ISSUE 1 2024 Meet 2024-2025 NBA Chair Brad Koehn
233 S. 13th St., Ste. 700 Lincoln, NE 68508 Phone: (402) 474-1555 • Fax: (402) 474-2946 www.nebankers.org NBA BOARD OF DIRECTORS RICHARD BAIER President and CEO richard.baier@nebankers.org KARA HEIDEMAN Director of Communications and Marketing kara.heideman@nebankers.org NBA EDITORIAL STAFF BRAD KOEHN NBA Chair Midwest Bank, Lincoln MARK LINVILLE NBA Chair-Elect First State Bank, Randolph LYDELL WOODBURY NBA Past Chair First Nebraska Bank, Valley KRISTY BARTAK Nebraska State Bank & Trust Co. Broken Bow NICK BAXTER FNBO Omaha CORY BERGT Wells Fargo Bank, N.A. Lincoln KRYSTI CUNNINGHAM Security National Bank of Omaha Omaha CURTIS HEAPY Western Nebraska Bank Curtis ZAC HOLOCH Cornerstone Bank York JEFF KANGER First State Bank Nebraska Lincoln ZAC KARPF Platte Valley Bank Scottsbluff JOHN KOTOUC American National Bank Omaha KRISTEN MARSHALL-MASER Five Points Bank Grand Island JEREMY McHUGH Corn Growers State Bank Murdock AARON OTTEN Elkhorn Valley Bank & Trust Norfolk KEVIN POSTIER Henderson State Bank Henderson JAY PRESTIPINO First Interstate Bank Omaha LUKE RICKERTSEN Flatwater Bank Gothenburg BRIAN SCHWEIGER U.S. Bank, N.A. Lincoln RYNE SEAMAN Cattle Bank & Trust Seward TRAVIS SEARS Union Bank & Trust Co. Lincoln RYAN STEFFENSMEIER First Community Bank Beemer KELLY TRAMBLY South Central State Bank Campbell NICK VRBA RVR Bank Fremont ANDREW WITT Dundee Bank Omaha MORE FACE TIME. LESS WAIT TIME. Visit NebraskaBlue.com/Telehealth to learn more. Health benefits that give you access to virtual visits with doctors and specialists, even if you’re out of state. So you can get the care you need — wherever you are, whenever you need it. An independent licensee of the Blue Cross and Blue Shield Association. WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.walentineotoole.com 402.330.6300 11240 Davenport St. • Omaha, NE 68154-0125 4 NEBRASKA BANKER
Discover® Debit keeps it simple. If you’re scanning through a hefty monthly debit statement, you’re likely missing hidden or confusing fees. With Discover® Debit you get a one-page statement, transparent fees, and more revenue. Let’s talk about it. Find out more at DiscoverDebit.com/NoGames We Don’t Play Games with Your Debit Program
EDITORIAL: Nebraska Banker seeks to provide news and information relevant to Nebraska and other news and information of direct interest to members of the Nebraska Bankers Association. Statement of fact and opinion are made on the responsibility of the authors alone and do not represent the opinion or endorsement of the NBA. Articles may be reproduced with written permission only. ADVERTISEMENTS: The publication of advertisements does not necessarily represent endorsement of those products or services by the NBA. The editor reserves the right to refuse any advertisement. SUBSCRIPTION: Subscription to the magazine, which began bimonthly publication in May 2006, is included in membership fees to the NBA. ©2024 NBA | The newsLINK Group LLC. All rights reserved. Nebraska Banker is published six times each year by The newsLINK Group LLC for the NBA and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of the NBA, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. Nebraska Banker is a collective work, and as such, some articles are submitted by authors who are independent of the NBA. While Nebraska Banker encourages a first-print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at (855) 747-4003. 8 MEET 2024-2025 NBA CHAIR BRAD KOEHN 12 WASHINGTON UPDATE THE “OTHER” CRA A LESSER-KNOWN TOOL IN THE POLICY TOOLBOX Rob Nichols, President and CEO, American Bankers Association 14 WHEN IS A CARD A CARD? Roger Morris Jr., JD, CIPP, Associate General Counsel, Compliance Alliance 16 TECH TALK 10 INFORMATION SECURITY TOPICS TO DISCUSS IN YOUR NEXT REVIEW Christy Thomas, Audit Manager, SBS CyberSecurity 20 INTEREST RATE RISK IN 2024 MODEL ASSUMPTIONS IN A FALLING RATE ENVIRONMENT Luke Mikles, Vice President in the Financial Strategies Group, The Baker Group 22 COUNSELOR’S CORNER VIVA LAS TITLES! UNDERSTANDING THE RISK OF PROPERTY TITLE FRAUD Emily Tosoni, Associate, and Lauren Dubas, Summer Associate, Baird Holm LLP 26 2024 EDUCATION CALENDAR CONTENTS 14 22 6 NEBRASKA BANKER
WHY ? Tim Burns with customer Jami Schmidt Bank Stock Loans — Acquisition, Capital Injection, and Shareholder Buy Back/Treasury Stock Purchase Officer/Director/Shareholder Loans ( Reg-O) Participation Loans Purchased/Sold — Commercial, Commercial Real Estate, Agricultural, and Special Purpose Loans Leases Midwest Image Exchange – MIE.net™ Electronic Check Clearing Products Information Reporting – CONTROL Electronic Funds Cash Management and Settlement Federal Funds and EBA Certificates of Deposit International Services/Foreign Exchange Safekeeping FedNow Service Directors’ Exams Loan Review Compliance Audits IT Audits Lending Services Operational Services Audit Services mibanc.com MEMBER FDIC Contact Tim Burns 402-480-0075 The customer service that MIB provides to our community bank is exceptional. Tim Burns, our relationship manager, listens to our needs and helps our bank meet our goals. Their website protal we use for reports is very user-friendly and easy to navigate. We appreciate the relationship we have with MIB today! Jami Schmidt/CFO Henderson State Bank Henderson, NE
Meet 2024-2025 NBA Chair Brad Koehn In his 37-year tenure in banking, Brad Koehn embodies the essence of leadership and dedication within the banking industry. While transitioning through various industry roles throughout his career, Koehn’s commitment to serving others has remained unchanged. He is looking forward to giving back to the banking industry through his role as the 2024-2025 Nebraska Bankers Association Chair. Koehn grew up on a small farm in Niobrara in the 1970s and early 1980s. This period was marked by the 1980s farm crisis, which caused extreme economic hardship for farmers and rural communities. The crisis had devastating effects across the nation, adversely impacting many farm families, rural businesses and banks. Koehn experienced the repercussions of a rural bank failure as his hometown bank was the first to close in Nebraska during that time. As a teenager, he recalls resilience among the adults in his community, who silently bore the weight of their hardships without blame or complaint. It wasn’t until his studies in college that Koehn gained a broader perspective of the true nature of this economic crisis. Koehn was later drawn to banking by the desire to help prevent such crises from recurring. “I witnessed firsthand what a bank failure and financial devastation does to a community. But even more impactful is how it affects families. It doesn’t just break businesses. It breaks communities. It breaks families,” he said. This event made Koehn realize the fiduciary responsibility every banker should have, particularly in rural communities, and deepened his appreciation of the importance of the agriculture industry. It is something he has taken very seriously in his banking career. Koehn entered the banking industry as a national bank examiner with the Office of the Comptroller of the Currency (OCC). The OCC charters, regulates and supervises all national banks, federal saving associations, federal branches and agencies of foreign banks. He was immersed in a rigorous training program that delved deep into the intricacies of banking. The six-month program provided a comprehensive education on every facet of a bank’s balance sheet and its management, equipping Koehn with fundamental knowledge that would prove to be invaluable throughout his career. 8 NEBRASKA BANKER
As a regulator at the OCC, Koehn gained wide-ranging experience examining a variety of banks, from community institutions to large organizations. He encountered both well-managed financial institutions and those facing challenges, including the lingering aftermath of the farm crisis. These experiences provided him a broad perspective on the industry and instilled invaluable lessons about banking, risk assessment and management practices. After four years of traveling across the United States with the OCC, Koehn made the transition to community banking to be more present for his wife and young family. His entrepreneurial spirit drew him towards the private sector, where he saw opportunities to apply his regulatory insights within a different context. “The principles instilled from a regulatory background last forever. The broad perspectives of banking from seeing so many different banks and the identification and understanding of risk are fundamentals I still use today,” he said. Koehn’s first opportunity in community banking was with Gretna State Bank, a subsidiary of Pinnacle Bank. He assumed multiple roles including cashier, vice president, commercial and ag lender and compliance officer, which speaks volumes about his adaptability and drive. After nearly two years, he transferred to the bank’s holding company in Central City. At 28 years old, he became responsible for the oversight of all Pinnacle Bank locations in Nebraska, Kansas and Wyoming, just shy of a billion dollars in assets. “Working at the holding company for a large community bank was a unique, tremendous opportunity for someone of that age to experience. It certainly positioned me for the future that I have been blessed to enjoy in the industry,” he said. His experience at such a young age left a lasting impression on Koehn, shaping his approach to leadership and mentorship. He emphasizes the importance of depth of knowledge and the ability to simplify complex concepts for younger colleagues, drawing from his own experiences of breaking down banking matters into understandable terms. Koehn’s commitment to integrity and doing what is right, even in the face of public 9 NEBRASKA BANKER
scrutiny, reflects the values instilled in him during his early years of banking. Koehn inspires those around him to prioritize sound decision-making and ethical conduct, ensuring the long-term success and reputation of the institutions he serves. In 1998, Koehn became the president, CEO and vice chairman of F&M Bank in West Point. Eleven years later, he joined Midwest Bank in his current role as regional president for the Nebraska-based bank and its affiliate Redstone Bank in Centennial, Colorado. Koehn emphasized the importance of understanding the regulator’s perspective when defending the banking industry. He noted that proposed rules and regulations often result from the reaction to an event and are authored by individuals disconnected from mainstream and rural America, potentially leading to unintended consequences for community banks. He encourages NBA members, especially younger bankers, to become more engaged in the industry. “There’s power in numbers and unity. The world is run by people who show up. Now, more than ever, we need to be unified and protect our industry whose value has been built and entrusted to us by the bankers who came before us. It’s important to realize that each of us can make a difference,” Koehn said. Koehn’s drive extends beyond finding success within the banking industry. He aims to help his team and clients achieve professional and financial success. He finds gratification in leading by example, showing his team that being a banker involves more than just transactions. “A genuine desire to help others is a key aspect of being a banker,” said Koehn. “Community bankers identify the needs of their communities and contribute time, talent and treasure to address those needs.” Koehn’s advice to bankers and non-bankers alike is something that has held true for much of his life: “We can all leave a legacy. All of us have the opportunity to make a difference. And you have to be true to yourself. If you’re not true to yourself, you’re not true to anyone.” More About Koehn Brad Koehn graduated from Kearney State College in 1987 with a bachelor’s degree in business administration with a finance emphasis and an economics minor. During college, he also played quarterback on the football team. Koehn has been active in the NBA, serving on the NBA Board of Directors, as chair of the VEBA Board of Trustees and the Government Relations Committee, the NBA Executive Committee, and as an instructor for the AIB and NBA/KBA Schools of Banking. He was selected to serve on the Nebraska Department of Banking and Finance Statutory Task Force. Most recently, he chaired the Federal Reserve Bank of Kansas City’s Community Depository Institutions Advisory Council, where he also served on the national advisory council to the Federal Reserve Board of Governors. Locally, Koehn has held various leadership roles positively impacting Nebraska communities, particularly in West Point and Lincoln. He is also active in his local church and the Knights of Columbus. Outside of banking, Koehn enjoys traveling with his wife Lori and spending time with their three children and all of their grandchildren. A self-proclaimed “adventurist,” he ran with the bulls in Pamplona, Spain, on his 50th birthday. He is an avid outdoorsman and has hiked sections of the Appalachian Trail. Future aspirations include journeying to the base camp of Mount Everest. 10 NEBRASKA BANKER
| Bank Stock Loans | Loan Participations | ATM/Debit | International Services | | Cash Management | Securities Safekeeping | Merchant Services | 800-873-4722 | NE: 888-467-5544 | www.bbwest.com Where community banks bank Est. 1980 – 40+ years of service to community banks “As a service provider exclusively focused on community banks, Bankers’ Bank of the West is here to help strengthen our clients and the communities they serve.” Across the western states and Great Plains, we’re the place where community banks bank. That’s because we provide the services, technology, and expertise to help you extend your resources, deliver for your customers, and stand out in your market. 5 reasons to partner with us BBW - President and CEO - Bill Mitchell You can unlock efficiencies and cost savings. We can provide sophisticated solutions and economies of scale because we’re powered by hundreds of community banks across our region. Our priorities are aligned with yours. You can expand your capabilities. We’ll never compete for your customers. You can count on prompt, reliable service. • Independent loan review • Loan and credit administration consultation • Strategic planning facilitation • Management, staffing, & succession planning • Acquisition & expansion • BSA/AML compliance • Regulatory risk consultation President, Jim Swanson President, Anne Benigsen • Consulting • Phishing Tests • Vulnerability Management • Security Monitoring Cyber/information security, strategic planning, independent loan review, AND MORE. Consulting Services $ 8.6B assets under management $ 1.9B daily transaction value processed/settled Serving more than 60% of community banks across 7 states
WASHINGTON UPDATE The “Other” CRA A Lesser-Known Tool in the Policy Toolbox Rob Nichols, President and CEO American Bankers Association The banking agencies are tasked with writing and implementing regulations for the laws enacted by Congress, but they do not have free reign. In creating these rules, regulators must act within the boundaries of their statutory authority or run the risk of legal challenge — and ABA has not been afraid to hold them accountable in court when they get it wrong. But Congress can also hold agencies accountable when there are policy disagreements by simply overriding final rules. In ABA’s view, regulators have exceeded their authority in several recent regulatory actions, including the 1071 final rule, the credit card late fee final rule, the new Community Reinvestment Act final rule and the expansion of UDAAP authority via an update to an examination manual. When I addressed bankers at the 2024 ABA Washington Summit earlier this year, I assured them that ABA would use every tool in our toolbox to push back against the “regulatory tsunami” that regulators have unleashed upon the banking industry. Litigation is obviously a tool that we’ve been forced to use now several times — as evidenced by our four current legal challenges against bank regulators — but it isn’t the only option. Among the other tools available is a lesser-known mechanism called the Congressional Review Act — which we sometimes refer to as “the other CRA.” The Congressional Review Act was enacted in 1996 to provide Congress with an avenue for overturning certain federal regulatory actions, but inexperience with the new law and divided government meant it was only used once in its first 21 years. During the Trump administration, however, when Congress and the White House were controlled by the same party, the CRA was used successfully 16 times. Highlights included ABA-backed resolutions to overturn the CFPB’s rule effectively banning the use of mandatory arbitration for financial products — a rule that ABA strongly opposed — and a resolution to nullify the bureau’s 2013 indirect auto lending guidance after the Government Accountability Office issued a formal decision in 2017 that the guidance constituted a rule. Congress passed CRA resolutions three more times during the Biden administration, and lawmakers continue to introduce them. Recently, ABA supported a CRA challenge to the CFPB’s 1071 final rule. That CRA challenge was passed by a bipartisan majority in both the House and Senate — and though President Biden ultimately vetoed the measure, it sent a strong and clear signal that Congress disagreed with the bureau’s rule. In addition, a resolution of disproval under the CRA was also passed in May to invalidate the Securities and Exchange Commission’s Staff Accounting Bulletin 121, which changed the way that banks and other publicly traded entities are expected to account for digital assets held in custody. ABA is also supporting a CRA challenge to the CFPB’s recently finalized credit card late fee rule. The House Financial Services Committee favorably reported that resolution of disapproval in April. The Congressional Review Act is so powerful because resolutions can move to the Senate floor quickly through an expedited “fast track” procedure and that, once on the floor, a resolution requires only a simple majority vote to pass — not 60 votes, like most legislation. This 12 NEBRASKA BANKER
fast-track process stipulates a specific timeframe during which rules issued in this Congress can be invalidated by the next Congress: The rule must be issued during a window of 60 session or legislative days prior to Congress’ adjournment at the end of the year in order for the next Congress to have an opportunity to invalidate the rule. We are now nearing the window where any final rules that are issued by the agencies could be challenged under the CRA in the next Congress — yet another reason why electoral outcomes matter. However the elections shake out in November, ABA’s focus will remain unchanged: supporting a policy environment that supports America’s banks in their mission to supply credit to their customers, clients and communities. And we’ll continue to use every tool in the toolbox to ensure that our broad and diverse banking sector can continue to thrive. Email Rob at nichols@aba.com. FEEL SECURE. BE SECURE. Contact us today! 801.489.9600 securityservicesutah.com Need help with vault doors, night depositories, safe deposit boxes, stand-alone vaults, pass-thru boxes or fire doors? We are your vault and safe experts and are ready to help. LINCOLN BRUNING endacotttimmer.com 402-817-1000 Legal advice. Community banking experience. 13 NEBRASKA BANKER
When is a Card a Card? Roger Morris Jr., JD, CIPP Associate General Counsel Compliance Alliance A card is either a credit card or a debit card. What about a home equity line of credit (HELOC) access card? Is that a credit card or a debit card? Or something in between? If it’s in between, does Regulation E apply? Regulation Z? It is easy to talk yourself in circles, but let’s make sense of it once and for all. To begin, why is this a conversation worth having in the first place? You may know the answer to this question and think this was a compliance officer’s version of child’s play. A card’s definition as a debit or credit card has worthwhile implications. It would dictate what disclosures are necessary. In the vast alphabet soup of regulations, each has its onerous disclosure requirements, and Regulations E and Z (the two that apply in these areas) have plenty of requirements. Furthermore, it dictates how errors are resolved. Regulation E’s error dispute rules are highly consumer-favorable; not that Regulation Z’s aren’t, but Regulation E has a more formal investigation requirement. These formalities would apply if Regulation E applied to the HELOC’s access card transaction. We could go on and on about what each regulation independently entails but let’s get back to cards. 14 NEBRASKA BANKER
Debit and credit cards look similar, but, as anyone reading this would know, there are fundamental differences. A debit card takes funds out of your bank account, while a credit card is linked to a credit line that you pay back later. A HELOC access card blurs the lines. With a HELOC, you may have an account with funds that seem identical to any other asset account. You have to pay those funds back at a later date. So, what exactly is a HELOC access card? To decipher this mystery, let’s look at the regulation. For the regulatory definition of a credit card, we turn to Regulation Z: “(i) Credit card means any card, plate, or other single credit device that may be used occasionally to obtain credit.” This includes HELOC access cards, which may be used to obtain credit from a line of credit. Regulation commentary further supports this point. “i. Examples of credit cards include … A card that guarantees checks or similar instruments, if the asset account is also tied to an overdraft line or if the instrument directly accesses a line of credit.” So, an access card is a credit card under Regulation Z. Regulation Z applies. But this still leaves the question of whether Regulation E also applies. Regulation E applies to “access devices.” These are cards, codes or other means of access to a consumer’s account that may be used to initiate electronic funds transfers. A HELOC access card does initiate electronic funds transfers from a consumer’s HELOC account so they are seemingly an access device. However, “account” is a specific term in the context of Regulation E and a crucial part of the definition of an access device: “‘Account’ means a demand deposit (checking), savings, or other consumer asset account (other than an occasional or incidental credit balance in a credit plan) held directly or indirectly by a financial institution and established primarily for personal, family, or household purposes.” A HELOC can undoubtedly be for personal, family or household purposes, but let me draw your attention to the words “asset account” (see the bolded above). A loan account is not an asset account. A checking account is an asset account because you wholly own the funds in the account. They add to your net worth. A loan account is a liability. You will have to pay those funds back later, so the withdrawal of those funds subtracts from your net worth. We could call loans a liability account, but that makes them less marketable. So generally, a HELOC is not an account under Regulation E, even if it can make electronic transfers because it’s a loan account and not an asset account. So, this cannot meet the Regulation E definition of a “debit card” or “access device,” and, in turn, Regulation E is not applicable. An access device initiates transfers from an “account,” and a HELOC is not an “account” for Regulation E purposes. Therefore, the bank wouldn’t be required to give Regulation E disclosures with a HELOC access device, but that doesn’t mean it could not be done. If you’re looking to provide customers with the rights disclosed in Regulation E disclosures, you could, but it would be an internal policy decision. It is also worth noting that this is the typical way HELOCs are set up, but there can be other structures that may change the analysis above. As always, if you have any specific fact scenarios you would like to discuss, members are always free to reach out to us on the Compliance Hub Hotline. Roger Morris serves C/A as an associate general counsel. Roger brings a combination of unique experiences to C/A that he uses to provide guidance on a wide variety of regulatory and compliance issues. 15 NEBRASKA BANKER
10TECH TALK Information Security Topics to Discuss in Your Next Review Christy Thomas, Audit Manager SBS CyberSecurity As data breaches continue to trend up, organizations are spending more money and resources to ensure they have the appropriate solutions in place to prevent attacks without disrupting normal business. All organizations should consider the following topics as part of an information security program review. Continued on page 18 1. Ransomware Awareness The CSBS recently updated the Ransomware Self-Assessment Tool (R-SAT) to version 2.0 due to evolutions in the ransomware threat environment, bad actor tactics, and changes in environments and controls. The R-SAT provides significant advantages by raising awareness about ransomware risks, identifying security gaps and giving executive management and the board of directors the information they need to make informed decisions and allocate resources appropriately. It also assists auditors, consultants and examiners in evaluating security practices and incorporates lessons learned from organizations that have experienced ransomware attacks. 2. Board Cybersecurity Training An organization’s board of directors is ultimately responsible for its overall security. Without a solid grasp of cybersecurity, the board may make decisions that inadvertently weaken the organization’s security posture and lead to insufficient budget allocation for cybersecurity initiatives. Additionally, a lack of understanding can result in security strategies not aligning with overall business objectives, as well as underestimation of cybersecurity risks, leading to inadequate risk management and crisis response plans. 3. Firewall Reporting and Monitoring To mitigate the risks of vendor firewall management, it is important to implement appropriate controls, including defining roles, responsibilities and expectations in written contracts to eliminate any questions as to who is doing what. Periodic security audits of the vendor’s practices should be conducted as part of your vendor management program. Administrative access to the firewall should be limited to authorized personnel only, and require strong authentication mechanisms, such as MFA and individual authentication (no shared accounts). Oversight should include receipt and review of comprehensive logs or read-only access, at a minimum, to monitor these logs for suspicious activities or policy violations. 4. Multi-Factor Authentication (MFA) Implementing MFA is a key defense strategy, adding an essential layer of security by requiring two or more verification factors. Enhancing network security with MFA solutions helps increase data-center security, boosts cloud security for a safer remote working environment and minimizes cybersecurity threats. Additional controls surrounding administrative access to directory services, network backup environments, network infrastructure, organization’s endpoints/servers, remote access (employees and vendors) and firewall management are recommended. Many cybersecurity insurance vendors now require organizations to complete a self-attestation to renew policies. Included within the attestation is the verification of multi-factor authentication for remote access users and administrative users. 16 NEBRASKA BANKER
Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375 Would you like to transform the management of your information security program from a daunting chore to a process that fuels better decisions? SBS can help! ��� empowers �nancial institutions to ma�e informed security decisions and trust the safety of their data based on a valuable information security program. To learn more, visit www.sbscyber.com today! Robb Nielsen robb.nielsen@sbscyber.com 605-251-7375
5. Vendor Management Program The vendor management program continues to evolve and requires diligent monitoring and research, especially for those vendors deemed critical to operations. Adhering to FFIEC Guidance and Interagency Guidance ensures comprehensive risk evaluation in vendor relationships, comprised of due diligence procedures, acquisition procedures, defined vendor risk classifications, annual risk assessments, presentation of critical vendors to an authorized committee and adequate contract review procedures. Organizations should adopt a comprehensive vendor management program to address vendor risks and ensure adherence to legal and regulatory standards. 6. Microsoft 365 Controls Assessment An independent assessment is crucial for identifying and mitigating potential cyber threats within the Microsoft 365 environment. The independent assessment should evaluate the environment and ensure the organization has implemented appropriate controls to mitigate risks, including malware, third-party app access, data loss prevention, external sharing, advanced threat protection and permissions. Common security gaps within the Microsoft 365 environment include overly privileged administrator roles, incorrectly implemented multi-factor authentication, inadequate admin center settings, audit log and activity log neglect, and authorization misconfiguration. 7. Adequate Backups and Testing Implementing various disaster recovery measures to prevent and mitigate ransomware attacks is important, including keeping multiple backups on and off-site, replicating critical data, encrypting data and air-gapped backups. Regular testing of backup procedures is essential for ensuring data recoverability in the event of an attack. An air-gapped backup is not connected to a network, so it cannot be reached by hackers, as many ransomware variants attempt to find and delete any accessible backups. Maintaining offline, current backups is critical because there is no need to pay a ransom for data that is readily accessible to your organization. Regularly testing and validating backup processes can give an organization confidence in its ability to restore data in the event of an emergency. This includes restoration testing, functional failover testing — spinning up critical backup servers, and other emergency preparedness testing (tabletop exercises, simulations, etc.). 8. Bank Protection Act of 1968 The shift towards remote audits and examinations poses challenges for physical security verification, which often relies on videos or photographs for assessment. To bolster physical security measures, it is recommended that a dedicated security officer be appointed to oversee the comprehensive implementation of the security program and deliver an annual security report to the board of directors. Continued from page 16 18 NEBRASKA BANKER
9. Segregation of Information Security from Information Technology Once a financial institution reaches $750 million in assets, the regulatory and external audit scrutiny will increase surrounding the segregation of roles associated with information security and information technology. The information security officer should be independent of IT operations staff and should not report to IT operations management. 10. New/Updated Policies The following policies should be documented within an information security program, and some have become formal recommendations by examiners and regulators within the last 12 months: • End-of-Life (EOL) Policy • Imaging Policy • ATM/Debit Card Management Policy • Instant Issue Policy • Internet Banking Policy These enhancements aim to bolster the institution’s security posture, ensuring comprehensive coverage of physical and digital security aspects in alignment with evolving regulatory standards and cyber threat landscapes. 19 NEBRASKA BANKER
After a little more than two years and 525bp worth of rate hikes, the Federal Reserve has started to signal that rate cuts are on the horizon. During that period of rapid rate hikes, we saw an increased focus on asset liability management (ALM)/interest rate risk (IRR) model assumption review and documentation. Along with rising rates, we also saw an increasingly competitive environment for deposits, which drove cost of funds up much faster than assumed across the board. So how does this impact institutions from an ALM and IRR standpoint? Specifically, how do model assumptions impact earnings at risk and capital at risk as rates fall? First let’s talk about loan constant prepayment rates (CPRs), a method of measuring prepayments that assumes a constant portion of the outstanding Interest Rate Risk in 2024 Model Assumptions in a Falling Rate Environment Luke Mikles, Vice President in the Financial Strategies Group The Baker Group loan principal will prepay. For example, a 15% CPR assumes 15% of the outstanding principal balance will prepay in one year. Historically as rates start to fall, we see CPRs rise as people are now able to refinance their loans down to lower rates. Given the rapid rise in rates from the Fed, this may not be the case this time. According to the St. Louis Fed, the average 30-year fixed rate mortgage in July of 2021 was 2.87% compared to March of 2024 at 6.87%. That means if you locked in your mortgage in July 2021, it would take 400bps worth of cuts before you would start thinking about refinancing. Existing home sales are at all-time lows as people feel “locked in” to their current homes and low interest rates. It may take a significant cut from the Fed before we see an increase in prepayment activity on our loan portfolios. Due to this possibility, it is a great time to review current CPR assumptions and understand how they can impact earnings at risk. Overstating prepayment activity can lead to a misleading figure in change-in-interest income and provide an inaccurate projection in a falling rate scenario. On the other side of the balance sheet, we have deposits. The competition for deposits has been evident as we have seen cost of funds steadily rise for the last two years. The big question is, as rates start to fall, will we be able to cut those deposit rates as fast as we originally had to raise them? The assumption in play here is going to be the deposit beta, or shift sensitivity. This is the metric that shows us how much deposit rates change in line with a move from the Fed. A beta of 35% would show a 35bp move for every 100bp move from the Fed. The impact of an overly optimistic or higher beta in a falling rate environment could provide a misleading model output on changes to interest expense. Because depositors are now aware of the possible earnings and rates they can receive on their money, the fight for deposits remains high. The 20 NEBRASKA BANKER
useful the model when it comes to making informed decisions for institutions. In this current environment, this discussion around assumptions can help put an institution on the best path forward. Luke Mikles is a vice president in the Financial Strategies Group at The Baker Group. He joined the firm in 2019, serving in the Interest Rate Risk Department. In 2023, Luke moved to the Financial Strategies Group, where he assists institutions with the risk management process and speaks at Baker’s educational seminars across the country. Luke holds a Bachelor of Business Administration in energy economics from the University of Central Oklahoma. Contact Luke at (405) 415-7307 or lmikles@gobaker.com. Understanding how institutions will operate as rates fall will have a direct impact on modeling and, thus, a direct impact on model outputs. “sleepy depositor,” for the most part, has awoken. If this trend continues, institutions may not be able to drop their deposit rates as quickly as in past falling rate cycles. This will directly affect how interest expense fluctuates as rates fall; therefore, institutions should review and discuss this probability and the impact on the bottom line. As rates started to rise, the resurgence of the CD came right along with it. The composition of the balance sheet is another aspect of interest rate risk that changes along with the movement in rates. CD specials are a prime example due to the increased rates offered. As these products start to reach maturity, the institution should discuss the likelihood of whether those maturing dollars will continue into a similar product or possibly flow out into something else. For example, we have seen a migration of non-maturing deposits into CDs over the last two years. Will this trend start to reverse as rates fall? The review of model assumptions is by far one of the most important pieces of the ALM process. While it may not have seemed important in the past to discuss falling rate assumptions, considering rates were near zero for so long, it is at the forefront of the interest rate risk world now. Understanding how institutions will operate as rates fall will have a direct impact on modeling and, thus, a direct impact on model outputs. The more accurate the assumption, the more 21 NEBRASKA BANKER
Graceland, the famous Tennessee home of the late Elvis Presley (now a museum and tourist attraction), has been in the news recently for its involvement in a foreclosure dispute.1 Riley Keough, the oldest grandchild of Elvis, is in court contesting an attempted sale of the property, claiming the company trying to sell the estate as collateral falsified the loan and deed documents. While the case works through the court system, the controversy has sparked a new wave of interest in title fraud among the public. Banks and their customers may be particularly worried about title fraud, considering the potential losses associated with this kind of fraud. Financial institutions risk financial loss due to mortgages and loans secured by fraudulently owned property. Financial institution customers who are victims of title fraud risk financial loss of the equity they have worked hard to build in their property and risk difficulty in securing future lending due to a negatively impacted credit rating. What is Title Fraud? Title fraud occurs when a “thief” steals a person’s identity and/or forges documents to seem as if they are the rightful owner of a property. Once they do so, they can wreak havoc by taking out liens or mortgages on the “stolen” property, burdening the true owner with the financial obligations. These thieves also may attempt to sell or rent out the property to an unsuspecting third party, leaving the true owner in a confusing and expensive legal battle. While these fake deeds and mortgages do not legitimately transfer ownership of the property or create financial obligations the victim is liable for, the process of undoing this harm by proving true ownership can require a devastating amount of time and money. Despite these adverse consequences, banks and their customers should understand the factors influencing the probability of falling victim to title fraud in order to evaluate their individual risk exposure. Evaluating the Risk of Title Fraud The good news is title fraud is not as common as other types of identity theft crimes.2 While some people claim the number of victims of title fraud has risen in step with the recent increase in online closings and notarizations,3 it is unclear whether this characterization is accurate. The FBI’s Internet Crime Report documents the number of victims in the U.S. who have suffered from real estate crime — meaning they have experienced “loss of funds from a real estate investment or fraud involving rental or timeshare property:”4 • 2020: 13,638 victims. • 2021: 11,578 victims. • 2022: 11,727 victims. • 2023: 9,521 victims. These figures suggest the frequency of title fraud may not be on a dramatic rise, contrary to popular perception. Regardless, the following risk factors may help someone determine whether a piece of property is more vulnerable to title fraud: • Property with out-of-state owners. • Property with owners who have more than one home. • Property or real estate left vacant or unoccupied. • Investment property. • Vacation homes. • Property with high equity (no mortgages or liens). • Inherited property, where the original owners are deceased. • Property with aging owners or owners who are inattentive with personal information and technology. Each of these risk factors provides criminals with a greater opportunity to “steal” the title without the true owner knowing. It is easier for title thieves to target individuals who make it easy to steal their identity or individuals who are not (or seem as if they are not) paying attention to their property. Particularly relevant to banks and their customers, property with high equity is more at risk than property encumbered by mortgages or other liens. This is because title thieves know financial institutions with an interest in a piece of property as collateral could be monitoring these properties in various ways. Even a little extra monitoring increases the likelihood a title fraud thief gets caught, making those properties worse targets. Viva Las Titles! Understanding the Risk of Property Title Fraud Emily Tosoni, Associate, and Lauren Dubas, Summer Associate, Baird Holm LLP COUNSELOR’S CORNER 22 NEBRASKA BANKER
What Can Be Done to Discover and Prevent Title Fraud? Individuals worried they are victims of title fraud or will be victims in the future can do several things to identify the fraud themselves or try to prevent it from happening: • Look for Signs of Title Fraud:5 ◦ Receiving bills for accounts not opened by the individual. ◦ Getting calls from debt collectors for debts the individual does not owe. ◦ Finding unfamiliar items on a credit report, such as mortgages or lenders not recognized by the individual. ◦ Receiving notice from the IRS that the individual has unpaid taxes. ◦ Discovering a piece of property has been rented out or sold. • Check Title/Property Records ◦ Each county has a different system for checking title and property records that anyone can search. Additionally, some counties have “property fraud alert” systems where individuals can sign up online to receive alerts any time their name is mentioned in new documents in the property recording system. This can help property owners quickly catch someone who is attempting to impersonate them. ◦ Nebraska: ▪ The following counties have free property fraud alerts: Buffalo and Scotts Bluff. ▪ Some counties’ property records can be searched for free at nebraskadeedsonline.us. ▪ Douglas County can be searched for a fee of $25 per day at www.dcregisterofdeeds.org/ premium-services. • Check Credit Reports ◦ A credit report search may reveal any mortgages or loans connected to an individual or their property they did not take out. • Protect Personal Information ◦ Protecting personal information by securing Wi-Fi networks and staying up to date on common information security risks (for example, phishing emails or scammers posing as lenders or real estate agents to get personal information) can help ensure title fraudsters cannot steal the information they need to forge deed or loan documents. • Check on Unoccupied or Vacant Property ◦ More vigilance on property left unoccupied could deter criminals from targeting an individual’s property in favor of a property where they are less likely to be caught. • Set up a Google Alert ◦ Individuals can set up Google alerts for their property’s address, and Google will notify them anytime their address is mentioned on the internet. This could help an individual catch someone trying to put their property up for sale or for rent. 23 NEBRASKA BANKER
Considering Title Monitoring Services or Title Insurance? Bank customers might have recently seen commercials touting the ease at which criminals can forge documents to steal their homes and offering monitoring services or title insurance. For clients wondering whether investing in such protections is worth the cost, the following provides a brief overview of each: Title Monitoring Services Title Monitoring Services help alert their customers if there are signs they are experiencing title fraud. Depending on the service, this may include monitoring credit reports, monitoring property records for mentions of the client, setting up internet alerts on the client’s address to see if their property becomes listed for sale or rent, and other digital security protections. It also may include some sort of insurance should the client experience losses due to title fraud, but such protection is not common. As discussed previously, because individuals have the ability to check their title or property records, get credit reports and set up Google alerts, individuals can do a lot of what the title monitoring services offer on their own, and potentially with a much lower cost. Title Insurance Title Insurance is a policy that protects property owners from losses associated with defects in the title of their property. Most commonly, this is purchased by new property owners during real estate transactions as part of the closing process. At the time of purchase, the title insurance company will do a deep dive into the state of the property’s title for anything in the past that may cause trouble. Because the title company usually does not continue to run searches or monitoring services after the property has been sold or transferred, most policies will only cover title defects that arose before the purchase of the insurance. There are some title insurance companies that offer policies covering losses that may occur in the future,6 but this is not the norm. If individuals are considering or currently buying a home or other property, it is always recommend they purchase title insurance as part of the real estate transaction. If an individual has already purchased title insurance for their current property, however, purchasing title insurance again will likely not protect them from anything that happens in the future unless they purchase a policy specifically covering future title fraud losses. Overview While title fraud can be a devastating experience for property owners, the risk of it happening is lower than some individuals may think. Despite this, the legal turmoil surrounding Graceland serves as a reminder to have a Suspicious Mind and be aware of factors that make individuals more likely to be targeted, as well as the steps people can take to mitigate the risk of being a victim that Can’t Help Falling for title fraud. Emily S. Tosoni focuses her practice on tax and estate planning as well as estate and trust administration. Emily graduated from the University of Iowa College of Law in 2021, magna cum laude. While in law school, Emily became a member of the Order of the Coif, a distinction awarded to the top 10% of the Class of 2021. Emily received the Judge William Stuart Award for her graduating class, as well as the Dean’s Award for Academic Excellence for Property and Trusts & Estates and the Jurisprudence Award for Academic Excellence in Contract Drafting. Endnotes 1. Robyn A. Friedman, Scammers Tried to Sell Graceland. How to Prevent Your Home from Being Next, Wall Street Journal (June 3, 2024, 7:00 PM) https://www.wsj.com/real-estate/home-title-fraud-ffc7edb7. 2. Kiah Treece, Home Title Theft: How to Protect Yourself, Forbes, (Feb. 3, 2023, 9:35 AM), https://www.forbes.com/advisor/mortgages/real-estate/home-title-theft/. 3. Robyn A. Friedman, Scammers Tried to Sell Graceland. How to Prevent Your Home from Being Next, Wall Street Journal, (June 3, 2024, 7:00 PM) https://www.wsj.com/real-estate/home-title-fraud-ffc7edb7. 4. Federal Bureau of Investigation, Internet Crime Report 21 (2022), https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf; Federal Bureau of Investigation, Internet Crime Report 20 (2023), https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf. 5. Kiah Treece, Home Title Theft: How to Protect Yourself, Forbes (Feb. 3, 2023, 9:35 AM), https://www.forbes.com/advisor/mortgages/real-estate/home-title-theft/; Ashley Kilroy, Home Title Theft: What You Should Know and How To Prevent It, Rocket Mortgage (June 22, 2023), https://www.rocketmortgage.com/learn/home-title-theft. 6. American Land Title Association (ALTA) offers this kind of policy in some states. 24 NEBRASKA BANKER
800.228.2581 MHM.INC Now more than ever people want self-service options. With our core integrated ITMs we can make this a reality both in the lobby and in the drive-up of your branch. SELF-SERVICE BANKING 25 NEBRASKA BANKER
AUGUST Safe Deposit Box Seminar August 29 Virtual SEPTEMBER Fall Agribusiness Conference September 5-6 Lincoln Essential Teller Issues Seminar September 16 Ogallala Essential Teller Issues Seminar September 17 Kearney Essential Teller Issues Seminar September 18 Norfolk Essential Teller Issues Seminar September 19 Lincoln Advanced School of Banking — Year 1 September 23-27 Kearney Fall IRA Workshop September 23-24 Lincoln Nebraska Fall Tour September 23 Ogallala Nebraska Fall Tour September 24 Grand Island Fall IRA Workshop September 25-26 North Platte Nebraska Fall Tour September 25 Valley Nebraska Fall Tour September 26 Norfolk OCTOBER Compliance Update School October 8-9 Kearney Commercial Lending School October 21-15 Manhattan, KS Principles of Commercial Lending School October 21-25 Manhattan, KS Women in Banking Conference October 22-23 Omaha Regulatory Issues Summit October 25 Lincoln For more information about in-person and virtual education events and training tools, contact the NBA Education Center at (402) 474-1555 or nbaeducation@nebankers.org. You may also visit the NBA website at nebankers.org/education. 2024 EDUCATION CALENDAR LET’S GET STARTED www.dbeinc.com 800-373-3000 sales@dbeinc.com EXPERIENCE THE DBE DIFFERENCE ATM | ITM | TELLER CASH AUTOMATION | COIN + CURRENCY | ATM MARKETING VIDEO + DIGITAL BANKING | SERVICE | REMOTE SERVICES + PATCHING SERVICES 26 NEBRASKA BANKER
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy MTg3NDExNQ==