Tag Archive for: Associate Members

Posts

, ,

Should I Be Reinvesting in My Bond Portfolio?

By Todd Taylor, CFA, CPA and Sasha Antskaitis, CFA managing partners with HUB Financial Services, a WBA associate member.

With investment yields currently well-above their 5- and 10-year averages, many financial institution executives are asking this question. In this article we discuss important considerations that can help provide clarity relating to investment strategies in the current environment:

Spread to Cash. For all of 2023 and 2024, the average spread between the Fed effective rate (cash yield) and the 5-year Treasury (investment proxy) was negative 99 basis points. It was more difficult to find additional income in investments vs. cash without taking on some level of risk. Today, the spread is straddling zero +/- 10 basis points. With various investment options trading at +30 to +120 bps spread to Treasuries, investors can now find meaningful income pick up vs. cash to help widen overall margins. Similarly, with lower short term funding rates, it is no longer punitive to temporarily utilize non-core sources to fund reinvestment activity.

Anticipated Loan Demand. If net new loan demand is expected to be robust, there may not be a lot of cash flow available for deployment in the investment portfolio. However, if loan demand is slowing or is being managed to a slower pace intentionally due to capital, concentration and/or liquidity constraints, reinvesting cash flow could be warranted.

Liquidity Profile. When evaluating the liquidity position, it is important to consider current excess cash in the overnight account, along with wholesale funding availability/dependency, large depositor makeup, and pledging needs. Institutions with elevated wholesale funding dependency and higher asset liquidity ratios may choose to reduce non-core funding levels with incoming investment cash flow, especially if capital ratios are constrained. Alternatively, institutions with ample funding capacity should evaluate reinvesting excess cash in the bond portfolio.

Interest Rate Risk. Institutions with clear asset sensitive exposures (i.e., large cash positions) could consider certain types of investments as a balance sheet hedge against a prolonged declining rate environment. Executives should be very intentional selecting investments with various degrees of call protection. It is also wise to evaluate other strategies to help reduce this risk, including derivatives.

Fed Funds Rate vs. Yield Curve. When thinking about “rates” it is important to understand that just because the Fed Funds Rate is decreasing, like it did during the second half of 2024, it does not mean yields across all points of the yield curve are also decreasing. Specifically, the Fed cut the Fed Funds rate by 100 bps between 9/18/24 and 12/31/24, but the 5-year Treasury yield increased by 90 bps during the same timeframe. For those expecting a strong correlation, this created seemingly unexpected volatility in market values.

Current Unrealized Loss and AOCI. Significant Fed Funds rate increases in 2022-23 caused Treasury yields to spike, leading to bond price declines. For financial institutions, the unrealized loss of the AFS portfolio resides in the AOCI account, which reduces book/tangible equity. This is an important consideration when evaluating additional investments that could layer in additional AOCI impact. Depending on the future shape of the yield curve, investments with some duration added today could help reduce the unrealized gain faster (if the yield curve moves lower) or could further increase the unrealized loss (should the yield curve move higher). No one can confidently predict interest rates. Therefore, if the risk of additional unrealized loss is a material balance sheet concern, institutions can consider shorter duration investments, including those with variable rate coupons.

Long Term Investment Strategy Focus. For most institutions, the investment portfolio represents a meaningful earning asset. Therefore, managers should employ a strategic approach to portfolio management. This means principles such as dollar cost-averaging, sector allocation, and yield curve positioning should be viewed from a longer-term perspective. “Chasing yields” and frequent/significant churning of the portfolio can negatively impact returns for years to come.

Utilize Portfolio Management Principles. Individual securities within a portfolio can perform differently in several rate scenarios. It is the whole portfolio performance that should be ultimately evaluated. Investments should be monitored for strategic repositioning opportunities to rebalance the portfolio given changes in market conditions.

HUB Financial Services’ Take:
Navigating the current fixed-income landscape presents a complex challenge for community banks. Prevailing yield curve dynamics and liquidity conditions offer ambiguous signals, requiring careful deliberation regarding portfolio reinvestment strategies. The considerations outlined above provide a framework for this analysis. However, each institution’s specific circumstances, including capital adequacy, liquidity requirements, and prevailing market conditions, necessitate a tailored approach. Consequently, access to robust internal or external investment and balance sheet management expertise is critical. This expertise facilitates a holistic investment strategy, aligning portfolio construction with distinct institutional objectives and needs, ultimately driving enhanced performance and mitigating the risk of suboptimal investment decisions.

An Associate Member of Wisconsin Bankers Association, HUB Financial Services provides consulting and advisory services in the areas of ALCO, capital, liquidity, interest rate risk and investments to community-based financial institutions throughout the country. To learn more, visit www.tayloradvisor.com or contact Todd Taylor at todd.taylor@hubinternational.com and Sasha Antskaitis at sasha.antskaitis@hubinternational.com.

/by
, ,

Navigating an Uncertain Rate Environment

Sponsored content by BOK Financial Capital Markets, a WBA Gold Associate Member

By Kent Musbach, senior vice president, and Marc Gall, senior vice president and asset/liability strategist, BOK Financial Capital Markets

Originally predicted to be a year of falling rates, rate-cut expectations have since come down considerably and some analysts are even anticipating that the Federal Reserve could hike rates at some point in 2025. Meanwhile, most financial institutions have outsized risk exposure one way or another—but this can and should change. We believe that beginning to fix the institution’s balance sheet mismatch now makes sense versus waiting for the Fed.

Rather than asking which way certain rates will move and by how much—a question that’s impossible to answer at this point—decision-makers at your financial institution instead should be asking: What can we do now that will be most impactful regardless of what the rate environment brings? The answers lie in your institution’s loan portfolio and deposit strategies.

Have an ‘all-weather’ strategy for 2025

Given that many institutions have outsized exposure to interest rate changes, it’s crucial to address these risks early in the year. The first step is determining whether your institution is adequately positioned for the current rate environment. Many community banks have faced challenges due to the rapid rise in interest rates over the past few years and are still not fully prepared for this environment. As rates are not expected to fall dramatically in the near term, unless there is a severe economic slowdown, institutions in this position should reassess their deposit pricing strategies to ensure they are competitive yet profitable.

If your institution is well-positioned for the current rate environment, there is still work to be done. It’s time to reassess your institution’s balance sheet in light of the ongoing uncertainty, preparing for both upward and downward rate movements to mitigate risk and maximize returns. Remember that decisions made now can set the tone for the entire year, making early action essential.

Fortunately, your institution doesn’t have to recreate the wheel when approaching this “all-weather” strategy; rather it’s just a matter of optimizing what your institution is already doing. This includes:

Maximizing loan yields: Institutions should focus on obtaining the highest possible yields on loan renewals without losing business. This involves securing better rates and terms and not giving away revenue unnecessarily.

Determining the most optimal deposit pricing: Getting deposit pricing right early in the year is crucial for driving revenue and improving margins.

Making strategic investments: Given the significant changes to the yield curve over the past few months, institutions must evaluate their options for deploying cash and reinvesting. Investing in securities with favorable yields and durations can help institutions manage their interest rate risk and improve overall returns.

Staying informed of economic changes: The Fed’s focus on inflation and employment will play a crucial role in determining future rate movements. Decision-makers at your financial institution should stay informed about these trends and adjust their strategies accordingly. Similarly, it’s important to understand what drives consumer spending and government spending, as these factors can significantly impact the country’s economic outlook and influence the strategies that financial institutions should adopt.

Finally, although the uncertainty surrounding changes in presidential policies and resulting economic impacts may seem more pronounced this year, it’s important to keep in mind that your institution has handled uncertainty before. By focusing on balance sheet management, optimizing loan and deposit strategies, and staying adaptable to economic changes, institutions can position themselves for success in the coming year. This includes taking a proactive approach and leveraging the current rate environment to your advantage rather than merely reacting to the changes as they occur.

Contact Information

Contact BOK Financial Capital Markets at 866-440-6514 to discuss the latest economic outlook and timely considerations. We can help guide a unique, well-conceived strategy that considers many variables and potential outcomes.

bokfinancial.com/institutions

Disclosure

The opinions expressed herein reflect the judgment of the author(s) at this date, and are subject to change without notice. The information provided has been obtained from sources believed to be reliable, but not guaranteed. Forward‐looking statements contained herein are based on current expectations and the economy in general, and are not guarantees of future performance. Likewise, past performance is not a guarantee of future results.

BOK Financial® is a trademark of BOKF, NA. Member FDIC. Bank dealer services offered through BOK Financial Capital Markets, which operates as a separately identifiable department of BOKF, NA. BOKF, NA is the bank subsidiary of BOK Financial Corporation. Investment products are: NOT FDIC INSURED | NO BANK GUARANTEE | MAY LOSE VALUE

/by
, ,

Putting Your Institution’s Best Foot Forward for a Lower-Rate Environment

Sponsored content by BOK Financial Capital Markets, a WBA Gold Associate Member

By Kent Musbach, senior vice president, and Marc Gall, senior vice president and asset/liability strategist, BOK Financial Capital Markets

After four years of hiking rates and then keeping them high, the Federal Reserve has now started lowering rates, hitting the ground running with a large cut of 50 basis points (0.50%) in September. As rates continue to fall, it’s important for management teams to understand how lower rates will impact their institutions’ income statements and to take steps to better position themselves for the even lower-rate environment likely to come.

Past, present and future conditions

First, let’s consider where we are now and how we’ve gotten here. Over the past few years, federal and consumer spending have been driving economic growth, despite higher interest rates. However, with many consumers now having used up all their excess savings from COVID—and then some—and also having record credit card debt, it’s questionable whether consumer spending can last at these levels. Meanwhile, unemployment has risen, which has raised concerns about weakening in the job market, even though unemployment is still relatively low on a historical basis. Given all these factors, the market is now forecasting a large number of Fed rate cuts, and some investors are wondering if the Fed can still pull off a soft landing or if a recession is in the making.

Preparing for 2025

Against this backdrop, each decision your management team makes in the last quarter of 2024 will be impactful for 2025. For instance, one important question to consider is when to begin cutting deposit rates. As financial institutions assess their ability and willingness to do so, margin and liquidity position will be important considerations. The news cycle also may aid decision-making this time around, as the Fed cuts likely will be well covered by the media. Consider reviewing rates against wholesale funding rates regularly and be prepared to adjust deposit rates frequently. Conversely, intermediate Treasury and wholesale funding rates have already fallen. To the fullest extent possible, attempt to hold loan rates higher for longer until the cost of funds begins to recede. Frequently, we see a race to the bottom on loan rates, so be prepared to fight for every basis point! This strategy may allow your institution to manage net interest margin from both sides of the balance sheet.

Understanding your interest rate risk position

With a significant inversion in the yield curve between Fed Funds and intermediate Treasuries, a non-parallel yield curve shift may be a more likely outcome. This may be led by the front end coming down more significantly than any changes in term Treasury rates that have already accounted for expected future rate cuts. If your institution has substantial risk around falling rates, you may be wondering if it is too late to manage your position given the inversion in the curve. What if you will benefit at some point from a steeper lower yield curve? Can you wait it out? With these questions in mind, you may want to take some proactive steps to hedge the risk of the market being wrong.

Investment portfolio conundrum

The current yield curve challenges investors to diversify risks. Although keeping large amounts of cash or short securities can generate the highest yield today, doing so could result in significant yield erosion if or when the short end comes down. Equally, the decision to lock into investments further out on the curve may give up immediate earnings for possible future benefit.

Instead, a balanced investment strategy could allow your institution to add a mix of securities that average a yield close to the Fed Funds rate with an allocation to call-protected assets. We urge management teams to consider the trade-off of investing in only the highest yield options compared to the potential benefits of adding assets with call protection that could result in an unrealized gain when the Fed lowers rates further.

Finally, it’s important to keep in mind that repeating the past is unlikely, but it’s still essential to learn from it. Understanding the choices that your institution made and then making informed decisions for the future is how your institution can and will put its best foot forward.

Contact Information

Contact BOK Financial Capital Markets at 866-440-6514 to discuss the latest economic outlook and timely considerations. We can help guide a unique, well-conceived strategy that considers many variables and potential outcomes.

bokfinancial.com/institutions

Disclosure

The opinions expressed herein reflect the judgment of the author(s) at this date, and are subject to change without notice. The information provided has been obtained from sources believed to be reliable, but not guaranteed. Forward‐looking statements contained herein are based on current expectations and the economy in general, and are not guarantees of future performance. Likewise, past performance is not a guarantee of future results.

BOK Financial® is a trademark of BOKF, NA. Member FDIC. Bank dealer services offered through BOK Financial Capital Markets, which operates as a separately identifiable department of BOKF, NA. BOKF, NA is the bank subsidiary of BOK Financial Corporation. Investment products are: NOT FDIC INSURED | NO BANK GUARANTEE | MAY LOSE VALUE

/by
, ,

How the Right IT Managed Security Services Provider Can Help You Optimize and Grow

Sponsored content by Wipfli, a WBA Silver Associate Member

By Tom Wojcinski and Jeff Olejnik

IT Managed security services are vital in helping financial institutions oversee IT operations and compliance — but the right provider can take that role further.

IT Managed security services that bring increased capability and industry specialization can go from managing your IT infrastructure to modernizing it, acting as a strategic partner in identifying the solutions you need to optimize workflows and enhance the customer experience. And it can help you understand the latest updates to the cyberthreat landscape and regulatory priorities so your operations stay secure and compliant.

When you’re working with the right provider, you’re not just getting support for your servers — you’re getting support for your business.

Here are four ways IT managed security services can help you hand off operational tasks and grow your institution:

1. Modernizing your IT infrastructure

To implement the latest solutions, increase productivity and better reach customers, you need the right infrastructure. IT services can be a valuable source of insights into how your organization can create a modern workplace environment.

The right provider can help you update your IT infrastructure by switching out legacy systems and implementing cloud infrastructure — including helping you address the resulting security concerns.

Software as service (SaaS) platforms come with built-in security features, but they often leave you responsible for establishing things like permissions and access control. Your provider can help you build security strategies for cloud services and integrate new solutions with your core banking system.

2. Meeting customer needs

Customers expect services to be faster and more accessible across industries. If your financial institution wants to stay competitive, it needs to evolve the customer experience.

Managed services can help by taking on a more strategic role, providing guidance on an IT road map that supports technologies to help you:

Use dashboards to track key customer metrics.

Create a better omnichannel experience.

Use customer data to effectively cross-sell and increase wallet share.

Partnering with an effective provider can help you better strategize on how your institution can improve workflows and productivity so that you can deliver the experience your customers expect.

3. Enhancing your cybersecurity

Cyberattacks continue to increase in frequency and severity. Your IT managed security services should be helping your institution keep pace with support for:

Being proactive: In addition to addressing server performance issues, your provider should be proactively looking for indicators of compromise. They should employ 24/7 monitoring that can quickly identify and research any anomalies so that potential compromises can be solved before they escalate.

Staying updated: As AI continues to increase the frequency and sophistication of cyberattacks, your provider should not only be helping your institution enhance data protection but also adapting its own capabilities. An effective provider has the tools, infrastructure and threat detection in place to help them identify indicators of compromise faster, such as advanced endpoint detection and response and AI-powered threat correlation.

Meeting regulatory expectations: managed IT support with industry specialization can help ensure your institution meets key regulatory priorities in areas including ransomware, operational resilience and incident response. For example, it’s crucial that financial institutions use a provider that can retain security event logs if an incident does occur.

4. Providing crucial talent

For most institutions, establishing 24/7 security operations in-house is neither cost-effective nor viable.

Employing enough staff to provide that level of support requires substantial resources. And attracting and retaining staff can be equally challenging, given the current labor shortages and the relative lack of complexity and challenge financial institutions provide for these roles.

Outsourcing these positions with managed services provides you with the necessary staff and infrastructure without the cost of hiring. They can also help guide your institution’s data security at the executive level with fractional or virtual CISO services.

How Wipfli can help

Wipfli’s managed services go beyond IT operations and compliance to help your financial institution evolve. With industry specialization and deep cybersecurity capability, we can provide your institution with the solutions and strategy it needs to optimize operations and further its growth. We can also work alongside your current provider to augment your existing support.

Contact us today to learn more about how our managed services can transform your institution.

/by
,

Get Your Balance Sheet Recession Ready! Capital in Focus.

Content by HUB|Taylor Advisors, a WBA Associate Member

By Todd Taylor, CFA, CPA and Tom Evans, CFA

We have published a series of articles about getting your liquidity and interest rate risk management processes exam ready. As we talk to various clients and present at numerous events, it is becoming clear that capital is shifting into focus for all regulatory agencies. Early on in the pandemic, fiscal and monetary stimulus flooded balance sheets with low-cost deposits, oftentimes creating asset growth that exceeded capital generation. Regulators were quick to provide a grace period for leverage ratios in response to the emergency programs as liquidity was bountiful and risk-based capital ratios were contained. In this article, we’ll set the stage for what examiners are focusing on, and how you can prepare for more scrutiny around credit concentrations and capital management.

Regulators have a long-standing scrutiny of commercial real estate (CRE) and Acquisition/Construction and Development (C&D) concentrations dating back to pre-crisis times. Numerous FILs, publications, and advisories have been issued to document expectations around monitoring these concentrations and best practices for ongoing management. We are beginning to see regulators take a more ‘proactive’ approach to supervising institutions with lower key capital ratios and higher concentrations and growth rates.

  • The OCC is increasingly implementing Individual Minimum Capital Ratios (IMCR) to address CRE and concentration concerns, implementing minimum ratios of 9-10% for Tier 1 Leverage and 12-14% for Total Risk-Based Capital.
  • Other regulators are engaging in CRE enforcement actions (formal and informal) directing banks to reduce CRE concentrations and enhance portfolio monitoring and reporting.
  • Merger approvals are increasingly incorporating CRE concentrations and capital levels, with some recent deals announced in conjunction with capital raises.

As we have written before, there is a strong relationship between credit cycles and interest rates. While the banking sector has not seen materially adverse credit losses, we have seen consumer delinquencies return to and exceed pre-pandemic levels. Additionally, the CMBS market is showing refinancing challenges for low coupon underperforming office and multifamily loans as delinquency and default rates are gaining momentum.

In response to enhanced scrutiny of capital, institutions are evaluating avenues to shore up capital via subordinated debt, a holding company loan or line of credit, sale-leaseback, and mutual holding company conversions, to name a few. Each of these sources comes with varying costs of capital but can help to fortify the balance sheet for potential turbulence down the road. Other institutions are evaluating investment loss trades to reposition balance sheets, giving up regulatory capital today for potential longer-term benefits. Depending on your institution’s capital levels and concentrations, now may not be the optimal time to deplete regulatory capital for a protracted break-even prospect.

Taylor Advisors Take:  A bird in the hand may be worth two in the bush! Institutions must be preparing today for heightened capital and regulatory risk tomorrow. Risks and opportunities are unique to each institution based on their respective loan portfolio, capital, liquidity, interest rate risk, and investment portfolio. An effective ALCO from a whole balance sheet perspective can help ensure that your entire balance sheet is ready for the next exam, for the next phase of the credit and interest rate cycle, and to implement tailored strategies to set your institution up for long-term success.

 

 

 

 

 

An Associate Member of WBA, HUB|Taylor Advisors provides consulting and advisory services in the areas of ALCO, capital, liquidity, interest rate risk, and investments to community-based financial institutions throughout the country. To learn more, visit www.tayloradvisor.com or contact Todd Taylor at todd.taylor@hubinternational.com and Tom Evans at tom.evans@hubinternational.com.

/by
,

5 Signs You’ve Outgrown Your MSP Services

Sponsored content by Wipfli, a WBA Silver Associate Member

By Jeff Olejnik and Tom Wojcinski 

Your managed services provider (MSP) may be responsive in helping you manage your servers and meet basic compliance needs — but is that enough?  

Financial institutions face new cybersecurity and IT considerations as they adopt the latest innovations for optimizing operations and enhancing customer experience. And the cybersecurity threat landscape continues evolving as AI brings new efficiencies to both businesses and threat actors.  

If your MSP isn’t helping meet your changing IT needs, it may limit your growth. Switch to an MSP that can join you as a strategic partner — not just a service provider — helping you go beyond the basics to transform your institution.  

Here are five signs you’ve outgrown your MSP services:  

1. They’re not industry specialized 

Many MSPs work with multiple industries, meaning they often lack knowledge of the unique operations and regulatory requirements of financial institutions.  

When you work with an MSP that offers industry-specialized services, you’re working with people who have a deeper understanding of your technology requirements and the industry challenges you’re likely to face. They understand the business applications and can help you maximize availability. And they can apply their experience in helping other financial institutions to your obstacles.  

2. They’re not helping you meet regulatory priorities 

The threat landscape has changed since the FFIEC Cybersecurity Assessment Tool was last updated in May 2017, and regulatory priorities reflect that 

Regulators are now inspecting for the additional priorities outlined in the Fiscal Year 2024 Bank Supervision Operating Plan. This plan highlights critical areas such as data recovery, access controls and operational resilience.  

Your MSP should not only be aware of these regulatory priorities but also help you update your security controls to satisfy regulators.   

3.  They don’t help guide your digital strategy 

With the rapid pace of technological change, modernizing business is a key concern across industries. 

For financial institutions, modernizing often involves integrating your core banking systems with new customer relationship management and analytics systems. And that process requires support for more than just your servers.  

Your MSP should be able to help you develop an IT road map, guiding you in creating a technology infrastructure that supports your organization’s strategic vision, identifying potential challenges and providing recommendations. They should also take a proactive role in helping you identify ways to use technology to improve workflows, productivity and customer experience — all while helping ensure your IT strategy and strategic plan stay aligned.  

4. They lack scalability 

Many MSPs operate as smaller organizations with limited staff. That means that as your organization grows, it may not be able to scale with you.  

Find a provider capable of supporting your future growth, not just fixing and patching your servers. You need an organization with the bench strength to support you as your cybersecurity needs and IT infrastructure evolve.  

5. They’re not meeting your security needs 

The introduction of innovations such as AI and cloud services has changed the threat landscape significantly.  

To effectively secure your cloud environment, your institution needs to work with a provider who can offer design and engineering support for critical safeguards, such as access control, identity management and security configurations. And now that threat actors are using AI to increase the frequency and sophistication of attacks, you’ll need an MSP capable of responding.  

Partner with an MSP that maintains connections with different threat intelligence sources and understands the latest threats on a global scale — especially those impacting financial institutions. MSPs that work with organizations like FS-ISAC are better equipped to apply their knowledge of the latest threats to protect your institution.  

How Wipfli can help  

Wipfli’s managed services team brings deep industry experience to support your financial institution’s IT needs. We understand your critical industry, operational and regulatory concerns, and we’re ready to provide proactive guidance to help you address them.  

Contact us today to learn more about how our MSP services can do more to further your growth 

/by
,

Putting Your Institution’s Best Foot Forward for a Lower-Rate Environment

Sponsored content by BOK Financial Capital Markets, a WBA Gold Associate Member

By Kent Musbach, senior vice president, and Marc Gall, senior vice president and asset/liability strategist, BOK Financial Capital Markets

After transitioning from near-zero rates to one of the fastest rate-hiking cycles we’ve ever seen, financial institutions are now in the position of waiting for rates to fall. As we wait for the Fed’s next move, it’s important for management teams to understand how lower rates will impact their institutions’ income statements and take steps to better position themselves for the lower-rate environment likely to come. 

 Many financial institutions funding their balance sheet short 

First, let’s consider where we are now. Federal and consumer spending have been driving economic growth, despite the higher interest rates. This growth, in turn, has the markets thinking the Fed will delay rate cuts until later this year or possibly into 2025. 

Funding short has not yet worked out, with funding continuing to roll at nearly the highest cost on the curve. Coupled with continued deposit migration within the bank, cost of funds is continuing to rise at many institutions. 

Managing expectations for rate cuts 

To manage margin this year, one question to ask is if your institution will need to offer the highest interest rate in the market for deposits or one that’s “just close enough” to that rate to keep existing customers. We find that, if the rates are close enough, the incumbent tends to win because consumers don’t want to deal with the hassle of moving their money. This strategy may allow your institution to manage the upward pressure in cost of funds (COF). Additionally, management teams may consider what realistic reprieve in COF may come from the first few Fed cuts. Many institutions have not raised non-maturity account rates in line with non-bank alternatives (ex. money market mutual funds). Consequently, community banks may be reluctant to reduce rates on these accounts, as they will still be below alternate funding costs. 

 Investment portfolio conundrum 

Some institutions may have decided that they’re not taking any risk by accumulating cash. However, we challenge that thought: If the Fed starts cutting rates and your institution doesn’t get a meaningful and immediate COF improvement, your institution’s earnings on that cash are going to drop immediately. And so, institutions that are asset-sensitive or holding cash today need to consider the immediate margin compression that could occur once the Fed starts cutting rates. In the meantime, locking into investments closer to cash rates today can help hold yield until the COF starts to decline. A balanced investment strategy could allow your institution to add a mix of securities that average a yield close to Fed Funds with an allocation to call-protected assets. We urge management teams to consider the trade-off of investing in only the highest yield options compared to the potential benefits of adding assets with call protection that could result in an unrealized gain when the Fed lowers rates.  

Finally, it’s important to keep in mind that repeating the past is unlikely, but it’s still essential to learn from it. Understanding the choices that your institution made, and then making informed decisions is how your institution can and will put its best foot forward.  

Kent Musbach is a senior vice president and Marc Gall is a senior vice president and asset/liability strategist for BOK Financial Capital Markets. 

Contact Information 

Contact BOK Financial Capital Markets at 866-440-6514 to discuss the latest economic outlook and timely considerations. We can help guide a unique, well-conceived strategy that considers many variables and potential outcomes. 

bokfinancial.com/institutions 

Disclosure 

The opinions expressed herein reflect the judgment of the author(s) at this date, and are subject to change without notice. The information provided has been obtained from sources believed to be reliable, but not guaranteed. Forwardlooking statements contained herein are based on current expectations and the economy in general, and are not guarantees of future performance. Likewise, past performance is not a guarantee of future results.  

BOK Financial® is a trademark of BOKF, NA. Member FDIC. Bank dealer services offered through BOK Financial Capital Markets, which operates as a separately identifiable department of BOKF, NA. BOKF, NA is the bank subsidiary of BOK Financial Corporation. Investment products are: NOT FDIC INSURED | NO BANK GUARANTEE | MAY LOSE VALUE 

 

/by
,

Is Your MSP Helping You Meet Evolving Regulatory Priorities? It Should Be.

By Jeff Olejnik 

The cybersecurity threat landscape is constantly evolving. And while the FFIEC Cybersecurity Assessment Tool (CAT) provides a reference for the controls required based on your inherent risk profile, the reality is that it hasn’t been updated since May 2017 — and a lot has changed since then.  

To protect your financial institution, it’s essential to stay informed about developments in the cyberthreat landscape and the latest regulatory priorities.  

The OCC identified regulatory priorities for cybersecurity and operations in its Fiscal Year 2024 Bank Supervision Operating Plan, highlighting key areas, including incident response, data recovery and operational resilience.   

Most financial institutions use a managed service provider (MSP) to help provide IT and security support. They can also help address the talent shortage gap by accessing specialized expertise at a lower cost.  

However, your choice of MSP is also critical for helping your organization meet regulatory priorities. The right MSP can help you respond to regulatory and cyberthreat updates, while inferior service can introduce operational risk and compliance concerns.   

Here are six areas where your MSP security services should be helping you meet regulatory priorities and mitigate risk: 

  1. Incident response

Establishing and regularly rehearsing your incident response plan is a crucial part of addressing cyberattacks.  

When a cybersecurity incident occurs, the immediate reaction is to take steps to fix the situation — often by rebuilding the workstation or server that was compromised. However, these actions can delete all evidence, making it nearly impossible to conduct a forensic investigation.   

Your MSP should be aware of its role in your incident response plan as an active partner in retaining evidence of an attack. Help ensure that your MSP is informed and willing to participate in helping you identify and act on opportunities to gather evidence or work with your digital forensic team during an incident.  

  1. Data recovery 

Testing is vital to maintaining an effective business continuity plan program. In addition to monitoring your backup system, your MSP should be helping you perform monthly file-level recovery tests and annual full recovery tests. 

Make sure to also provide your MSP with recovery time objectives and recovery point objectives (RTO and RPO) for the systems and applications they support and that the recovery strategy meets your requirements.   

And if you’re uncertain of what your RTO and RPO should be, consider working with an MSP or a business continuity planning specialist who can help you develop or improve your business impact analysis.  

  1. Operational resilience

Your MSP should be supporting your vulnerability management program, including periodic vulnerability scanning, patching and updating computers and network devices to help ensure known vulnerabilities are addressed — even for non-Microsoft applications (e.g. Adobe, Flash). Additionally, your MSP should be assisting you with IT asset management, including replacing deprecated, end-of-life equipment so that it doesn’t introduce security vulnerabilities. 

  1. Cybersecurity risks

Work with an MSP who can provide managed advanced endpoint detection and response (EDR). 

Traditional antivirus software checks files and programs to see if they’re “bad” based on a list it has. Advanced EDR watches everything happening on your device. It looks for how programs and files behave, allowing you to quickly detect and isolate ransomware and other malware before it infects other computers, minimizing the damage.   

Your MSP should be using both to keep your institution safe.  

  1. Unauthorized authentication and access

A quality MSP can assist you with authentication and access controls. Their support should include multifactor authentication implementation, regular removal of users who are no longer within your organization and monthly reports identifying dormant accounts.  

You also need to be aware of how your MSP accesses your network and systems.  

One of the baseline requirements in the FFIEC CAT includes encrypted connections and multifactor authentication for contractors and third parties. MSPs service many clients, and this baseline requirement is commonly not met. In fact, many MSPs share passwords among employees or even use the same administrator password to provide convenient access to multiple clients. This practice, however, introduces risk to your institution.   

  1. Third- and fourth-party risks 

As a third-party provider, your MSP should ensure that their own security practices are helping keep your institution safe. However, many providers commit to practices that may expose you to operational risk.  

During your vendor due diligence process, make sure you not only understand your MSP’s controls, but also those of your MSP’s vendors, such as cloud service, data backup and remote monitoring and management providers. Kaseya and SolarWinds are examples of how fourth parties used by MSPs led to breaches of the MSP’s clients.  

A new and rising threat vector is your vendors’ use of AI. Your vendor due diligence needs to include questions about how AI is used, what data is shared and how your security and privacy are protected with the large language models used by your MSP. 

How Wipfli can help  

Wipfli’s MSP services bring industry-specific experience and cybersecurity know-how to help make your institution more efficient and secure. We understand the complex regulatory environment and unique business operations financial institutions face, making us capable of providing you with the targeted support you need.    

Our MSP services can do more to protect your financial institution. Contact us today to learn how. 

/by
,

Association Update: WBA Associate Members Support Bankers Across Wisconsin

By Daryll Lund

Every year, the banking industry becomes increasingly competitive and with new trends, technology, and specialized services emerging at rapid speeds, there is no way for one single business to do it all. The Wisconsin Bankers Association is pleased to offer WBA bank members access to the over 150 vetted, dedicated companies that make up the Association’s Associate Member program.

Made up of a broad spectrum of third-party providers from around the country, WBA’s Associate Members program features companies that specialize in specific products and services related to banks. In forming strong partnerships with third-party vendors, many WBA members have found great benefit directly impacting their bank’s growth to the satisfaction of their customers.

Furthermore, Associate Member companies serve as valuable partners of the Association. From sharing their expertise through resources published in our publications to presenting on hot topics at WBA events, our Associate Members help us create meaningful, relevant content that informs bankers throughout Wisconsin. WBA’s Associate Member program offers just the place for banks to locate whatever niche expertise and product specialization they need to stay ahead in our continuously evolving industry. WBA stands ready to identify companies that seek to assist Wisconsin’s banking industry and connect banks with the vendor(s) that will meet their needs.

To learn more about WBA’s Associate Member program and how your bank can make the most of the resources available, please visit wisbank.com/Associates or contact Nick Loppnow, director – associate membership and business development, at nloppnow@wisbank.com.

/by
,

The Evolution of Cyberthreats: Preparing for AI-Powered Attacks

By Brett Gilsinger

The latest arsenal of tools that cybercriminals will harness for their illicit activities is increasingly being powered by artificial intelligence (AI). The transition to AI-driven cybercrime is already underway. Traditionally, cybercriminals have relied on a plethora of tools acquired from the dark web to penetrate their targets. These off-the-shelf tools have allowed cybercriminals to gather the information they need effortlessly. Instead of developing code specifically for a target, attackers have been able to purchase these tools through underground networks and dark web marketplaces. Such tools permit them to tailor malware or compile exploits from pre-packaged kits. As long as profits continue to soar, the underground market for cybercrime services thrives, fueled by robust demand for illicit tools and the ongoing supply by clandestine developers.

This underground ecosystem has been operating for years and shows no signs of diminishing. Yet, with the advent of highly sophisticated large language models such as ChatGPT, the tools available to wrongdoers are transforming. GPT stands for “Generative Pre-trained Transformer.” It is an artificial intelligence model designed to generate text by predicting subsequent words in a sentence based on the preceding words. This technology, developed by OpenAI, uses deep learning algorithms and a large amount of data to understand and generate human-like text. We are witnessing the emergence of unregulated AI models like FraudGPT and WormGPT. These models function without the ethical constraints usually imposed on publicly available versions like ChatGPT. Offered via subscription services in the more obscure regions of the internet, they harness stolen or open-source training datasets to power private GPT systems that assist cybercriminals indiscriminately, completely disregarding the legality or ethics of their facilitation.

Reports indicate that some of these emerging systems possess the alarming capability to generate undetectable malware. They can orchestrate comprehensive phishing operations, crafting the deceitful messages and the code for the malicious landing pages designed to harvest credentials. With such technology at their disposal, the scope of advanced criminal activities is limited only by the perpetrator’s creativity — or perhaps not even that, should the AI itself suggest ways to refine their malicious endeavors.

Facing these sophisticated threats, institutions and individuals must remain vigilant and proactive in safeguarding their operations and personal information. While these advancements pose a significant concern for the security of our data in the era of AI, there are measures that can be taken to protect your institution from these threats. Almost all of these attacks rely on human error to grant bad actors access to your environment. Regular training and awareness programs are the first line of defense. Employees should be consistently educated on the most recent cyber threats and the critical nature of security best practices to avoid successful phishing and social engineering attacks.

Beyond improved training programs, hardening your processes and technology can establish a more secure infrastructure. Implementing multi-factor authentication (MFA) and biometrics for identity verification and performing routine internal security audits to ensure all systems are current and free of vulnerabilities are essential steps. Opting for the right technology security solutions, such as Managed Detection and Response (MDR), can automate the threat identification process and significantly diminish the likelihood of breaches.

By focusing on people, process, and technology, institutions can construct a formidable defense against the complex realm of AI-enabled cybercrime, thereby securing their assets and maintaining the confidence of their clientele. Moving forward, institutions will need to focus on evolving their security solutions to stay ahead of the quickly changing threat landscape.

Gilsinger is executive vice president – CTO of IT Resource, a WBA Associate Member.

About IT Resource

IT Resource provides technology solutions to streamline IT environments, enhance productivity, and lower costs. And now we are excited to announce that IT Resource is evolving into Endeavor IT! While maintaining the same dedicated team, ownership, and management, we’re expanding our already exceptional services to offer a broader range of IT solutions with offices spanning across the North, Midwest, and South. Curious to explore further? Check out endeavorit.com.

/by
Wisconsin Bankers Association logo

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe