusive power to transfer control of the controllable electronic record to another person or cause another person to obtain control of a controllable electronic record that derives from the controllable electronic record, and (B) “the controllable electronic record, a record attached to or logically associated with the controllable electronic record, or the system in which the controllable electronic record is recorded, if any, enables the person to readily identify itself as having the powers” specified above.5 If the Article 12 definition of what constitutes control of a CER seems vague and abstract to you, you are not alone. The technology that forms the basis of creating and validating digital assets is constantly emerging; therefore, the statute is intentionally drafted “technology neutral” language that would work to establish control over CERs created with existing distributed ledger technology as well as over CERs created with future technology. COUNSELOR’S CORNER 22 Nebraska Banker
Based on the framework for existing distributed ledger technology, control can be obtained by the creation of a multi-signature arrangement that holds the CER. A multi-signature arrangement is a code-based contractual relationship that establishes the authorized signatories (who each hold a distinct cryptographic private key6) and how many of those signatories (or distinct cryptographic private keys) are required to authorize a transfer or other disposition of the CER representing the digital asset. Although the word exclusive is used for purposes of acquiring control of a CER, the power can still be exclusive even if the secured party has agreed to share the power with another person. For example: Authorized Signatories Required Signatories to Transfer the CER Does Secured Party Have Control? Secured Party, debtor and third-party custodian Two signatories, one of which must be secured party Yes, because the CER cannot be transferred without the consent of the secured party Secured party and debtor Two signatories Yes, because the CER cannot be transferred without the consent of the secured party If, however, the multi-signature arrangement is among the secured party, debtor and third-party custodian and allows any one of authorized signatories to act, the secured party does not have control because the debtor can transfer the CER without the consent of the secured party. While the method of obtaining control of a CER may not read the same as a traditional method of control under the UCC (i.e., a written control agreement), the underlying purpose is the same — to enable the secured party to exclude the debtor or other third parties from disposing of the CER without the secured party’s consent. Please note that, in July 2022, an updated version of Article 12 (Updated Article 12) prepared by the drafting committee was approved by the Uniform Law Commission Jacqueline Pueppke represents clients in connection with a broad variety of commercial financing and real estate transactions. She represents national, regional and local lending institutions and borrowers in structuring and documenting transactions for commercial real estate financing, construction financing, asset-based financing and agricultural financing. She also represents clients in the acquisition, sale and leasing of commercial real estate. Nicholas Buda’s practice focuses on creditors’ rights and commercial litigation, the Uniform Commercial Code, commercial real estate disputes, construction law, and appellate advocacy. He routinely assists lending and financial institutions with working out problematic loans and collecting overdue commercial accounts. Justin Sheldon focuses his practice on commercial real estate, asset based and agricultural financing transactions. He represents both lenders and borrowers in negotiating and structuring transactions. and American Law Institute and several states. Updated Article 12 maintains the same concept of control of a CER described in this article but is more expansive and provides greater guidance on transactions utilizing CERs. In Nebraska, LB94 was introduced in January 2023 to adopt Updated Article 12. LB94 progressed through several steps of the legislative process, but due to unforeseen legislative delays, did not pass in the 2023 legislative session. 1. Ben Stinar, LeBron James NBA Top Shot Sells for Over $387,000, Sports Illustrated, April 16, 2021, https://www.si.com/nba/ pacers/news/lebron-james-nba-top-shotsells-for-over-387000 2. IBM: Blockchain, https://www.ibm.com/ topics/blockchain 3. IRS: Digital Assets, https://www.irs.gov/ businesses/small-businessesself-employed/digitalassets#:~:text=Digital%20assets%20are%20 broadly%20defined,Stablecoins 4. See Neb. Rev. Stat. U.C.C. § 12-101, et seq. 5. Neb. Rev. Stat. U.C.C. § 12-105(a)(1)-(2) 6. A private cryptographic key is a numerical code used in cryptography to gain access to your crypto wallet to verify transactions and prove ownership, which should be kept secret, similar to a PIN. 23 Nebraska Banker
nedcoloans.org WE PARTNER WITH BANKS TO HELP BUSINESSES THRIVE IN NEBRASKA. • Partner with NEDCO to provide your customers with down payments as low as 10%. • Lower your exposure while participating in larger projects. • Unlike SBA 7a loans, NEDCO handles all paperwork and processing with the SBA. • NEDCO’s long-term fixed rate helps you compete with other lenders only offering conventional financing. • NEDCO 504 loans provide the bank with a 1st lien at a 50% LTV. JASON CULVER Chief Credit Officer 402-483-4651 jason@nedcoloans.org WILL SAILORS Vice President Lending 402-483-4622 will@nedcoloans.org 24 Nebraska Banker
2023 EDUCATION CALENDAR SEPTEMBER Fall Tour September 11 Norfolk, NE Tri-State Human Resources Conference September 12-13 Overland Park, KS Fall Tour September 13 Ashland, NE Fall Tour September 14 Gothenburg, NE Fall Essential IRA Workshop September 18-19 Virtual Advanced Agricultural Lending School September 19-21 Kearney, NE Fall Advanced IRA Workshop September 20-21 Virtual Advanced School of Banking, Year 1 September 25-29 Kearney, NE The Active Shooter Seminar September 26 Virtual OCTOBER Compliance Update School October 11-12 Manhattan, KS Women in Banking Conference October 17-18 Lincoln, NE Principles of Commercial Lending School October 23-27 Kearney, NE Essential Teller Issues Seminar Series October 23-27 Multiple Locations Regulatory Issues Summit October 27 Lincoln, NE NOVEMBER Bank Investment, Funding and Economic Outlook Conference November 2-3 Lincoln, NE Principles of Ag/Commercial Loan Documentation Workshop November 14 Virtual DECEMBER Ag & Beyond Workshop December 12 Kearney, NE Ag & Beyond Workshop December 13 Norfolk, NE For more information about these live and online education events and training tools, contact the NBA Education Center at (402) 474-1555 or nbaeducation@nebankers.org. You may also visit the NBA website at https://www.nebankers.org/education. 25 Nebraska Banker
Your Customers Are Too. CONTACT US TODAY! 801.676.9722 sales@thenewslinkgroup.com Advertising Space Available. QR Code: website /#ad-space
This magazine is designed and published by The newsLINK Group, LLC | 855.747.4003 233 South 13th Street, Suite 700 Lincoln, NE 68508 Nellie Szczech EVP, Institutional Relationships nellie@bhg-inc.com 315.383.9648 BHG Bank Network National Seminar Meet with BHG leaders and hundreds of Bank Network members from across the U.S. OCTOBER 16–18, 2023 | FT. LAUDERDALE, FL HARBOR BEACH MARRIOTT RESORT & SPA SCAN TO REGISTER
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy ODQxMjUw