WESTERNBANKER - WESTERN BANKERS ASSOCIATION
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WesternBanker
ISSUE 3 2021 A P U B L I C AT I O N O F W E S T E R N B A N K E R S A S S O C I AT I O N
WHAT’S INSIDE:
12 14 18
BOARD GOVERNANCE: RECENT LABOR LAWS LEADERSHIP IN TIMES
CYBERSECURITY RISK IN CALIFORNIA: OF CHANGE
WHAT BANKERS NEED TO KNOW
Promontory Interfinancial
Network has a new name...
And our product names have
changed, too.
CDARS and ICS deposit solutions are
® ®
now IntraFi Network Deposits , and
SM SM
CDARS and ICS funding solutions
are called IntraFi Funding .
SM
IntraFi Network Deposits can help your
institution manage its balance sheet and
provide its customers with access to millions
in FDIC insurance.
And, we still offer our full range of
wholesale funding solutions. IntraFi
Funding offers flexible funding solutions
to help banks of all sizes meet planned
or unexpected needs, regardless of their
liquidity position.
Same great products.
New names.
IntraFi.com
Use of IntraFi Network Deposits and IntraFi Funding are subject
to the terms, conditions, and disclosures set forth in the applicable
program agreements, including the IntraFi Participating Institution
Agreement. IntraFi, Network Deposits, IntraFi Funding, and the
IntraFi logo are service marks, and ICS and CDARS are
registered service marks, of IntraFi Network LLC.
Contents ISSUE 3 2021
P.16
P.10
FEATURES DEPARTMENTS
8 Though Achievements Are Many, 6 Message From WBA President
the Industry Has Much Work Remaining and CEO Stephen G. Andrews
10 Legislative Sessions Underway in Washington, D.C.,
30 2021 WBA Advertiser Index
and Sacramento
12 Board Governance: Cybersecurity Risk
14 Recent Labor Laws In California:
What Bankers Need to Know
16 How WBA Provides Resources P.18
to Bank Human Resources Teams
18 Leadership in Times of Change
20 How to Prevent Common Hacking Attacks in Your Bank
24 Member Profile
25 Member Updates
28 Ask The Compliance Guru
View this issue and past issues of WesternBanker online any time at www.westernbankers.com
WesternBanker is the official publication of Western Bankers Association.
Western Bankers Association, 1303 J Street, Suite 600, Sacramento, CA 95814, P: 916-438-4400/F: 916-441-5756, Email online at www.westernbankers.com.
©2021 Western Bankers Association | NFR Communications, LLC. All rights reserved. WesternBanker is published six times each year by NFR Communications, LLC for Western Bankers Association and
is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and member education. The contents do not
constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions
expressed in this publication are those of the individual authors and do not necessarily represent the views of Western Bankers Association, its board of directors, or the publisher. Likewise, the appearance of
advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. WesternBanker is a collective work, and as such, some articles are submit-
ted by authors who are independent of Western Bankers Association. While Western Bankers Association encourages a first-print policy, in cases where this is not possible, every effort has been made to
comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003.
Graphic Art: © iStockphoto.com/ themacx; Jirsak; XiXinXing; matejmo; grandeduc; Peopleimages; Rawpixel; trekandshoot
4 www.westernbankers.com | WesternBanker
WesternBanker | Issue 3 2021 5
Message From WBA President and CEO
Stephen G. Andrews
Stephen G. Andrews
President and CEO
Western Bankers Association
SAndrews@westernbanker.com
Like most of you, the WBA
is taking a thoughtful
and deliberate approach
in developing our return
to work strategy. We are
also looking forward to
our upcoming in-person
events and reconnecting
with our members.
Nation, and WBA, On Path Toward Normalcy
A
fter more than a year of business closures and strategy. We are also looking forward to our upcoming
quarantines, it seems that we have finally turned a in-person events and reconnecting with our members. In
corner with the COVID-19 pandemic. The Center August, we will host the 2021 Education Summit at the
for Disease Control and Prevention recently issued new Hyatt Regency Huntington Beach. This three-day event
guidance allowing “fully vaccinated people (to) resume will feature expert speakers who will give in-depth pre-
activities without wearing a mask or physically distanc- sentations on relevant and timely topics including CECL,
ing with some exceptions.” In addition, California’s Gov., cybersecurity, cannabis banking, legislative updates, the
Gavin Newsom, announced his intent to reopen the state economy and much more.
on June 15. What the California “reopening” will look In September, we will host our Annual Convention at the
like depends on vaccination and infection rates. It is ex- Fairmont Orchid on the Island of Hawaii. This premier
pected that mask requirements, social distancing protocols event will feature a golf tournament, keynote speakers,
and capacity limits will remain. However, the good news one-on-one meetings with regulators and dynamic ses-
is that businesses are reopening, and the economy is begin- sions. We are pleased that we already have strong registra-
ning to bounce back. tion numbers and sponsor support.
Like most of you, the WBA is taking a thoughtful and Looking beyond September, the Regulatory Compliance
deliberate approach in developing our return to work and Cannabis Forum will be held in October at Caesars
6 www.westernbankers.com | WesternBanker
Palace in Las Vegas, and in November the Lenders and We hope that you will participate in the Engage forum
Chief Credit Officers Conference will be held at the Ritz by asking questions, providing feedback and sharing
Carlton Laguna Niguel in Dana Point, Calif. We hope experiences and information. With your participation
you will mark your calendars for these important profes- Engage will be a thriving community and resource for
sional development opportunities. WBA members.
As we look ahead to 2022, we are planning to move for- On the membership front we are pleased to congratulate
ward with a hybrid event schedule including both in-per- Paul Simmons who is celebrating his 50th year with the
son and virtual events. Although we are concerned about First Federal Savings & Loan of San Rafael! Paul started
“Zoom fatigue,” we believe the hybrid model will allow us working at First Federal in 1971 and currently serves as its
to engage and provide professional development opportu- President, CEO and Chair of the Board of Directors. We
nities with a greater number of bankers at various levels. also welcomed several new members to our association
including four banks. They are featured in this issue of the
Our Government Affairs team continues to advocate on magazine and we hope you will help us welcome them.
behalf of the industry on issues that could impact almost
every facet of banking. Proposed measures cover public It is an honor to serve this industry and we are grateful
banking, debt collection, credit services, climate-related for your membership and support.
risk issues to name a few.
Sincerely,
Just last month we launched our Engage community, a
new members-only forum. This online member resource
is accessible 24/7 and is designed to bring our members
together to share and discuss common issues and ideas.
WesternBanker | Issue 3 2021 7
Though Achievements Are
Many, the Industry Has
Much Work Remaining
By Dave Joves, Chairman, Western Bankers Association
I
n June 2020, I took a moment as the newly elected respectful of all people, regardless of their
Chairman of the Western Bankers Association (WBA) ethnicity, must be a core value.
to address what I saw as the issues facing our industry
and the challenges that we faced. At the time, the country My position on the recent attacks is
was a few months into the COVID-19 crisis, and the actions straightforward: This has got to stop.
required to fight the pandemic were primarily in the politi-
When I became WBA Chairman, I wrote
cal, not the medical, arena.
that I wanted to lead the discussion that
Dave Joves,
While the pandemic continues, the increasingly successful we must have about how we as an indus- Chairman,
implementation of a national vaccination program com- try promote diversity and inclusion to ul- Western Bankers
bined with federal stimulus, primarily via the PPP program, timately have more diverse boardrooms Association
has positively impacted the economy. and leadership representation. We must,
as an industry, demonstrably support ethnic communities.
But we are still in the proverbial woods. The virus has not As an MDI, Bank of Guam has been fortunate to have been
been eradicated. The economy has not fully recovered. And
able to have a great impact with the PPP program in sup-
new challenges arrive daily.
port of our customers. Thankfully, we do not stand alone.
But now, as then, I am optimistic despite the hurdles ahead. WBA members have mightily contributed their resources at
The banking industry, working with the SBA, collectively this critical time.
provided 79 percent of the PPP loans issued in 2021. Re-
The industry’s achievements are many. The tasks ahead are
markably, 85 percent of those loans went to businesses with
consequential, but our goals are achievable.
less than 10 employees, the backbone employers to local
economies across the nation. For more than a year, in the midst of the pandemic, banks
and financial institutions have worked with customers. First
It has not been easy; the job is not done.
to help them survive and now, hopefully, to help them revive
Now as then, the banking industry is in the midst of chang- and ultimately to thrive. Bankers have always known that
es across the board: regulatory, competitive, societal, and our success was predicated on the wellbeing of our customers.
digital transformation. While grappling with the pandemic,
we also face new issues daily. It all starts with us.
One particularly troubling circumstance is the rise of vio- Banks, financial service organizations, be they bricks-and-
lence against the Asian American Pacific Islander commu- mortar banks, credit unions, fintech companies, or hybrids,
nity in the United States. will all be part of the resurgence. We are more battle-tested
than we want to be, but we are also more resilient.
Admittedly, holding a leadership position at the Bank of
Guam which is a voting territory of the United States with It has been my honor to serve as Chairman of your as-
a diverse population, makes me keenly aware of the “S” in sociation. It hasn’t been easy, but we are committed to
the world of ESG (Environment, Social Responsibility, and supporting our members, our customers and our em-
Governance). But for the banking industry, ensuring that ployees. We are the financial backbone of the country.
we adhere to the principles of social responsibility and being We accept the challenges.
8 www.westernbankers.com | WesternBanker
PROBLEMS
PROGRESS
We see it every day—more regulations.
More competition. More technology needs.
Financial institutions have a lot to manage,
but a trusted advisor can relieve that strain
and keep you moving forward.
What inspires you, inspires us.
888.777.2015 | eidebailly.com/fi
WesternBanker | Issue 3 2021 9
Legislative Sessions
Underway in Washington, D.C.,
and Sacramento
By Kevin Gould, SVP, Director of Government Relations, California Bankers Association
A
t the federal level, Congress is in and we are see- This measure will provide meaningful credit opportuni-
ing the re-introduction of several measures from ties for farmers while leveling the playing field with the
the prior Congressional session that are impact- Farm Credit System.
ful to the banking industry. One important factor that
distinguishes this session compared to the prior is that It is expected that Sen. Sherrod Brown (D-Ohio), chair
Democrats have taken control of the Senate while main- of the Senate Banking Committee will reintroduce his
taining a narrower margin in the House of Representa- measure from the last session, establishing government-
tives. This could have implications on measures impor- backed digital wallets to all consumers. “FedAccounts”
tant to our industry. are a no-fee bank account made available at a post of-
fice, small bank or credit union. As we have seen at the
The Secure and Fair Enforcement Banking Act has been state-level, this measure inserts government into the
re-introduced, H.R. 1996, and enables banks to provide banking business.
financial services to legitimate cannabis-related busi-
nesses in states where it has been legalized. The mea- While the pandemic prevented our annual visits to
sure passed the House with bi-partisan support. The Washington, D.C., last year, we are planning a trip this
Senate has expressed openness in advancing policy in October with our friends from the Florida Bankers As-
this space, but rather than moving individual measures sociation. More details will be forthcoming and we
like H.R. 1996 forward, it is likely that such efforts will hope that you will consider joining us.
be considered along with more comprehensive reforms,
The California legislative session is also well underway.
such as criminal justice reforms pertaining to cannabis
The more than 2,400 measures introduced in late Febru-
related convictions.
ary are now moving their way through first house com-
The Enhancing Credit Opportunities in Rural America mittee hearings. In order for these measures to remain
Act, H.R. 1977, removes taxation on income from farm active, they must pass their respective house of origin no
real estate loans made by FDIC-insured institutions. later than June 4.
10 www.westernbankers.com | WesternBankerThe association is engaged on nu-
merous measures that have a di-
rect impact on our industry. A few One important factor that distinguishes
high-priority measures that we are this session compared to the prior is
opposing are worth highlighting.
that Democrats have taken control of
Public bank advocates are back
with the support of labor organi- the Senate while maintaining a narrower
zations. Assembly Bill 1177 cre-
ates the BankCal Program to pro-
margin in the House of Representatives.
vide financial services to California This could have implications on measures
residents. The purported need for
this program, as stated in the bill, important to our industry.
is to help unbanked residents who
lack access to traditional banks.
The measure creates a mandate
for all employers with five or more liabilities, investments, supply passed by the Legislature by June
employees to offer as an option for chains and corporate operations. 15 and signed by the Governor no
payment of wages, direct deposit This measure will likely be dupli- later than June 30.
into the BankCal fund which will cative given expected action at the
federal level. We appreciate the opportunity
consist of zero-fee, zero-penalty
to share a brief update and will
federally insured transaction ac-
Commercial tenants would receive keep you informed throughout
counts and debit card services at
relief under a recently amended the year on important measures
no cost to account holders. De-
measure. Among other provisions, moving through Congress and
posits made into the BankCal fund
will be presumably participated landlords would be prohibited the California Legislature. It’s an
out to public banks, credit unions from terminating a lease if the ten- honor and privilege to represent
and local banks. This measure is ant paid at least 25 percent of the you and we thank you for all that
unnecessary given more than 150 lease. The measure includes an un- you do to support your custom-
banks operating within the state clear and undefined exemption in ers and communities and for your
and the numerous examples of ex- circumstances where compliance engagement in the association’s
pensive government programs that would subject the landlord to sig- advocacy efforts.
have failed Californians. nificant risk of default on its own
Kevin Gould is the Se-
financial obligations.
The Legislature is also prioritizing nior Vice President and
climate change with the introduc- At the same time measures are mov- Director of Government
tion of several measures focused ing through the legislative process, Relations for the Califor-
on this issue. One measure, Senate budget discussions are ongoing. nia Bankers Association.
Bill 449, requires that California The state’s financial condition is He joined the CBA in
corporations, or entities issued a much better than anticipated with 2004, bringing with him
license to operate or certificate of revenues through March coming in more than seven years
authority under the laws of the at $14.3 billion above projections. of legislative experience. In his role, he oversees
state, with annual gross revenue All three major sources of revenue the management and operation of CBA’s state
of at least $500 million submit an- for the state are outperforming, and federal government relations department
nual disclosures identifying their personal income taxes are $12.8 and serves as one of CBA’s three registered lob-
climate-related risk and efforts billion better than expected along byists. Gould’s advocacy responsibilities and
adopted to mitigate those risks. with corporate income taxes and issues focus mainly in the areas of bank opera-
Climate-related financial risk is sales taxes above projections at tions, commercial lending, and wealth manage-
broadly defined in the measure to $721 million and $760 million, ment issues. You can reach him at kgould@cal-
capture a covered entity’s assets, respectively. The budget must be bankers.com.
WesternBanker | Issue 3 2021 11Board Governance:
Cybersecurity Risk
By Maurine Padden, EVP and COO, Western Bankers Association
L
ast December, the press reported that SolarWinds, late last year. The full scope and breadth of the impact
an information technology firm used by many of the cyber attack remains a matter of ongoing investi-
private companies as well as federal government gation, but by all reports the cyber attack is the largest
agencies and departments, was the subject of an exten- known attack in the United States to date.
sive cyber attack that impacted its clients including Mi-
crosoft, the Department of Homeland Security and the In January, Federal regulators published for comment
Treasury Department. proposed draft regulations issued jointly by the OCC,
Federal Reserve and FDIC which impose a duty on a
Hackers broke into SolarWinds’ systems in March 2020 bank to provide it’s primary regulator with notification
and added malicious hacked code (malware) into the of a “computer security incident” that rises to the level
company’s software system. The software system, called of a “notification incident” within 36 hours after reason-
Orion, is used by SolarWinds’ customers to monitor, and ably determining that a qualifying incident has occurred.
manage their IT networks, systems and infrastructure. The proposed regulation focuses on security events the
SolarWinds unknowingly sent the malware in the cus- bank, in good faith, believes could
tomary software updates it provided to its customers.
• materially disrupt, degrade, or impair the bank’s
The hacked code accessed a back door to customer’s in- ability to deliver services to a material portion
formation technology systems which the hackers then of its customer base;
used to install additional malware to help them spy on
the companies. The cyber attack was not discovered until • jeopardize key operations; or,
12 www.westernbankers.com | WesternBanker• impact the stability of the formation it needs to assure the requi-
financial system. site degree of management focus and Even though cyber
In addition, the proposed rule im-
accountability necessary to manage
and address the risks is maintained/
risk management has
poses a duty on bank service pro- sustained. The management reports been on the board’s
viders to notify a bank immediately to the board should outline the risk
upon detecting that a computer inci- assessment process that the manage- radar for many
dent materially impacting the bank
has occurred.
ment team employs including threat years, these recent
identification and assessment, prod-
Even though cyber risk management
uct and service as well as third-party events and proposed
has been on the board’s radar for
service provider risk assessments and
controls, cybersecurity testing results,
regulatory actions
many years, these recent events and
proposed regulatory actions have
identification of known or reason- have underscored
ably suspected cybersecurity threats
underscored the ever-present need
and/or incidents and management’s the ever-present
for board and management vigilance
in managing cybersecurity risks.
incident responses and/or remedial
actions taken.
need for board
1. Board knowledge and under- and management
3. Board and senior management
standing of cyber-risks to the insti-
working together should establish
vigilance in managing
tution is key.
In exercising its responsibilities to cyber risk tolerances and risk man- cybersecurity risks.
provide oversight and guidance in the agement strategies for the institution.
development, implementation, and Appropriate cybersecurity gover-
site cyber risk management expertise
maintenance of the bank’s cyber-risk nance requires that the board work
as well as internal and/or external
with management to establish robust
framework, the board or the board cyber risk auditing skills and sys-
governance policies with embedded
subcommittee with delegated respon- tem-wide cyber risk training on an
risk tolerances and risk manage-
sibilities should possess the requisite ongoing basis. The board must pro-
ment strategies that are periodically
knowledge and understanding of cy- vide the requisite governance to sup-
reviewed and revised to meet the
ber security threats and risks so that port and sustain a strong cybersecu-
changing risk exposures within the
the board is able to fulfill its role in en- rity culture and focus on resiliency
institution.
suring that management is focused on throughout the institution.
and accountable for identifying poten-
4. Establish and maintain a robust
tial and actual emerging cyber risks to Maurine Padden serves
incident response plan for the insti-
the institution, addressing and resolv- as EVP and Chief Op-
tution.
ing existing cyber risks and limiting erating Officer where
The board should provide the over-
the introduction of new cyber risks. she oversees WBA’s
sight and guidance to support the
advocacy efforts in the
bank’s executive team in their work
2. Management should provide legislative, regulatory
to establish and maintain an enter-
timely and periodic cyber-risk as- prise-wide approach to cyber risk
and legal arenas on be-
sessments to the board. management, including a robust inci- half of the association’s members in additon to
Timely and periodic management re- dent response plan for the institution. providing operational support to the WBA team.
ports to the board that point out and As a member of WBA’s senior management, she
assess the significance of vulnerabili- 5. Cyber risk management re- contributes to the development and execution of
ties that may impact key systems and sources and training must be the association’s strategic goals and initiatives.
delivery channels within the institu- properly funded. Maurine received her law degree from University
tion as well as internal or third-party The board must also assure that of the Pacific’s McGeorge School of Law and her
cyber risk audits and findings can management commits sufficient re- bachelor’s degree in government and economics
provide the board with the critical in- sources including securing the requi- from California State University, Sacramento.
WesternBanker | Issue 3 2021 13Recent Labor Laws
in California: What
Bankers Need to Know
By Melanie Cuevas, Vice President of Government Relations, California Bankers Association
E
ach year, California enacts about a thousand new be sure to consult with your legal counsel as you navigate
laws with impacts that run the gamut and largely compliance efforts.
reflect the liberal viewpoint of the Legislature’s
democratic supermajority. Despite the COVID-19 pan- Diverse Boards of Directors
demic’s impact on the legislative process in 2020, Cali- In 2018, California became the first state to mandate gen-
fornia lawmakers tackled numerous issues related to der diversity on boards of directors of publicly held cor-
human resources that will have longstanding impacts on porations headquartered in California, regardless of where
California workplaces for years to come – diversity on they are incorporated. A recent report by the California
boards of directors, protected and paid leave benefits, re- Partners Project indicates that the measure has been a suc-
porting of pay data, and workplace protections for vic- cessful mandate, citing that in 2018 nearly 30 percent of
tims of domestic violence. California company boards were entirely male whereas
now fewer than 3 percent are. Last year, Gov. Newsom
Below are some key changes to California labor laws that signed Assembly Bill 979 (Holden, 2020), which is de-
employers, including banks, are now adhering to. Unless signed to do for “underrepresented communities” on
otherwise noted, these measures became effective Jan. 1, boards of directors what Senate Bill 826 (Jackson, 2018)
2021. While these summaries have been prepared with did for board gender diversity. By the end of this year,
care, these are not intended to be exhaustive. Please ex- boards of any size are required to have at least one direc-
amine the full text of any measure of interest to you and tor from an underrepresented community, as defined.
14 www.westernbankers.com | WesternBankerPaid Family Leave Benefits workplace safety, to enforce the measure’s reporting man-
Californians who work for an employer with at least dates and even to shut down any worksite that is deemed
five employees are now eligible for expanded paid fam- to be an “imminent hazard” to employees. In this context
ily leave benefits to care for a new baby or sick family it is important to also note that Cal/OSHA enacted an
member, enacted by Senate Bill 1383 (Jackson, 2020), Emergency Temporary Standard on COVID-19 infection
which took effect immediately upon signature. Under prevention. The standard requires employers to establish,
this measure, the definition of qualifying family mem- implement and maintain an effective written COVID-19
bers under the California Family Rights Act is expand- prevention program and to provide training and instruc-
ed to also cover grandchildren, grandparents, siblings tion to employees on how COVID-19 is spread, infection
and parents-in-law. This expansion will impact larger prevention techniques, and COVID-19-related benefits
employers already covered by CFRA and the Family that employees may be entitled to under applicable fed-
and Medical Leave Act who will, in some cases, have eral, state, and local laws.
to administer the two 12-week leave periods separately,
Melanie Cuevas serves as the vice president of govern-
for a total of 24 weeks of protected leave. Previously,
ment relations for the California Bankers Association,
CFRA only applied to employees at larger companies, where her advocacy portfolio focuses mainly on issues
so this measure extends family leave job protections for related to cannabis, debt collection, labor and employ-
roughly an additional six million California workers. ment, political reform, privacy, and agricultural, student
and military lending.
Pay Data Reporting
Private employers of 100 or more employees (with at
least one employee in California) must report hours-
worked data by establishment, job category, sex, race
and ethnicity to the Department of Fair Employment
and Housing, by March 31, 2021 and annually thereaf-
ter. This measure, Senate Bill 973 (Jackson, 2020), also
authorizes DFEH to enforce the Equal Pay Act (Labor
Code § 1197.5), which prohibits unjustified pay dis-
parities. The Fair Employment and Housing Act (Gov.
Code § 12940 et seq.), already enforced by DFEH, also
prohibits pay discrimination.
Protection of Victims
Crime and abuse victims also received additional pro-
tections under Assembly Bill 2992 (Weber, 2020), the
prohibition of discrimination and retaliation against
employees is expanded to those who are victims of
crime or abuse when they take time off for judicial pro-
ceedings or to seek medical attention or related relief
for domestic violence, sexual assault, stalking or other
crime that causes physical or mental injury.
COVID-19 Workplace Procedures
Employers are required to notify their employees of po-
tential COVID-19 exposures in the workplace under the
provisions of Assembly Bill 685 (Reyes, 2020), which
are set to expire on Jan. 1, 2022. It also requires em-
ployers to alert local county health departments of the
outbreaks, defined as three or more positive cases with-
in 14 days. The measure also strengthens the power of
Cal/OSHA, the state agency that oversees and regulates
WesternBanker | Issue 3 2021 15How WBA Provides
Resources to Bank
Human Resources Teams
By Linda Odell, Vice President, HR/Administration, Western Bankers Association
A
s human resource professionals, we have always benchmark survey. The open forum allows attendees to
adapted to new situations and circumstances, discuss whatever issues are top of mind. Such topics have
but Covid-19 pushed us into uncharted territory. included Covid-19 employee cases, reporting of Covid-19,
Throughout the pandemic we have drafted new health and employee absences; remote working; protecting customers
safety policies for our offices, developed engagement strat- and employees; maintaining social distancing; compensa-
egies for our employees working from home, and ensured tion and benefits; policies; virtual hiring and onboarding;
that we had enough PPE equipment to keep our co-work- return to work procedures, cleaning protocols; workplace
ers safe. We continue to navigate the evolving conditions rules and guidelines, and much more.
and monitor new and updated guidance from the Centers
Weekly meeting notes are circulated to the group after
for Disease Control and Prevention and our state and lo-
every meeting as well as information shared by attendees
cal health departments to ensure compliance and keep our including policies, check lists, protocols, and links. Al-
employees and customers safe. though the state of the pandemic is improving, WBA will
continue to host the HR Best Practices group, and when
WBA HR Best Practices Zoom Video Meetings appropriate, reduce to bi-weekly or monthly depending on
In April 2020, the WBA began holding weekly video the bankers’ needs.
Zoom meetings for bank HR representatives to exchange
information and learn how their peers are handling the nu- In addition to creating the new HR Best Practices Forum,
merous Covid-19 mandates. The open forum allows HR we launched the 2021 Compensation and Benefits Bench-
banking peers to share their best practices and experiences mark Survey in April. This survey has become a vital tool
as they navigate through the pandemic. when researching all forms of compensation.
WBA provides a short association update covering Covid- Compensation and Benefits Benchmark Survey
related government relations activity, our upcoming pro- Since 1985, the WBA has published an annual Compensa-
fessional development meetings and webinar offerings, tion and Benefits Benchmark Survey. This survey provides
and progress on our annual compensation and benefits base salary, incentive, and commission compensation data
16 www.westernbankers.com | WesternBankerfor more than 195 positions as well as directors’ compen- Linda Odell joined the Association in 2005, and oversees
sation information, data on human resources practices, the human resources and administrative support func-
comparative healthcare cost information and employee tions of the office, and manages CBA’s Annual Compensa-
benefits summary statistics. tion and Benefits Benchmark Survey. Linda has more than
15 years of human resources experience and more than
The strategic management of compensation and human 25 years of administrative experience. Prior to joining
resources continues to be a critical factor in the success of the WBA, Linda worked for the California Restaurant As-
our member banks. For most banks, compensation con- sociation, where she managed human resources efforts,
stitutes the single largest non-interest operating expense administered employee benefit programs and managed the accounts receivables.
and access to current, reliable information for evaluating
compensation and benefits is critical for
banking decision makers.
Each year, the association works col-
laboratively with the compensation
survey advisory committee, a group
of bank human resources experts who
understand the industry trends, and to
provide guidance and input in devel-
oping this resource for the banking in-
dustry. Pearl Meyer LLC, a third-party
vendor, collects the data via a secured
online survey instrument. To maintain
confidentiality, the completed survey
questionnaires are submitted directly to
Pearl Meyer who collects the data, con-
tacts participants to verify information,
aggregates the survey responses and
prepares the final survey report.
In April, we began marketing the survey
to California banks to encourage their
participation. Survey participation will Many of California’s largest and most notable
be finalized in June and in August, the
banking and financial institutions turn to
compensation survey advisory commit-
tee will conduct a thorough review of Hopkins & Carley for expert legal counsel.
the survey data and identify any outliers
or inaccurate data. The final survey will • Bankruptcy, workouts, and restructuring
be published and marketed to Califor- • Commercial and real estate lending transactions
nia banks in September. • Employment issues, including counseling and litigation of disputes
• Foreclosure and loan enforcement
The WBA would like to acknowledge
the individual banks who participate in • Litigation
our annual survey. We would also like • Real estate, including office leasing and sale of REO properties
to thank the compensation survey ad- • Trust transactions and disputes
visory committee and Pearl Meyer for
their contributions to this study.
For more information about the HR
Best Practices Forum or the Compen-
sation and Benefits Benchmark Survey 408.286.9800 | hopkinscarley.com
please email Linda Odell at lodell@
westernbankers.com.
WesternBanker | Issue 3 2021 17Leadership in Times
of Change
By Steve Jones, Leadership Development Expert, Anthony Cole Training Group
C
hange is hard. Change is uncomfortable. Given They might be asking:
the choice, most people will choose to not change
what they feel has been working for them. Here • “Do these changes affect my work schedule, which
is what we are hearing from many banking leaders: will in turn affect my schedule outside of work?”
“Due to the virus restrictions, we have had to institute • “Am I going to need to rely on or develop a skill I
many new procedures. Surprisingly, some of my best never really needed in the past? Do I feel confident in
employees are struggling to adapt to them!” that new skill? Am I willing to put in the time and ef-
fort required to learn the new procedure?”
“We had to shrink our sales team due to business per-
formance. This required us to juggle some client assign- • “Will my selling style match well with the new clients
ments among the remaining staff. Some have jumped I have been assigned, or will I need to adjust? Will I be
right in, but a few are resisting. We have been clear able to adjust? Do I want to adjust?”
about why the business needs to make these changes.
When change happens in our lives, it is natural for us to
They should be happy they have kept their jobs, but
resist at first, particularly if we thought things were going
you’d never know it.”
well before. If the status quo was comfortable for me, I
What’s going on? In the past, our team has risen to ev- would prefer to leave things as they were. Unconsciously
ery challenge and met every new goal with excitement and (or maybe consciously), I am hoping that if I resist the
enthusiasm. Our compensation is more than competitive. change then it will go away. You will let me continue to
Our competition hasn’t introduced any new products or operate in my comfort zone.
services that we can’t compete against. We were very clear
on the new procedures and assignments, and our perfor- The mistake we make as managers is that we believe all
mance expectations are basically the same as they have we need to do is clearly explain what needs to be done
always been. and why. If we do that, everyone will see the need for
the change and jump on board. However, as long as your
What could be going on is that you and your managers have people are in resistance mode, they are not ready to listen
focused your energy on clearly defining new procedures and to your arguments on why the changes are good for the
expectations but may not have spent enough time focusing company. They are taking care of themselves first. The
on the personal needs of the employees. When things are next time you need to institute changes take a more bal-
changing, employees will often take a step back to under- anced approach:
stand how the changes affect them personally before they
focus on how the changes will benefit the business. They 1. Be clear about the need for the change and the long-
need the time to understand what they need to do differ- term benefits of everyone successfully adopting the
ently and to what extent their world is being changed. new procedures.
18 www.westernbankers.com | WesternBanker2. Acknowledge that this is a change 4. As a leader, you need to define them how far they have come,
and seek to understand what con- the desired outcome. Allow thank them for their efforts, and
cerns your employees may have your employees to participate revisit the benefits of making
about adapting to the changes. in figuring out the best way to the changes. This will help them
Be sincere in your understand- achieve that outcome. If you do continue to move forward even
ing that change can be confusing, this, you will find they will more when they have setbacks.
time-consuming and scary. If you quickly “own” the new proce-
have the flexibility to accommo- dures and behaviors. Remember, change is hard. Change
date an individual’s specific con- is uncomfortable. Given the choice,
5. When your employees strug-
cerns, let them know that. most people will choose to not
gle with the new “rules of the
change what they feel has been
3. Discuss what the employees game” – and they will – be for-
working for them. Don’t try to man-
giving at first and encourage
need to get comfortable with age the change by focusing on pro-
them to keep working at it. Ac-
the changes. Do they need more cesses, measurements, and results.
knowledge the effort to change,
information? Do they need time Instead, try to lead them through the
and they will feel you appreciate
to learn new procedures before change by partnering with them and
that it isn’t easy.
they are implemented? They supporting them along the new path
certainly will need your patience 6. When you feel the majority of you have set for them.
as they adjust, and your under- your folks have successfully tran-
standing if they are not initially sitioned to the new way, take Reach the Anthony Cole Training Group to learn
skilled at the new behaviors. some time to celebrate. Remind more: anthonycoletraining.com
Tips for
Recruiting
a Diverse
Workforce
Build a Strong Know Where Find Partner Tell Candidates Hire—and Keep—
Intern Program to Look Organizations What You’re About Talent that Fits
aba.com/Diversity
WesternBanker | Issue 3 2021 19How to Prevent
Common Hacking
Attacks in Your Bank
By Joseph Sarkisian, IT Assurance Staff Consultant, Wolf & Company
O
n a recent internal penetration test, I realized Initial Foothold
something — the initial foothold on the network, It’s often said that protocols are a pen tester’s best friend.
privilege escalation, and full domain compromise Some of these include Link-Local Multicast Name Reso-
consisted of steps that were identical to two or three oth- lution (LLMNR) and NetBIOS Name Service (NBNS),
er tests I had just executed. which are legacy protocols used by Windows to resolve
hosts on the network, long overshadowed by the Domain
The steps I took are well-known attack methods used by Name System (DNS).
hackers, but may not be clear to administrators trying to
determine how to best close network security gaps that DNS tends to respect the privacy of the hosts that it isn’t
would easily allow attackers to gain access. seeking out. When one host needs to know the name of
another host, DNS looks it up; if it doesn’t find anything,
I have compiled a detailed analysis of each of these pen- it essentially states that it can no longer help.
etration testing components to allow administrators to
build a more mature controls posture in their organiza- On the other hand, if DNS fails, LLMNR and NBNS
tion and help prevent attacks by hackers. (if enabled) will send a broadcast message across the
subnet asking every host if they are the resource sought
Please note that none of the following steps leverage any by the user.
exploits; we’re simply taking advantage of misconfigured
trust relationships in the network. That’s where our hacking methods come in.
20 www.westernbankers.com | WesternBankerIn our own test environment, using a tool called Re- It’s common in a domain to find more than one account
sponder, we’ll position ourselves on that subnet and with an active session running on any given host. While
answer all of these broadcast messages. For example, this may only be a workstation and not a server, we’ll
we’ll respond to the request for a file server and say still check to see if anyone else is logged on to this host
that we’re the intended file server. The tool then tricks using CME:
the requesting host into providing its password hash
to us to authenticate to that file server. We can then
reverse the password hash using a password cracking
tool. Let’s see what Responder looks like when this at-
tack is successful:
Perfect! It just so happens that the MSSQL account —
a known domain administrator based on our Blood-
hound reconnaissance — is also logged into this host.
This is important because as an administrator, Alice
can dump the memory of the host, specifically the Lo-
cal Security Authority Subsystem Service (LSASS) pro-
cess, which stores the credentials of all logged on users.
We love seeing orange in CME because it typically Let’s see what that looks like as well:
means we have something very useful, and in this case,
it’s the grand prize. “Pwn3d” is the tool author’s way
of saying that this user has administrative privileges
on this host. Clearly, this means we have many more
rights than your average user, but what rights matter to
us if we want to get to the MSSQL account? CONTINUED ON PAGE 22
ELEVATE YOUR CAREER:
EARN YOUR CFMP
Differentiate yourself and elevate your career by earning the newly
updated Certified Financial Marketing Professional (CFMP)
designation—the only industry-recognized certification for bank
marketers. Demonstrate a mastery of data and analytics, branding,
revenue generation, customer experience and more.
Plus, with the new, online CFMP Exam prep course, getting ready
to pass the exam has never been eaiser.
Earn yours today.
aba.com/CFMPWestern
WesternBanker | Issue 3 2021 21Amazing! Not only do we now have the hashed password How Can You Mitigate These Attacks?
of the MSSQL account, which we could easily us in a
“Pass the Hash” attack, but we also have the plain text Initial Foothold Phase:
password for the account. • Turn off LLMNR and NBNS.
With these domain administrator credentials, we typi- • Make sure you have a DNS entry for your approved
cally give our clients a free password strength audit by WPAD file.
using them to dump the NTDS.dit file on a domain con-
• Turn off proxy auto-discovery from web browsers
troller. This file has all of the password hashes for the across the domain via group policy.
accounts in the domain, which we can feed into a hash
cracking machine to reveal the plaintext password for the • Enforce a strong password policy.
accounts in the domain. • Train your end users to spot strange occurrences (like
atypical pop-ups asking for credentials).
Let’s see what this dump looks like:
Enumeration Phase:
• Use Wireshark and NetFlow analysis tools to look for
abnormally large LDAP queries right after an authen-
tication event by an account that has no business gen-
erating this amount of traffic.
As you can see, the file has hashes for all domain accounts, Escalation Phase:
which we can then leverage. We have now compromised
the entire domain, but most penetration testers don’t stop • Make sure that users have as few permissions as is
reasonably possible, depending on your organization.
here — because during a live attack, a hacker wouldn’t
either. Our clients want to see business impact, and we • Rid yourself of all legacy operating systems.
typically don’t need domain administrator credentials to
• Disable WDigest authentication to prevent passwords
prove this point.
from being stored in plain text in memory.
Post-exploitation Post-Exploitation Phase:
For instance, let’s see what kind of data Alice can access
by using CME once again to look through shares on the • Lock down object permissions across the network.
network. We’ll use the MSSQL account to do this, since • Remove excessive write permissions across accounts.
it likely has the most access, but the following example
works with Alice’s credentials as well: • Segment, segment, segment.
Conclusion
The different types of hacking techniques identified in the
attack narrative outlined above are not the only way at-
tackers and penetration testers will attempt to compromise
your network. However, by using this extremely common
Looks like Alice is storing a file with passwords to oth- process, we can use these tools and strategies to further
er systems on this host. This isn’t an uncommon sce- penetrate your systems.
nario, and we’ve seen this exact situation before during
actual engagements. If administrators lock these basic vulnerabilities and mis-
configurations down, they’ll make the lives of malicious
Whether it is a password file, customer data, health re- attackers much harder.
cord, drug trial, or any other sensitive information, if
a user is downloading it from a server and storing it Joseph Sarkisian is IT Assurance Staff Consultant with Wolf & Company, P.C. You
locally, we now have access to it. can reach him at jsarkasian@wolfandco.com, or at (617) 261-8159.
22 www.westernbankers.com | WesternBankerTHE
BHG LOAN HUB
#1 Source for Top-Performing Loans
Gain exclusive access to our secure,
state-of-the-art loan delivery platform and
learn how more than 1,200 community
banks have earned over $700MM in
interest income since 2001.
HOW DOES IT WORK?
Quickly analyze complete
1 Log in to BHG’s state-of-the-
credit files, and with consistent LOGIN
art loan delivery platform –
The BHG Loan Hub
loan packages available every
time, you can make informed 2 Review and underwrite
complete credit packages
purchasing decisions with ease.
Bid on or purchase loans with
3 CLICK
the click of a button
JIM CRAWFORD
JCrawford@em.bhgbanks.com
D: 315.304.6258
or visit bhgloanhub.com/jim
WesternBanker | Issue 3 2021 23MEMBER PROFILE
Simmons Marks 50th Year in Banking
Paul W. Simmons is 20 years. The Association has maintained a Superior
the President and Chief 5-Star Bauer bank performance rating and experience
Executive Officer of over 30 years of consecutive profitability!
First Federal Savings
& Loan of San Rafael. Simmons has guided First Federal through the current pan-
Simmons also serves as demic. Under his leadership, there have been no employee
Chair of the First Fed- layoffs or branch closures, and First Federal has contin-
eral Board of Directors. ued to grow while remaining dedicated to supporting local
He celebrated a major non-profits and community development programs.
milestone with First Simmons is a founding member of the Rotary Club of Mis-
Federal in May when sion San Rafael and served as a Club President in 1993-
he marked his 50th year
1994. Other Rotary acknowledgements include being a
with the Association!
Paul Harris Society Member, a major donor to the Ro-
Paul W. Simmons tary Foundation, and a Bequest Society Member. Simmons
President and CEO, Simmons began his
career with Bank of
First Federal Savings & Loan
served on the Board of North Bay Family Homes for near-
of San Rafael America before joining ly 20 years, and prior to that he served on the Board of the
First Federal on May 3, Savings Association Mortgage Corporation.
1971. He worked in the loan operations/note depart- Simmons is a past Commodore of the Loch Lomond Yacht
ment where his knowledge of credit and finance began. Club and a three-time past Commodore at the Marin
He quickly progressed and assumed positions of higher Yacht Club. He is a passionate boater and sailor and was
responsibility, eventually becoming the Chief Lend- a competitive sailboat racer. He currently enjoys cruising
ing Officer. During this period, Simmons was directly the San Francisco Bay and the Delta.
involved in expanding First Federal to its current five
branch offices. He became President of First Federal First Federal maintains five branches located in Marin, San
in 2008, and was elevated to CEO and Board Chair in Francisco and Alameda counties. Simmons and his wife,
2012. Because of his conservative business principles, Kay, are longtime San Rafael residents and are closely tied
the Association has not experienced a loan loss in over to the community.
24 www.westernbankers.com | WesternBankerMEMBER UPDATES
NEW ASSOCIATE MEMBERS
Onovative, an automated marketing and
communication software provider, put controls back
in the hands of bank marketers. Onovative’s affordable
marketing software for planning, automation
and execution empowers you to manage data for
strategizing throughout the consumer lifecycle and
Dorsey & Whitney LLP is an international law firm engage with consumers through multiple channels.
with over 550 attorneys in 19 offices across the United With software that integrates directly with your
States, Canada, Europe and Asia. Dorsey was founded existing core banking systems, Onovative helps banks
in 1912 to serve a bank’s need for outside counsel. drive results by bolstering growth with their current
Banks and other financial institutions continue to account holders and within their markets.
inspire our service offerings over 100 years later.
Website: www.onovativebanking.com
More than 250 Dorsey lawyers comprise the Firm’s
Banking and Financial Institutions Group, advising
those clients on matters around the globe. Our clients
include banking organizations, investment banks,
broker-dealers, investment funds, insurance companies,
credit unions, FinTech enterprises, and other financial
institutions. Our work includes representation in Hyosung America is the North American market share
complex lending transactions, bankruptcy and leader and fastest-growing ATM manufacturer in the
restructuring matters, corporate trust transactions United States offering industry-leading innovation and
and disputes, regulatory issues, consumer financial solutions backed by unmatched service and support.
matters and other practices specific to financial Hyosung partners with the financial strength and
institutions. Our experience extends to all types of deep investment in research and development of its
litigation, mergers and acquisitions, real estate services, parent company, the multi-billion-dollar conglomerate,
employment and benefits law, corporate compliance Hyosung, Inc. Hyosung prides itself on innovating
and intellectual property. We are proud to serve U.S. for the future and the satisfaction of their customers.
banking and financial institutions of all sizes. In collaboration with its partner network, Hyosung
provides comprehensive industry coverage and sales
Website: www.dorsey.com support. Since 1998, when Hyosung entered the U.S.
market offering the first small-footprint Retail ATM,
they have led the market with over 70 percent of the
market share. Transitioning that same industry-leading
innovation, Hyosung entered the Financial Institution
market in 2008 and has nearly tripled its sales in
the last three years. Hyosung is dedicated to leading
the way with innovation and unprecedented service
performance in the financial and retail markets.
Website: www.hyosungamericas.com
WesternBanker | Issue 3 2021 25DefenseStorm provides cybersecurity and cyber compli- Thomson Reuters CLEAR® provides a comprehensive
ance solutions specifically built for banking to achieve and collection of public and proprietary records, sophisticat-
maintain Cyber Safety and Soundness. The DefenseStorm ed analytics, and transparent data into a single working
GRID is the only co-managed, cloud-based and compli- environment providing insights to corporate compliance
ance-automated solution of its kind, operating as a tech- professionals, law enforcement, and local and federal
nology system and as a service supported by experts in FI agencies to proactively mitigate risk and resolve fraud
security and compliance. It watches everything on a bank’s concerns. Powered by billions of data points, CLEAR le-
network and matches it to defined policies for real time, verages cutting-edge public records technology to bring
complete and proactive cyber exposure readiness, keeping all key content together in a customizable dashboard.
security teams smart and executives accountable. FFIEC Confidently verify identities, detect fraud risks, and easi-
CAT requirements are built-in and automated, as can be ly conduct comprehensive research on subjects and busi-
other frameworks and an FI’s own policies, to achieve Ac- nesses in a matter of minutes.
tive Compliance. Our Threat Ready Active Compliance
(TRAC) Team augments a bank’s internal team to protect Thomson Reuters is one of the world’s most trusted
business continuity and skills availability while also ensur- providers of information intelligence and end-to-end
ing cost-effective coverage and management. solutions for corporations of all sizes, government and
legal professionals – helping to solve your toughest reg-
Website: www.defensestorm.com ulatory, legal and compliance challenges.
Website: www.thomsonreuters.com
IP Services proactively manages clients’ cybersecurity and
critical IT systems and applications in any datacenter using
the VisibleOpsTM methodology and the quality control
system we created called TotalControl™. IP Services’ Next
Generation Cybersecurity uses proven best practices to se-
cure businesses and the users they serve by monitoring and
Next One Staffing is a leader in providing staffing so-
protecting the systems and applications that are the heart
lutions to banks and accounting firms throughout the
of modern business - Managed Services and Managed Cy-
nation. All our recruiters have over 10 years of experi-
bersecurity Services. IP Services’ target market is best suited
ence in their respective industries, so we know where
for small and medium size banks in the United States that
to find top talent.
lack the resources to effectively provide comprehensive IT
management and necessary security and compliance ser- Website: www.nextonestaffing.com
vices.
Website: www.ipservices.com
26 www.westernbankers.com | WesternBankerNEW MEMBER BANKS
Wheatland Bank, formed in 1979 in Davenport, Wash., is
a locally-owned independent community bank. Wheatland Bank Five Nine opened in 1859 and is proud to continue
Bank’s commitment to eastern and central Washington is the tradition of hometown, community banking the way
strong and has deep roots. It is a commitment that is kept the organization began, while incorporating many innova-
alive with powerful local ownership, leadership and deci- tions and improvements. As a community bank, some of
sion-making. In the 40 years since inception, Wheatland our top priorities are to provide the best in financial servic-
Bank has grown through organic and diversified expansion es to our customers and to give back to the communities
with 14 branches throughout eastern and central Washing- we serve through charitable donations and volunteerism.
ton serving over 15,000 customers. Wheatland Bank focus-
es on helping businesses and consumers succeed by offering
personalized banking relationships and customized lending,
banking and wealth management services.
As the oldest bank in Montana,Bank of the Rockies is
An internet-only bank, California First National Bank firmly rooted in the heart of each community we serve.
(CalFirst), is committed to providing solutions to meet a We make dreams happen by helping our customers reach
wide range of personal and commercial banking needs. their personal, business, or agricultural goals. As a fam-
Nationwide, our customers enjoy the convenience of one- ily-owned and managed bank, we believe in putting the
stop banking anytime, anywhere. We provide 24/7 account customer first through convenience, local decision-mak-
management and accept deposits via the Internet and mail. ing, and a commitment to our communities.
WesternBanker | Issue 3 2021 27You can also read
