Tag Archive for: News

Posts

,

Thompson Kane & Company, Inc. to Acquire Benton State Bank

Thompson Kane & Company, Inc., a Madison, Wis. based mortgage banking company, announced on March 23, 2022 that is has entered into a definitive agreement to acquire Benton State Bank, a community bank located in Benton, Wis. with assets of $76.6 million. This transaction is subject to regulatory approval and is expected to close by the fourth quarter of 2022.

Benton State Bank will continue to provide banking products and services through its existing locations, and the entire management team of the bank will remain in place. As a result of this transaction, Benton State Bank will be able to utilize Thompson Kane’s mortgage origination platform to grow and expand its lending operations.

“Benton State Bank is over 125 years old and we are thrilled that it will remain a community based, independent financial institution serving local businesses, farmers, homeowners, and consumers. We will lead the bank into the future with additional growth avenues and plenty of capital to finance our plan,” said Steve Malone, president and CEO of Benton State Bank.

“We look forward to expanding the product offerings for both of our customer bases,” said John C. Thompson, president and CEO of Thompson Kane. “Through additional capabilities provided by this transaction, we expect to be able to grow the combined entity significantly.” Thompson Kane will inject additional equity into Benton State Bank to enable it to expand its lending operations.

Scott Freiburger, currently the executive vice president, will become the president of Benton State Bank upon the closing of the transaction. “This transaction provides tremendous opportunity for our company, our customers, and the markets we serve. I am excited to help lead this bank as we expand credit availability in our communities. We believe adding the mortgage expertise and capabilities of Thompson Kane with Benton State Bank’s community focus will set us apart in mortgage lending. We are hopeful that the transition will create additional employment opportunities over time,” said Mr. Freiburger

/by
,

FIPCO Welcomes New Staff

Read more
/by
,

WBA-Initiated Legal Action

Rose Oswald PoelsBy Rose Oswald Poels

I have worked full time at WBA now for almost 29 years and have had the pleasure of interacting with my colleagues (legal counsels and state association executives) from around the country at various American Bankers Association (ABA) and Independent Community Bankers of America (ICBA) events throughout that time. Every banking association is focused on the same general priorities of advocating on behalf of their members in each state and with our respective congressional delegations for the good of the entire collective banking industry, as well as providing member value through various products and services. All these state associations are a family in the sense that we all are working to better the banking industry.

Particularly in the advocacy space, congressional and federal regulatory action impacts the franchise value of every bank in the country. Consequently, each state association must do its part to help elect individuals to office who are “B” for banking, and nurture relationships with their members of Congress to at least have constructive dialogue with them on issues important to the industry. The strength of our industry is inextricably tied to the strength of each individual state association working collectively with each other on these common goals. To accomplish this, we need bankers to support the trade associations in the states in which they do business, and we need the state associations to work cooperatively with each other. Unfortunately, the latter is not currently happening.

I learned last spring that the California Bankers Association (CBA) filed an application with the U.S. Patent and Trademark Office (USPTO) seeking federal trademark registration of trademark “WBA.” The application was filed in late 2017, just prior to their merger with the Western Independent Bankers (WIB) organization. After CBA’s merger with WIB, CBA changed its name to Western Bankers Association. Unfortunately, the USPTO issued the federal trademark registration in February 2020 despite the Wisconsin Bankers Association’s existing and long-standing trademark rights in the trademark “WBA,” and despite the likely similar rights of two other state banking associations in the trademark “WBA.” None of the trade association executives from the state associations with rights in the mark “WBA” were made aware of this filing by CBA.

Given the common law trademark rights the Wisconsin Bankers Association has long held in the “WBA” trademark, this situation is untenable. Last May, I joined my colleagues from Washington and Wyoming in a virtual meeting with Steve Andrews, the current Western Bankers Association President and CEO, to attempt to discuss and resolve this situation, with our requests including that he voluntarily surrender this federal trademark registration with the USPTO. It was clear in that conversation that Mr. Andrews believed they had an asset worth protecting and surrender of the registration was unlikely. The three state associations with rights in the mark “WBA” then attempted to settle with the Western Bankers Association through our respective attorneys throughout last fall.  When it became clear that an amicable final resolution would not happen, we initiated an administrative legal action in the USPTO in November seeking cancellation of CBA’s federal trademark registration.

Efforts by many association colleagues to encourage Mr. Andrews to work out these legal issues have continued, but instead he has chosen to double down on his position. In the case of the WBA trademark registration, the Western Bankers Association chose to file a response in the pending action denying our claims on January 3, 2022, so that action now continues to the discovery phase. If this legal action proceeds through the full trial schedule, the case will continue well into 2023.

To the best of my knowledge, this is the first time that an individual state bankers association has attempted to federally register a trademark in which another state bankers association owns prior trademark rights. It is incredibly disappointing that another peer association would take this action, which knowingly and purposely harms other associations and their members. I know that we all could use the money we are spending on legal fees in other ways for the benefit of all of you rather than engaging in this family feud.

Since this is the first time WBA has been a party in a legal action of this type, I wanted to bring this matter to your attention since you are members, and, therefore, owners of WBA. Furthermore, I am aware that the Western Bankers Association is regularly emailing and soliciting banks outside of the state of California for membership and for participation in their education programs, including many of you. Please consider their actions in this matter when you receive this type of communication. If you have any questions on our legal action, please don’t hesitate to contact me directly.

/by
, ,

Military Service Members Bring Unique Skills and Talents to Banks

By Hannah Flanders

From the National Guard and reserves to veterans, every branch of the military is already integrated into our communities. With their vast training, service members and veterans are ready to translate their skills in leadership, collaboration, and communication into making the banking industry a more diverse environment.

Staff Sergeant Jennifer Splittgerber, credit analyst at PremierBank and Russ Turk, president and CEO of PremierBank

Staff Sergeant Jennifer Splittgerber is currently on active duty with the Wisconsin National Guard working as a recruiter in Sussex and Pewaukee, Wisconsin. She also holds a civilian job at PremierBank’s Fort Atkinson location as a credit analyst in the loan department.

From the start, SSG Splittgerber knew that she had an underlying desire to help her community in some way. Since joining the Wisconsin National Guard she has had multiple opportunities to assist with riot control, flooding, and hurricane relief situations — experiences she has found to be fulfilling and rewarding.

“The military has given me a sense of purpose. And now, serving as a recruiter, I’m able to help kids who might not have the opportunity to get a college degree,” told SSG Splittgerber. “It’s also very satisfying to help those kids who are headed down the wrong path in life. I wouldn’t be where I am today without the military.”

Through the National Guard and some encouragement from her now-husband, SSG Splittgerber completed her bachelor’s degree with a major in finance. In 2016, while attending UW-Whitewater, SSG Splittgerber applied to be a teller at PremierBank. From there, she applied to be a credit analyst intern, which turned into a full-time credit analyst position.

“PremierBank has been outstanding in supporting me. They have always been flexible with me whenever I’ve had orders or training,” said SSG Splittgerber. “Without the bank allowing me flexibility to complete my education, and their willingness to support me during my military leave of absences, I wouldn’t have been able to successfully complete my education or quickly grow in my banking career.”

D'Juan Wilcher

Lieutenant Commander D’Juan Wilcher; head of diversity, equity, and inclusion at Associated Bank

Similarly, D’Juan Wilcher is the head of diversity, equity, and inclusion (DEI) with Associated Bank, working at the Chicago office in support of the entire organization. Wilcher also serves as a lieutenant commander with the U.S. Navy Reserves and was previously assigned to Japan and Chicago and served in the Persian Gulf aboard USS Mesa Verde.

Once in Chicago, Wilcher assisted in conducting training and indoctrination for our nation’s newest sailors. This allowed for a smooth transition into banking in how “military leadership requires leveraging both direct and indirect authority” said Wilcher. “This bodes well to manage up, down, and across the corporate structure in highly matrixed environment.”

His transition into DEI was straightforward in that it so clearly aligned with his passions. “Banking is an industry that sorely needs DEI improvement. It is also one of the toughest industries to move the needle,” highlighted Wilcher, “and I generally opt for the toughest assignments to make an impact.” As a lieutenant commander, Wilcher brings to Associate Bank not only high levels of expertise in leadership, but the ability and desire to strive for the greater good of his community.

Being a reservist also means Wilcher has commitments to serving for a period of consecutive weeks and requires added flexibility in order for him to complete the assignment. “This summer, Associated Bank served me well by allowing me to [serve] with no interruption,” said Wilcher.

Banks make good employers of both active and retired service members for several reasons, according to Russ Turk, President and CEO of PremierBank. “They are trained problem-solvers,” he said, “[and have] the ‘servant-heart’ mindset.”

Turk has found these attributes to be highly valuable to community banks like PremierBank. “Our main role in our local economy is to help our communities grow and prosper,” says Turk. “We do that best by building relationships and serving our fellow citizens. Service members embody these character qualities and complement our mission quite well.”

/by
Cybersecurity graphic
, ,

What Community Banks Need to Know About Ransomware Attacks

By Cassandra Krause 

With a recent uptick in activity, ransomware attacks are a form of cyberattack that has been prevalent in recent news — and for good reason. The effects can be detrimental in terms of monetary loss and reputational damage to the victim. Ransomware is a type of malicious software (a.k.a. malware) that usually encrypts a victim’s files, and the bad actors have upped their game to steal the data first, then threaten to also publish the data to the public. Criminals set their sights on businesses with the goal of extorting money, making community banks prime targets. 

Organized crime networks are becoming increasingly sophisticated. In general, the risk of getting caught for cybercrimes is much lower than for traditional crimes like robbery, and the financial gains are far higher. Ransomware developers write and sell the software to other bad actors for a cut of the profits when they deploy it and collect ransom payment, usually in the form of cryptocurrency, which is hard to trace. Compromised data may also be used to open fraudulent lines of credit. 

“The U.S. is in a ransomware crisis right now,” said Jeff Otteson, vice president of sales at Midwest Bankers Insurance Services (MBIS), a subsidiary of the Wisconsin Bankers Association. He explained that it has created a hard insurance market with carriers tightening up on internal control requirements such as multifactor authentication (MFA) for privileged users (users with the ability to install software or change security settings on critical systems) and encryption of backups. 

In their 2021 Cost of a Data Breach Report, IBM Security and the Ponemon Institute calculate that the average total cost of a data breach is $4.24 million, a 10% increase from 2020–2021. The per-record cost of personally identifiable information averaged $180. 

Prevention 

With the incredibly high stakes in mind, banks are dedicating significant resources to preventing malicious cyberactivity, both in terms of staff and money. Respondents to a 2020 Deloitte survey of financial institutions reported spending about 10.9% of their IT budget on cybersecurity on average, up from 10.1% in 2019. In terms of spending per employee, respondents spent about $2,700 on average per full-time employee (FTE) on cybersecurity in 2020, up from about $2,300 the prior year. 

“There is an industry-standard framework for ransomware prevention and all cybersecurity,” explained FIPCO’s Director InfoSec and Audit Ken Shaurette. FIPCO is also a WBA subsidiary. A good consultant will walk the bank through a comprehensive review of their network security, improving endpoint protection to replace traditional antivirus and endpoint detection solutions, including adding authentication improvements such as MFA, improved password strength, and protecting backups. As more and more of the digital tools that bankers utilize require users to download and install software and updates, depending on signature-based solutions for malware detection is not acceptable — it has become critical to safeguard user, file, network, and device-level activities. 

A bad actor gaining access to a bank’s data may encrypt the data and demand payment in exchange for granting access back to the bank. In this situation, having a data backup is essential.  

“The rule of thumb for data backups is 3-2-1,” said FIPCO Information Security and IT Audit Advisor Rob Foxx. “There should be three copies of all data stored on two different mediums. One of the copies should be stored off site.” 

Ransomware prevention is only one part of a complete cybersecurity system. Experts agree that early detection of unusual activity within a system can help keep a minor incident from quickly escalating into a major incident like a ransomware threat. 

“Ransomware isn’t the first attack,” said Wolf & Company, P.C. Manager of the I.T. Assurance Group Sean Goodwin, who recently presented at WBA’s Secur-I.T. Conference. “Ultimately, it’s on I.T. to put controls in place because an employee will inevitably fall for a phishing email. It becomes a question of whether we can catch that quickly.” 

Social engineering remains the greatest concern; it’s easier for bad actors to trick an employee rather than break through a firewall. Verizon’s 2021 Data Breach Investigations Report found that almost half of the breaches in the financial services industry involved internal actors committing various types of errors. The report stated that the financial sector frequently faces credential and ransomware attacks from external actors, 96% of which are financially motivated (followed by small percentages of motives of espionage, grudge, fun, and ideology). 

Goodwin emphasized that I.T. must be able to act quickly when there’s an indication that someone is accessing something they don’t normally access. “Prevention is ideal. If we can prevent it, that’s best-case scenario, but if not, early detection becomes critical,” he said. This area of solution, known as endpoint detection and response, is rapidly becoming a key point of protection from ransomware and all other malicious events. 

Establishing an incident response program within a bank is an important part of the overall cybersecurity program. 

Preparation 

Creating a culture of cybersecurity awareness throughout the bank is important, so that bank employees are prepared for an incident. Employee training on what to do in the event of an attack should be standard practice. Making security part of the organization’s DNA is a best practice. 

“Every bank needs an incident response plan, and that needs to be approved all the way up through the board. Part of this plan is notification of incidents to the insurance carrier,” said MBIS’s Otteson. 

FIPCO’s Foxx emphasized that the roles and responsibilities in the incident response plan must be clearly defined, and banks should revisit their plan regularly.  

“As the insurance agent, I’m the first call a bank makes when there’s an incident,” said Otteson. “It’s important that banks choose to work with an agency that understands cyber insurance.”  

MBIS insures about 220 banks and has access to a large number of carriers that provide the right coverage for their customers. Otteson recommends reporting all incidents as even a minor incident could result in a claim down the line and having reported that incident when it occurred is key to a successful claim. He says to keep in mind that the owner of the data is liable for it whether the incident occurred in house or with a vendor the bank shared customer data with. 

Mitigation 

It’s important to work with the insurance carrier to ensure that all the bases are covered and that the vendors who participate in the response are approved. Not using the cyber insurance carrier’s approved vendors may result in expenses not being covered under the insurance policy. In the event of a ransomware attack, the insurance agent or bank will immediately notify the insurance carrier. Beazley, a carrier partner of MBIS, maintains a 24/7 helpline, which has become common with other carriers as well. Knowing how to report incidents, when to report, and what to expect is key. 

Holidays and weekends are prime times for ransomware attacks: employees who are in a rush to leave may be more likely to click on a bad link, and with employees away from work, it’s easier for the bad actors to get into the network. Even if a problem is detected, it’s more likely that staff who could help put a stop to the attack may be on vacation or unavailable, buying the criminals more time to take over. 

As soon as a cyber liability claim is made, the insurance carrier’s pre-approved vendors come into play.  

“Nobody has the resources in house to effectively manage ransomware attacks,” said Foxx, who has experience working both within a bank and as an external auditor and consultant. The specialization of skills and the amount of people needed to perform adequate analysis and remediation are so significant that even large banks will not have all the players they need on staff. 

If a bank’s data becomes encrypted and made inaccessible, a vendor such as Tetra Defense would be engaged on forensics. Managed endpoint detection and response vendors such as Cynet can help from detection and prevention to response, including providing digital evidence for a vendor performing forensics. Meanwhile, a vendor such as Coveware would handle ransom negotiations with the criminals. Wolf & Company, P.C.’s Goodwin said that you don’t really know who’s on the other side of the transaction — some criminals may be willing to negotiate and others not. He referred to ransomware as a “niche space in cybersecurity that is now getting more attention.” The criminal organizations involved in these types of attacks in some ways act like a legitimate business in that they rely on their reputation and may even have customer service departments — if they fail, it will hurt their chances of getting more business in the future.  

Typically, in the event of a ransomware attack, a legal firm will handle communications and PR for the bank — putting a statement on the bank’s website, assisting staff with customer phone calls, and determining whom to notify. Getting legal involved early protects all communications and discovery with attorney-client privilege. The requirements for notification vary from state to state, and a bank may have customers in multiple states or even other countries, making the expertise of a legal team invaluable. The language used in communications matters, as the term “breach,” for example, can have different legal implications and potentially create larger issues than terms like “incident,” “situation,” or “event.” Education of staff far in advance using regular testing of the plan is a key factor in mitigating an incident. Inappropriate statements made by employees on social media or even at informal social gatherings can have severe ramifications for the bank. 

Follow Up 

While anyone who experiences a ransomware attack may be eager to breathe a sigh of relief and move on when it is over, it is essential to review the incident and revise the bank’s incidence response plan. Assessing what went well and what needs to be improved are critical steps.  

Goodwin also warns that victims of ransomware are commonly re-targeted. A Cybereason study found that 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack. He said that once a company has paid a ransom it is known that (1) you were compromised, (2) you do not have proper backups of your files, and (3) you were willing to pay. 

Summary 

Cyberattacks are the biggest risk to a financial institution — even surpassing the risk of past-due loans. The cost of a ransomware attack can be astronomical, with many factors contributing to the price tag, including vendor fees and staff hours to resolve the issue; the cost to inform customers and offer identity or other protections; the loss of destructed data; and the down time of the business. All of this, followed by the loss of customers’ trust (and subsequent loss of their business), has the potential to put a community bank out of business.  

There are safeguards banks can put in place, including a sound incident response plan, improved monitoring with better endpoint detection and response, cyber liability coverage, and employee education. FIPCOMBIS, and a wide range of WBA Associate Members are ready to support banks in keeping their data and that of their customers safe.  

/by
,

Reimagining the Bill Pay Experience

How financial institutions can meet evolving consumer expectations

Financial institutions are witnessing a rapid evolution in bill pay fueled by nonbank competitors, COVID-19 and constantly rising consumer expectations. It’s a complex challenge that calls for flexibility and a willingness to expand the definition of bill pay beyond the basic task of paying a bill.

The pandemic is driving rapid innovation and accelerating the use of digital tools. However, for years before COVID-19, large fintechs had emerged to focus exclusively on consumer payments, including bill pay.

By working from the outside, fintechs could focus on payments without consideration of existing banking infrastructure, integrations and other factors that financial institutions must keep in mind. Fintechs have used that advantage to innovate and connect with consumers, and that is a challenge to traditional financial services companies to up their game.

Financial institutions, though, have their own advantages. Zelle® is a prime example of recapturing person-to-person (P2P) payments and expanding to small-business payments with a real-time, convenient and secure service.

But every payment is under the microscope. Consumer expectations are going through the roof as people look for more convenience, ease of use and more advisory experiences. While that started in areas such as P2P, transfers and disbursements, heightened expectations are expanding to bill pay.

Financial institutions can continue to innovate and deliver on customer expectations when it comes to the next generation of payments. Here’s how.

Become an Extension of the Biller

The question for financial institutions around bill pay is how to make it more modern and intuitive.

Let’s say I go to my cellphone company’s site to pay the bill and notice it’s much higher than usual. The site will show me why. Maybe one phone in the plan exceeded the data cap.

That leads to prompts: Do I want to change my plan? Do I want to upgrade? Did I know I’m eligible for a new phone? Suddenly, my cellphone company is offering a complete advisory experience. And, like most people, I almost always go to the cellphone company’s site – or any other biller’s site – to make a real-time or last-minute bill payment using a credit or debit card.

Financial institutions recognize their bill pay experiences don’t always measure up. There are gaps in the user experience and payment features. But they also recognize their legacy technology does the foundational things well.

The benefit of financial institution bill pay is it’s a consolidated experience, a place where consumers can go to pay all their bills. They don’t have to remember all the different passwords or put payment reminders in their calendars. The fact that a financial institution can do all of that in one place is a value proposition that resonates.

But then people experience it and say, “Oh, I can’t pay with my card. I can’t make last-minute payments. And I’m not getting the advisory experience I’m used to.” So they don’t make the switch to the channel.

Closing the gaps to offer the same benefits and services as biller sites requires financial institutions take advantage of their strong foundation while adding flexibility to deliver a modern, intuitive user experience.

Leverage Data to Offer Meaningful Insights

Financial institutions know who people are paying. So why not streamline the bill pay setup process by presenting those billers to consumers right from the start?

Financial institutions can also identify other relevant billers in a user’s area to serve up as possibilities. Biller setup is the first step, and when financial institutions leverage data and analytics to be more advisory, they have a higher likelihood of engaging consumers.

The possibilities of how financial institutions can use data keep expanding. Eventually, leveraging data and analytics to close gaps in the experience will lead to predictive reminders.

With those reminders, financial institutions may see that a consumer paid a biller on the 15th for the past three months. But this month, the consumer hasn’t scheduled the payment. So on the fifth of the month, for instance, the financial institution could ask the consumer if the payment should be scheduled.

The focus is on using data to be smarter and make people’s lives easier, whether through automatic payments or notifications and alerts.

Embrace Real Time

When financial institutions are proactive, they’re anticipating what’s next in terms of meeting consumer expectations. Real-time bill pay is on the horizon.

It starts with a request to pay, which is an actionable alert indicating a payment is due. The user receives the request to pay from the biller through the financial institution and can pay the bill immediately. When the user responds with “pay now,” a real-time confirmation is delivered, creating a sense of comfort and trust for the consumer that the payment was made.

For processing the real-time payment, there are several methods available and others on the horizon, including direct settlement real-time networks, such as The Clearing House and the FedNowSM Service, and the card networks.

The goal is to give consumers the most real-time payment choices with the most billers. That’s the next generation of experiences, and the industry is at the doorstep of a new world for bill pay.

Building on a Strong Foundation

At its heart, the bill pay challenge facing financial institutions filters down to one basic task: creating a comprehensive, enriched experience that meets consumer expectations.

The bill pay environment right now is complex, with emerging competitors and accelerated expectations, especially during a pandemic. But financial institutions are well-positioned to take the next step in bill pay.

They have the trust and loyalty of consumers and an established foundation of technology and data that competitors lack. Closing those user experience gaps and embracing the next generation of bill pay is how financial institutions can bring together the best of both worlds for consumers.

By, Cassie Krause

/by
WBA logo

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe