Triangle Background

UnitedHealthcare provides WBA-member banks cost-effective benefit packages

By Daryll J. Lund

Now’s the time to start thinking about your employee benefits package and how an Associated Health Plan (AHP), serviced by UnitedHealthcare, could help you save. Gain similar purchasing power advantages and options that larger employers receive when you join other Wisconsin banks by enrolling in our AHP.

Through your enrollment in an AHP, your bargaining position is strengthened to help you obtain more favorable rates. A variety of flexible plan options are available to help balance costs and your administrative costs can be reduced through economies of scale.

And your employees will benefit too. They’ll have access to UnitedHealthcare’s provider network — the largest in Wisconsin — resulting in less disruption and a smoother transition. Wellness programs designed to motivate healthier habits and cost estimator tools to assist with making more informed care choices will help your employees with their overall health and budgetary goals.

The advantages don’t stop there. If you’re looking to add vision to your employee benefits package, UnitedHealthcare has you covered. Like their medical network, UnitedHealthcare has one of the nation’s largest vision networks. That means your employees will have the freedom to visit their favorite provider or retailer for vision services and eyewear needs. Alliances with Warby Parker® and GlassesUSA.com are included.

Learn how much you may save by contacting Brian Siegenthaler from Wisconsin Bankers Association – Employee Benefits Corporation at bsiegenthaler@wisbank.com or 608-441-1211.

By Daryll J. Lund

The Wisconsin Bankers Association Employee Benefits Corporation, Inc. (WBA EBC) was formed in 1982 and as our Association Health Plan (AHP) begins its fourth year, I would like to thank each WBA member that has chosen to trust us for their insurance needs.

The flexibility of our high-quality health benefits (dental insurance, medical insurance, prescription drug plans, and vision) as well as life and disability insurance are typically reserved for large employers but — through the purchasing power of WBA EBC — are offered exclusively to WBA members at preferred prices. In the last three years alone, our member banks have collectively saved $1.8 million thanks to their member-driven AHP.

This year we are pleased that nearly 40 banks throughout the state have chosen the WBA AHP through UnitedHealthcare for their health insurance program. Through your enrollment in our AHP, 1,800 members will have access to affordable, highquality benefits and insurance throughout Wisconsin. In addition, our partnership with Lincoln Financial provides life and disability coverage for 10,000 members and our Delta Dental plans cover 7,000 members.

I, along with WBA EBC Vice President Brian Siegenthaler and our dedicated team look forward to continuing to assist you and your employees through our one-stop-shop for members enrollment and administration. We thank you once again for choosing WBA EBC to provide for the well-being of all employees in your organization.

Visit www.wisbankins.com or contact Brian Siegenthaler at bsiegenthaler@wisbank.com or 608-441-1211 to learn more about the advantages we offer.

Triangle Background

WBA has welcomed nine new Associate Members since the start of 2022. The WBA Associate Member program connects service providers with member banks throughout the state in an effort to make the most out of your WBA membership. Thank you again to Arctic Wolf, Agrograph Inc., Bank Holding Company Association, Community Bank Mortgage, DCI – Data Center Inc., Hilltop Securities, Inc., Open Lending, Primax, and WIN Technology for the services offered to our members.

Arctic Wolf is the global leader in security operations, delivering the first cloud-native security operations platform to end cyber risk.

Agrograph Inc. is a global agrifinance company focused on data-based solutions that help industries supporting farmers. Our powerful A.I. solutions help companies anticipate trends, manage risk, and trigger important business decisions with our Boundless technology.

Bank Holding Company Association exists to provide education and business connections critical to the vitality of bank holding companies.

Community Bank Mortgage is a full-service mortgage origination, fulfillment, and servicing company that works with financial institutions throughout the United States.

DCI – Data Center Inc. provides private ATM network/card management, FrontLine™ teller software, custom analysis, risk/vendor management, and more.

Hilltop Securities, Inc. provides an array of financial products and services through our broker-dealer, mortgage origination and insurance segments. Hilltop has four primary lines of business: (i) public finance services, (ii) structured finance, (iii) fixed income services, and (iv) wealth management.

Open Lending (NASDAQ: LPRO) provides loan analytics, risk-based pricing, risk modeling and default insurance to auto lenders throughout the United States.

Primax provides community banks with payment processing services and an expansive array of value-added technology and solutions.

WIN Technology delivers an uncommon blend of private fiber-line network transport combined with IT professional services, managed services, and cybersecurity to the upper-Midwest.

WBA Associate membership should not be construed as an endorsement of the company’s products or services by the WBA. Visit the WBA Associate Member directory to learn more about member services.

By Daryll Lund

The Wisconsin Bankers Association Employee Benefits Corporation, Inc. (WBA-EBC) was formed in 1982 and as our Association Health Plan (AHP) begins its fourth year, I would like to thank each WBA member that has chosen to trust us for their insurance needs.

The flexibility of our high-quality health benefits (dental insurance, medical insurance, prescription drug plans, and vision) as well as life and disability insurance are typically reserved for large employers but — through the purchasing power of WBA-EBC — are offered exclusively to WBA members at preferred prices. In the last three years alone, our member banks have collectively saved $1.8 million thanks to their member-driven AHP.

This year we are pleased that nearly 40 banks throughout the state have chosen the WBA-AHP through UnitedHealthcare for their health insurance program. Through your enrollment in our AHP, 1,800 members will have access to affordable, high-quality benefits and insurance throughout Wisconsin. In addition, our partnership with Lincoln Financial provides life and disability coverage for 10,000 members and our Delta Dental plans cover 7,000 members.

I, along with WBA-EBC vice president Brian Siegenthaler and our dedicated team look forward to continuing to assist you and your employees through our one-stop-shop for members enrollment and administration. We thank you once again for choosing WBA-EBC to provide for the wellbeing of all employees in your organization.

Midwest Bankers Insurance Services (MBIS) will be celebrating its 10-year anniversary in December. Following several years of financial downturn throughout the U.S. and an increasing need for state association-run insurance agencies that could defend and advocate for the banking industry, MBIS was founded in 2011. What started as a purchase of BancInsure’s “Book of Business” flourished into policies that span multiple insurance carriers and specialization of offerings that better help protect local, Midwestern banks.

“Wisconsin Bankers Association (WBA) is a co-owner of MBIS along with the Minnesota Bankers Association (MBA). MBIS is an independent insurance agency focused exclusively on community banks” says Daryll Lund, MBIS president as well as WBA executive vice president and chief of staff. “As an association owned company, ultimately revenue we receive from our success in MBIS supports the overall mission of WBA. MBIS now serves over 225 bank clients in Wisconsin, Minnesota, and North Dakota.”

MBIS prides itself on their understanding of community banks, emerging claim trends, best practices, internal control guidance, and policy placement which provides safety and security to banks. “Insurance for banks by people who know banks” has allowed each of MBIS product offerings to be customized for insurance protection and a high level of policy education to meet the needs of member banks.

MBIS is comprised of a team of dedicated professionals who understand insurance and community banks. Along with Jeff Otteson, vice president of sales, the Wisconsin MBIS team members include Melissa Noonan, account manager, and Becky Gatzke, insurance assistant.

As well as providing professional insight and education, keeping up on industry trends that effect community banks is a priority for MBIS. “In my 32 years working with financial institutions, I haven’t seen a market harden [like] I’ve seen the cyber liability market” said Otteson. “This is primarily due to the huge increase in ransomware claim payments. The insurance carriers are requiring various internal controls, getting ahead of these internal control requirements before renewal date will be key to securing terms and to soften the premium increase.”

By proving the highest quality service and education, MBIS has helped community banks protect their earnings and capital in times of uncertainty while providing guidance ahead of emerging trends.

By Hannah Flanders

FIPCO partners with interface.ai

In this current world, customer connection comes at a premium. The pandemic changed many things and shifted customer behavior. Now customers who may have previously stopped by a branch to ask a question are seeking service through phone more and more. How can financial institutions manage the ever-increasing number of calls while still providing high-quality service?

FIPCO is proud to announce a new partnership with interface.ai. interface.ai’s artificial intelligence (AI)-Powered Phone Banking solves many of the problems faced by traditional call center, elevating the entire call center experience. The AI-Powered Phone Banking automates more than 60% of the financial institution’s call center calls using the industry’s first neural voice-powered AI assistant.

“We are thrilled to be able to partner with interface.ai to offer this world-class product to our customers,” said Pam Kelly, president of FIPCO. “We understand the need for effective service for everyone who calls an institution, while making sure call center staff are not overwhelmed and customers aren’t stuck waiting for help in a queue.”

The AI-Powered Phone Banking reduces call wait times, while increasing productivity and engagement. FIPCO and interface.ai will be hosting informational webinars on November 9 and 16 to demonstrate to capabilities of this solution.

To learn more about this solution and the upcoming demos, contact FIPCO Sales at fipcosales@fipco.com or 1-800-722-3498, option 5.

Upcoming Informational Webinars:

Date: November 9, 2021
Time: 12:30 PM – 1:30 PM CT

Date: November 16, 2021
Time: 11:30 AM – 12:30 PM CT

Cybersecurity graphic

By Cassandra Krause 

With a recent uptick in activity, ransomware attacks are a form of cyberattack that has been prevalent in recent news — and for good reason. The effects can be detrimental in terms of monetary loss and reputational damage to the victim. Ransomware is a type of malicious software (a.k.a. malware) that usually encrypts a victim’s files, and the bad actors have upped their game to steal the data first, then threaten to also publish the data to the public. Criminals set their sights on businesses with the goal of extorting money, making community banks prime targets. 

Organized crime networks are becoming increasingly sophisticated. In general, the risk of getting caught for cybercrimes is much lower than for traditional crimes like robbery, and the financial gains are far higher. Ransomware developers write and sell the software to other bad actors for a cut of the profits when they deploy it and collect ransom payment, usually in the form of cryptocurrency, which is hard to trace. Compromised data may also be used to open fraudulent lines of credit. 

“The U.S. is in a ransomware crisis right now,” said Jeff Otteson, vice president of sales at Midwest Bankers Insurance Services (MBIS), a subsidiary of the Wisconsin Bankers Association. He explained that it has created a hard insurance market with carriers tightening up on internal control requirements such as multifactor authentication (MFA) for privileged users (users with the ability to install software or change security settings on critical systems) and encryption of backups. 

In their 2021 Cost of a Data Breach Report, IBM Security and the Ponemon Institute calculate that the average total cost of a data breach is $4.24 million, a 10% increase from 2020–2021. The per-record cost of personally identifiable information averaged $180. 

Prevention 

With the incredibly high stakes in mind, banks are dedicating significant resources to preventing malicious cyberactivity, both in terms of staff and money. Respondents to a 2020 Deloitte survey of financial institutions reported spending about 10.9% of their IT budget on cybersecurity on average, up from 10.1% in 2019. In terms of spending per employee, respondents spent about $2,700 on average per full-time employee (FTE) on cybersecurity in 2020, up from about $2,300 the prior year. 

“There is an industry-standard framework for ransomware prevention and all cybersecurity,” explained FIPCO’s Director InfoSec and Audit Ken Shaurette. FIPCO is also a WBA subsidiary. A good consultant will walk the bank through a comprehensive review of their network security, improving endpoint protection to replace traditional antivirus and endpoint detection solutions, including adding authentication improvements such as MFA, improved password strength, and protecting backups. As more and more of the digital tools that bankers utilize require users to download and install software and updates, depending on signature-based solutions for malware detection is not acceptable — it has become critical to safeguard user, file, network, and device-level activities. 

A bad actor gaining access to a bank’s data may encrypt the data and demand payment in exchange for granting access back to the bank. In this situation, having a data backup is essential.  

“The rule of thumb for data backups is 3-2-1,” said FIPCO Information Security and IT Audit Advisor Rob Foxx. “There should be three copies of all data stored on two different mediums. One of the copies should be stored off site.” 

Ransomware prevention is only one part of a complete cybersecurity system. Experts agree that early detection of unusual activity within a system can help keep a minor incident from quickly escalating into a major incident like a ransomware threat. 

“Ransomware isn’t the first attack,” said Wolf & Company, P.C. Manager of the I.T. Assurance Group Sean Goodwin, who recently presented at WBA’s Secur-I.T. Conference. “Ultimately, it’s on I.T. to put controls in place because an employee will inevitably fall for a phishing email. It becomes a question of whether we can catch that quickly.” 

Social engineering remains the greatest concern; it’s easier for bad actors to trick an employee rather than break through a firewall. Verizon’s 2021 Data Breach Investigations Report found that almost half of the breaches in the financial services industry involved internal actors committing various types of errors. The report stated that the financial sector frequently faces credential and ransomware attacks from external actors, 96% of which are financially motivated (followed by small percentages of motives of espionage, grudge, fun, and ideology). 

Goodwin emphasized that I.T. must be able to act quickly when there’s an indication that someone is accessing something they don’t normally access. “Prevention is ideal. If we can prevent it, that’s best-case scenario, but if not, early detection becomes critical,” he said. This area of solution, known as endpoint detection and response, is rapidly becoming a key point of protection from ransomware and all other malicious events. 

Establishing an incident response program within a bank is an important part of the overall cybersecurity program. 

Preparation 

Creating a culture of cybersecurity awareness throughout the bank is important, so that bank employees are prepared for an incident. Employee training on what to do in the event of an attack should be standard practice. Making security part of the organization’s DNA is a best practice. 

“Every bank needs an incident response plan, and that needs to be approved all the way up through the board. Part of this plan is notification of incidents to the insurance carrier,” said MBIS’s Otteson. 

FIPCO’s Foxx emphasized that the roles and responsibilities in the incident response plan must be clearly defined, and banks should revisit their plan regularly.  

“As the insurance agent, I’m the first call a bank makes when there’s an incident,” said Otteson. “It’s important that banks choose to work with an agency that understands cyber insurance.”  

MBIS insures about 220 banks and has access to a large number of carriers that provide the right coverage for their customers. Otteson recommends reporting all incidents as even a minor incident could result in a claim down the line and having reported that incident when it occurred is key to a successful claim. He says to keep in mind that the owner of the data is liable for it whether the incident occurred in house or with a vendor the bank shared customer data with. 

Mitigation 

It’s important to work with the insurance carrier to ensure that all the bases are covered and that the vendors who participate in the response are approved. Not using the cyber insurance carrier’s approved vendors may result in expenses not being covered under the insurance policy. In the event of a ransomware attack, the insurance agent or bank will immediately notify the insurance carrier. Beazley, a carrier partner of MBIS, maintains a 24/7 helpline, which has become common with other carriers as well. Knowing how to report incidents, when to report, and what to expect is key. 

Holidays and weekends are prime times for ransomware attacks: employees who are in a rush to leave may be more likely to click on a bad link, and with employees away from work, it’s easier for the bad actors to get into the network. Even if a problem is detected, it’s more likely that staff who could help put a stop to the attack may be on vacation or unavailable, buying the criminals more time to take over. 

As soon as a cyber liability claim is made, the insurance carrier’s pre-approved vendors come into play.  

“Nobody has the resources in house to effectively manage ransomware attacks,” said Foxx, who has experience working both within a bank and as an external auditor and consultant. The specialization of skills and the amount of people needed to perform adequate analysis and remediation are so significant that even large banks will not have all the players they need on staff. 

If a bank’s data becomes encrypted and made inaccessible, a vendor such as Tetra Defense would be engaged on forensics. Managed endpoint detection and response vendors such as Cynet can help from detection and prevention to response, including providing digital evidence for a vendor performing forensics. Meanwhile, a vendor such as Coveware would handle ransom negotiations with the criminals. Wolf & Company, P.C.’s Goodwin said that you don’t really know who’s on the other side of the transaction — some criminals may be willing to negotiate and others not. He referred to ransomware as a “niche space in cybersecurity that is now getting more attention.” The criminal organizations involved in these types of attacks in some ways act like a legitimate business in that they rely on their reputation and may even have customer service departments — if they fail, it will hurt their chances of getting more business in the future.  

Typically, in the event of a ransomware attack, a legal firm will handle communications and PR for the bank — putting a statement on the bank’s website, assisting staff with customer phone calls, and determining whom to notify. Getting legal involved early protects all communications and discovery with attorney-client privilege. The requirements for notification vary from state to state, and a bank may have customers in multiple states or even other countries, making the expertise of a legal team invaluable. The language used in communications matters, as the term “breach,” for example, can have different legal implications and potentially create larger issues than terms like “incident,” “situation,” or “event.” Education of staff far in advance using regular testing of the plan is a key factor in mitigating an incident. Inappropriate statements made by employees on social media or even at informal social gatherings can have severe ramifications for the bank. 

Follow Up 

While anyone who experiences a ransomware attack may be eager to breathe a sigh of relief and move on when it is over, it is essential to review the incident and revise the bank’s incidence response plan. Assessing what went well and what needs to be improved are critical steps.  

Goodwin also warns that victims of ransomware are commonly re-targeted. A Cybereason study found that 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack. He said that once a company has paid a ransom it is known that (1) you were compromised, (2) you do not have proper backups of your files, and (3) you were willing to pay. 

Summary 

Cyberattacks are the biggest risk to a financial institution — even surpassing the risk of past-due loans. The cost of a ransomware attack can be astronomical, with many factors contributing to the price tag, including vendor fees and staff hours to resolve the issue; the cost to inform customers and offer identity or other protections; the loss of destructed data; and the down time of the business. All of this, followed by the loss of customers’ trust (and subsequent loss of their business), has the potential to put a community bank out of business.  

There are safeguards banks can put in place, including a sound incident response plan, improved monitoring with better endpoint detection and response, cyber liability coverage, and employee education. FIPCOMBIS, and a wide range of WBA Associate Members are ready to support banks in keeping their data and that of their customers safe.  

According to analyst firm Gartner, extended detection and response (XDR) is a “SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.”

You’ll hear plenty of the traditional vendors of antivirus begin to proclaim themselves as an endpoint detection and response (EDR) or XDR solution, trying to keep up with this more advanced tool space. As they continue to either buy up other vendors with the tool sets (then try to bolt them on to their traditional solution) or simply try to remake themselves in the model of an XDR solution in other ways, their final offering often has limitations. Typically, they’ll cover some but not all the areas of a complete XDR solution. They will address hosts and files but not network and users, or network and hosts but not files or users. They’ll miss some of that cohesive security operation defined by Gartner.

A recent article from HelpNetSecurity—a popular information security online publication—titled “XDR and MDR: What’s the Difference and Why Does It Matter?” made the following statement in closing: “An XDR solution without adequate human expertise/staffing behind it will only ever be a tool. With a managed services model in play, you’re getting both the comprehensive technology capabilities and the people required to make it work— which is why managed detection and response (MDR) may be the only acronym that your organization needs.”

This statement is very accurate for the less complete XDR offerings that do not include the managed and monitoring components in their solutions. They become like all the security information and event management (SIEM) and log management solutions that have been pushed at you for years, just becoming another tool that no one has expertise to manage or leverage the benefits that you bought it for. So, what do you have to do? One option is to buy the “managed services” from these tool vendors which can make banks dependent on them.

Another option is to research other solutions that are out there. In addition to Cynet, our Infosecurity consulting services suggest reviewing Gartner’s list of EDR solutions and offerings from WBA Associate Members when completing your due diligence. Complete solutions like Cynet360 include the backing of the Cynet CyOps team without needing to pay extra, bolt on more products, or go looking for the 24x7x365 expertise of another managed provider. This doesn’t mean that you can’t still depend on a managed services provider for another layer of monitoring and managing, but are they independent if they also are who you need to be monitoring? There’s nothing wrong with leveraging the additional layer you’ve come to depend on, but at what added cost to get the independence and expertise like that of a CyOps team that is already baked into the Cynet360 solution? You will still need to explain to your auditor and examiners that you’ve learned the tool adequately enough to understand and generate independent reporting of the activities of the managed third party.

At least when you are answering that questionnaire for your cyber insurance coverage, you’ll be able to check off ‘Yes’ on several questions because you implemented a powerful, more advanced endpoint protection solution.

Shaurette is FIPCO director infoSecurity and audit. Contact him at kshaurette@fipco.com or 608-441-1251.

By, Alex Paniagua

If you have been following along from my previous article titled “Property Evaluations – A New Opportunity Under Old Regulations” (Wisconsin Banker, April 2021), you will come to understand that appraisal requirements continue to be a critical part of credit underwriting, but with limited staff knowledge and expertise. This article explores a different view of an old regulation.

It is true that appraisal thresholds were increased in 2019, but that did not really offer much in the way of relief. In fact, by moving the needle on larger transactions that still require an appraisal, the fewer appraisals that are required and the more complex those appraisals become. Much like the real estate evaluation process, what skills, training, and certifications do your staff possess to accomplish the regulatory requirement of appraisal review? It was stated in my last article and worth repeating again: “If a bank employee reviews appraisals, the individual should possess the requisite education, expertise, and competence to perform the review, commensurate with the complexity of the transaction, type of real property, and market.” (Federal Reserve Bank)

Over the years, examinations have focused on the reasonableness of the facts and assumptions found in the appraisal and whether review of an appraisal provides a credible opinion of the value of the collateral. This is true for both residential and commercial real estate. As I am performing review services for the industry, I become increasingly concerned when I see nothing more than a simple checklist completed by an internal banker with limited knowledge of appraisal requirements and expectation of USPAAP standards. But there is hope on the horizon.

I have found that those banks that appear to be more efficient in their mortgage and commercial loan process have one thing in common: they outsource the appraisal review to third parties who remain independent of the appraisal completion and then pass along this cost to the customer. In these instances, the review appraiser does not need to state a second value opinion, rather they simply express an opinion on the quality of the appraisal received. Partnering with the right appraisal review company will be key, but at the end of the day you inherently improve the quality of your appraisal review process. The operational savings these banks enjoy really do impact the bottom line.

However, for those banks that choose to continue to conduct this process internally, I encourage the opportunity to train your staff on May 20, 2021. The Wisconsin Bankers Association is hosting a webinar called Residential Appraisal Review Start to Finish. Bankers will learn the appraisal rules, anticipate examiner expectations, implement strong review process, and take away necessary tools to do their job. You can find registration information at www.wisbank.com/events. Hope to see you there!

If you would like to learn more about becoming efficient or compliant in your loan processes, you can reach me at jschmid@fipco.com.

Schmid is FIPCO director – compliance and management services. Contact him at jschmid@fipco.com or 608-441-1220.

By, Alex Paniagua

MADISON, Wis. – Cassandra Krause has been hired as the communications manager at the Wisconsin Bankers Association (WBA). Krause serves as the association’s primary media contact and is responsible for overseeing internal and external communications for WBA.

Krause previously worked as director of communications and marketing at the Wisconsin Association of Independent Colleges and Universities. Prior to that role, she worked in international business and development in France, Cameroon, and Germany.

Originally from Eau Claire, Wisconsin, Krause holds a bachelor’s degree from the University of Wisconsin–Madison and a master’s degree from the Goethe University Frankfurt.

Katie Reiser has been hired as administrative specialist at WBA. Reiser will support the legal and education departments.

Reiser previously worked in Audience Services with Wisconsin Public Media, which is home to Wisconsin Public Radio and PBS Wisconsin. Prior to that role, Reiser was member services director at the Wisconsin Restaurant Association where she led communications, member engagement, and retention efforts.

Reiser has a Bachelor of Fine Arts degree from State University of New York at Purchase and is originally from Stevens Point, Wisconsin.

“At WBA, we pride ourselves on hiring top talent and fostering a positive work environment,” said WBA President Rose Oswald Poels, who noted that the average length of service for current WBA employees is more than 14 years. “We are pleased to welcome Cassie and Katie on board and look forward to the contributions they will make to our membership and the industry.”

 

By, Cassie Krause