WESTERNBANKER - WESTERN BANKERS ASSOCIATION
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WesternBanker ISSUE 3 2021 A P U B L I C AT I O N O F W E S T E R N B A N K E R S A S S O C I AT I O N WHAT’S INSIDE: 12 14 18 BOARD GOVERNANCE: RECENT LABOR LAWS LEADERSHIP IN TIMES CYBERSECURITY RISK IN CALIFORNIA: OF CHANGE WHAT BANKERS NEED TO KNOW
Promontory Interfinancial Network has a new name... And our product names have changed, too. CDARS and ICS deposit solutions are ® ® now IntraFi Network Deposits , and SM SM CDARS and ICS funding solutions are called IntraFi Funding . SM IntraFi Network Deposits can help your institution manage its balance sheet and provide its customers with access to millions in FDIC insurance. And, we still offer our full range of wholesale funding solutions. IntraFi Funding offers flexible funding solutions to help banks of all sizes meet planned or unexpected needs, regardless of their liquidity position. Same great products. New names. IntraFi.com Use of IntraFi Network Deposits and IntraFi Funding are subject to the terms, conditions, and disclosures set forth in the applicable program agreements, including the IntraFi Participating Institution Agreement. IntraFi, Network Deposits, IntraFi Funding, and the IntraFi logo are service marks, and ICS and CDARS are registered service marks, of IntraFi Network LLC.
Contents ISSUE 3 2021 P.16 P.10 FEATURES DEPARTMENTS 8 Though Achievements Are Many, 6 Message From WBA President the Industry Has Much Work Remaining and CEO Stephen G. Andrews 10 Legislative Sessions Underway in Washington, D.C., 30 2021 WBA Advertiser Index and Sacramento 12 Board Governance: Cybersecurity Risk 14 Recent Labor Laws In California: What Bankers Need to Know 16 How WBA Provides Resources P.18 to Bank Human Resources Teams 18 Leadership in Times of Change 20 How to Prevent Common Hacking Attacks in Your Bank 24 Member Profile 25 Member Updates 28 Ask The Compliance Guru View this issue and past issues of WesternBanker online any time at www.westernbankers.com WesternBanker is the official publication of Western Bankers Association. Western Bankers Association, 1303 J Street, Suite 600, Sacramento, CA 95814, P: 916-438-4400/F: 916-441-5756, Email online at www.westernbankers.com. ©2021 Western Bankers Association | NFR Communications, LLC. All rights reserved. WesternBanker is published six times each year by NFR Communications, LLC for Western Bankers Association and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and member education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of Western Bankers Association, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. WesternBanker is a collective work, and as such, some articles are submit- ted by authors who are independent of Western Bankers Association. While Western Bankers Association encourages a first-print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. Graphic Art: © iStockphoto.com/ themacx; Jirsak; XiXinXing; matejmo; grandeduc; Peopleimages; Rawpixel; trekandshoot 4 www.westernbankers.com | WesternBanker
Message From WBA President and CEO Stephen G. Andrews Stephen G. Andrews President and CEO Western Bankers Association SAndrews@westernbanker.com Like most of you, the WBA is taking a thoughtful and deliberate approach in developing our return to work strategy. We are also looking forward to our upcoming in-person events and reconnecting with our members. Nation, and WBA, On Path Toward Normalcy A fter more than a year of business closures and strategy. We are also looking forward to our upcoming quarantines, it seems that we have finally turned a in-person events and reconnecting with our members. In corner with the COVID-19 pandemic. The Center August, we will host the 2021 Education Summit at the for Disease Control and Prevention recently issued new Hyatt Regency Huntington Beach. This three-day event guidance allowing “fully vaccinated people (to) resume will feature expert speakers who will give in-depth pre- activities without wearing a mask or physically distanc- sentations on relevant and timely topics including CECL, ing with some exceptions.” In addition, California’s Gov., cybersecurity, cannabis banking, legislative updates, the Gavin Newsom, announced his intent to reopen the state economy and much more. on June 15. What the California “reopening” will look In September, we will host our Annual Convention at the like depends on vaccination and infection rates. It is ex- Fairmont Orchid on the Island of Hawaii. This premier pected that mask requirements, social distancing protocols event will feature a golf tournament, keynote speakers, and capacity limits will remain. However, the good news one-on-one meetings with regulators and dynamic ses- is that businesses are reopening, and the economy is begin- sions. We are pleased that we already have strong registra- ning to bounce back. tion numbers and sponsor support. Like most of you, the WBA is taking a thoughtful and Looking beyond September, the Regulatory Compliance deliberate approach in developing our return to work and Cannabis Forum will be held in October at Caesars 6 www.westernbankers.com | WesternBanker
Palace in Las Vegas, and in November the Lenders and We hope that you will participate in the Engage forum Chief Credit Officers Conference will be held at the Ritz by asking questions, providing feedback and sharing Carlton Laguna Niguel in Dana Point, Calif. We hope experiences and information. With your participation you will mark your calendars for these important profes- Engage will be a thriving community and resource for sional development opportunities. WBA members. As we look ahead to 2022, we are planning to move for- On the membership front we are pleased to congratulate ward with a hybrid event schedule including both in-per- Paul Simmons who is celebrating his 50th year with the son and virtual events. Although we are concerned about First Federal Savings & Loan of San Rafael! Paul started “Zoom fatigue,” we believe the hybrid model will allow us working at First Federal in 1971 and currently serves as its to engage and provide professional development opportu- President, CEO and Chair of the Board of Directors. We nities with a greater number of bankers at various levels. also welcomed several new members to our association including four banks. They are featured in this issue of the Our Government Affairs team continues to advocate on magazine and we hope you will help us welcome them. behalf of the industry on issues that could impact almost every facet of banking. Proposed measures cover public It is an honor to serve this industry and we are grateful banking, debt collection, credit services, climate-related for your membership and support. risk issues to name a few. Sincerely, Just last month we launched our Engage community, a new members-only forum. This online member resource is accessible 24/7 and is designed to bring our members together to share and discuss common issues and ideas. WesternBanker | Issue 3 2021 7
Though Achievements Are Many, the Industry Has Much Work Remaining By Dave Joves, Chairman, Western Bankers Association I n June 2020, I took a moment as the newly elected respectful of all people, regardless of their Chairman of the Western Bankers Association (WBA) ethnicity, must be a core value. to address what I saw as the issues facing our industry and the challenges that we faced. At the time, the country My position on the recent attacks is was a few months into the COVID-19 crisis, and the actions straightforward: This has got to stop. required to fight the pandemic were primarily in the politi- When I became WBA Chairman, I wrote cal, not the medical, arena. that I wanted to lead the discussion that Dave Joves, While the pandemic continues, the increasingly successful we must have about how we as an indus- Chairman, implementation of a national vaccination program com- try promote diversity and inclusion to ul- Western Bankers bined with federal stimulus, primarily via the PPP program, timately have more diverse boardrooms Association has positively impacted the economy. and leadership representation. We must, as an industry, demonstrably support ethnic communities. But we are still in the proverbial woods. The virus has not As an MDI, Bank of Guam has been fortunate to have been been eradicated. The economy has not fully recovered. And able to have a great impact with the PPP program in sup- new challenges arrive daily. port of our customers. Thankfully, we do not stand alone. But now, as then, I am optimistic despite the hurdles ahead. WBA members have mightily contributed their resources at The banking industry, working with the SBA, collectively this critical time. provided 79 percent of the PPP loans issued in 2021. Re- The industry’s achievements are many. The tasks ahead are markably, 85 percent of those loans went to businesses with consequential, but our goals are achievable. less than 10 employees, the backbone employers to local economies across the nation. For more than a year, in the midst of the pandemic, banks and financial institutions have worked with customers. First It has not been easy; the job is not done. to help them survive and now, hopefully, to help them revive Now as then, the banking industry is in the midst of chang- and ultimately to thrive. Bankers have always known that es across the board: regulatory, competitive, societal, and our success was predicated on the wellbeing of our customers. digital transformation. While grappling with the pandemic, we also face new issues daily. It all starts with us. One particularly troubling circumstance is the rise of vio- Banks, financial service organizations, be they bricks-and- lence against the Asian American Pacific Islander commu- mortar banks, credit unions, fintech companies, or hybrids, nity in the United States. will all be part of the resurgence. We are more battle-tested than we want to be, but we are also more resilient. Admittedly, holding a leadership position at the Bank of Guam which is a voting territory of the United States with It has been my honor to serve as Chairman of your as- a diverse population, makes me keenly aware of the “S” in sociation. It hasn’t been easy, but we are committed to the world of ESG (Environment, Social Responsibility, and supporting our members, our customers and our em- Governance). But for the banking industry, ensuring that ployees. We are the financial backbone of the country. we adhere to the principles of social responsibility and being We accept the challenges. 8 www.westernbankers.com | WesternBanker
PROBLEMS PROGRESS We see it every day—more regulations. More competition. More technology needs. Financial institutions have a lot to manage, but a trusted advisor can relieve that strain and keep you moving forward. What inspires you, inspires us. 888.777.2015 | eidebailly.com/fi WesternBanker | Issue 3 2021 9
Legislative Sessions Underway in Washington, D.C., and Sacramento By Kevin Gould, SVP, Director of Government Relations, California Bankers Association A t the federal level, Congress is in and we are see- This measure will provide meaningful credit opportuni- ing the re-introduction of several measures from ties for farmers while leveling the playing field with the the prior Congressional session that are impact- Farm Credit System. ful to the banking industry. One important factor that distinguishes this session compared to the prior is that It is expected that Sen. Sherrod Brown (D-Ohio), chair Democrats have taken control of the Senate while main- of the Senate Banking Committee will reintroduce his taining a narrower margin in the House of Representa- measure from the last session, establishing government- tives. This could have implications on measures impor- backed digital wallets to all consumers. “FedAccounts” tant to our industry. are a no-fee bank account made available at a post of- fice, small bank or credit union. As we have seen at the The Secure and Fair Enforcement Banking Act has been state-level, this measure inserts government into the re-introduced, H.R. 1996, and enables banks to provide banking business. financial services to legitimate cannabis-related busi- nesses in states where it has been legalized. The mea- While the pandemic prevented our annual visits to sure passed the House with bi-partisan support. The Washington, D.C., last year, we are planning a trip this Senate has expressed openness in advancing policy in October with our friends from the Florida Bankers As- this space, but rather than moving individual measures sociation. More details will be forthcoming and we like H.R. 1996 forward, it is likely that such efforts will hope that you will consider joining us. be considered along with more comprehensive reforms, The California legislative session is also well underway. such as criminal justice reforms pertaining to cannabis The more than 2,400 measures introduced in late Febru- related convictions. ary are now moving their way through first house com- The Enhancing Credit Opportunities in Rural America mittee hearings. In order for these measures to remain Act, H.R. 1977, removes taxation on income from farm active, they must pass their respective house of origin no real estate loans made by FDIC-insured institutions. later than June 4. 10 www.westernbankers.com | WesternBanker
The association is engaged on nu- merous measures that have a di- rect impact on our industry. A few One important factor that distinguishes high-priority measures that we are this session compared to the prior is opposing are worth highlighting. that Democrats have taken control of Public bank advocates are back with the support of labor organi- the Senate while maintaining a narrower zations. Assembly Bill 1177 cre- ates the BankCal Program to pro- margin in the House of Representatives. vide financial services to California This could have implications on measures residents. The purported need for this program, as stated in the bill, important to our industry. is to help unbanked residents who lack access to traditional banks. The measure creates a mandate for all employers with five or more liabilities, investments, supply passed by the Legislature by June employees to offer as an option for chains and corporate operations. 15 and signed by the Governor no payment of wages, direct deposit This measure will likely be dupli- later than June 30. into the BankCal fund which will cative given expected action at the federal level. We appreciate the opportunity consist of zero-fee, zero-penalty to share a brief update and will federally insured transaction ac- Commercial tenants would receive keep you informed throughout counts and debit card services at relief under a recently amended the year on important measures no cost to account holders. De- measure. Among other provisions, moving through Congress and posits made into the BankCal fund will be presumably participated landlords would be prohibited the California Legislature. It’s an out to public banks, credit unions from terminating a lease if the ten- honor and privilege to represent and local banks. This measure is ant paid at least 25 percent of the you and we thank you for all that unnecessary given more than 150 lease. The measure includes an un- you do to support your custom- banks operating within the state clear and undefined exemption in ers and communities and for your and the numerous examples of ex- circumstances where compliance engagement in the association’s pensive government programs that would subject the landlord to sig- advocacy efforts. have failed Californians. nificant risk of default on its own Kevin Gould is the Se- financial obligations. The Legislature is also prioritizing nior Vice President and climate change with the introduc- At the same time measures are mov- Director of Government tion of several measures focused ing through the legislative process, Relations for the Califor- on this issue. One measure, Senate budget discussions are ongoing. nia Bankers Association. Bill 449, requires that California The state’s financial condition is He joined the CBA in corporations, or entities issued a much better than anticipated with 2004, bringing with him license to operate or certificate of revenues through March coming in more than seven years authority under the laws of the at $14.3 billion above projections. of legislative experience. In his role, he oversees state, with annual gross revenue All three major sources of revenue the management and operation of CBA’s state of at least $500 million submit an- for the state are outperforming, and federal government relations department nual disclosures identifying their personal income taxes are $12.8 and serves as one of CBA’s three registered lob- climate-related risk and efforts billion better than expected along byists. Gould’s advocacy responsibilities and adopted to mitigate those risks. with corporate income taxes and issues focus mainly in the areas of bank opera- Climate-related financial risk is sales taxes above projections at tions, commercial lending, and wealth manage- broadly defined in the measure to $721 million and $760 million, ment issues. You can reach him at kgould@cal- capture a covered entity’s assets, respectively. The budget must be bankers.com. WesternBanker | Issue 3 2021 11
Board Governance: Cybersecurity Risk By Maurine Padden, EVP and COO, Western Bankers Association L ast December, the press reported that SolarWinds, late last year. The full scope and breadth of the impact an information technology firm used by many of the cyber attack remains a matter of ongoing investi- private companies as well as federal government gation, but by all reports the cyber attack is the largest agencies and departments, was the subject of an exten- known attack in the United States to date. sive cyber attack that impacted its clients including Mi- crosoft, the Department of Homeland Security and the In January, Federal regulators published for comment Treasury Department. proposed draft regulations issued jointly by the OCC, Federal Reserve and FDIC which impose a duty on a Hackers broke into SolarWinds’ systems in March 2020 bank to provide it’s primary regulator with notification and added malicious hacked code (malware) into the of a “computer security incident” that rises to the level company’s software system. The software system, called of a “notification incident” within 36 hours after reason- Orion, is used by SolarWinds’ customers to monitor, and ably determining that a qualifying incident has occurred. manage their IT networks, systems and infrastructure. The proposed regulation focuses on security events the SolarWinds unknowingly sent the malware in the cus- bank, in good faith, believes could tomary software updates it provided to its customers. • materially disrupt, degrade, or impair the bank’s The hacked code accessed a back door to customer’s in- ability to deliver services to a material portion formation technology systems which the hackers then of its customer base; used to install additional malware to help them spy on the companies. The cyber attack was not discovered until • jeopardize key operations; or, 12 www.westernbankers.com | WesternBanker
• impact the stability of the formation it needs to assure the requi- financial system. site degree of management focus and Even though cyber In addition, the proposed rule im- accountability necessary to manage and address the risks is maintained/ risk management has poses a duty on bank service pro- sustained. The management reports been on the board’s viders to notify a bank immediately to the board should outline the risk upon detecting that a computer inci- assessment process that the manage- radar for many dent materially impacting the bank has occurred. ment team employs including threat years, these recent identification and assessment, prod- Even though cyber risk management uct and service as well as third-party events and proposed has been on the board’s radar for service provider risk assessments and controls, cybersecurity testing results, regulatory actions many years, these recent events and proposed regulatory actions have identification of known or reason- have underscored ably suspected cybersecurity threats underscored the ever-present need and/or incidents and management’s the ever-present for board and management vigilance in managing cybersecurity risks. incident responses and/or remedial actions taken. need for board 1. Board knowledge and under- and management 3. Board and senior management standing of cyber-risks to the insti- working together should establish vigilance in managing tution is key. In exercising its responsibilities to cyber risk tolerances and risk man- cybersecurity risks. provide oversight and guidance in the agement strategies for the institution. development, implementation, and Appropriate cybersecurity gover- site cyber risk management expertise maintenance of the bank’s cyber-risk nance requires that the board work as well as internal and/or external with management to establish robust framework, the board or the board cyber risk auditing skills and sys- governance policies with embedded subcommittee with delegated respon- tem-wide cyber risk training on an risk tolerances and risk manage- sibilities should possess the requisite ongoing basis. The board must pro- ment strategies that are periodically knowledge and understanding of cy- vide the requisite governance to sup- reviewed and revised to meet the ber security threats and risks so that port and sustain a strong cybersecu- changing risk exposures within the the board is able to fulfill its role in en- rity culture and focus on resiliency institution. suring that management is focused on throughout the institution. and accountable for identifying poten- 4. Establish and maintain a robust tial and actual emerging cyber risks to Maurine Padden serves incident response plan for the insti- the institution, addressing and resolv- as EVP and Chief Op- tution. ing existing cyber risks and limiting erating Officer where The board should provide the over- the introduction of new cyber risks. she oversees WBA’s sight and guidance to support the advocacy efforts in the bank’s executive team in their work 2. Management should provide legislative, regulatory to establish and maintain an enter- timely and periodic cyber-risk as- prise-wide approach to cyber risk and legal arenas on be- sessments to the board. management, including a robust inci- half of the association’s members in additon to Timely and periodic management re- dent response plan for the institution. providing operational support to the WBA team. ports to the board that point out and As a member of WBA’s senior management, she assess the significance of vulnerabili- 5. Cyber risk management re- contributes to the development and execution of ties that may impact key systems and sources and training must be the association’s strategic goals and initiatives. delivery channels within the institu- properly funded. Maurine received her law degree from University tion as well as internal or third-party The board must also assure that of the Pacific’s McGeorge School of Law and her cyber risk audits and findings can management commits sufficient re- bachelor’s degree in government and economics provide the board with the critical in- sources including securing the requi- from California State University, Sacramento. WesternBanker | Issue 3 2021 13
Recent Labor Laws in California: What Bankers Need to Know By Melanie Cuevas, Vice President of Government Relations, California Bankers Association E ach year, California enacts about a thousand new be sure to consult with your legal counsel as you navigate laws with impacts that run the gamut and largely compliance efforts. reflect the liberal viewpoint of the Legislature’s democratic supermajority. Despite the COVID-19 pan- Diverse Boards of Directors demic’s impact on the legislative process in 2020, Cali- In 2018, California became the first state to mandate gen- fornia lawmakers tackled numerous issues related to der diversity on boards of directors of publicly held cor- human resources that will have longstanding impacts on porations headquartered in California, regardless of where California workplaces for years to come – diversity on they are incorporated. A recent report by the California boards of directors, protected and paid leave benefits, re- Partners Project indicates that the measure has been a suc- porting of pay data, and workplace protections for vic- cessful mandate, citing that in 2018 nearly 30 percent of tims of domestic violence. California company boards were entirely male whereas now fewer than 3 percent are. Last year, Gov. Newsom Below are some key changes to California labor laws that signed Assembly Bill 979 (Holden, 2020), which is de- employers, including banks, are now adhering to. Unless signed to do for “underrepresented communities” on otherwise noted, these measures became effective Jan. 1, boards of directors what Senate Bill 826 (Jackson, 2018) 2021. While these summaries have been prepared with did for board gender diversity. By the end of this year, care, these are not intended to be exhaustive. Please ex- boards of any size are required to have at least one direc- amine the full text of any measure of interest to you and tor from an underrepresented community, as defined. 14 www.westernbankers.com | WesternBanker
Paid Family Leave Benefits workplace safety, to enforce the measure’s reporting man- Californians who work for an employer with at least dates and even to shut down any worksite that is deemed five employees are now eligible for expanded paid fam- to be an “imminent hazard” to employees. In this context ily leave benefits to care for a new baby or sick family it is important to also note that Cal/OSHA enacted an member, enacted by Senate Bill 1383 (Jackson, 2020), Emergency Temporary Standard on COVID-19 infection which took effect immediately upon signature. Under prevention. The standard requires employers to establish, this measure, the definition of qualifying family mem- implement and maintain an effective written COVID-19 bers under the California Family Rights Act is expand- prevention program and to provide training and instruc- ed to also cover grandchildren, grandparents, siblings tion to employees on how COVID-19 is spread, infection and parents-in-law. This expansion will impact larger prevention techniques, and COVID-19-related benefits employers already covered by CFRA and the Family that employees may be entitled to under applicable fed- and Medical Leave Act who will, in some cases, have eral, state, and local laws. to administer the two 12-week leave periods separately, Melanie Cuevas serves as the vice president of govern- for a total of 24 weeks of protected leave. Previously, ment relations for the California Bankers Association, CFRA only applied to employees at larger companies, where her advocacy portfolio focuses mainly on issues so this measure extends family leave job protections for related to cannabis, debt collection, labor and employ- roughly an additional six million California workers. ment, political reform, privacy, and agricultural, student and military lending. Pay Data Reporting Private employers of 100 or more employees (with at least one employee in California) must report hours- worked data by establishment, job category, sex, race and ethnicity to the Department of Fair Employment and Housing, by March 31, 2021 and annually thereaf- ter. This measure, Senate Bill 973 (Jackson, 2020), also authorizes DFEH to enforce the Equal Pay Act (Labor Code § 1197.5), which prohibits unjustified pay dis- parities. The Fair Employment and Housing Act (Gov. Code § 12940 et seq.), already enforced by DFEH, also prohibits pay discrimination. Protection of Victims Crime and abuse victims also received additional pro- tections under Assembly Bill 2992 (Weber, 2020), the prohibition of discrimination and retaliation against employees is expanded to those who are victims of crime or abuse when they take time off for judicial pro- ceedings or to seek medical attention or related relief for domestic violence, sexual assault, stalking or other crime that causes physical or mental injury. COVID-19 Workplace Procedures Employers are required to notify their employees of po- tential COVID-19 exposures in the workplace under the provisions of Assembly Bill 685 (Reyes, 2020), which are set to expire on Jan. 1, 2022. It also requires em- ployers to alert local county health departments of the outbreaks, defined as three or more positive cases with- in 14 days. The measure also strengthens the power of Cal/OSHA, the state agency that oversees and regulates WesternBanker | Issue 3 2021 15
How WBA Provides Resources to Bank Human Resources Teams By Linda Odell, Vice President, HR/Administration, Western Bankers Association A s human resource professionals, we have always benchmark survey. The open forum allows attendees to adapted to new situations and circumstances, discuss whatever issues are top of mind. Such topics have but Covid-19 pushed us into uncharted territory. included Covid-19 employee cases, reporting of Covid-19, Throughout the pandemic we have drafted new health and employee absences; remote working; protecting customers safety policies for our offices, developed engagement strat- and employees; maintaining social distancing; compensa- egies for our employees working from home, and ensured tion and benefits; policies; virtual hiring and onboarding; that we had enough PPE equipment to keep our co-work- return to work procedures, cleaning protocols; workplace ers safe. We continue to navigate the evolving conditions rules and guidelines, and much more. and monitor new and updated guidance from the Centers Weekly meeting notes are circulated to the group after for Disease Control and Prevention and our state and lo- every meeting as well as information shared by attendees cal health departments to ensure compliance and keep our including policies, check lists, protocols, and links. Al- employees and customers safe. though the state of the pandemic is improving, WBA will continue to host the HR Best Practices group, and when WBA HR Best Practices Zoom Video Meetings appropriate, reduce to bi-weekly or monthly depending on In April 2020, the WBA began holding weekly video the bankers’ needs. Zoom meetings for bank HR representatives to exchange information and learn how their peers are handling the nu- In addition to creating the new HR Best Practices Forum, merous Covid-19 mandates. The open forum allows HR we launched the 2021 Compensation and Benefits Bench- banking peers to share their best practices and experiences mark Survey in April. This survey has become a vital tool as they navigate through the pandemic. when researching all forms of compensation. WBA provides a short association update covering Covid- Compensation and Benefits Benchmark Survey related government relations activity, our upcoming pro- Since 1985, the WBA has published an annual Compensa- fessional development meetings and webinar offerings, tion and Benefits Benchmark Survey. This survey provides and progress on our annual compensation and benefits base salary, incentive, and commission compensation data 16 www.westernbankers.com | WesternBanker
for more than 195 positions as well as directors’ compen- Linda Odell joined the Association in 2005, and oversees sation information, data on human resources practices, the human resources and administrative support func- comparative healthcare cost information and employee tions of the office, and manages CBA’s Annual Compensa- benefits summary statistics. tion and Benefits Benchmark Survey. Linda has more than 15 years of human resources experience and more than The strategic management of compensation and human 25 years of administrative experience. Prior to joining resources continues to be a critical factor in the success of the WBA, Linda worked for the California Restaurant As- our member banks. For most banks, compensation con- sociation, where she managed human resources efforts, stitutes the single largest non-interest operating expense administered employee benefit programs and managed the accounts receivables. and access to current, reliable information for evaluating compensation and benefits is critical for banking decision makers. Each year, the association works col- laboratively with the compensation survey advisory committee, a group of bank human resources experts who understand the industry trends, and to provide guidance and input in devel- oping this resource for the banking in- dustry. Pearl Meyer LLC, a third-party vendor, collects the data via a secured online survey instrument. To maintain confidentiality, the completed survey questionnaires are submitted directly to Pearl Meyer who collects the data, con- tacts participants to verify information, aggregates the survey responses and prepares the final survey report. In April, we began marketing the survey to California banks to encourage their participation. Survey participation will Many of California’s largest and most notable be finalized in June and in August, the banking and financial institutions turn to compensation survey advisory commit- tee will conduct a thorough review of Hopkins & Carley for expert legal counsel. the survey data and identify any outliers or inaccurate data. The final survey will • Bankruptcy, workouts, and restructuring be published and marketed to Califor- • Commercial and real estate lending transactions nia banks in September. • Employment issues, including counseling and litigation of disputes • Foreclosure and loan enforcement The WBA would like to acknowledge the individual banks who participate in • Litigation our annual survey. We would also like • Real estate, including office leasing and sale of REO properties to thank the compensation survey ad- • Trust transactions and disputes visory committee and Pearl Meyer for their contributions to this study. For more information about the HR Best Practices Forum or the Compen- sation and Benefits Benchmark Survey 408.286.9800 | hopkinscarley.com please email Linda Odell at lodell@ westernbankers.com. WesternBanker | Issue 3 2021 17
Leadership in Times of Change By Steve Jones, Leadership Development Expert, Anthony Cole Training Group C hange is hard. Change is uncomfortable. Given They might be asking: the choice, most people will choose to not change what they feel has been working for them. Here • “Do these changes affect my work schedule, which is what we are hearing from many banking leaders: will in turn affect my schedule outside of work?” “Due to the virus restrictions, we have had to institute • “Am I going to need to rely on or develop a skill I many new procedures. Surprisingly, some of my best never really needed in the past? Do I feel confident in employees are struggling to adapt to them!” that new skill? Am I willing to put in the time and ef- fort required to learn the new procedure?” “We had to shrink our sales team due to business per- formance. This required us to juggle some client assign- • “Will my selling style match well with the new clients ments among the remaining staff. Some have jumped I have been assigned, or will I need to adjust? Will I be right in, but a few are resisting. We have been clear able to adjust? Do I want to adjust?” about why the business needs to make these changes. When change happens in our lives, it is natural for us to They should be happy they have kept their jobs, but resist at first, particularly if we thought things were going you’d never know it.” well before. If the status quo was comfortable for me, I What’s going on? In the past, our team has risen to ev- would prefer to leave things as they were. Unconsciously ery challenge and met every new goal with excitement and (or maybe consciously), I am hoping that if I resist the enthusiasm. Our compensation is more than competitive. change then it will go away. You will let me continue to Our competition hasn’t introduced any new products or operate in my comfort zone. services that we can’t compete against. We were very clear on the new procedures and assignments, and our perfor- The mistake we make as managers is that we believe all mance expectations are basically the same as they have we need to do is clearly explain what needs to be done always been. and why. If we do that, everyone will see the need for the change and jump on board. However, as long as your What could be going on is that you and your managers have people are in resistance mode, they are not ready to listen focused your energy on clearly defining new procedures and to your arguments on why the changes are good for the expectations but may not have spent enough time focusing company. They are taking care of themselves first. The on the personal needs of the employees. When things are next time you need to institute changes take a more bal- changing, employees will often take a step back to under- anced approach: stand how the changes affect them personally before they focus on how the changes will benefit the business. They 1. Be clear about the need for the change and the long- need the time to understand what they need to do differ- term benefits of everyone successfully adopting the ently and to what extent their world is being changed. new procedures. 18 www.westernbankers.com | WesternBanker
2. Acknowledge that this is a change 4. As a leader, you need to define them how far they have come, and seek to understand what con- the desired outcome. Allow thank them for their efforts, and cerns your employees may have your employees to participate revisit the benefits of making about adapting to the changes. in figuring out the best way to the changes. This will help them Be sincere in your understand- achieve that outcome. If you do continue to move forward even ing that change can be confusing, this, you will find they will more when they have setbacks. time-consuming and scary. If you quickly “own” the new proce- have the flexibility to accommo- dures and behaviors. Remember, change is hard. Change date an individual’s specific con- is uncomfortable. Given the choice, 5. When your employees strug- cerns, let them know that. most people will choose to not gle with the new “rules of the change what they feel has been 3. Discuss what the employees game” – and they will – be for- working for them. Don’t try to man- giving at first and encourage need to get comfortable with age the change by focusing on pro- them to keep working at it. Ac- the changes. Do they need more cesses, measurements, and results. knowledge the effort to change, information? Do they need time Instead, try to lead them through the and they will feel you appreciate to learn new procedures before change by partnering with them and that it isn’t easy. they are implemented? They supporting them along the new path certainly will need your patience 6. When you feel the majority of you have set for them. as they adjust, and your under- your folks have successfully tran- standing if they are not initially sitioned to the new way, take Reach the Anthony Cole Training Group to learn skilled at the new behaviors. some time to celebrate. Remind more: anthonycoletraining.com Tips for Recruiting a Diverse Workforce Build a Strong Know Where Find Partner Tell Candidates Hire—and Keep— Intern Program to Look Organizations What You’re About Talent that Fits aba.com/Diversity WesternBanker | Issue 3 2021 19
How to Prevent Common Hacking Attacks in Your Bank By Joseph Sarkisian, IT Assurance Staff Consultant, Wolf & Company O n a recent internal penetration test, I realized Initial Foothold something — the initial foothold on the network, It’s often said that protocols are a pen tester’s best friend. privilege escalation, and full domain compromise Some of these include Link-Local Multicast Name Reso- consisted of steps that were identical to two or three oth- lution (LLMNR) and NetBIOS Name Service (NBNS), er tests I had just executed. which are legacy protocols used by Windows to resolve hosts on the network, long overshadowed by the Domain The steps I took are well-known attack methods used by Name System (DNS). hackers, but may not be clear to administrators trying to determine how to best close network security gaps that DNS tends to respect the privacy of the hosts that it isn’t would easily allow attackers to gain access. seeking out. When one host needs to know the name of another host, DNS looks it up; if it doesn’t find anything, I have compiled a detailed analysis of each of these pen- it essentially states that it can no longer help. etration testing components to allow administrators to build a more mature controls posture in their organiza- On the other hand, if DNS fails, LLMNR and NBNS tion and help prevent attacks by hackers. (if enabled) will send a broadcast message across the subnet asking every host if they are the resource sought Please note that none of the following steps leverage any by the user. exploits; we’re simply taking advantage of misconfigured trust relationships in the network. That’s where our hacking methods come in. 20 www.westernbankers.com | WesternBanker
In our own test environment, using a tool called Re- It’s common in a domain to find more than one account sponder, we’ll position ourselves on that subnet and with an active session running on any given host. While answer all of these broadcast messages. For example, this may only be a workstation and not a server, we’ll we’ll respond to the request for a file server and say still check to see if anyone else is logged on to this host that we’re the intended file server. The tool then tricks using CME: the requesting host into providing its password hash to us to authenticate to that file server. We can then reverse the password hash using a password cracking tool. Let’s see what Responder looks like when this at- tack is successful: Perfect! It just so happens that the MSSQL account — a known domain administrator based on our Blood- hound reconnaissance — is also logged into this host. This is important because as an administrator, Alice can dump the memory of the host, specifically the Lo- cal Security Authority Subsystem Service (LSASS) pro- cess, which stores the credentials of all logged on users. We love seeing orange in CME because it typically Let’s see what that looks like as well: means we have something very useful, and in this case, it’s the grand prize. “Pwn3d” is the tool author’s way of saying that this user has administrative privileges on this host. Clearly, this means we have many more rights than your average user, but what rights matter to us if we want to get to the MSSQL account? CONTINUED ON PAGE 22 ELEVATE YOUR CAREER: EARN YOUR CFMP Differentiate yourself and elevate your career by earning the newly updated Certified Financial Marketing Professional (CFMP) designation—the only industry-recognized certification for bank marketers. Demonstrate a mastery of data and analytics, branding, revenue generation, customer experience and more. Plus, with the new, online CFMP Exam prep course, getting ready to pass the exam has never been eaiser. Earn yours today. aba.com/CFMPWestern WesternBanker | Issue 3 2021 21
Amazing! Not only do we now have the hashed password How Can You Mitigate These Attacks? of the MSSQL account, which we could easily us in a “Pass the Hash” attack, but we also have the plain text Initial Foothold Phase: password for the account. • Turn off LLMNR and NBNS. With these domain administrator credentials, we typi- • Make sure you have a DNS entry for your approved cally give our clients a free password strength audit by WPAD file. using them to dump the NTDS.dit file on a domain con- • Turn off proxy auto-discovery from web browsers troller. This file has all of the password hashes for the across the domain via group policy. accounts in the domain, which we can feed into a hash cracking machine to reveal the plaintext password for the • Enforce a strong password policy. accounts in the domain. • Train your end users to spot strange occurrences (like atypical pop-ups asking for credentials). Let’s see what this dump looks like: Enumeration Phase: • Use Wireshark and NetFlow analysis tools to look for abnormally large LDAP queries right after an authen- tication event by an account that has no business gen- erating this amount of traffic. As you can see, the file has hashes for all domain accounts, Escalation Phase: which we can then leverage. We have now compromised the entire domain, but most penetration testers don’t stop • Make sure that users have as few permissions as is reasonably possible, depending on your organization. here — because during a live attack, a hacker wouldn’t either. Our clients want to see business impact, and we • Rid yourself of all legacy operating systems. typically don’t need domain administrator credentials to • Disable WDigest authentication to prevent passwords prove this point. from being stored in plain text in memory. Post-exploitation Post-Exploitation Phase: For instance, let’s see what kind of data Alice can access by using CME once again to look through shares on the • Lock down object permissions across the network. network. We’ll use the MSSQL account to do this, since • Remove excessive write permissions across accounts. it likely has the most access, but the following example works with Alice’s credentials as well: • Segment, segment, segment. Conclusion The different types of hacking techniques identified in the attack narrative outlined above are not the only way at- tackers and penetration testers will attempt to compromise your network. However, by using this extremely common Looks like Alice is storing a file with passwords to oth- process, we can use these tools and strategies to further er systems on this host. This isn’t an uncommon sce- penetrate your systems. nario, and we’ve seen this exact situation before during actual engagements. If administrators lock these basic vulnerabilities and mis- configurations down, they’ll make the lives of malicious Whether it is a password file, customer data, health re- attackers much harder. cord, drug trial, or any other sensitive information, if a user is downloading it from a server and storing it Joseph Sarkisian is IT Assurance Staff Consultant with Wolf & Company, P.C. You locally, we now have access to it. can reach him at jsarkasian@wolfandco.com, or at (617) 261-8159. 22 www.westernbankers.com | WesternBanker
THE BHG LOAN HUB #1 Source for Top-Performing Loans Gain exclusive access to our secure, state-of-the-art loan delivery platform and learn how more than 1,200 community banks have earned over $700MM in interest income since 2001. HOW DOES IT WORK? Quickly analyze complete 1 Log in to BHG’s state-of-the- credit files, and with consistent LOGIN art loan delivery platform – The BHG Loan Hub loan packages available every time, you can make informed 2 Review and underwrite complete credit packages purchasing decisions with ease. Bid on or purchase loans with 3 CLICK the click of a button JIM CRAWFORD JCrawford@em.bhgbanks.com D: 315.304.6258 or visit bhgloanhub.com/jim WesternBanker | Issue 3 2021 23
MEMBER PROFILE Simmons Marks 50th Year in Banking Paul W. Simmons is 20 years. The Association has maintained a Superior the President and Chief 5-Star Bauer bank performance rating and experience Executive Officer of over 30 years of consecutive profitability! First Federal Savings & Loan of San Rafael. Simmons has guided First Federal through the current pan- Simmons also serves as demic. Under his leadership, there have been no employee Chair of the First Fed- layoffs or branch closures, and First Federal has contin- eral Board of Directors. ued to grow while remaining dedicated to supporting local He celebrated a major non-profits and community development programs. milestone with First Simmons is a founding member of the Rotary Club of Mis- Federal in May when sion San Rafael and served as a Club President in 1993- he marked his 50th year 1994. Other Rotary acknowledgements include being a with the Association! Paul Harris Society Member, a major donor to the Ro- Paul W. Simmons tary Foundation, and a Bequest Society Member. Simmons President and CEO, Simmons began his career with Bank of First Federal Savings & Loan served on the Board of North Bay Family Homes for near- of San Rafael America before joining ly 20 years, and prior to that he served on the Board of the First Federal on May 3, Savings Association Mortgage Corporation. 1971. He worked in the loan operations/note depart- Simmons is a past Commodore of the Loch Lomond Yacht ment where his knowledge of credit and finance began. Club and a three-time past Commodore at the Marin He quickly progressed and assumed positions of higher Yacht Club. He is a passionate boater and sailor and was responsibility, eventually becoming the Chief Lend- a competitive sailboat racer. He currently enjoys cruising ing Officer. During this period, Simmons was directly the San Francisco Bay and the Delta. involved in expanding First Federal to its current five branch offices. He became President of First Federal First Federal maintains five branches located in Marin, San in 2008, and was elevated to CEO and Board Chair in Francisco and Alameda counties. Simmons and his wife, 2012. Because of his conservative business principles, Kay, are longtime San Rafael residents and are closely tied the Association has not experienced a loan loss in over to the community. 24 www.westernbankers.com | WesternBanker
MEMBER UPDATES NEW ASSOCIATE MEMBERS Onovative, an automated marketing and communication software provider, put controls back in the hands of bank marketers. Onovative’s affordable marketing software for planning, automation and execution empowers you to manage data for strategizing throughout the consumer lifecycle and Dorsey & Whitney LLP is an international law firm engage with consumers through multiple channels. with over 550 attorneys in 19 offices across the United With software that integrates directly with your States, Canada, Europe and Asia. Dorsey was founded existing core banking systems, Onovative helps banks in 1912 to serve a bank’s need for outside counsel. drive results by bolstering growth with their current Banks and other financial institutions continue to account holders and within their markets. inspire our service offerings over 100 years later. Website: www.onovativebanking.com More than 250 Dorsey lawyers comprise the Firm’s Banking and Financial Institutions Group, advising those clients on matters around the globe. Our clients include banking organizations, investment banks, broker-dealers, investment funds, insurance companies, credit unions, FinTech enterprises, and other financial institutions. Our work includes representation in Hyosung America is the North American market share complex lending transactions, bankruptcy and leader and fastest-growing ATM manufacturer in the restructuring matters, corporate trust transactions United States offering industry-leading innovation and and disputes, regulatory issues, consumer financial solutions backed by unmatched service and support. matters and other practices specific to financial Hyosung partners with the financial strength and institutions. Our experience extends to all types of deep investment in research and development of its litigation, mergers and acquisitions, real estate services, parent company, the multi-billion-dollar conglomerate, employment and benefits law, corporate compliance Hyosung, Inc. Hyosung prides itself on innovating and intellectual property. We are proud to serve U.S. for the future and the satisfaction of their customers. banking and financial institutions of all sizes. In collaboration with its partner network, Hyosung provides comprehensive industry coverage and sales Website: www.dorsey.com support. Since 1998, when Hyosung entered the U.S. market offering the first small-footprint Retail ATM, they have led the market with over 70 percent of the market share. Transitioning that same industry-leading innovation, Hyosung entered the Financial Institution market in 2008 and has nearly tripled its sales in the last three years. Hyosung is dedicated to leading the way with innovation and unprecedented service performance in the financial and retail markets. Website: www.hyosungamericas.com WesternBanker | Issue 3 2021 25
DefenseStorm provides cybersecurity and cyber compli- Thomson Reuters CLEAR® provides a comprehensive ance solutions specifically built for banking to achieve and collection of public and proprietary records, sophisticat- maintain Cyber Safety and Soundness. The DefenseStorm ed analytics, and transparent data into a single working GRID is the only co-managed, cloud-based and compli- environment providing insights to corporate compliance ance-automated solution of its kind, operating as a tech- professionals, law enforcement, and local and federal nology system and as a service supported by experts in FI agencies to proactively mitigate risk and resolve fraud security and compliance. It watches everything on a bank’s concerns. Powered by billions of data points, CLEAR le- network and matches it to defined policies for real time, verages cutting-edge public records technology to bring complete and proactive cyber exposure readiness, keeping all key content together in a customizable dashboard. security teams smart and executives accountable. FFIEC Confidently verify identities, detect fraud risks, and easi- CAT requirements are built-in and automated, as can be ly conduct comprehensive research on subjects and busi- other frameworks and an FI’s own policies, to achieve Ac- nesses in a matter of minutes. tive Compliance. Our Threat Ready Active Compliance (TRAC) Team augments a bank’s internal team to protect Thomson Reuters is one of the world’s most trusted business continuity and skills availability while also ensur- providers of information intelligence and end-to-end ing cost-effective coverage and management. solutions for corporations of all sizes, government and legal professionals – helping to solve your toughest reg- Website: www.defensestorm.com ulatory, legal and compliance challenges. Website: www.thomsonreuters.com IP Services proactively manages clients’ cybersecurity and critical IT systems and applications in any datacenter using the VisibleOpsTM methodology and the quality control system we created called TotalControl™. IP Services’ Next Generation Cybersecurity uses proven best practices to se- cure businesses and the users they serve by monitoring and Next One Staffing is a leader in providing staffing so- protecting the systems and applications that are the heart lutions to banks and accounting firms throughout the of modern business - Managed Services and Managed Cy- nation. All our recruiters have over 10 years of experi- bersecurity Services. IP Services’ target market is best suited ence in their respective industries, so we know where for small and medium size banks in the United States that to find top talent. lack the resources to effectively provide comprehensive IT management and necessary security and compliance ser- Website: www.nextonestaffing.com vices. Website: www.ipservices.com 26 www.westernbankers.com | WesternBanker
NEW MEMBER BANKS Wheatland Bank, formed in 1979 in Davenport, Wash., is a locally-owned independent community bank. Wheatland Bank Five Nine opened in 1859 and is proud to continue Bank’s commitment to eastern and central Washington is the tradition of hometown, community banking the way strong and has deep roots. It is a commitment that is kept the organization began, while incorporating many innova- alive with powerful local ownership, leadership and deci- tions and improvements. As a community bank, some of sion-making. In the 40 years since inception, Wheatland our top priorities are to provide the best in financial servic- Bank has grown through organic and diversified expansion es to our customers and to give back to the communities with 14 branches throughout eastern and central Washing- we serve through charitable donations and volunteerism. ton serving over 15,000 customers. Wheatland Bank focus- es on helping businesses and consumers succeed by offering personalized banking relationships and customized lending, banking and wealth management services. As the oldest bank in Montana,Bank of the Rockies is An internet-only bank, California First National Bank firmly rooted in the heart of each community we serve. (CalFirst), is committed to providing solutions to meet a We make dreams happen by helping our customers reach wide range of personal and commercial banking needs. their personal, business, or agricultural goals. As a fam- Nationwide, our customers enjoy the convenience of one- ily-owned and managed bank, we believe in putting the stop banking anytime, anywhere. We provide 24/7 account customer first through convenience, local decision-mak- management and accept deposits via the Internet and mail. ing, and a commitment to our communities. WesternBanker | Issue 3 2021 27
You can also read