FIPCO partners with

In this current world, customer connection comes at a premium. The pandemic changed many things and shifted customer behavior. Now customers who may have previously stopped by a branch to ask a question are seeking service through phone more and more. How can financial institutions manage the ever-increasing number of calls while still providing high-quality service?

FIPCO is proud to announce a new partnership with’s artificial intelligence (AI)-Powered Phone Banking solves many of the problems faced by traditional call center, elevating the entire call center experience. The AI-Powered Phone Banking automates more than 60% of the financial institution’s call center calls using the industry’s first neural voice-powered AI assistant.

“We are thrilled to be able to partner with to offer this world-class product to our customers,” said Pam Kelly, president of FIPCO. “We understand the need for effective service for everyone who calls an institution, while making sure call center staff are not overwhelmed and customers aren’t stuck waiting for help in a queue.”

The AI-Powered Phone Banking reduces call wait times, while increasing productivity and engagement. FIPCO and will be hosting informational webinars on November 9 and 16 to demonstrate to capabilities of this solution.

To learn more about this solution and the upcoming demos, contact FIPCO Sales at or 1-800-722-3498, option 5.

Upcoming Informational Webinars:

Date: November 9, 2021
Time: 12:30 PM – 1:30 PM CT

Date: November 16, 2021
Time: 11:30 AM – 12:30 PM CT

Cybersecurity graphic

By Cassandra Krause 

With a recent uptick in activity, ransomware attacks are a form of cyberattack that has been prevalent in recent news — and for good reason. The effects can be detrimental in terms of monetary loss and reputational damage to the victim. Ransomware is a type of malicious software (a.k.a. malware) that usually encrypts a victim’s files, and the bad actors have upped their game to steal the data first, then threaten to also publish the data to the public. Criminals set their sights on businesses with the goal of extorting money, making community banks prime targets. 

Organized crime networks are becoming increasingly sophisticated. In general, the risk of getting caught for cybercrimes is much lower than for traditional crimes like robbery, and the financial gains are far higher. Ransomware developers write and sell the software to other bad actors for a cut of the profits when they deploy it and collect ransom payment, usually in the form of cryptocurrency, which is hard to trace. Compromised data may also be used to open fraudulent lines of credit. 

“The U.S. is in a ransomware crisis right now,” said Jeff Otteson, vice president of sales at Midwest Bankers Insurance Services (MBIS), a subsidiary of the Wisconsin Bankers Association. He explained that it has created a hard insurance market with carriers tightening up on internal control requirements such as multifactor authentication (MFA) for privileged users (users with the ability to install software or change security settings on critical systems) and encryption of backups. 

In their 2021 Cost of a Data Breach Report, IBM Security and the Ponemon Institute calculate that the average total cost of a data breach is $4.24 million, a 10% increase from 2020–2021. The per-record cost of personally identifiable information averaged $180. 


With the incredibly high stakes in mind, banks are dedicating significant resources to preventing malicious cyberactivity, both in terms of staff and money. Respondents to a 2020 Deloitte survey of financial institutions reported spending about 10.9% of their IT budget on cybersecurity on average, up from 10.1% in 2019. In terms of spending per employee, respondents spent about $2,700 on average per full-time employee (FTE) on cybersecurity in 2020, up from about $2,300 the prior year. 

“There is an industry-standard framework for ransomware prevention and all cybersecurity,” explained FIPCO’s Director InfoSec and Audit Ken Shaurette. FIPCO is also a WBA subsidiary. A good consultant will walk the bank through a comprehensive review of their network security, improving endpoint protection to replace traditional antivirus and endpoint detection solutions, including adding authentication improvements such as MFA, improved password strength, and protecting backups. As more and more of the digital tools that bankers utilize require users to download and install software and updates, depending on signature-based solutions for malware detection is not acceptable — it has become critical to safeguard user, file, network, and device-level activities. 

A bad actor gaining access to a bank’s data may encrypt the data and demand payment in exchange for granting access back to the bank. In this situation, having a data backup is essential.  

“The rule of thumb for data backups is 3-2-1,” said FIPCO Information Security and IT Audit Advisor Rob Foxx. “There should be three copies of all data stored on two different mediums. One of the copies should be stored off site.” 

Ransomware prevention is only one part of a complete cybersecurity system. Experts agree that early detection of unusual activity within a system can help keep a minor incident from quickly escalating into a major incident like a ransomware threat. 

“Ransomware isn’t the first attack,” said Wolf & Company, P.C. Manager of the I.T. Assurance Group Sean Goodwin, who recently presented at WBA’s Secur-I.T. Conference. “Ultimately, it’s on I.T. to put controls in place because an employee will inevitably fall for a phishing email. It becomes a question of whether we can catch that quickly.” 

Social engineering remains the greatest concern; it’s easier for bad actors to trick an employee rather than break through a firewall. Verizon’s 2021 Data Breach Investigations Report found that almost half of the breaches in the financial services industry involved internal actors committing various types of errors. The report stated that the financial sector frequently faces credential and ransomware attacks from external actors, 96% of which are financially motivated (followed by small percentages of motives of espionage, grudge, fun, and ideology). 

Goodwin emphasized that I.T. must be able to act quickly when there’s an indication that someone is accessing something they don’t normally access. “Prevention is ideal. If we can prevent it, that’s best-case scenario, but if not, early detection becomes critical,” he said. This area of solution, known as endpoint detection and response, is rapidly becoming a key point of protection from ransomware and all other malicious events. 

Establishing an incident response program within a bank is an important part of the overall cybersecurity program. 


Creating a culture of cybersecurity awareness throughout the bank is important, so that bank employees are prepared for an incident. Employee training on what to do in the event of an attack should be standard practice. Making security part of the organization’s DNA is a best practice. 

“Every bank needs an incident response plan, and that needs to be approved all the way up through the board. Part of this plan is notification of incidents to the insurance carrier,” said MBIS’s Otteson. 

FIPCO’s Foxx emphasized that the roles and responsibilities in the incident response plan must be clearly defined, and banks should revisit their plan regularly.  

“As the insurance agent, I’m the first call a bank makes when there’s an incident,” said Otteson. “It’s important that banks choose to work with an agency that understands cyber insurance.”  

MBIS insures about 220 banks and has access to a large number of carriers that provide the right coverage for their customers. Otteson recommends reporting all incidents as even a minor incident could result in a claim down the line and having reported that incident when it occurred is key to a successful claim. He says to keep in mind that the owner of the data is liable for it whether the incident occurred in house or with a vendor the bank shared customer data with. 


It’s important to work with the insurance carrier to ensure that all the bases are covered and that the vendors who participate in the response are approved. Not using the cyber insurance carrier’s approved vendors may result in expenses not being covered under the insurance policy. In the event of a ransomware attack, the insurance agent or bank will immediately notify the insurance carrier. Beazley, a carrier partner of MBIS, maintains a 24/7 helpline, which has become common with other carriers as well. Knowing how to report incidents, when to report, and what to expect is key. 

Holidays and weekends are prime times for ransomware attacks: employees who are in a rush to leave may be more likely to click on a bad link, and with employees away from work, it’s easier for the bad actors to get into the network. Even if a problem is detected, it’s more likely that staff who could help put a stop to the attack may be on vacation or unavailable, buying the criminals more time to take over. 

As soon as a cyber liability claim is made, the insurance carrier’s pre-approved vendors come into play.  

“Nobody has the resources in house to effectively manage ransomware attacks,” said Foxx, who has experience working both within a bank and as an external auditor and consultant. The specialization of skills and the amount of people needed to perform adequate analysis and remediation are so significant that even large banks will not have all the players they need on staff. 

If a bank’s data becomes encrypted and made inaccessible, a vendor such as Tetra Defense would be engaged on forensics. Managed endpoint detection and response vendors such as Cynet can help from detection and prevention to response, including providing digital evidence for a vendor performing forensics. Meanwhile, a vendor such as Coveware would handle ransom negotiations with the criminals. Wolf & Company, P.C.’s Goodwin said that you don’t really know who’s on the other side of the transaction — some criminals may be willing to negotiate and others not. He referred to ransomware as a “niche space in cybersecurity that is now getting more attention.” The criminal organizations involved in these types of attacks in some ways act like a legitimate business in that they rely on their reputation and may even have customer service departments — if they fail, it will hurt their chances of getting more business in the future.  

Typically, in the event of a ransomware attack, a legal firm will handle communications and PR for the bank — putting a statement on the bank’s website, assisting staff with customer phone calls, and determining whom to notify. Getting legal involved early protects all communications and discovery with attorney-client privilege. The requirements for notification vary from state to state, and a bank may have customers in multiple states or even other countries, making the expertise of a legal team invaluable. The language used in communications matters, as the term “breach,” for example, can have different legal implications and potentially create larger issues than terms like “incident,” “situation,” or “event.” Education of staff far in advance using regular testing of the plan is a key factor in mitigating an incident. Inappropriate statements made by employees on social media or even at informal social gatherings can have severe ramifications for the bank. 

Follow Up 

While anyone who experiences a ransomware attack may be eager to breathe a sigh of relief and move on when it is over, it is essential to review the incident and revise the bank’s incidence response plan. Assessing what went well and what needs to be improved are critical steps.  

Goodwin also warns that victims of ransomware are commonly re-targeted. A Cybereason study found that 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack. He said that once a company has paid a ransom it is known that (1) you were compromised, (2) you do not have proper backups of your files, and (3) you were willing to pay. 


Cyberattacks are the biggest risk to a financial institution — even surpassing the risk of past-due loans. The cost of a ransomware attack can be astronomical, with many factors contributing to the price tag, including vendor fees and staff hours to resolve the issue; the cost to inform customers and offer identity or other protections; the loss of destructed data; and the down time of the business. All of this, followed by the loss of customers’ trust (and subsequent loss of their business), has the potential to put a community bank out of business.  

There are safeguards banks can put in place, including a sound incident response plan, improved monitoring with better endpoint detection and response, cyber liability coverage, and employee education. FIPCOMBIS, and a wide range of WBA Associate Members are ready to support banks in keeping their data and that of their customers safe.  

Five critical steps to maintaining a secure network.

Keeping your network secure in the current climate of internet assault is no small job.

Think back – how little has changed. In 2001, server-based worms were estimated to have cost private industry almost $3 billion. Code Red alone infected 359,000 servers in under 14 hours, and within 24 hours of Nimda, 50 percent of the infected hosts went offline. Fast forward to today and the exponential increase in breaches, how much is really that different?

These attacks reinforced the need for every organization to develop an information security action plan (ISAP). Doing this first involves evaluating, assessing, and auditing the existing security environment to identify major and minor problems (your inventory). Without knowing and understanding the current security posture, it is impossible to identify the most cost-effective solutions to deploy.

Veteran and well-trained security professionals realize there is no ‘silver bullet’ in information security. Following and adjusting to an industry security framework will keep you secure today and into the future. Using proper diligence to understand an organization’s security needs goes a long way in improving protection.

The following are critical first steps for building an ISAP to create a better defense in an increasingly dangerous cyberworld.

Creating Security Policy

First, create a clearly defined security policy that is strictly enforced. Understand that security goes beyond desktop PCs and ensure that the use of all laptops, copiers, fax machines, modems, and even printed information is included in the policy. Supply the policy to everyone in the organization, educate all employees about it, and enforce it consistently.

The policy is the roadmap to good security, and every employee should review it annually, be provided with opportunities to ask questions, and fully understand the policy. They should acknowledge their understanding of the policy in writing. The policy must become a standard part of the company culture and be enforced at the highest level. Not consistently enforcing policy can be worse than having no policy at all, because it could be used against the company (in litigation) to show that policy is not taken seriously in all cases.

Identifying Risk, Deploying Security

Second, identify an acceptable level of risk and deploy the appropriate level of security. It is no longer adequate for management to proclaim ignorance about potential vulnerabilities in the environment. Due diligence requires management to exercise sound judgment in protecting the environment consistent with the information being processed (i.e., the more sensitive the information, the more safeguards need to put in place).

After assessments have been performed, there are essentially three measures that can be taken. They are to reduce the risk (perform remediation), transfer the risk (take out insurance), or accept the risk (identify cost justification).

If overall risk reaches an unacceptable level, appropriate remediation steps must be taken to get the exposures reduced in severity. If that cannot be done, documentation must be created to identify justification for accepting the risk, or possibly insurance can be purchased to transfer the losses associated with the risk to another organization.

Implementing Verification

Third, access to internal hosts must be controlled and monitored. Are employees only given access to what they need to perform their specific job? Are logs reviewed daily for inconsistencies and abnormalities?

Since many security breaches can be attributed to ‘insiders,’ or exploit by a bad actor of an insider, trust no one. “Zero Trust”; it is important to live by an access philosophy of ‘least privilege’. Verify everyone and everything. Only give users the access they need to do their job. Not only must the data be protected and accountability of who is accessing it be maintained to ensure privacy, but simply tracking problems and events that occur in an environment are easier if it is possible to determine who has access to specific information. Even though incidents of access from outside a company get all the publicity, the most critical protection remains inside. Insider abuse of email or unmonitored internet access can cost in several ways beyond the lost employee time, bandwidth, and potential for viruses or worms.

Supplement the authentication and authorization system with audit trails and intrusion detection systems and use an incident response plan to follow up on suspicious activities and anomalies. Logs can be very large and contain enormous amounts of extraneous information. It is important to install tools that help sift through the abnormalities or make it possible to identify what a normal log looks like and flag unusual activity. Regular review of system logs can mitigate risk. This can include the implementation of modern extended endpoint detection and response solutions.

Testing Upgrades and Patches

Fourth, vendor upgrades and software/hardware patches should be tested adequately before migrating to production. Anti-virus tools should be deployed and automatically updated with new signature files.

Changes are constantly occurring in the environment. New software can introduce new vulnerabilities and it is well-known that some software companies do not create secure applications or operating systems. Be sure to have clear documentation to migrate all changes to production and a contingency plan should problems occur.

Malicious code continues to be a major problem for organizations. It is no longer adequate to simply install an antivirus tool and assume your problems are alleviated. It is not adequate to assume the user will behave properly to protect their desktop and company data. Today’s generation of protection must not be dependent on signatures and needs to consider other layers of information: users, files, hosts, and the network. Throw in deception technology and you have a robust solution.

Handling Any Defaults

Fifth, be sure default accounts, passwords, and settings have been appropriately handled in operating systems, routers, databases, and applications.

Keep in mind that almost all operating systems, including third-party applications, come with sample files, many of which are extremely dangerous. Almost any operating system and many application system installations require a powerful ‘administrative’ or privileged account to complete installation. This account is shipped with a default password, which often is not changed by the network, system, or application administrator. It should be changed immediately at initial installation even on test systems. If the account needs to remain in existence, it should be tightly locked down, audited, and, if possible, have its default name changed. In addition, it should not be used on a routine basis for administration. Individual administrative accounts should be assigned to authorized users with proper access requirements granted, training provided, and responsibilities understood.

In summary, there are numerous measures that can be taken to ensure a company’s infrastructure can protect its information assets. This all creates the requirement for a thorough information security action plan. A certified, qualified, well-trained chief information security officer can usually lead a corporation along a path to protected information assets and a secure business environment.

To learn more, call or email Ken Shaurette, FIPCO's Director – Information Security and Audit, at 800-722-3498 ext. 251 or today.


By, Ally Bates

With technology taking an increasingly important role in banking, directors of community banks need to be up to speed on the responsibilities this trend brings. 

From mobile banking to online loan applications to digital account opening, technology is crucial to financial institutions, said Patrick Neuman, a partner with the law firm Boardman Clark. He cited this as a reason directors should be tuned into their bank’s technology and cybersecurity. 

“Digital platforms create enormous opportunity, but they also require strategic planning and robust risk management practices, and that really starts at the board level,” said Neuman, who focuses on banking for Boardman Clark. “The board really does need to be informed. There are a number of different risks they need to be thinking about and a number of different kinds of strategies they need to be thinking about as their bank is expanding its digital platform to stay competitive in the marketplace.” 

Neuman and Boardman Clark colleague Cat Wiese plan to cover those issues in their presentation during the WBA Directors Summit, a virtual live event from 9 a.m. to 12 p.m. CDT on May 19. Wiese said she plans to talk about compliance concerns that come along with technology. 

In the Summit, directors of community banks will hear from experts on topics such as choosing technology vendors and getting ready for the future instant payment system. They’ll also be urged to take a close look at their assets and prepare for the rebooting economy. 

Patrick Dix, vice president of strategic alliances for the financial services and technology firm SHAZAM Inc., will talk with Summit attendees about the current and coming payments landscape. Part of the focus will be on the Federal Reserve’s desire for safe, ubiquitous, and faster payments capabilities in the U.S. and what’s happening on that front. 

“We’re going to touch on what’s coming next, which is faster payments,” Dix said. “This is a topic that’s been talked about for the last two or three years in real general ways, but I think things are getting real now.” 

It’s time for community banks to start thinking about and discussing how to help create a system in which they’ll participate for many years to come, he said. Dix said it amounts to “a reimagining of the payments system as we know it.” 

“We want to pose some questions so they can start thinking about that,” he said. 

How might that issue affect bank directors? 

“In many community banks, the directors are involved in decisions like, ‘Do we change our core?’  And that’s a big decision, certainly, but it also will have impact on these kinds of future technology,” Dix said. “How will your core play with other fintech companies? Will they be interoperable with other players in the industry?” 

Dix added: “I always say to people, ‘If your biggest tech partner can’t hook up to other systems, how good of a tech partner are they? If they won’t hook up to other tech partners, how good of a partner are they?’ Those are real important questions for community banks.” 

While technology will be in the limelight at the Summit, one presenter, Marc Gall, vice president and asset/liability strategist at BOK Financial, plans to look at some other topics of key concern to bankers:  interest rates, liquidity, and earnings. 

“Right now, most banks are swamped with liquidity and not really sure what to do with it,” Gall said. 

On the other hand, there is concern as the economy improves, inflation is going to take off, and rates are going to rise. 

“Balancing that weight of a very low earning asset on your book — being cash — with the potential risk that’s out there for rising rates leads banks to be a little bit more perplexed right now as to what to do,” Gall said. 

He said banks need to assess what’s on their balance sheet and, as pandemic relief measures like Paycheck Protection Program loans go away, get back to the nuts and bolts of banking. 

Gall added that some think the Fed is going to raise interest rates faster than what it has indicated and inflation will soar. He’s not convinced this is the case and said there may be risk to banks sitting on piles of cash. Some banks feel like if they do that, it’s conservative and they’re not taking a risk, he said. 

“But we would say doing nothing is a risk in and of itself,” Gall said. 

The Directors Summit is recommended for bank management teams, beginning or experienced inside and outside directors, bank CEOs, executive officers, and bank general counsel. 

Paul Gores is a journalist who covered business news for the Milwaukee Journal Sentinel for 20 years. Have a story idea? Contact him at

By, Alex Paniagua

As if there weren’t enough unwanted new realities prompted by the Covid-19 pandemic, bankers and borrowers will have another one to deal with starting Dec. 1 – the Adverse Market Refinance Fee. 

Originally set to begin in September but delayed after backlash from mortgage lenders when it was announced in August, the new 0.50% fee will be assessed on refinanced mortgages of more than $125,000 that are bought by Fannie Mae and Freddie Mac. 

That means an additional $500 in costs for every $100,000 borrowed, with the money going toward what the Federal Housing Finance Agency says is an estimated $6 billion in projected losses to Fannie Mae and Freddie Mac from pandemic protection programs offered to borrowers. 

While it makes sense that Fannie Mae and Freddie Mac would want to recoup some of what they expect to lose from forbearance defaults, foreclosure moratoriums and emergency measures to keep people in their homes, the timing and the amount of the fee are a concern, some bankers say. Homeowners who refinance their mortgage are looking to cut expenses in a tough economy, and the fee could make redoing the loan less advantageous. 

“I just think the timing of the whole thing is challenging for a lot of families that are hurting right now,” said Jimmy Kauffman, chief executive officer of Bank of Sun Prairie.  

“It’s an unfortunate thing at an unfortunate time,” Kauffman said. 

Some banks may try to absorb all or part of the fee. But some already are making plans to pass it along to the borrower, perhaps via a small increase in the interest rate – about one-eighth of a point – for the refinanced mortgage. 

With today’s super-low mortgage rates, the fee shouldn’t price a lot of borrowers out of the refinance market, said Eric Witczak, executive vice president of Green Bay-based Nicolet National Bank. 

Weekly mortgage rates hit another all-time low as of Oct. 15, at 2.81% with 0.6 points for a 30-year fixed rate term, according to Freddie Mac. 

“Rates are still so incredibly low,” Witczak said, noting the new fee already is being built into Nicolet’s pricing. “I don’t think it’s going to have a big effect at all.” 

But Witczak also said he thinks the fee should have been 0.12% or 0.13% instead of 0.50%, which would have made it less controversial and probably would have let Fannie Mae and Freddie Mac start collecting it more quickly.  

Both Fannie Mae and Freddie Mac, which are government-sponsored enterprises, have been in conservatorship under the Federal Housing Finance Agency since the Great Recession in 2008.   

“They’re seeing banks make so much money and, ‘Hey, how do we get a little something?’ I just think 50 bps (basis points) was kind of foolish because it was such a large splash,” Witczak said. “They haven’t made a nickel on it because they’re making it effective December 1.” 

Chris Boland, vice president-consumer lending manager for Brookfield-based North Shore Bank, said the Adverse Market Refinance Fee could make mortgage refinancing a little less desirable, but not enough to slow down the refi boom. 

“I think given where rates are – they’re pretty attractive right now – I don’t think it’s going to have a direct adverse effect on production at this point.” Boland said. 

Boland said each bank is considering for itself what to do, but it’s likely most will pass the fee along to the borrower. 

Kauffman said Bank of Sun Prairie hopes to “absorb the fee as much as we can,” but he’s also waiting to see how the industry in general handles it. He said it’s a shame the fee has come along at a time when some homeowners could really use a lower monthly payment but might struggle with the addition of a new fee. 

“Right now is a good opportunity where you have families where money is a little tighter than it’s been, and there’s an opportunity for them to refinance and get a lower rate,” he said. “And now you’ve got a $1,000 to $1,400 fee that’s kind of hitting them at a time where it’s tough.” 

The Federal Housing Finance Agency stressed that Fannie Mae and Freddie Mac will exempt refinance loans with balances below $125,000, nearly half of which are comprised of lower income borrowers at or below 80% of area median income. Affordable refinance products, Home Ready and Home Possible, are also exempt, the FHFA said. 

Heather MacKinnon, vice president – legal of the Wisconsin Bankers Association said bankers know the fee is coming and have had internal discussions about whether to absorb it or pass all or part of it on to borrowers. 

“Lenders would also be discussing how the fee will impact their low- and moderate-income borrowers and making plans to ensure they still serve those areas of their marketplace,” she said. 

Nicolet’s Witczak said he thinks the fee will continue through all of next year, and maybe longer. 

“There is talk of rates that are going to stay in this ridiculously low environment for three-plus years,” he said. “There’ll come a time where the fee most likely would go away just from a competitive standpoint when it does affect the amount of business – or maybe it’s reduced to 25 bps. But I would plan on this for the next couple of years probably.” 





Paul Gores is a journalist who covered business news for the Milwaukee Journal Sentinel for 20 years. Have a story idea? Contact him at

By, Eric Skrum

Wisconsin banker Tom Pamperin says the most-welcoming method for a bank to connect with customers seems to have flipped. 

“It used to be technology was the cold and impersonal interaction,” said Pamperin, president and chief executive officer of Premier Community Bank in Marion. 

But today, amid a pandemic in which bank customers – if the bank lobby is even open – must wear a mask, remain separated from employees by plastic barriers, stand at a distance and likely are leery of touching anything, using a mobile app or a video teller has become a lot more appealing. 

“Now which service has become cold and impersonal?” Pamperin rhetorically asked. 

The invasion of the novel coronavirus early this year has changed a lot of business and consumer behaviors, ranging from how we shop to how we’re entertained to how we meet. How we bank also is on that list. 

The need for social distancing to avoid catching or spreading the virus has increased consumer acceptance of technology that some might have continued to shun as long as they could fearlessly walk into a branch and make their transactions. And it appears probable – now that more consumers and businesses have engaged with technology – many of them will keep using it even after the pandemic subsides. 

A report this summer by the accounting and consulting firm Deloitte and the Institute of International Finance said COVID-19 has been a catalyst for adoption of bank technology.  

“Looking ahead, it is abundantly clear digital transformation will not only accelerate, but financial institutions that do not fully embrace digital transformation – and adapt to new ways of working – risk being left behind,” the report stated. 

At a recent meeting of the Federal Reserve Bank of Chicago’s Community Depository Institutions Advisory Council, the consensus among a dozen Midwest bank executives on the panel was that COVID-19 has significantly boosted the use of financial technology, said Douglas Gordon, CEO of Waterstone Financial Inc., the Wauwatosa parent company of WaterStone Bank. 

“The pandemic has really accelerated the digital platform probably by three to five years,” Gordon said. 

Among new adopters of bank technology are people opening accounts, businesses and “even senior citizens who have historically been more averse to it,” he said. 

“They (bankers on the council) think people are getting comfortable with the digital platforms,” Gordon said. “It’s probably a more profitable way to do it. Everybody is looking for cost cutting because net interest margins are slim, being in a zero-interest rate environment.” 

Brookfield-based North Shore Bank installed its first video teller unit in a Kenosha grocery store in late 2014. Today it has almost 30 at 18 locations, mostly in drive-through lanes at branches. At the video teller sites, consumers make transactions while chatting, similar to a Zoom encounter, with a specially trained banker who might be miles away.  

When the pandemic hit and people couldn’t go inside bank lobbies, use of the video tellers quickly grew. 

“All drive-up transactions, but specifically our video teller transactions, just surged,” said Sue Doyle, senior vice president and head of retail banking for North Shore Bank. 

Doyle said all electronic forms of banking, such as mobile banking and person-to-person payments, had been increasing even prior to the arrival of the new virus.  

“COVID just took that trajectory and accelerated it,” she said. 

Ergo Bank in Markesan also uses interactive teller machines, or ITMs, in its market. 

“We were seeing a steady increase month over month prior to COVID, and then when COVID hit and the lobbies got closed down, that technology just took off,” said Kyle Witt, president and CEO of Ergo Bank. 

Even though lobbies have reopened, the use of the ITM video units is up. 

“So people said, “OK, this is nicer than walking in and talking with someone. I can actually talk to someone on the screen. Everything is happening in front of me,’” Witt said. 

Video teller capability also helps the bank cope with staffing issues if one or more employees can’t come to work, Witt said. 

Pamperin said at Premier Community Bank, the mobile app has seen the most growth since the virus appeared. 

“The walking-into-the-lobby experience of a bank – I think that has permanently changed,” he said, noting that having an existing app immediately met the need of customers and didn’t require much marketing. 

“It was a coming together nicely for us to have this product that we’ve had out there for a number of years now and many people were using it,” he said. “But we had kind of plateaued in acceptance of it or new application of it by our customer base. And now it’s just exploded.” 

Paul Gores is a journalist who covered business news for the Milwaukee Journal Sentinel for 20 years. Have a story idea? Contact him at

By, Ally Bates

“The new normal is here to stay. Technology is the new normal in banking!”
Marcia (“Marci”) Malzahn, president & founder of Malzahn Strategic

Banks that had been consistently working to improve and update their online systems and platforms were more prepared for the sudden onslaught of customers, both business clients and consumers, who needed to utilize those tools in order to conduct their banking business during the height of the COVID-19 pandemic. 

There are a variety of methodologies to use for innovation, but Malzahn boils it down to three main action steps: 

  1. Adopt an open mindset – “If you’re not open to new ideas and ways of doing things, you won’t be able to move forward and will remain stagnant,” Malzahn explained. “Be open to new ideas from everyone, employees, customers, the community, regulators, and competitors such as fintechs.”
  2. Form an Innovation Strategic Committee – Malzahn recommends establishing a formal Innovation Strategic Committee charged with sorting through all new ideas and systematically determining which are a good fit for your institution. The Committee may also be responsible for creating the action plan for implementing new ideas. 
  3. Assess each initiative’s risk before committing – For each new potential project, banks should conduct a thorough risk assessment, including implementation timeline and costs, vendors to partner with, and the new risks and opportunities the idea brings. 

Of the three, Malzahn says #1 is the most important for banks to be successful at innovation. 

With that three-step framework in mind, banks can begin looking for areas of the institution ripe for innovation. Malzahn suggests two possibilities: Enterprise Risk Management (ERM) and Treasury Management. 

The pandemic triggered all risk categories into high alert, especially credit, technology (with increased cyber risk), operations, compliance, liquidity, interest rate risk, and human resource risk, according to Malzahn. “Now is the time to complete your ERM program and automate all the processes you can to ensure you stay on top of managing all the risk categories at the same time,” she said. 

Banks should integrate ERM into their strategic plan, and Malzahn suggests doing so by including the responses to two questions in the plan: 

  1. What are the new risks coming to our organization because of our new strategic objectives? – This question should be asked when the bank defines its top strategic goals during the planning phase. 
  2. What are our strategies to mitigate the top risks that can impact our bank? – This question should be asked after the bank conducts an ERM Risk Assessment and prioritizes its top risks. 

When integrating ERM into the strategic plan, Malzahn advises bankers keep a broad view of their risks, since all risks are connected. “Your reputation, capital, and earnings risk, in the end, are affected by all the other risks,” she said. 

Treasury Management is another key area of opportunity for innovation, according to Malzahn. “Treasury Management is one of the most important tools you can use to respond to the increased pressure to grow non-interest fee income and to increase core deposits,” she explained. Another reason to invest in innovative treasury management solutions is to deepen (or build) client relationships with the next generation of business leaders. “The new generation may be more open to utilizing the technology banking products you offer,” Malzahn said. In addition, banks should be prepared to offer at least one digital payment solution via treasury management to their clients as that sector continues to grow. 

Malzahn offered one major caveat to innovation. Before launching any new change initiative, bank leadership should pause to assess their staff’s current ability to navigate the challenges of the endeavor. Community banks across the country just underwent a period of massive change and innovation in order to process Paycheck Protection Program (PPP) loans for their customers, stepping up to innovate in operations and systems to accommodate continual changes. 

Many bankers worked nights and weekends to ensure their clients would have access to PPP funds while simultaneously adjusting to the pandemic’s disruptions to their personal lives. “I encourage bank leaders to keep an eye on their employees to ensure there is balance between serving the bank clients with excellence and taking care of your most precious assets, your employees,” Malzahn said.

By, Ally Bates

Consumer adoption of digital payment methods has grown steadily for decades, and social distancing requirements amid the COVID-19 pandemic kicked that transformation into high gear. Community banks can position themselves for success by keeping abreast of developments in faster payments and strategically implementing solutions to continue delivering the exceptional customer experience for which they are known. 

Annual digital payments transactions are projected to top $1.5 trillion from nearly 280 million users by 2024. With the increase in volume and users has come elevated consumer expectations. “Consumers are operating in a faster payments world,” said Tina Giorgio, AAP, president and CEO of ICBA Bancard. Today’s consumers experience instant gratification in so many of their consumer-business interactions, it has become a standard which applies even to industries like finance. Consumers and business clients alike now expect to be able to pay friends or suppliers, settle bills, and transfer money whenever and wherever they choose.  

Giorgio will be presenting at the upcoming WBA Management Conference. Join us Sept. 15 for her session on the why, when, and how of a community bank’s digital payments strategy. Click here to register your entire team for one low price!

Since its inception, the applications for faster/real-time payments have continued to expand. “The use cases around faster payments are changing faster than the technology,” said Giorgio. A 2015 Deloitte study outlined five main categories: business to business, business to consumer, consumer to business, domestic peer to peer (P2P), and cross-border peer to peer. Of these five, the fastest growing (in the U.S.) is domestic P2P, with over 20 different application vendors in the market.  

One of those vendors, PayPal, reported a 29% jump in year-over-year volume in Q2 2020 and added 21.3 million net new active accounts (the strongest quarter for that measure in PayPal’s history). Of course, some of this growth can be attributed to COVID-19. “P2P is growing exponentially, even more so since the pandemic began,” Giorgio explained.  

In addition to P2P, banks should also consider applicable use cases in B2B, including a simplified vendor/supplier payment system, which currently involves purchase orders, invoices, checks, ACH, and other individual payment transactions.  

As faster payments technology develops, community banks have two primary roles to play, according to Giorgio. First, and most important, is staying informed and delivering value from new developments to customers. Second is participating in industry groups—such as the U.S. Faster Payments Council and the Federal Reserve’s Payments Improvement Community—to provide perspective and representation on issues affecting the industry and community banks, specifically.  

Implementing Faster Payments: Why, and How? 

Customer retention and enhanced customer experience are the two primary benefits for banks that implement faster payments solutions, according to Giorgio. “Having that available when it’s needed is a huge advantage,” she said. For example, to a small business that needs to deliver payroll but is experiencing cash-flow issues due to COVID-19, the ability to send funds instantly rather than days in advance is a liquidity live-saver. 

FedNow Service webinar scheduled 
FRB Services has scheduled a one-hour informational webinar on its FedNow instant payment service for Wednesday, Sept. 9, at 1:00 p.m. CT. Interested parties must register and submit any questions in advance. 

Despite growing competition from non-traditional lenders, consumers still look to their trusted financial services provider for payments services.  “If the bank offers a digital wallet or P2P solution, their customers will use the bank’s product rather than a fintech’s. “That’s the power of a pre-existing relationship,” Giorgio said. Those comments are supported by research from Ernst & Young which noted roughly 60% of consumers would turn to their existing bank first when considering a new financial services product.  

When it comes to implementing faster payments products and services, community banks must clear three hurdles:  

1: Define the strategy: Pursuing every faster payments product on the market isn’t feasible, so defining a strategic direction is essential to getting it right. “There’s so much out there, you have to figure out what your customers’ priorities are so you’re spending time and money on the right solutions,” said Giorgio. If your bank is just getting started in faster payments and you’re looking for the most critical first step, Giorgio recommends establishing the ability to accept faster payments. “Even if you’re not ready to start originating faster payments, you should determine what you need to do to be able to receive those transactions. Not having the ability to receive payments puts your customer relationships at risk.” 

2: Integrating tools: Banks rely on a core service provider, along with a collection of platforms and tools to deliver services and information to customers, so it’s critical to ensure any new faster payments technology integrates with essential legacy systems. “Interoperability is a challenge,” said Giorgio.  

3: Affordable Access: Finding a solution that is both functional and affordable for the institution and its customers can also be challenging. Fortunately, more banks have a wider array of technology partners to choose from as more legacy core systems shift toward interoperability as the default. “Many of the cores are now starting to open up their systems and allow integration through application interfaces [APIs], which allows banks to select any provider of a solution and integrate it into the core,” said Giorgio. This gives banks greater ability to find a partner that meets both quality and pricing requirements.  

With the faster payments landscape continuing to evolve, now is the time for community banks to leverage their relationships with technology partners and their own deep understanding of their customers to bring the high-tech, high-touch banking experience that will continue to differentiate them in the years ahead and deliver the services that their customers rely on.  

Seitz is WBA operations manager and senior writer.  

ICBA is a WBA Gold Associate Member.

By, Amber Seitz

You’ve heard it before, and chances are you’ll hear it again: the branch is dying. If that’s true, why are so many financial institutions investing in their branch networks, either through remodeling or new construction? 

The answer: the branch is more than a building—and it always has been. Community banks connect with their customers and neighbors through their branch networks. Those networks are evolving to meet the needs and preferences of a new generation of customers, but branches are still an essential channel for delivering banking services. 

At a virtual session held during Fiserv’s Forward Forum in July, Connected Experiences: Branch Transformation Trailblazers Blend Talent and Technology, Fiserv Senior Product Manager David Johnson, who leads product management for self-service banking automation, explained that existing branch optimization challenges have evolved further in 2020 due to the pandemic, but that transforming their branches is a successful strategy banks can use to adapt. “Finding the next normal of service delivery falls squarely in the realm of branch transformation,” he said. “The changing nature of our interactions changes how we deliver products and services to customers.” 

Branches are designed to provide the best customer experience possible, but what constitutes the “best experience” has changed over time. According to new research from Fiserv (July 2020), since the pandemic began 33% of survey respondents had increased use of mobile payment apps, 27% increased use of mobile check deposits, and 46% do not plan to visit a branch within 30 days. Many of these trends started before anyone had heard of COVID-19, but the pandemic has accelerated and magnified their impact. 

To get a close-up look at what tomorrow's branches are designed to do, WBA spoke with five member banks that recently opened a new or renovated branch. 

State Bank of Cross Plains 

New branch location: Middleton 
Opened: May 30, 2019 

Peoples State Bank, Wausau 

New branch location: West Allis 
Opened: March 11, 2020 

Denmark State Bank 

New branch location: Sheboygan 
Opened: Feb. 17, 2020 

Bank First, Manitowoc 

New branch location: Oshkosh 
Opened: Jan. 6, 2020 

Bay Bank, Green Bay 

New branch location: Keshena, Menominee Reservation/County 
Opened: December 2020 (anticipated) 

While diverse in how they accomplish it, each of these banks’ branch investments exemplifies how the industry can build a new recipe for branch success. Some key ingredients: 

1: Strategic Growth 

New branches follow growth, not the other way around. Many new offices open because the bank’s strategic plan calls for organic growth and senior leadership has identified the community as an opportunity. For example, Peoples State Bank President/CEO Scott Cattanach said the bank made a strategic decision to pursue new market growth, and because they had already achieved significant market share in their home footprint of northern Wisconsin, they began looking to other areas of the state for opportunities. “From a broad perspective, we were looking to break into a higher-growth area of Wisconsin,” he explained. “Though we started it as a loan office, we always intended for it to become a full-service branch, because that’s when we, as a community bank, are most effective.” 

Sometimes that location is specified in the plan itself, as is the case with Bay Bank’s newest branch in Menominee County. “This branch is executing on our strategic plan,” said Bay Bank President Jeff Bowman. “It’s in writing in our plan that we will assist other tribal communities of Wisconsin.” In doing so, Bay Bank is bringing the first full-service bank branch to Menominee County, which was the only one of Wisconsin’s 72 counties that did not have a bank branch. 

2: The Right People 

“A lot of this centers around the people we hired,” said Denmark State Bank President and CEO Scot Thompson. “Without the right people, it’s difficult to grow.” The same pattern emerged, in most cases, for the launch of a new branch location. After determining which market was the best fit to target, the bank built relationships with key individuals in that market who then built up a portfolio of accounts, and eventually the community expressed demand for a full-service branch. “It’s part of our strategy and it all starts with people,” said Bank First CEO Mike Molepske. “Assemble a team, build some accounts, then open a branch.” 

By building the new branch’s team from within the community, the bank not only leverages existing client connections, but also demonstrates its commitment to bolstering the local economy, which can be a considerable component of success. “We’ve made the commitment to hire and train members of the Menominee community to work at the bank,” said Bowman. “We will create some new local jobs and launch some new careers in banking.” 

3: Community Engagement 

Investment in a new branch demonstrates the bank’s strength and ability to serve the community. “When you build a significant building on a significant corner—100,000 cars drove by daily, before COVID—it's a sign of the bank’s success and strength,” said State Bank of Cross Plains President & CEO Jim Tubbs. “Beyond it demonstrating an investment in the community, it shows that things are going well.” 

The physical presence of a branch is also how banks forge a connection with a new community. “People bank with people,” Thompson explained. “It’s a relationship you build over time. There is a benefit to still having face-to-face communication along with automation and technology. That’s where community banking has its niche.” The hallmark of community banking is relationships, and branches facilitate that advantage. “If we can’t deliver a personal touch we can’t deliver our best value,” said Cattanach. “We’re only successful if our customers are successful.” 

Also, each bank highlighted the goal of community engagement and support in talking about the motivation for the new branch. “Over the long haul, we will be able to increase home ownership, play a role in developing new housing, and providing access to capital in the form of small dollar consumer loans and small business loans,” explained Bowman. “We have 25 years of experience making mortgage loans on Tribal land. We’re transferring that unique skillset to a new community.” 

4: Brand with the Building 

Tubbs said the new State Bank of Cross Plains building was designed to communicate the bank’s tremendous commitment to the city of Middleton. “I believe, especially in the community bank space, the branch network is much more than a channel to do business with your customers,” he explained. “It’s a recognition of your brand and a huge part of your marketing for your organization.” 

Bank First’s newly opened branch in Oshkosh was designed with lots of natural light, built with recycled materials, and decorated with artwork from local artists, just like Bank First’s other branches, which means customers know what to expect when they walk in. “Whether it’s new or retrofitted, it needs to fit our brand,” Molepske explained. “When you walk into the building, you feel comfortable. It feels strong and professional. It’s a great place for customers to visit and our employees to work in.” 

With less foot traffic in branches, every interaction counts more. “You have to provide what consumers are looking for,” said Cattanach. “That requires your staff to be more multifunctional.” Universal bankers and ITMs are part of that transformation and are (or will be) featured at many of the new branches highlighted in this article. The ITM is a good example of the dichotomy of current customer demand; they want high-tech digital solutions and the ability to meet face-to-face with a trusted advisor. “Especially in the Midwest, a significant part of our customer-base still wants to come to the bank,” said Tubbs. “Without a doubt technology has changed people’s habits, but there’s still that desire.” 

A recent global survey by Deloitte showed consumers prefer to visit a bank branch for more complex banking services, such as opening an account, and this preference is fairly similar across generations: 64% of Baby Boomers, 54% of Gen Xers, 48% of Millennials, and 56% of Gen Z consumers surveyed said they prefer to visit branches when opening a new checking account. Despite branch traffic trending down, this shows the value of a branch—and its ability to deepen customer relationships—grows over time. “A new location is an investment,” said Thompson. “It doesn’t turn around Day One or even Year One. It's an investment in future growth and income.” 

So, while bank clients of all ages may visit branches less often—as few as five times per year according to some surveys—most don’t want branches to go away. “The branch will be with us forever,” said Molepske. “It’s the heart of community banking.” 

Seitz is WBA operations manager and senior writer.

By, Amber Seitz

P2P payment apps, mobile deposit, digital account opening, APIs… 

Since the advent of the ATM, it seems banks have been caught in a constant battle of technology one-upmanship, with community banks struggling to keep up with larger firms (and nonbanks like Amazon and Google) as they sprint ahead. For community banks, “winning” the tech battle requires building a vision of the future, not inventing something brand new. 

“Community bankers hear ‘innovation’ and think they need to invent something completely new,” said Trent Fleming, principal of Trent Fleming Consulting. “But their core competency is not invention, it’s personalized service.” Truly knowing and understanding their customers and their communities is the foundation community banks have built on for nearly two centuries. With the pace of technological change increasing at an exponential rate, what knowing and understanding the customer looks like has changed as well. Fortunately, community banks don’t need to be on the bleeding edge in order to deliver quality customer service. “The tendency is to look for the next really cool product, but the next really cool product is better delivery of the customer’s financial information,” Fleming explained. “Focus on improving your customers’ access to their own information so their quality of life improves.” 

To hear more from Fleming about creating a vision for your bank’s technology future, including the latest on emerging products and trends, attend the upcoming WBA Secur-I.T. Conference! Now fully virtual (it’s a tech conference, after all!), the conference will span two days and feature seven hours of presentations, networking opportunities, a vendor showroom, and more. Join your peers at the only Wisconsin technology event by and for bankers on Sept. 22-23! Visit to learn more and register. 

If they don't have one already, bank leadership should begin creating their vision today, but with the customer at the center. The best question to start with, according to Fleming, is Are we preparing for our next customer-base? 

Bank leaders should closely examine demographic and commercial trends in their geographic footprint. In five years, what will the neighborhood around the branch look like? Will it still be retail and suburban, or will there be a shift to industrial? What’s happening with the population regarding age, race, and level of education? “It’s not just who your customers are, but what lines of business they’re in, the footprint, and what kinds of products and services they’ll need,” Fleming explained. “That helps you plan for what kind of institution you’ll be and how you’ll serve today’s and tomorrow’s customers.” 

Tactics for Post-Pandemic Banking 

With their strategic vision to guide them, bank leaders should build their bank’s future with the following best practices in mind: 

1: Implement Fast 

The biggest difference between banks with more than $15 billion in assets and those with less, according to Fleming, is the speed at which they can roll out new technology. Fortunately, community banks don’t need to develop and implement with lightning speed. “Most banks have access to what they need, they just haven’t implemented it,” said Fleming. By working with the third-party vendors they already have, many banks will find they can better leverage the tools they have available to them. “You need to aggressively embrace technology, because that’s what your customers are doing,” said Fleming. 

2: Keep Momentum Going 

The COVID-19 pandemic has caused massive disruption in nearly every area of life, but Fleming says the behavior changes it forced upon consumers should be encouraged if they are beneficial. “Going forward, banks should make sure they capture the value of changed customer behavior,” he said. “Slipping back into business-as-usual is the single biggest mistake banks could make.” One area ripe with opportunity for improving customer experience and bank efficiency is scheduling. “Smaller banks will innovate in offering appointment scheduling,” Fleming predicted. “Whether it’s online or in-person, scheduling driven by the customer is a huge opportunity.” 

3: Fill in Gaps 

In the pandemic’s wake, banks should reassess their branch strategy and where they have opportunities to meet new customer needs. “It’s important banks identify where they have gaps between what they offer and what customers want,” Fleming advised. Especially for the next generation of bank customers, face-to-face interaction isn’t the first choice. Fleming suggests cultivating more “invisible loyalty.” “A customer who only uses the bank’s remote channels can be as loyal and more profitable than a customer who you see all the time,” he explained. “The customer you see often isn’t taking advantage of your offerings.” 

4: Prioritize CX 

Banks should fiercely prioritize customer experience (CX). “The core of banking hasn’t changed,” Fleming said. “What will change is the quality of the delivery of information, giving customers what’s relevant for their current situation.” By knowing and delivering exactly what each customer is looking for, banks can grow satisfaction and loyalty. “The less time a customer spends successfully completing their banking business, the more satisfied and loyal they will be,” said Fleming. “Banks need to embrace and prepare for that concept.” 

5: Engage Employees 

To get ROI on investments in technology products, banks need to achieve high adoption and usage rates among customers. Fleming says knowledgeable, enthusiastic employees are the best way to achieve that. “Have employees use and adopt the new technology themselves, because that’s how they become knowledgeable about it,” he said. “It takes some training effort, but you’ll see customer adoption go up by a quarter to a third.” Another method is to empower an employee who shows great aptitude by naming him or her the Virtual Branch Manager—a position Fleming says shows current and potential customers that the bank isn’t looking at digital as an afterthought. 

Seitz is WBA operations manager and senior writer.

By, Amber Seitz


Outsourced Third Party (Vendor) Risk Management is a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet with their expectations needs to be a priority for financial institutions. When you outsource, you are placing your confidential customer information in someone else’s hands along with the availability and security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, availability and security of the information making this Program a crucial part of your overall Information and Cyber Security Program.

Demonstrating the importance of this Program, the OCC and the FRB both issued updated guidance relating to third party relationships in October and December of 2013, respectively while the FDIC reissued its Technology Outsourcing Informational Tools in April of 2014. Then on February 6, 2015, the FFIEC released an update to the Business Continuity Planning Handbook adding Appendix J: Strengthening the Resilience of Outsourced Technology Services. On November 14, 2019, a revised Business Continuity Planning handbook was released that addresses: Third Party Management, Third Party Capacity, Testing with Third-Party Technology Service Providers, and Cyber Resilience. The FFIEC Cybersecurity Assessment Tool (CAT) also includes declarative statements relating to Outsourced Third Party Risk Management practices. Susan Orr has assisted numerous institutions with developing their Outsourced Third Party Risk Management Program and will share her insights into developing an effective program in this webinar.

What You Will Learn
FFIEC agencies expectations for your Program
The latest guidance:
November 2019 BCP Handbook
Appendix D of the FFIEC Outsourced Technology Services Handbook
FFIEC Supervision of Technology Service Providers, September 2012
FDIC April 2014 Tools to Manage Technology Providers Informational Brochures
OCC October 2013 Third Party Relationships
FRB December 2013 Guidance on Managing Outsourcing Risk
Classification and Risk Rating criteria
Required Program elements and essentials
Needs Assessment
Due Diligence/Selection
Risk Assessing

Who Should Attend?
Senior Management, Information Security Officers, Compliance Officers, Risk Managers, IT Managers, Operations Managers.

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist banks in developing and updating policies and procedures and risk assessments, performing third party risk management, and facilitating testing and training. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).

Registration Options
Live Plus Five (days) – $265
OnDemand Recording – $295
CD-ROM – $345
Live Plus Six (months) – $365
Premier Package – $395

Risk assessments are an essential element of overall risk management along with providing the basis for many of your policies, plans, and programs like your information security program, audit program, and business continuity plan. The basis for the risk assessment mandated by GLBA in 2000 was initially thought to be oriented to IT, thus the requirement for an IT Risk Assessment after all it is the IT examiners that are evaluating it. However, today the focus has shifted to an enterprise-wide information security risk assessment that encompasses the entire organization where IT is a key component. Even today, the content of this risk assessment continues to cause some confusion and the fact that the regulators do not prescribe to any specific format, only content, many organizations are finding their assessment being criticized during their exams and audits; and then add the requirement for a cyber security risk assessment to the mix! How can anyone keep it all straight?

Performing risk assessments is a prominent requirement with just about everything you do today. A properly structured enterprise-wide information security risk assessment will not only help you focus your resources and budget dollars where they are needed, but provide the basis for your information security program and IT audit program. The right approach will also get you off to a running start on your all those other risk assessments you need to complete. This presentation will provide an approach for developing an enterprise-wide information security risk assessment and a framework that can be adapted to the other numerous risk assessments now required.

What You Will Learn
What is meant by enterprise-wide?
Where do I start?
Can I outsource the risk assessment?
Is there an approved format or template?
Understanding the difference between IT and enterprise-wide risk assessments
Simplifying the approach
Developing a matrix

Who Should Attend?
Anyone responsible for developing a risk assessment or leading a risk assessment team.

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist banks in developing and updating policies and procedures and risk assessments, performing third party risk management, and facilitating testing and training. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).

You may contact Susan by phone or email: 630.248.7788 or

Registration Options

Live Plus Five (days) – $265
OnDemand Recording – $295
CD-ROM – $345
Live Plus Six (months) – $365
Premier Package – $395

You already know how remote deposit capture works, but do you understand the associated risks? This webinar will explain the legal side of RDC, including the potential liability to your institution. It also will analyze the legal agreements you should be using and the disclosures you should be making regarding remote deposit capture. RDC technology is easy compared to the legal aspects involved. Join this webinar to get a handle on the risks, liability, and best practices.

Attendance certificate provided to self-report CE credits.

Distinguish the parties involved in the remote deposit capture (RDC) process and the responsibilities of each
Identify the risks and potential liability to your institution from remote deposit and mobile devices
Implement prudent policies and procedures to reduce the risk to your institution
Understand the agreements/disclosures that are legally required, and the additional agreements/disclosures that will provide added protection for your institution
Explain the differences between remote deposit capture, remotely created checks, and imaged cash letters

This informative session is designed for deposit operations personnel, consumer and commercial account managers, compliance officers, security officers, technology personnel, attorneys, and other staff involved with RDC.

FFIEC’s guidance Risk Management of Remote Deposit Capture
Employee training log
Interactive quiz

ABOUT THE PRESENTER – Elizabeth Fast, JD & CPA, Spencer Fane LLP

Elizabeth Fast is a partner with Spencer Fane Britt & Browne LLP where she specializes in the representation of financial institutions. Elizabeth is the head of the firm’s training division. She received her law degree from the University of Kansas and her undergraduate degree from Pittsburg State University. In addition, she has a Master of Business Administration degree and she is a Certified Public Accountant. Before joining Spencer Fane, she was General Counsel, Senior Vice President, and Corporate Secretary of a $9 billion bank with more than 130 branches, where she managed all legal, regulatory, and compliance functions.

Live Webinar Access – $245
On-Demand Access + Digital Download – $245
Both Live & On-Demand Access + Digital Download – $320

October 3-7, 2022
Fluno Center for Executive Education
Madison, Wisconsin
Enrollment Deadline: September 6


Online bank fraud has been described as epidemic, with numbers that are staggering — it’s estimated that U.S. banks lose $1.5 billion to phishing attacks annually. Consider also that mobile devices are now ubiquitous and hackers are getting ever-more sophisticated in their ability to gain access to sensitive data and it’s clear that there is a need for proactive IT security offense and defense to stop attacks including phishing, malware, coordinated denial of service attacks, hacktivist breaches and more. The threats to the banking sector are multiple and significant — both financially and reputationally. Today’s bank customer is rightfully concerned about online banking fraud and studies show that the majority of customers would change banks if they became a victim of fraud at their current institution. Security breaches not only cost significant dollars, but they also erode consumer trust. Being proactive is key.

Don’t miss this innovative school that’s designed by, and especially for, information security officers in the financial industry. This state-of-the-art program will broaden your understanding of the business of banking including key drivers of bank profitability, along with an in depth, interactive and hands-on study of the latest IT security techniques and strategies.

The school uses a mix of lecture, small group discussions and interactive computer labs. The hands-on, computer-based simulation labs will allow you to explore penetration and vulnerability testing, security attacks, early detection of data breaches and more. You’ll spend class time diving deep with IT security experts and knowledgeable colleagues who will become a network to call upon for years to come. Apply today to take advantage of this opportunity to learn from experts in the banking industry about today’s key issues in information assurance.


Whether you’re a veteran Information Security Officer or new to the IT security field, this powerful program will give you the skills and knowledge to effectively secure your bank’s and your customers’ most sensitive information.

Click More Information to view the full school details on

In this comprehensive webinar, Excel expert David Ringstrom, CPA, teaches you how many Excel functions and features can be used to create adaptable and easy-to-maintain budget spreadsheets. David explains how to separate inputs from calculations, build out a separate calculations spreadsheet, create both an operating and a cash flow budget, transform filtering tasks, preserve key formulas, and more.

David demonstrates every technique at least twice: first, on a PowerPoint slide with numbered steps, and second, in the subscription-based Microsoft 365 (formerly Office 365) version of Excel. David draws your attention to any differences in the older versions of Excel (2019, 2016, 2013, and earlier) during the presentation as well as in his detailed handouts. David also provides an Excel workbook that includes most of the examples he uses during the webcast.

Microsoft 365 is a subscription-based product that provides new feature updates as often as monthly. Conversely, the perpetual licensed versions of Excel have feature sets that don’t change. Perpetual licensed versions have year numbers, such as Excel 2019, Excel 2016, and so on.

Covered Topics

Accessing free downloadable budget templates that can be customized as needed.
Avoiding the complexity of nested IF statements with Excel’s CHOOSE function.
Building operating budgets quickly based on detailed supporting schedules that provide an audit trail.
Crafting formulas to compute gross margins, projected sales, commissions, and related amounts.
Employing the SUMIF function to sum values related to multiple instances of criteria you specify.
Improving the integrity of budget spreadsheets by isolating all inputs to a single worksheet.
Improving the integrity of spreadsheets by using SUMIF to look up values in a more flexible fashion than VLOOKUP.
Improving the integrity of spreadsheets with Excel’s VLOOKUP function.
Learning how the Table feature empowers you to improve the integrity of Excel spreadsheets.
Mastering the IFERROR function to display alternate values in lieu of a # sign error.
Navigating directly to inputs by using Excel’s Name Box, and then returning to the previous location in the workbook via the Go To commmand.
Preserving key formulas using hide and protect features.

Who Should Attend
Practitioners seeking to build budget spreadsheets that can be updated effortlessly and contain easy-to-follow supporting calculations.

David H. Ringstrom, CPA, is an author and nationally recognized instructor who teaches scores of webinars each year. His Excel courses are based on over 25 years of consulting and teaching experience. David’s mantra is “Either you work Excel, or it works you,” so he focuses on what he sees users don’t, but should, know about Microsoft Excel. His goal is to empower you to use Excel more effectively. To learn more about David, you can view his LinkedIn profile and follow him on Facebook or Twitter (@excelwriter).

Registration Options

“Live” Web connection – $265
6-month “OnDemand” website link only – $295
CD-ROM and e-materials only – $345
Live plus OnDemand website link – $365
Premier Package: Live, OnDemand link, and CD-ROM plus – $395

Excel expert David Ringstrom, CPA, shares a variety of tricks and techniques you can use to create and automate Excel charts in this informative session. He covers several helpful features Excel offers, including the Recommended Charts feature, the Sparkline feature, and the PivotChart feature. In addition, David shows you step-by-step how to avoid repetitive formatting, create self-updating chart titles, summarize data based on a single criterion, and liven up your charts with clip art.

David demonstrates every technique at least twice: first, on a PowerPoint slide with numbered steps, and second, in the subscription-based Microsoft 365 (formerly Office 365) version of Excel. David draws your attention to any differences in the older versions of Excel (2019, 2016, 2013, and earlier) during the presentation as well as in his detailed handouts. David also provides an Excel workbook that includes most of the examples he uses during the webcast.

Microsoft 365 is a subscription-based product that provides new feature updates as often as monthly. Conversely, the perpetual licensed versions of Excel have feature sets that don’t change. Perpetual licensed versions have year numbers, such as Excel 2019, Excel 2016, and so on.

Covered Topics
Adding/removing chart features rapidly by way of the improved chart interface in Excel 2013 and later.
Applying a consistent look and feel to your charts by way of chart templates.
Building a basic chart within an Excel worksheet.
Building a Thermometer chart for use in fund drives and other goals as a means of exploring lesser-known chart options.
Converting a chart to a static picture for archival purposes or for use in other applications.
Creating pivot charts from lists of data in Excel.
Creating rolling charts that automatically display data for the last five years, six months, or whatever time frame you choose.
Displaying data on two different axes with Combo charts in Excel 2013 and later.
Duplicating the formatting of one chart into a second chart.
Eliminating the need to manually resize charts when data is added—automate this with tables instead.
Enlivening charts with clip art.
Illustrating financial statements with the Waterfall chart in Excel 2016 and later.

Who Should Attend?
Practitioners who can benefit by creating and automating Excel charts.

David H. Ringstrom, CPA, is an author and nationally recognized instructor who teaches scores of webinars each year. His Excel courses are based on over 25 years of consulting and teaching experience. David’s mantra is “Either you work Excel, or it works you,” so he focuses on what he sees users don’t, but should, know about Microsoft Excel. His goal is to empower you to use Excel more effectively. To learn more about David, you can view his LinkedIn profile and follow him on Facebook or Twitter (@excelwriter).

Registration Options
“Live” Web connection – $265
6-month “OnDemand” website link only – $295
CD-ROM and e-materials only – $345
Live plus OnDemand website link – $365
Premier Package: Live, OnDemand link, and CD-ROM plus – $395

There are three phases to creating an Information Security Program for financial institutions: 1) planning and preparation, 2) implementation, and 3) testing and verification. When it comes to testing your ISP, one of the big questions you should ask – both of yourself and your auditor(s) – is “where does our risk really lie?” Are you testing your ISP because you have to, or are you testing your ISP because you really want to protect your institution and your customer’s data from a cyber attack?

Covered Topics

People, Process, and Technology
Minimum Requirements for Testing Your ISP
Best Practices for Testing Your ISP
Reactive Testing vs. Proactive Testing
Additional Security Testing to Consider

Who Should Attend?
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CIO, and Executives looking to understand the Cybersecurity Assessment process, common weaknesses in controls, and how to address them.

Cody Delzer, CISA, CDPSE, is a SVP Information Security Consultant for SBS CyberSecurity, LLC of Madison, SD who has a Bachelor of Science Degree in Computer and Network Security from Dakota State University and 13 years’ experience in IT and IT Security; 3 years in Systems Operations and 10 years in Information Assurance. Cody has worked with over 300 Financial Institutions and other private industry organizations across the United States.

Registration Options

“Live” Web connection – $265
6-month “OnDemand” website link only – $295
CD-ROM and e-materials only – $345
Live plus OnDemand website link – $365
Premier Package: Live, OnDemand link, and CD-ROM plus – $395