KENTUCKY BANKER March 2015
March 2015 | 2
CONTAC TS BOARD OF DIRECTORS Mr. Bill Allen Bank of the Bluegrass and Trust Company
Ms. Lanie W. Gardner First National Bank of Muhlenberg County
Mr. William Alverson Traditional Bank, Inc.
Ms. Elizabeth Griffin McCoy Planters Bank, Inc.
Mr. James W. Beach Peoples Bank & Trust Company Owenton
Mr. Gordon Kidd United Cumberland Bank
Mr. J. Wade Berry Farmers Bank & Trust
Mr. Michael H. Mercer First Security Bank of Kentucky
Mr. William F. Brashear, II Hyden Citizens Bank Mr. Neil S. Bryan The Farmers Bank of Milton
Mr. Glenn Meyers Kentucky Federal Savings & Loan Association Mr. Michael Mineer Citizens Deposit Bank & Trust
Cover photo taken by Rusty Davis “Barn and Field�
Mr. Louis Prichard Kentucky Bank
for the Scenes of Kentucky Photo Contest
Mr. Thomas J. Smith, III American Bank & Trust Company, Inc. Mr. Ryan Steger Commonwealth Bank FSB Mr. H. Lytle Thomas Heritage Bank, Inc. Mr. Frank B. Wilson Wilson & Muir Bank & Trust Company Mr. Greg A. Wilson The First Commonwealth Bank
KBA STAFF Ballard W. Cassady Jr. bcassady@kybanks.com President & CEO
Natalie Kaelin nkaelin@kybanks.com Assistant General Counsel
Brandon Maggard bmaggard@kybanks.com Account Representative
Donna McCartin dmccartin@kybanks.com Benefit Support Specialist
Debra K. Stamper dstamper@kybanks.com EVP / General Counsel / Director of Compliance
Michelle Madison mmadison@kybanks.com Information Technology Manager
Audrey Whitaker awhitaker@kybanks.com Insurance Services Coodinator
HOPE of Kentucky
Lanie Minton lminton@kybanks.com Administrative Assistant
Tim Abbott tabbott@kybanks.com Account Representative
Katie Rajchel krajchel@kybanks.com Staff Accountant
KBA Benefit Solutions
Paula B. Cravens Sturgeon pcravens@kybanks.com Director of Education Solutions Selina O. Parrish sparrish@kybanks.com Director of Vendor Solutions Matthew E. Vance mvance@kybanks.com Chief Financial Officer Miriam Cole mcole@kybanks.com Executive Assistant Paula Cross pcross@kybanks.com Education Services Coordinator Jamie Hampton jhampton@kybanks.com Education Services Coordinator Lane Hettich lhettich@kybanks.com Editor, Communications Solutions
Yvonne Savage ysavage@kybanks.com PAC Services Coordinator Angie White awhite@kybanks.com Manager, Communications Solutions Steve Whitlow swhitlow@kybanks.com Systems Engineer
Consultant
John P. Cooper jcooper@kybanks.com Legislative Solutions Consultant
KBA Insurance Solutions
Chuck Maggard cmaggard@kybanks.com President & CEO
Billie Wade bwade@kybanks.com Executive Director
Tammy Nichols tnichols@kybanks.com Finance Officer & Asset Manager
Lisa Mattingly lmattingly@kybanks.com Director of Sales & Service
CONTRIBUTING EDITORS Lane Hettich lhettich@kybanks.com
Angie White awhite@kybanks.com
CONTACT 600 West Main Street Suite 400 Louisville, KY 40202
Phone: 502-582-2453 Fax: 502-584-6390 www.kybanks.com
March 2015 | 3
CHAIRMAN’S CORNER We all know the burden. A recent community banking survey conducted by KPMG found that two of the top three challenges faced by community banks were related to regulatory and legislative pressures, and compliance costs. We must stand together as an industry to educate our elected officials about the unintended consequences of these new regulations.
As Kentucky’s 2015 legislative session winds down, we will begin to focus our advocacy efforts on the national front with our federal elected officials. On March 15th, we will travel to Washington, D.C. to inform our Congressmen and women about the challenges facing community banks today. Here at the Kentucky Bankers Association, we have to believe that our federal elected officials intended, in good faith, to do the right thing to combat the issues stemming from the 2008 banking crisis. However, like many good intentions, several unintended consequences from their actions are overtly detrimental to community banking as we know it. New regulations associated with the Dodd-Frank Act, the Volker Rule, and the Basel III framework are making it extremely difficult to provide access to capital that consumers and small businesses need. At the same time, these regulations, over time, are slowly eliminating consumer choice -- the exact opposite result of what our elected officials tried to accomplish by undertaking regulatory reform.
Now more than ever, the KBA membership must educate and advocate before our state and federal elected officials to remind them of the value and importance of preserving community banking in Kentucky. There has never been a better time than now to be a community bank as it relates to the trust and value our customers place in us. Our customers depend upon us for capital, advice and encouragement as they look to grow their business. If you can’t join us on our trip to Washington, I encourage each and every one of you to reach out to your representative in Congress. Please invite them to visit your office and have frank conversations with them about the challenges your institution faces. Now is the time for all hands on deck when it comes to advocating for a better regulatory environment for our community banks. I am confident that through the efforts of KBA’s extraordinary team, as well as the dedicated management and staff of community banks throughout Kentucky, we can change the current regulatory environment and bring future prosperity to our local banks and communities. H. Lytle Thomas
I can personally attest to the increased costs these regulatory burdens have placed on our community banks. From 2011 to 2014, costs associated with regulatory and compliance requirements have increased by more than seven times at my bank.
Don’t Forget to Register for the Inaugural Chairman’s Cup. July 10th, 2015 Elk Creek Hunt Club Owenton, KY Contact Yvonne Savage at ysavage@kybanks.com for details.
March 2015 | 4
March 2015 | 5
STRAIGHT TALK Courage Overregulation is killing America’s banks – and we’re not the only ones saying so. In recent weeks, the Wall Street Journal and the American Bankers Association have supported that assertion with data, and a recent Harvard study reported on the consequences. “Our assessment of Federal Deposit Insurance Corporation data finds that community banks service a disproportionately large amount of key segments of the U.S. commercial bank lending market – specifically agricultural, residential mortgage, and small business loans. However, community banks’ share of U.S. banking assets and lending markets has fallen from over 40 percent in 1994 to around 20 percent today…. Particularly troubling is community banks’ declining market share in several key lending markets, their decline in small business lending volume, and the disproportionate losses being realized by particularly small community banks.” From my perspective, there’s no reason to keep “proving” what is well-known and patently obvious. What we need is courage: courage from our legislators to change overzealous laws, courage from regulators to use common sense, and courage from those who have acquiesced in this madness – and yes, I include myself and my state and Federal counterparts around the country in this category. Frustrations are at a breaking point. Regulators point fingers at legislation – legislators point fingers at regulators with bad judgment – banking advocates like me wring our hands and wail that “We are not Wall Street!” – and nothing changes. Is the problem deaf ears – or faint hearts in every sector? Wouldn’t you like to see someone in Washington stand up and say the current regulation is USELESS where community banking is concerned – that the Emperor has no clothes? Only those who dwell in the intersection of Clueless and Careless can continue to mouth the blatant falsehood that Dodd-Frank doesn’t harm community banks and destroy their communities from the inside out. Operating expense to cover compliance goes up, lending goes down, the experienced judgment of bankers
on safe and sound lending is high-jacked by social agendas, and our communities pay the price. If I were tasked with designing a plan to incrementally institute socialism in the United States, I’d start with the banking industry, and I’d do exactly what the federal government has been doing to us in the recent decade. That’s why I believe there’s more at stake than the viability of Kentucky’s community banks, so much at stake that we must demand accountability in every sector. In our political system, what should we require of our representatives? Comprehension of the issues, genuine compassion, and courage. And what should we require of ourselves, the represented? The same things – especially courage. The courage to stand together and raise one undeniable voice. The kind of courage it would take to post a classified ad in Washington that reads: WANTED: INDIVIDUALS ABLE & WILLING TO ADDRESS BANKING REGULATION CRISIS IN THE U.S. Level-headed listeners. Must be able to work in a team environment, take criticism, and creatively solve economic/ financial problems. Must be goal-driven and resultsoriented. Necessary skills: public speaking, reading comprehension, basic mathematics, and COURAGE. I believe we would get some applicants – some legislators, perhaps even a regulator or two, and some of the state banking execs for whom all this should be central to our job descriptions. This ad is taking the form of conversations around the country marked by escalating intensity that befits the crisis in our rural banks and communities – and we’re finding pockets of comprehension, compassion and courage. But accountability calls for the courage to publicly acknowledge what they’re missing. That’s the courage we have lacked. That’s the courage we must find if banking, as we know it, is to survive another decade.
Lux, Marshall; Greene, Robert. The State and Fate of Community Banking. Harvard Kennedy School Associate Paper No. 37.
Let me know what you think: bcassady@kybanks.com March 2015 | 6
Education @ Your Fingertips
Scan the QR code to visit our Education Resources page
Keep your skills sharp with Education Solutions from the KBA Please visit kybanks.com and browse through our educational resources March 2015 | 7
MY TWO CENTS PLUS SOME Remote Deposit Capture- Who Bears the Risk? If you don’t already know, Remote Deposit Capture (“RDC”) is an electronic service which allows a customer to scan the front and back of a check and transmit these images to a bank for posting and clearing as an electronic item. RDC is easy, once the software/system is in place. A customer only needs the following: 1. A PC or handheld device (smartphone/tablet) compatible with the software; 2. A camera or scanner accessible to the device and acceptable to the software; 3. An internet connection; and 4. A bank relationship with an RDC option. RDC was first introduced, after Check 21, as a convenience feature principally designed for commercial customers. Security was initially tight, the depositing customers were specifically trained, account activity was monitored and, most importantly, the bank required a signed customer agreement which specified the liabilities and responsibilities of the parties. Even with these security measures, however, fraud found its way into the system. But, the risks were mitigated and commercial customers had come to expect RDC as a standard for their banking business. The natural next step was to offer RDC services to consumer depositors. Everyone is looking for faster and more convenient banking and this offers both. RDC was offered using mobile phones and other smart devices, and is now known as Mobile Remote Deposit Capture (“MRDC”). It did not take long for MRDC to find its place in banks of all sizes and geographic locations, as more customers began to expect it. As a matter of fact, the Federal Reserve Board reported in March 2013 that consumer use of MRDC nearly doubled from 2011 to 2012. In March 2014, a study indicated that 38 percent of all customers with mobile banking access deposited a check using MRDC in the past year. And, as with all rapidly adopted convenience technology, the risks have increased right along with the usage. The difference between the risks associated with most technology and the primary risk associated with MRDC is that MRDC’s risk, duplicate deposits, is so easy to accomplish. That is, the depositing customer can make a March 2015 | 8
deposit by MRDC and then by accident or design almost simultaneously attempt to deposit the same item through physical deposit or presentment for cash at a branch, at a retailer or through an ATM. One national bank has reported that of the 3 million items deposited through MRDC monthly, it also receives approximately 6,000 suspected duplicate checks. However, the good news is that of these duplicates only 300 to 400 checks involve suspected fraudulent duplicates—the others were largely accidental. But, while that is a low percentage, it could still be a significant loss to any bank. So, absent an agreement, how does this happen and who is responsible for the loss if the customer doesn’t voluntarily correct the error by returning the money for the second deposit? The following gives some example of what may happen. Mr. Duplicate, a deposit customer of Bank of First Deposit (“BankFD”) uses remote deposit capture to make a deposit of a check into his account. The deposited check is written by Mr. Money and drawn on Paying Bank (“PBank”) and is cleared through a check image exchange network to PBank, which pays the check and posts it to Mr. Payor’s account. Mr. Duplicate then takes the paper check to Second Bank of First Deposit (“SecondBankFD”) and deposits the paper check in an account he has at that bank, either by mistake or fraudulent intent. The check is processed in the usual course and presented for payment to PBank. PBank, seeing that it is a duplicate, either returns the item to SecondBankFD within the midnight deadline (if the item is identified as a duplicate in a timely manner), or PBank pays the item, potentially posts the item to the to Mr. Money’s account, and subsequently makes a warranty claim to BankFD or SecondBankFD for the duplicate payment of the same item. It is assumed that BankFP, SecondBankFD and PBank are all ECCHO (Electronic Check Clearing House Organization) members or otherwise subject to the ECCHO Rules, and that the ECCHO Rules govern the check image exchange in question. 1. Can PBank make a warranty claim under ECCHO against either BankFD or SecondBankFD for the duplicate payment? Answer: Yes. The ECCHO Rules provide that a bank of first deposit which presents an item to the paying bank makes a warranty to the paying bank that an item will not be presented for payment twice. Specifically, under the ECCHO Rules, each bank of first deposit warrants to the
paying bank that it will not receive a transfer, presentment or return of, or otherwise be charged for, the electronic image, the related physical check of that electronic image, or a paper or electronic representation of the related physical check such that the paying bank will be asked to make a payment based on an item that it already has paid. ECCHO Rules Section XIX(L)(7). A bank of first deposit that breaches this warranty to the paying bank agrees to indemnify the paying bank and hold it harmless from and against any damages, expense or loss, including attorney’s fees, suffered as a result of the breach. ECCHO Rules Section XIX(L). Thus, under our scenario, PBank can approach either BankFD or SecondBankFD for these warranties. However, SecondBankFD may qualify for holder in due course status if it accepted the deposit without notice of the first deposit. Further, both banks may raise the defense that PBank failed to exercise ordinary care or act in good faith in paying the suspected duplicate item, so this may not be a solution. 2. Can PBank return the second item? Yes, PBank may return the second deposited item. However, this could be a wrongful dishonor, which begs the question of who would suffer the loss. Probably, if Mr. Duplicate is trying to defraud the banks, it would be a battle between SecondBankFD and PBank. This is not a great result. 3. Can PBank handle the suspected duplicate item as an “adjustment”?
Yes, PBank can, which will result in the prevention of a claim of holder in due course against Mr. Money, because the check was honored by the paying bank. In this case though, the paying bank assumes the risk and is attempting to pass that risk onto the depository bank. And, the paying bank has waived its rights to return that check under the midnight deadline and becomes accountable under UCC 4-302. This is all very complicated and none of the scenarios above achieve the perfect resolution. Further, case law in this area has not been developed. Some would argue that BankFD should hold most of the risk because it chose to offer the MRDC, but as with most UCC scenarios any participant in the processing chain may end up with the risk, depending upon the specifics of the facts. Thus, the best answer is to not let it happen from the start. The development of an early warning/prevention system between those banks offering MRDC and their customers is the way to go. Some of the steps your bank may want to consider in your MRDC service are: • Do not allow MRDC on business accounts, regardless of whether the account is a corporate account or a dba. • Require all business customers who want to use RDC (not MRDC) to be trained and to sign a written agreement as to proper practices and responsibilities in the event there are duplicate deposits by the customer or employees. • Provide adequate disclosure and notice to customers about the potential for accidental duplicate checks and the fact that the customer will be ultimately responsible for any duplicate payment made. • Require items deposited through MRDC to be marked in some way that is readily identifiable as a MRDC. This marking may be required to be made in such a way that the check will not be eligible for automatic systems processing in the event the item is physically presented for duplicate payment. Perhaps a line through the routing number and restricted endorsement “Mobile Deposit Only.” Of course, you will also need to have processes in place which allow for override by a teller in the event the MRDC is denied because of bad image or some other reason not related to fraud. These are just a few ideas. Tell me some of yours. Debra Stamper dstamper@kybanks.com
March 2015 | 9
March 2015 | 10
Powerful Connections Apply Today for GSB
When you take advantage of educational opportunities through the Graduate School of Banking at the University of Wisconsin-Madison you’ll improve your career and your bank’s performance. GSB programs allow you to explore critical banking topics in the real world—with hands-on learning and the chance to network with some of the brightest leaders in the industry, talented colleagues and exceptional instructors alike. Make powerful connections, gain knowledge and ignite your career.
Upcoming Classes Graduate School of Banking - August 2-14, 2015 Bank Technology Management School - April 12-17, 2015 Bank Technology Security School - October 11-16, 2015 Human Resource Management School - April 19-24, 2015 Financial Managers School - September 13-18, 2015 Bank Management Forums - Ongoing Throughout the Year Online Seminar Series - Ongoing Throughout the Year
Visit gsb.org to request a catalog or for information on curriculum, student profiles, scholarships and more. Power your career … apply now for GSB!
Educating Professionals, Creating Leaders GSB_SpringAd_KentB_7.5x10_0115.indd 1
“The faculty and staff are the best in the industry and truly care about your success in the GSB program. The classes and projects are challenging and rewarding. My GSB experience helped me meet my career goals.” - Mary Young Senior Vice President, The Cecilian Bank Elizabethstown, Kentucky
GSB.org March 2015 | 11 1/30/15 2:46 PM
Proudly Serving KentucKy BanKS for 25 yearS t ax -f ree /t axaBle M uniciPal B ondS • uS t reaSurieS /a gencieS
Bill Barker Toll Free: 800.292.4563 bbarker@rsanet.com
One Riverfront Plaza • 401 W Main St, Suite 2110 • Louisville, KY 40202
Louisville ~ Lexington ~ Cincinnati -KBa a SSociate M eMBer Member FINRA and SIPC • Investment Products Not FDIC Insured • No Bank Guarantee • May lose value.
American Banker Honors Two Prominent Kentucky Institutions American Banker’s second annual ranking of the banks that win high marks from employees for providing a positive work environment, top-notch benefits and ample career-advancement opportunities. Number 25 on the list of 40 is United Community Bank of West Kentucky in Morganfield. United Community Bank holds assets of $221 million and employs 52. President and CEO, Garland Certain, maintains a professional and fun environment with the following initiatives: Activity to relieve stress/promote fun: Whenever the calendar strikes Friday the 13th, the 13th customer of each teller is showered in confetti and handed $13. Community service initiative: United Community established a community fund that allows employees to host fundraisers throughout the year and donate the proceeds to groups and organizations they choose. Fitness/wellness program: A nurse from a local hospital visits each office once a month to check employees’ blood pressure, conduct screenings, hand out educational materials and answer questions. March 2015 | 12
Number 26 on the list of 40 is Central Bank headquartered in Lexington, KY.
Central holds assets of $1.9 billion and employs over 500. Chairman, President and CEO, Luther Deaton emphasizes wellness and healthy living as an integral part of the work environment. A few of Central Bank’s initiatives include: Popular with employees: Wellness and self-help classes take place during work hours and employees are paid to attend. Sustainability initiative: Customers can choose to use biodegradable bags when leaving deposits in the night depositories. Bonus/incentive program: All Central employees who are not officers receive an annual Christmas bonus of $1,250. Congratulations United Community Bank and Central Bank! At the KBA, we know our banks are outstanding, but it’s nice to see those kudos echoed on a national scale.
THIS IS AN ADVERTISEMENT.
When it comes to banking and finance law, trust is equity. M&P is a leading banking and finance law firm representing financial institutions, businesses and individual clients throughout Kentucky and Indiana. Our commitment to personal service and dedication to resolve matters quickly has earned us the trust of our clients, peers and the banking community.
ExpEriEncE MattErs.
MorganandPottinger.com Delivering the bottom line to lenders and financial institutions for more than 40 years.
BowLing gREEn
Banking & Finance Equine Commercial Litigation Real Estate
LExington
LouisviLLE
nEw ALBAnY
March 2015 | 13
Are You registered? ng
ni n a l cp
egi t a r st
Cybe
rsec
alt
ods
th e m g kin
an
ve b i t a n er
urity
techn
ology
What’s Trending in the Industry? Spring Conference April 12 - 14 Hyatt Regency, lexington
March 2015 | 14
Don’t Miss These Great Speakers! Keynote Pat Williams / Senior Vice President and Co-Founder / Orlando Magic - NBA Pat has been an integral part of NBA history, including bringing the NBA to Orlando. He has traded Pete Maravich as well as traded for Julius Erving, Moses Malone, and Penny Hardaway, and won four NBA draft lotteries, including back-to-back winners in 1992 and 1993 and most recently in 2004. He also drafted Charles Barkley, Shaquille O’Neal, Maurice Cheeks, Andrew Toney and Darryl Dawkins and signed Billy Cunningham, Chuck Daly, and Matt Guokas to their first professional coaching contracts. Additionally, Pat served for seven years in the United States Army, spent seven years in the Philadelphia Phillies organization—two as a minor league catcher and five in the front office—and has also spent three years in the Minnesota Twins organization. Pat Williams and his wife, Ruth, are the parents of 19 children, including 14 adopted from four nations, ranging in age from 21 to 34. Pat and his family have been featured in Sports Illustrated, Readers Digest, Good Housekeeping, Family Circle, The Wall Street Journal, and Dr. Robert Schuller’s Hour of Power. He has completed forty marathons, including the Boston Marathon 11 times, and also climbed Mt. Rainier. He is a weightlifter, Civil War buff, and serious baseball fan. He is considered one of America’s top motivational, inspirational, and humorous speakers. To Be or Not To Be – Strategic Challenges for the Community Bank Henry Hawkins / Partner / Mountjoy Chilton Medley Hear about the latest strategic planning challenges community banks are faced with when evaluating growth and acquisitions. What goes into the decision-making process? What should you consider when choosing the next step? Making CRA Profitable Jonathan Welty / Vice President / Ohio Capital Corporation for Housing Billie Wade, CPA / Executive Director / HOPE of Kentucky A discussion of products that can provide KBA members with secure investments while providing market rates of return and an abundance of CRA credit! A Payments Approach to Checking Revenue and Relationships Robert (Bob) Giltner / CEO / R.C. Giltner Services, Inc. FDIC data shows service charges on deposits fell nearly 20% between 2008 and 2012. PayPal, on the other hand, grew revenues over 20% every year during the same time period. Walmart and American Express are providing a “checking alternative” with Bluebird, and 10% of debit pur-
chases now occur with checking alternatives like reloadable prepaid cards, the fastest growing consumer finance segment. “Payments” providers with growing revenues think in terms of segmenting individual transactions according to their specific use, context, and experience. If financial institutions want to grow checking revenue and relationships, let’s talk about changing our strategy. The Future of Branch Banking John Hyche / Senior Vice President / Level 5 Has the tipping point for branch banking finally arrived? For years pundits have been discussing the demise of the bank branch as we have traditionally known it – yet banks have continued to build new branches. However, branch transactions have declined 5% alone in the past few years. This session will address the trends, practical applications, and use of technology to redefine the branch concept. Economic Report Jay Morelock / FTN Financial Cybersecurity Chad Knutson / Senior Information Security Consultant / Secure Banking Solutions Cybercrime is on the rise and banks are in the middle of the mess. A Verizon report suggests that 75% of data breaches are opportunistic attacks. This session will expand on methods to reduce that probability for community banks and explore risk management techniques to maintain compliance. Management is required to implement an information security program to protect customer and financial information. Prior to doing so, they must complete a series of assessments to understand where their exposures are and what to do to mitigate these risks. This session will review emerging cyber security threats and tie them into a comprehensive information security program for a community bank. Emerging Trends: Preparing Your Bank for the Next Decade Trent Fleming / Trent Fleming Consulting While the day-to-day pressures of managing balance sheets and regulatory requirements seem overwhelming, smart banks sense that the weight of competitive pressures make it even more important to develop and execute strategies that will ensure their banks’ success going forward. This session will look at emerging trends in banking products and services, and provide keen insight into developing the infrastructure, tools, and staff needed to deliver them successfully.
Register today! Email pcravens@kybanks.com March 2015 | 15
March 2015 | 16
More Consumers Embracing Mobile Banking While the Internet remains America’s most popular banking method, mobile banking has steadily gained momentum and is now preferred by 10 percent of consumers—up from 8 percent in 2013— according to a recent survey by the American Bankers Association. The annual survey of 1,000 U.S. adults was conducted for ABA by Ipsos Public Affairs, an independent market research firm, Aug. 7-12, 2014. This is the sixth year in a row that customers have named the Internet as their favorite way of conducting their banking business, albeit by a slimmer margin than last year. Thirtyone percent of respondents said it is the method they use most often to manage their bank accounts, down from 39 percent in 2013. The second most popular way to bank— visiting a branch—increased to 21 percent, while those preferring to use ATMs rose to 14 percent. Nessa Feddis, ABA’s senior vice president and deputy chief counsel for Consumer Protection and Payments, noted that this growth reflects
banks’ recent investment in technological upgrades to enhance efficiency and customer service in these areas.
•
Telephone – 7% (7% in 2013)
•
Mail - 6% (7% in 2013)
“Advances in technology have enabled banks to expand customer choices and make it easier for consumers to manage their account anywhere, any time,” said Feddis. “Consumers can deposit their check through a teller or interactive kiosk at a local branch, at an ATM or through an app on their mobile device. Most people use a mix of these methods.”
•
Don’t Know - 11% (10% in 2013)
When asked “Which method do you use most often to manage your bank account(s)?” customers responded as follows: •
Internet Banking (laptop or PC) – 31% (39% in 2013)
•
Branches – 21% (18% in 2013)
•
ATMs – 14% (11% in 2013)
•
Mobile (cell phone, Blackberry, PDA, iPad, etc.) – 10% (8% in 2013)
“It’s clear that branches are still popular with many bank customers,” said Feddis. “When people are conducting a complex transaction like opening an account or applying for a home or business loan, they often prefer to do it in person. We’re seeing a branch renaissance in some areas, with many banks transforming their branches to become more efficient and customer-friendly.” Online banking first became the most preferred banking method in 2009 with 25 percent of customers naming it as their favorite. Previously, visiting a branch was the most popular method, followed by ATMs. Article printed with permission of the ABA.
When it comes to the banking industry, KraftCPAs has the bases covered. Services • merger/acquisition assistance • valuation services • internal & external audit • information systems assurance & consulting • external & internal penetration testing • social engineering • compliance reviews
Wynne E. Baker - (615) 782-4230
• loan reviews & grading systems
Co-Industry Leader, Banking Industry Team
• enterprise risk management
Beverly L. Horner - (615) 346-2431
• forensic accounting
Co-Industry Leader, Banking Industry Team
Gina Pruitt - (615) 782-4207
• SOX documentation & testing • tax planning & compliance
Member-in-Charge, Risk Assurance & Advisory Services
Learn more at www.kraftcpas.com/banking.htm March 2015 | 17
Virtual StrongBox and Kentucky Bankers Association Partner to Bring New Service to Member Banks My Virtual StrongBox®, a leading secure file and document exchange service and digital safe deposit box solution, is now available to member banks of the Kentucky Bankers Association to provide to their retail and business customers. The My Virtual StrongBox provides bankers with the ability to deliver a secure service channel for customers to store files online, behind online banking if they wish, and to allow those customers to exchange documents and files securely with whomever they wish, including their bank. The bank may also use the service to exchange and or distribute documents securely with any of its customers using the My Virtual StrongBox service. My Virtual StrongBox is proving to be a popular alternative to secure email and file exchange services. Ron Daly, President/CEO of Virtual StrongBox, Inc. said “we are excited to partner with the Kentucky Bankers Association to bring our My Virtual StrongBox service to Kentucky bankers. We know they will find our secure service, built for financial service providers, a valuable and unique offering for their customers.” Selina Parrish, Director of Membership and Vendor Solutions, said “the Kentucky Bankers Association approached Virtual StrongBox regarding their service because of the clear value it can bring to our member banks. And we are pleased to be able to offer access to this service via special pricing to our members.” My Virtual StrongBox’s Newest Features My Virtual StrongBox debuted several new features within its version 2 service on stage at FinovateFall 2014, including: • Enterprise File Exchange offers a handy-yet-secure way to exchange sensitive documents between customers and their provider, without relying on email. Customers also can exchange files with trusted third parties as they wish. • Secure Form Transporting lets customers electronically sign online forms, store a copy in their My Virtual StrongBox and deliver the signed document to the enterprise. • The Setup Wizard is an easy-to-use education tool that helps customers learn to use My Virtual StrongBox to best advantage. The wizard makes suggestions on which documents to store, based on unique profiles it creates after customers answer a few simple questions Daly notes that significant life events such as births, marriages, mortgages, auto purchases and medical issues generate important papers that should be carefully preserved. “Whether it’s tax papers, loan documents or a family trust, My Virtual StrongBox keeps all of customers’ critical information in one convenient spot in a way that’s simple, safe and accessible,” he said. Virtual StrongBox, Inc. has received a patent for a key process for encrypting and transporting data. It is in the process of securing several more. Since its version 1 launch in 2012 My Virtual StrongBox has been deployed by financial service providers with over $28 billion in assets and approximately 1.6 million consumers. About My Virtual StrongBox Launched in 2012, My Virtual StrongBox functions as an online safe deposit box for valuable items such as wills, birth certificates, insurance and tax documents, family photographs and other important papers. Users keep these items secure by loading them into protected, online document libraries. One important feature is that the product is an actual depository, not just a temporary storage drop or transfer station. Find out more at www.MyVirtualStrongBox.com
March 2015 | 18
CITIZENS NATIONAL BANK OF PAINTSVILLE allowed staff a KBPAC Jean Day on February 13, 2015 as a means to support the 2015 Kentucky Bankers Political Action Committee while celebrating Citizens National Bank’s 105th anniversary! Participants in jeans are shown from Floyd, Johnson, Lawrence, Pike, and Magoffin locations. Staff donations exceeded $300 to KBPAC!
March 2015 | 20
Mark your Calendar for the 2015 Group Meetings Group 1 Paducah – May 5th Drake Creek Golf Course
Contact Paula Cravens for details. pcravens@kybanks.com
Group 2 Central City – May 6th Central City Country Club Group 4 Bowling Green – May 7th Bowling Green Country Club Group 9 Prestonsburg – May 12th Stonecrest Golf Club Group 7 London – May 13th London Country Club Group 6 Lexington – May 14th Kearney Hill Golf Course Group 8 Northern Kentucky May 19th Summit Hills Country Club Group 3/5 Louisville – May 20th Wildwood Country Club
Stonecrest Golf Club, pictured above, features an incredible view with 700 acres of mountaintop land. Group meetings provide a great opportunity to network with fellow bankers in your area. Join us for legislative updates, industry insights, and golf!
Anthem Blue Cross and Blue Shield. We believe healthy employees make for a healthy business. Research shows that companies with wellness programs have less sick leave, lower direct health care costs and fewer worker’s compensation claims.* That’s why Anthem Blue Cross and Blue Shield offers a variety of health and wellness programs. They all work together to help your employees manage and improve their health. Learn more about what Anthem Blue Cross and Blue Shield has to offer at anthem.com/connects2.
* The Economic and Health Impacts of Obesity, Institute on the Costs and Health Effects of Obesity, National Business Group on Health, February 2009. Anthem Blue Cross and Blue Shield is the trade name of Anthem Health Plans of Kentucky, Inc. Independent licensee of the Blue Cross and Blue Shield Association. ®ANTHEM is a registered trademark of Anthem Insurance Companies, Inc. The Blue Cross and Blue Shield names and symbols are registered marks of the Blue Cross and Blue Shield Association. 36501KYAENABS 3/13
March 2015 | 21
Meaningful relationships, beyond the bottom line. MCM understands that banks’ needs typically extend beyond traditional accounting and tax compliance services. By establishing meaningful relationships, our Financial Institutions Services Team helps banks succeed through proactive protection of business assets and customer information. Our technology advisors help combat cyber security breaches and corporate account takeover threats by assessing vulnerabilities and managing risks associated with information systems and controls, adding value to your business and encouraging confidence in your board and regulatory agencies.
Contact us to learn more. Rick Taylor, CISA Principal 502.882.4495 Rick.Taylor@mcmcpa.com
Expert guidance, beyond the bottom line.
Kentucky | Indiana | Ohio | mcmcpa.com
Tell Us How You Feel The seminar on “How to Improve your Collection Department” was a reminder of past years of collection basics. I have over 37 years of collection experience, and sometimes you need to hear again what the business is all about. Steve (Peterson) gave helpful insight to new tools for skip tracing such as Facebook, LinkedIn, use of 411.com instead of the white pages on line, and Equifax search etc. Going back through collection/privacy laws. These are tools of collection to keep you safe. It was great to have that piece presented again. Very good job and very good material presented. -Floyd Smith River City Bank, Inc.
We want to hear your feedback on KBA events, seminars, schools, and services. Tell us how you feel. Contact lhettich@kybanks.com March 2015 | 22
March 2015 | 23
WHO WOULD YOU RATHER HAVE ON YOUR TEAM? THIS GUY...?
OR THE EXPERT...?
WE KNOW BANKS.
Let the experts at Kentucky Bankers Insurance Solutions review your insurance portfolio today! Please visit kybanks.com or give us a call at 502.582.2453 March 2015 | 24
Bankers on the Move Your Community Bank is pleased to announce that Adam Naville will serve as Regional President of Business Banking for Floyd and Harrison Counties. Naville previously served as the Business Services Officer and has over seven years of experience with Your Community Bank.
Michael Hatfield will serve as Director of Marketing for Your Community Bank. Hatfield brings a combined 16 years of bank marketing experience to YCB. Prior to joining YCB, Hatfield was Vice President – Brand Management and Marketing at First Citizens Bank in Raleigh, North Carolina where he developed advertising campaigns, managed communications programs, and lead digital marketing efforts.
Donald Scheer joined Your Community Bank as a board member effective January 1, 2015. Scheer is a certified public accountant and brings with him many years of experience owning several businesses in Jefferson County. Currently Scheer serves as a partner in Scheer & Scheer, a Jefferson County-based consulting firm.
Central Bank Chairman, President and CEO, Luther Deaton, Jr., has announced that James Uebel has joined Central Bank as Market President, Northern Kentucky. Jim brings nearly 30 years of experience in Commercial Banking and Commercial Real Estate Lending to his new role.
Jeff Koonce will serve as Regional President of Business Banking for Fayette, Nelson, Hardin, Meade and Hart Counties. Koonce previously served as the Central Kentucky Market President for Your Community Bank when he joined the bank in 2013. Koonce brings with him over 28 years of business banking and leadership.
Gesela Brown has joined First Security Bank as a Mortgage Loan Originator. She is currently a board member of the Mortgage Bankers Association of the Bluegrass (MBAB), where she served as president in 2013 and was awarded Mortgage Banker of the Year by the association in 2011. Brown also is currently a board member of the non-profit Realtor Housing Community Foundation.
Anish A. Banker has been named Vice President of Internal Audit for Farmers Capital Bank Corporation, a Frankfort-based bank holding company.
Farmers Capital Bank Corporation is pleased to announce that Keith A. Thacker will serve as Assistant Vice President, Information Technology Auditor.
Mr. Banker was previously with Crowe Horwath, a public accounting and consulting firm as a Senior Auditor.
At the January 20, 2015 meeting of the Farmers Bank Board of Directors, Dr. Evan Keith Dicken was elected to position of director. Dr. Dicken, engaged in private practice at Eastside Family Medicine, is a 2004 graduate of the University of Kentucky College of Medicine. He is also Home Health Medical Director for Amedysis.
Republic Bank & Trust Company is pleased to announce the election of Heather Howell to the Board of Directors. Ms. Howell is CEO of Rooibee Red Tea, the manufacturer and marketer of the only full line of organic RTD rooibos teas in the United States headquartered in Louisville. Ms. Howell received the 2013 Ernst & Young E.D.G.E. award and Business First of Louisville honored her with the 2014 Enterprising Woman to Watch award and Progressive Grocer magazine named her their Female Executive of the Year in 2012.
Town & Country Bank and Trust Company recently announced the promotion of Emerson Ballard to Vice President and Commercial Loan Officer. Emerson began with the bank 10 years ago and has played an integral role in exploring new commercial loan opportunities and further cultivating current banking relationships.
Farmers Capital Bank Corporation is pleased to announce that Mary C. Thomas will now serve as Assistant Vice President, Finance.
March 2015 | 25
21st Century Bank Heist “Social engineering” is a technique employed by penetration companies, consultants, and criminals to compromise financial institutions. You might recall Frank Abagnale, whose story was made into the movie Catch Me If You Can: He was nothing more than a social engineer of the 1960’s. Abagnale eventually got caught, but the best social engineers today don’t. Social engineering enables criminals to compromise victims without their knowledge, yet with their help. We used to call this “confidence games.” But confidence games are conducted a bit differently in the twenty-first century. For example, there are two ways to break into a computer system: 1) by breaking through firewalls, virus protection, or physically compromising the computer system; or 2) by just asking people to give you their passwords, which is much easier. The amazing thing is, people are all too willing to do the latter if you give them a reason to trust you. One type of attack using this technique that has been particularly successful recently is a scenario in which a caller tells the person at the other end of the line that they’re a Microsoft technician, and that the computer owner’s system has sent a notice to Microsoft indicating that their PC has been compromised. If the computer owner believes the caller, he/she will hand over access to his/her PC, right down to the required passwords. Here’s another example, but one targeting entire financial institutions. This attack depends on the social engineer knowing two things: 1) When an institution has more than five branches or locations, it’s rare for all staff members to know each other personally; and 2) every bank has its own slang when it comes to discussing the general ledger, loan department or operational procedures. (Imagine, for the purposes of this example, that a social engineer has discovered the crucial piece of information that a bank refers to its general ledger as the “yellow book” -- because March 2015 | 26
before the ledger was converted to an automated system, reports were actually kept in a yellow book.) The social engineer then uses this information to make telephone calls to departments within the bank, and is able to talk to staff using its own vernacular. The goal? To discover the procedure the bank employs to make wire transfers. But whom to call first? Typically, a branch or the call center. Here’s how the call would go: XYZ Bank: “How may I direct your call?” Social engineer: “I need to talk to someone about making a wire transfer.” Then, while the social engineer is waiting to be connected, he listens carefully to the on-hold advertising announcement that describes the services the bank offers -- the first and easiest step to discovering more information about a bank. “This is Karen. How may I help you?” “Karen, I may have to wire money to my son at college. How do I do this?” Karen responds quickly: “The money will need to be in collected funds in your savings account so we can wire it to his bank. You’ll need to have the bank’s routing number and your son’s account number. Before we can wire the funds, you need to sign our wire transfer agreement in person at one of our locations.” “Can I do that online?” “I’m sorry, but because of our security procedures, you’ll need to come into the branch to sign the agreement.” “OK. Will I need to do anything else?” “The bank will call you at the time of the transfer to verify your intent to send the wire.” Now, our social engineer knows that he needs to find a way around the agreement obstacle. Of course he wants to avoid entering the bank for any reason; in fact, he may even be
on another continent. So he needs some more information before deciding how he’ll conduct the attack, and he’ll get it by talking to someone who knows how the wire transfer department works from the inside. After downloading the Annual Report from the bank’s website, he discovers that someone named Maria is the officer in charge of wire transfers. He picks up his smart phone to make the call. The goal now is to make the call look like it’s coming from a bank employee. Using an application like “spoof call,” an app for smart phones that can disguise his voice and even create background sounds to disguise his location, he selects the telephone number he wants Maria’s caller ID to display. Maria, who is trying to hit deadlines and really doesn’t need any distractions, sees that her caller ID is displaying the telephone number of the branch that is located the farthest from the Main Office. She knows this could be a problem that needs to be resolved, so she decides to answer the telephone. “Hi, Maria! I’m a new employee at the branch on Route 6. Our manager has gone to lunch, and a customer is asking me about how to make a wire transfer. Can you help me?” If Maria actually believes she’s talking to a new teller, she might explain how to perform the transfer. And if the social engineer senses reluctance on her part, he might mention the yellow book, as in: “I’m not sure what entry I need to make to the yellow book.” “Debit account 31556 and credit your branch account. Then fill in the paperwork and send it to me. Oh, and have the customer sign our customer service agreement and fax that information to our department at XXX-XXXX.” Success! Now, the social engineer has the inside number to fax requests for wire transfers, but he still lacks that pesky customer service agreement. In order to get it, he’s going to use the owner of the local car dealership, “Mr. Big Bucks,” as his target because
Bank Security Seminar Identity Theft: aka Social Engineering
May 28, 2015 Louisville register now at kybanks.com
he has already purchased his basic identity -- so he knows his social security number, account number, and home address. (Keep in mind that some “confidential” information is as easy to obtain as purchasing a monthly subscription to a website like Spokeo.com.) Next, our social engineer checks the owner’s home address on Google Maps, looking for the location of the branch nearest his home. He decides to call the branch to see if they’ll tell him whether the wire service agreement is on file. XYZ branch: “How may I help you?” “Hi! My name is Dave, and I’m Mr. Big Bucks’ bookkeeper. He’s going to need to make a wire transfer later, and I wanted to confirm that he’s signed a wire service agreement.” “I’m sorry, but because of privacy rules we can’t disclose that information to anyone but Mr. Big Bucks.” “Are you sure you can’t you help me? He’s out of the office now and told me to find out before he got back.” “Sorry, that information is confidential.” The branch hangs up. Since that tactic didn’t work, our social engineer thinks about his next
move and decides to pose as a bank employee once again. He looks for the branch nearest the car dealership, discovers it’s on Yates Avenue, and finds the telephone number. After waiting ten minutes, he uses his smart phone to call the same office he just called, this time making sure that the Yates Avenue phone number is displayed on caller ID. “Hi, this is Jim, and I’m a new employee over at Yates. Mr. Big Bucks is here and wants to wire money from his personal account. I can’t find anything on the computer to show that he’s signed a wire service agreement, and I need the off-setting account number for the yellow book.” “Let me check . . . OK, the account number is 31556.” The voice responding is a different one than our social engineer talked to last time -- which is the benefit of waiting ten minutes. And merely mentioning the yellow book is enough to convince this bank employee that he’s legit.
the agreement is on file. It’s in the system; it just isn’t on the home screen. You have to go to the savings screen to find it.” “Thanks! I gotta take care of this right away. He’s in a hurry.” Finally, our social engineer has all the information he needs to complete a wire transfer. First, he calls Mr. Big Bucks’ home number, claiming to be the telephone company. He tells Mr. Big Bucks’ wife, who answers the phone, that he’s handling a service problem, and that he needs her to enter some numbers so he can check the system. The nice lady on the telephone willingly helps him by entering the numbers, which results in all of Mr. Big Bucks’ calls being forwarded to his phone. The bank soon receives the wire transfer faxed from Mr. Big Bucks’ telephone number. (Our social engineer has already obtained the form by visiting a branch a month earlier and posing as a photocopier repairman.) The confirmation call is made to Mr. Big Bucks’ “home,” where our helpful social engineer verifies the transfer. Attack completed! And the bank won’t even find out it has been hit until Mr. Big Bucks calls to complain. And there you have it: a basic social engineering scam that allows the social engineer to maintain anonymity. The ironic thing is that it could have been prevented by using a technique known as the “word of the day.” Each morning, a word of the day can be sent to all employees, and every staff member must be able to provide it on demand. This ensures that confidential information isn’t leaked to people who aren’t staff members. Indeed, sometimes the simplest and most cost-effective measures are among the most successful solutions to the growing problem of social engineering. Copyright, 2014, Barry Thompson, All rights reserved.
“Yes, Mr. Big Bucks signed the agreement.” Social engineer, thinking quickly, “OK, so do I have to have you send a copy of the agreement to Maria?” “No, just note on the wire form that March 2015 | 27
UPCOMING EDUCATION EVENTS & SEMINARS Deposit Compliance Fundamentals Pegasus Seminar March 17 Lexington March 19 Elizabethtown March 24 Somerset March 25 Bowling Green March 26 Gilbertsville Banking Businesses and Fiduciaries in Kentucky Pegasus Seminar March 23 Gilbertsville March 24 Bowling Green March 25 Elizabethtown March 30 Madisonville March 31 Lexington Consumer Lending School Two-day Program March 24 & 25 Bowling Green March 26 & 27 Lexington Integrated Disclosures Compliance Seminar April 14 Lexington April 15 Bowling Green
March 2015 | 28
NEW! Mortgage Lending School April 20 – 23 Louisville Call Report Seminar May 19 Bowling Green May 20 Lexington Bank Security Seminar Identity Theft: aka Social Engineering May 28 Louisville General Banking School May 31 – June 5 Louisville Regulators Forum June 18 Bowling Green June 19 Lexington