Ohio Record Magazine - Summer 2024 - Official Magazine of Ohio Bankers League

OHIO RECORD

$6 Billion of private investor equity

61,000 units of affordable housing

1,035 developments and partnerships

0 foreclosures

Customers

I welcome your inquiries and the opportunity to discuss the benefits and features our CRA investment provides.

Jonathan

Executive Vice President 614.591.9356 JWelty@occh.org

OVER THE HORIZON

“Bank safety and soundness is not a partisan issue.”

I must have heard that quote 10,000 times in the two decades that I worked with Jeff Quayle. Aggravatingly, I have been saying it too many times and with greater frequency over the past four years since he retired. Unfortunately, I too am a broken record, repeating that there is no end in sight for the regulatory activism at the federal level.

Having spent my entire 33-year career in and around government, I get it, divided government is a beautiful thing if the powers are not in one’s favor, while the inability to get things done is incredibly frustrating for those seeking change. In today’s Washington, D.C., very little of substance can gain support outside of the so-called “must-pass” funding resolutions. The reality is that with the different party control of the U.S. House and Senate, it allows a handful within either chamber to wreak havoc.

Why the partisanship? First, there seemed to be a base presumption once President Biden was sworn in that the

regulatory approach by President Trump was bad, had to be dismantled and more stringent action was necessary. As much as this administration has done to the banking industry over the past three plus years, time could be running out with the upcoming November election, so they are doubling their efforts. Since divided government means the executive branch does not have a reliable partner in the legislative branch, the Biden administration has had to pull all the other levers at their disposal to make their mark before the music possibly stops at year end. The federal regulatory agencies are pushing so hard for their priorities that, in my opinion, they are stretching beyond their statutory authority to accomplish it. In turn then, the banking industry must rely on the legislature to exercise its oversight responsibilities in Congressional hearings with the agencies and seek assistance from the judicial branch to issue stays or overturn harmful actions. Never did I imagine suing the regulators would become common place.

The Federal Reserve Board of Governors’ draft rule on debit interchange issued last fall still incites me the most. Suddenly, safety and soundness became a partisan issue, as a prudential agency sought to negatively impact a bank’s ability to generate revenue, whipping up the electorate on bank fees to distract them from the pain at the pump and grocery store checkout. I continue to be disappointed with the rhetoric around the term “junk fee” that has become an industry earworm; however, guidance is neither a law nor a rule. It should not be enforceable and should be considered a violation of the CFPB’s legal authority.

Speaking of the CFPB, the U.S. Supreme Court recently upheld its funding structure. Though disappointing, this did not come as a surprise. In a meeting at the OBL last summer, Director Chopra tipped his hand with apocalyptic messaging of the mortgage market chaos that would follow a decision against CFPB’s funding. Seriously, repealing TRID or QM would bring the housing market to a grinding halt? Absurd. Partisan scare tactics. The suit on Dodd-Frank Sec. 1071 is a separate issue and the industry remains hopeful that the CFPB’s overreach will be dealt with accordingly. Plus, the credit card late fee suit is out there as well. If I heard correctly, there were a dozen suits against the CFPB on hold while the U.S. Supreme Court weighed the funding issue.

In the early days of the CFPB’s 14 years of existence, I recall that they prided themselves on the number of PhDs that they hired. An ivory tower of ideologues is seemingly intent on dismantling the banking industry that is the envy of the rest of the world.

Since the powers-that-be in the governmental arena cannot dream up enough bad ideas right now, it is a fundamental priority for OBL to have experienced registered lobbyists on staff. It is too important to leave this crucial association responsibility in the hands of others. It is hard to even count the number of regulatory comment letters, legal amicus briefs and face-to-face interactions our government relations team is handling these days. Plus, we ensure a consistent, steady drumbeat on the items of greatest impact to our members.

Like hand in glove, OBL is incredibly influential because of member engagement. We were grateful that nearly 100 bankers participated in our annual D.C. Fly-In. You have a first-hand perspective that is vital for our elected officials and regulators to hear. We must all work together diligently given the volume of threats coming our way.

OBL on the Road

We recently wrapped up the OBL Regional Meetings. Thanks to all the bankers who joined members of the

OBL team to discuss industry issues and network with fellow bankers. If you are not aware, last fall, we pivoted what we previously called the OBL District Leadership Council Meetings into geographic gatherings with a deeper reach into OBL member banks beyond simply the c-suite. We were pleased that for some bankers, this was their first OBL event. Issues raised included:

• The solar eclipse at the earliest meetings. Looking back, it is interesting that there was so much uncertainty as to what the phenomena would hurl at our industry and I am happy to report that it was a nonevent.

• Proactively, we took the opportunity at these meetings to ensure bankers were aware of the new Ohio Homebuyer Plus Program launched by the State Treasurer earlier this year. Bankers willingly shared how well received this program has been.

• M&A activity is bubbling just under the surface and two deals have been announced in recent months. Both the Federal Reserve and OCC appear to be making this process trickier. Please let your OBL government relations team know if hurdles are erected that sends your acquisition on a slower path through Washington, D.C.

• The upsurge in trigger leads has been a noteworthy problem as well. This is the practice of the credit bureaus automatically sharing inquiries when a credit report is pulled. Numerous bankers have shared worrisome stories of customers being deluged with solicitations. One bank president shared his dad was harassed repeatedly over the course of a weekend with dozens of texts and calls from a variety of lenders. OBL is working with U.S. Senators Brown and Vance, as well as Members of Congress, to clamp down on this harassment.

• The difficult regulatory climate and how related costs are mounting.

Fraud

Another topic raised at each Regional Meeting was fraud and scams. Fraud of every sort. Check, wire and card fraud are materially impacting our banks, along with the growing concern over AI scams, ransomware attacks, phishing scams and other cyber security threats. This was, unfortunately, a popular session at the recent OBL CEO Symposium, as many banks are in a period of unease when it comes to this growing concern.

With fraud and cyber security being at the forefront of many conversations over the past few months, the OBL is excited to partner with the Kentucky Bankers Association to host a three-day Fraud Academy in August. It is being offered in-person in Lexington or virtually. Your OBL government relations team is also working one-onone with banks to assist banks in making them whole in instances of fraud. Additionally, OBL BankServices has several Affiliate Members and Endorsed Business Partners that work within this arena that offer top of the line products and services to help Member Banks be better prepared to fend off fraud and scams. Lastly, I applaud the banks who are stepping up their customer education, especially with older members of our population who are particularly vulnerable to the insidious acts of fraudsters.

Bank safety and soundness should not be partisan. Thanks to the great effort I know bankers make daily as the boots-on-the-ground to develop healthy relationships with their exam teams. That goes a long way to ensure professionalism on both sides of the table and a desirable outcome. If only we could get the powers that be in Washington, D.C. to calm down the harmful rhetoric and allow banks to provide the important services that their customers demand. Together we will persist for the betterment of the communities you serve as we look further over the horizon.

FINANCIAL MANAGEMENT CONFERENCE

August 13-14, 2024 | Cincinnati, Ohio

Bryan

Montez Shugars Marketing Officer shugarsmk@fhlbcin.com Join us for our Financial Management Conference this August. Register or view the conference agenda at www.fhlbcin.com.

Michael Adelman President & CEO madelman@ohiobankersleague.com (614) 340-7616

Gauri Airi

Executive Director, Ohio Bankers Benefits Trust gairi@ohiobankersleague.com (614) 340-7598

Brenda Arnold Products & Services Manager, OBL BankServices barnold@ohiobankersleague.com (614) 340-7620

Don Boyd Vice President of State Government Relations and General Counsel dboyd@ohiobankersleague.com (614) 340-7608

Michelle Crume

Senior Vice President, OBL Executive Director, OBL BankServices mcrume@ohiobankersleague.com (614) 340-7622

Taylor Daniel Executive Assistant tdaniel@ohiobankersleague.com (614) 340-7602

Stephanie Elam Plan Coordinator & Customer Service Specialist selam@ohiobankersleague.com (614) 340-7591

Rita Hinkle Administrator, OBBT rhinkle@ohiobankersleague.com (614) 340-7609

Daniel Holstein, CPA Senior Accountant dholstein@ohiobankersleague.com (614) 340-7604

Paige Houlihan Products and Services Coordinator, OBLBankServices phoulihan@ohiobankersleague.com (614) 340-7613

Sarah Husk Education Manager shusk@ohiobankersleague.com (614) 340-7610

Audra Johnson Director of Communications ajohnson@ohiobankersleague.com (614) 340-7621

Susan Poling Jones Professional Development Director spoling@ohiobankersleague.com (614) 340-7611

Julie Kiplinger Education Manager jkiplinger@ohiobankersleague.com (614) 340-7612

Evan Kleymeyer Senior Vice President of Government and External Relations ekleymeyer@ohiobankersleague.com (614) 340-7605

Kimberley Mason Higher Education Partnership Manager kmason@ohiobankersleague.com (614) 340-7601

Stephen Mentzer Database Manager smentzer@ohiobankersleague.com (614) 340-7607

Jennifer Osburn, CPA CFO, Chief Administrative Officer josburn@ohiobankersleague.com (614) 340-7606

Megan Peiffer Education Specialist mpeiffer@ohiobankersleague.com (614) 340-7618

Christine Zeek Employee Benefits Manager, OBBT czeek@ohiobankersleague.com (614) 340-7617

The full class of 2023-24. Congratulations graduates.

OBL BANK LEADERSHIP INSTITUTE GRADS READY TO LAUNCH INTO NEXT STEPS

Twenty-six leaders from banks across Ohio have joined the ranks of graduates from the premier OBL Bank Leadership Institute – and they are ready to launch themselves into new and elevated roles and positions within their banks.

Created more than 30 years ago to empower leaders to empower others, the year-long program sets bankers up for success. Facilitators Joe Micallef, Grow Up Sales, and Debbie Peterson, Getting to Clarity LLC, cover a range of topics throughout the four sessions, including Performance Leadership, Personal Leadership & Excellence in Communications.

At the April graduation ceremony, Micallef noted, “Throughout the program, we focused on the four C’s of leadership excellence – Culture – Clarity –Consistency – and Confidence. We took these leaders outside of their comfort zone so that they could continue to improve their leadership skills – which will be put to great use as individuals, and as leaders who will help to keep the Ohio banking industry strong.”

Peterson added, “Each and every student fully leaned in and tapped into their potential and abilities. They now have the mindset to take on what is next for each of them at their respective institutions – and we are excited to see all that they will accomplish.”

What did graduates have to say?

Check out this small sample …

The BLI program pleasantly surprised me in every aspect. Tools, testimonials, and relationships fueled this program. If you have an opportunity to join ... DO IT!

You could read 100 books about leadership and still not get as much out of it as this course. Debbie and Joe have the knowledge and the experience to help, and they give relatable advice that you can use on day one of returning to work!

This program can be very eye opening if you allow it to be. It goes far beyond leadership and can change your entire perspective.

As part of the Bank Leadership Institute, students get the opportunity to participate in the OBL D.C. Fly-In, gaining first-hand experience in governmental advocacy.

Congratulations to the BLI Class of 2024-2025

Marsha Bumgardner

The Peoples Savings Bank of Urbana

Margaret Carico

The Farmers & Merchants State Bank

Julee Cariglio

Portage Community Bank

Aaron Crider

Riverside Bank of Dublin

Chris Duff

FCBank, a division of CNB

Emily Fox

The North Side Bank and Trust Company

ACT FAST!

Limited Seats Remain.

Amy Groves

The First National Bank of Pandora

Scott Heil

First Federal Community Bank, N.A.

Joshua Hutt

LCNB National Bank

Alix Kaufmann

First Federal Savings & Loan Association of Lakewood

Jordan Lemley

The Farmers & Merchants State Bank

Hannah Lorubbio The Hocking Valley Bank

Nick Lublow Civista Bank

Ashley McCorkle Park National Bank

Balazs Nagy

The North Side Bank and Trust Company

Joy Pahls Hometown Bank

Anita Procaccino

Valley Central Bank

Corey Richmond First State Bank

Nikki Rogers

Valley Central Bank

Jessica Sexton

Citizens Federal S&L Assoc. of Bellefontaine

Limited Seats Remain in the 2024-2025 BLI Class

Session 1 Kicks off September 12 & 13, 2024

Contact education@ ohiobankersleague.com to reserve a seat.

Joey Sherwood

The Farmers & Merchants State Bank

Dina Shultz

FCBank, a division of CNB

Jennifer Swain

The Ohio Valley Bank Company

Samuel Thompson Park National Bank

Megan Weyer

The Union Bank Company

Sarah Wilson

LCNB National Bank

2024 OBL BANK MANAGEMENT SCHOOL

The OBL team is also preparing to welcome students to the annual 2024 OBL Bank Management School, Sept. 22 – 27. This comprehensive program, which features an 8-quarter bank simulation program, also includes sessions on financial management essentials, asset liability management and liquidity management, as well as consumer behavior, cybersecurity and more.

Scan the code for more information on the OBL Bank Management School. Questions can be directed to Julie Kiplinger at jkiplinger@ohiobankersleague.com

NEW PARTNERSHIP PROGRAM!

KBA FRAUD ACADEMY

AUGUST 6

– 8 | HYBRID

Is your bank losing money to criminals? It is time to fight back!

Created by police, secret service, FBI and fraud prevention specialists, the Kentucky Bankers Association Fraud Academy is a program carefully designed for the financial industry to save money and prevent fraud. The program provides expert driven curriculum and state of the art methodology, as presenters have seen the risks that are out there and know how to beat it.

The OBL is among more than 20 additional state banking associations to partner with the KBA on this event, August 6 – 8, noting it is the first time the program will be offered as a live-stream event. Space will be limited for the in-person sessions, held at Hilton Lexington Downtown Hotel. Virtual attendance will remain available through the registration deadline of July 29.

Topics will include Counterfeit Checks/Financial Crimes; Check Processing Protection & Wire Fraud; Card Skimming; Popular Scams; Situational Awareness; DEO Money Laundering; and much more.

“The KBA sold out its first in-person only event in 2023 and it received outstanding reviews from attendees,” said Sarah Husk, OBL education manager. “We are excited to partner on this hybrid program as we train employees at all levels of your institution on fraud risk and what you can do to fight it.”

As noted by Fraud Academy Co-Founder Shane Ensminger, “Fraud is growing bigger every year. We need to raise awareness now before it’s too late. Our banks and our customers depend on it.”

This program will feature speakers from the United States Secret Service, attorneys from the United States for the Eastern District of Kentucky, Lexington Police Department, and other current and former law enforcement experts who will share their experiences and insights to best educate your team on how to mitigate fraud risk and ultimately reduce your fraud loss.

To register, visit the OBL website and visit the Upcoming Events listing. Questions can be directed to Sarah Husk at shusk@ohiobankersleague.com.

Tired of managing so many IT service providers that lack transparency and accountability?

Make a change to CBC for unprecedented transparency and accountability.

+4¥ +H=KMF8Q@KH¥

1 provider for all your IT hardware, software, plans, testing, reporting, steering committees, BOD reports, exam preparation, risk assessments, training, help desk … everything Information Security Program related.

You will know the names and faces of the people helping you. They come to your bank. They are accountable. You have complete visibility of your program and system.

Change how you experience IT with CBC.

Seems impossible. It isn’t. Seems hard to price and di cult to purchase. It isn’t…at least not anymore.

Exclusively providing IT solutions to community banks for 30 years.

7SDH<N89AE@QY¥ %<V<EKLF<IQ¥ 0<H<QN8Q@KH¥5<PQAG>¥ ,8Y<N<;¥3<:UN@QY¥ 3<:TNARY¥0MK>N8F¥ -K9@D<¥ "LLMK8:? ¥ -8G8><F<GQ¥ +HQ<NH8D¥ 2<PLKGPAV<¥ &X8F¥ 0N<L8N8Q@KI¥ 3:8GH@I>¥ $KIQ<GQ¥ .<QWKNB¥%<P@>G¥ $KM<¥3<:UMAQY¥"T;@Q¥ -8H8><F<GQ¥ -/6!-2"¥ *8N;W8N<¥ 2<F<;@8QAKG¥ 3K:@8E¥ 3<8N:?¥'H>@I<¥ +FLE<F<HQ8QAKH¥ %AP8PQ<N¥2<:KV<NY¥ &H>@I<<N@H>¥"T;@Q¥ /LQAF@Z8Q@KH¥ 3K=QW8M<¥ 0KE@:Y¥8H;¥ 1E8I¥ +HQ<NH8D¥2@PC¥ )KK>E<¥"G8DYQ@:P¥ %<LEKYF<HQ¥ +H=KMF8Q@KH¥ "PP<PPF<GQ¥ #N8H;AH>¥ 3<NV<M¥ 3<:TNARY¥0KE@:@<P¥ 7@MQT8E@[8Q@KI¥

CBC has provided comprehensive IT consulting for 30 years and has nally made it easy for YOU to decide what you want, what you need, and what amount you will pay every month, just like any other subscription service or software service. Choose transparency and accountability and build an easy to understand and to budget package using a digital menu.

IT doesn’t have to be this way.

Brandon Krietemeyer Client Relation Specialist brandon@cbcohio.com 614-429-8823

2024 OBL SECURITY & TECHNOLOGY CONFERENCE HITS THE MARK

Nearly 150 industry leaders were a part of the annual OBL Security & Technology Conference, held in April in Columbus. The program – which met the expectations of 100 percent of its attendees – featured both a Security Track and a Tech Track, as well as a sold-out OBL BankServices Expo featuring 16 valued service providers.

Led by Jim Rechel of The Rechel Group, Inc., the security topics ranged from Trends & Indicators Impacting Your Bank’s Security; and Trends in Check Fraud; to special sessions on Anatomy of a Robbery and Strategies that Won’t Break the Bank. Attendees noted the track as a program highlight, sharing that the open "ask us anything" session and the openness of the speakers in their answers could not be beat.

The Tech Track and open discussions were facilitated by Jon Waldman of SBS CyberSecurity and Dan Hadaway of infotex. These two-days featured sessions

on topics such as Incident Response and Your Liability as an ISO, as well as a Regulator Panel with representatives from the ODFI, Fed, FDIC and OCC. Attendees noted the overall conference continued to be well put together, providing relevant information and ideas, as well as provided many opportunities for networking with fellow bankers and partners.

Closing keynote presenter Tim Shangle, VP of digital strategy and business analytics at Choice One Bank, spoke on Leading for the Future: Artificial Intelligence in Banking. He reminded attendees that banking has always been innovative – and to remember that at one time – we thought drive-thrus, ATMs and automatic electric doors were innovative! In other words, today’s innovation is tomorrow’s normal.

“Try to remember what the internet was like 30 years ago. That is where AI is today,” said Shangle. “AI will

Over 170 were in attendance for the 2024 OBL CEO

A highlight session was that on different types of fraud happening in today’s industry, which was presented by GAD Insurance and Vorys.

OBL CEO SYMPOSIUM ATTRACTED OVER 175 ATTENDEES FROM ACROSS THE STATE

The OBL CEO Symposium was held in May, attracting CEOs from around the state for two days of networking and professional development. Attendees heard from keynote speaker Manley Feinberg about leadership, overcoming challenges and how to bring up the next generation. Manley entranced the audience with his retelling of his time climbing El Capitan with his son and a friend. His vertical lessons were the talk of the day!

The closing keynote, Andy Fastow, former CFO of Enron, talked about mitigating risk to keep another Enron from happening. Andy spoke about his time at Enron, the failures that took place, the gray areas in decision making and business ethics.

Throughout the two-day program, other session topics included liquidity and funding, fraud, economic positioning, deposit growth strategies, and GPT and other language models. CEOs were also part of executive roundtable discussions where they shared insights into the day-to-day topics surrounding banking in Ohio.

Opening Keynote Manley Feinberg captured everyone’s attention when he described his trip up El Capitan with his son and best friend. While he was thousands of feet up, he saved a person’s life!

Closing Keynote Andy Fastow, Former CFO of Enron, enthralled audiences by discussing his time at Enron and the choices he made that led him to spend six years in federal prison.

SAVE THE DATE!

2025 CEO Symposium May 7 & 8, 2025 Hilton at Easton

OBL CHAIRMAN’S CORNER

THE TOPIC OF FRAUD HAS NEVER BEEN MORE RELEVANT IN BANKING

In an era where digital banking has become the norm, fraud and scams within the banking industry have evolved, leveraging technology to exploit both banks and their customers. As cybercriminals grow more sophisticated, the types and frequency of fraud have seen a significant uptick, posing serious threats to financial institutions and consumers alike.

As I travel around the state participating in various meetings put on by the OBL, it is clear my peers are feeling the pressure to keep up on the latest tactics being used by scammers. They’re seeing things like phishing scams, social engineering, ransomware attacks, account takeovers, business email compromises, SIM swapping, cryptocurrency scams, not to mention the sophistication of AI scams affecting how they do business daily.

It used to be that check fraud and debit card fraud were deemed sophisticated ways that consumers were scammed out of their hard-earned money, but it seems that in today’s climate, those are only the tip

of the iceberg. Scam artists and fraudsters have what seems to be unlimited ways of coming after businesses and consumers.

It also used to be that if the IT and operations teams had everything under control and were monitoring the systems and accounts, that your vulnerability was very low. Now, it takes a village, or at least everyone in the bank to be on the same page, with the in-depth education and knowledge that simply clicking on one bad link can lead to something incredibly detrimental to the company.

Both banks and consumers have faced significant financial losses due to fraud and scams. Consumers may find their life savings drained, while banks incur costs related to reimbursement, investigation, and strengthening security measures. According to the Federal Trade Commission, consumers reported losing nearly $10 billion to fraud in 2023, compared to only $3.5 billion in 2020.

Trust is paramount in the banking industry. Incidents of fraud can severely damage a bank's reputation, leading to

loss of customers and market share. Rebuilding trust after a major security breach can be a long and costly process.

Fraud cases often require extensive investigation and response efforts, diverting resources from other critical banking operations. Additionally, banks may need to implement new security measures, which can be both time-consuming and expensive.

Regulatory bodies have heightened their scrutiny of financial institutions' security practices in response to the rise in fraud. Banks face stringent regulations and are required to maintain robust anti-fraud systems. Failure to comply can result in hefty fines and sanctions.

All the fraud, the scams and the sophistication of the ever-evolving role of AI is overwhelming the banking industry. The OBL has done an incredible job of staying current on the latest regulatory requirements surrounding this topic. They have also been an excellent partner for the education of employees, thus helping increase the amount of awareness that is out there about this topic.

OBL has fielded dozens of media calls over the past two years as it pertains to check fraud, cyber security and other scams that have been plaguing the industry, and have helped educate not only employees of the banks in their membership, but the public as well.

The partnerships that OBL has with companies that provide expert cyber security have proven to be

invaluable. These partnerships have helped many banks in the state stay on top of their technology to prevent potential cyber attacks from happening.

The banking industry is under constant threat from evolving fraud and scam techniques. While banks are ramping up their defenses and educating consumers, the persistent nature of cyber threats requires ongoing vigilance and adaptation. Both banks and customers must stay informed and adopt best practices to mitigate the risks associated with financial fraud. The collaborative effort between financial institutions, regulatory bodies, and consumers is essential in creating a secure banking environment. If you haven’t reached out to the OBL to discuss their education programming, their vendor recommendations, or other available resources on this subject, I highly encourage everyone to do so.

The

Banking Company

OBL Board of Directors, Chair

CONTINUITY OF OPERATIONS PLANNING

How quickly a bank can recover after an emergency, such as a tornado, fire, or flood, often depends on preemergency planning. Management needs to plan to improve the likelihood that the bank will survive and recover.

Carefully assess how the bank functions, both internally and externally, to determine which staff, materials, procedures, and equipment are necessary to keep the business operating.

• Review the business process flow chart if one exists.

• Identify operations critical to survival and recovery.

• Include emergency payroll, expedited financial decision-making, and accounting systems to track and document costs in the event of a disaster.

• Establish procedures for succession of management—include at least one person who is not at the bank headquarters, if applicable.

Identify suppliers, shippers, resources, and other businesses the bank interacts with daily.

• A disaster that shuts down a key supplier can be devastating to the business—develop professional relationships with more than one bank in case the primary contractor cannot service needs.

• Create a contact list for existing critical business contractors and others that would be used in an emergency—keep this list with other important documents on file in an emergency supply kit and at an off-site location.

Plan what course of action to take if the building is not accessible.

This type of planning is often referred to as a “Continuity of Operations” plan and includes all facets of business.

• Consider if the business can be run from a different location.

• Develop relationships with other companies to use their facilities in case a disaster makes the location unusable.

Plan for payroll continuity.

Decide who should participate in preparing an emergency plan.

• Include employees from all levels in planning and as active members of the emergency management team.

• Consider a broad cross-section of employees from throughout the organization but focus on those with expertise vital to daily business functions. These will likely include people with technical skills, as well as managers and executives.

Define crisis management procedures and individual responsibilities in advance.

• Make sure those involved know what they are supposed to do.

• Train others in case back-up help is needed.

Coordinate with others.

• Meet with other businesses in the building or complex.

• Talk with first responders, emergency managers, community organizations and utility providers.

• Develop plans with suppliers, shippers, and others that the bank regularly does business with.

• Share plans and encourage other businesses to set in motion their own continuity plans to assist others.

Review emergency plans annually. Just as business changes over time, so do preparedness needs.

When new employees are hired or when bank functions are changed, update plans and inform employees.

About ABA Insurance Services:

ABA Insurance Services, a member of Great American Insurance Group, is a long-term, reliable and stable source of D&O, Bond, Cyber Liability and P&C insurance for financial institutions, including trust companies and banks in formation. Our unique insurance program, co-endorsed by Ohio Bankers League and American Bankers Association, has been committed to serving and supporting financial institutions by providing quality insurance and excellent customer service for over 35 years. Excess insurance and STAMP surety bonds are

also available. For more information on risk management, please visit abais.com/Insights or contact ABA Insurance Services’ Patricia P. Williams at 410-960-6878 or ppwilliams@abais.com.

The facts of any potential claims situation which may actually arise, and the terms, conditions, exclusions, and limitations in any policy in effect at that time, are unique. Thus, no representation is made that any specific insurance coverage applies. This information provides guidance and is not intended as a legal interpretation of any federal, state or local laws, rules or regulations. ABA Insurance Services Inc. (“ABAIS”) does not warrant that all potential hazards or conditions have been evaluated or can be controlled. The liability of ABAIS and its affiliates is limited to the terms, limits and conditions of the insurance policies issued by ABAIS. ©2024 ABA Insurance Services Inc. dba Cabins Insurance Services in CA (CA license #0G63200, 2G63200), ABA Insurance Services of Kentucky Inc. in KY and ABA Insurance Agency Inc. in MI. 3401 Tuttle Road, Ste 300, Shaker Hts, OH, 44122

Patricia P. Williams, CPCU Business Development Manager, ABA Insurance Services

www.strunkaccess.com info@strunkaccess.com 800.728.3116

7 STEPS TO BUILDING AN INCIDENT RESPONSE PLAYBOOK

What is an incident response playbook?

One of the biggest regrets of people who have faced an incident without a solid incident response plan (IRP) is not preparing beforehand by brainstorming different scenarios of highly impactful incidents.

Enter the incident response playbook.

An incident response playbook provides cybersecurity instructions for organizations like a sports playbook that lays out plays and instructions for athletes. A sports playbook is designed to help athletes break down and practice plays; it gets revised as needed, and the end result is a book of tested plays that will be used in the game.

An incident response playbook is used in the same method and is designed to provide a step-by-step walk-through for your organization's most probable and impactful cyber threats. The playbook will ensure that specific steps of the incident response plan are followed appropriately. It also serves as a reminder if specific steps in the incident response plan are not in place. If you decide to create your own incident response playbook, it is important to note that it should be included within your IRP.

Why is an incident response playbook important?

Creating an incident response playbook tailored to your organization allows you to document ways to mitigate the most risk posed to your organization by the riskiest threats, including, but not limited to, ransomware, malware, password attacks, and phishing.

Identifying relevant threats that could be extremely impactful to your network and then creating walkthrough scenarios on how to counteract those threats helps your business continuity and incident response teams focus on what needs to be addressed first.

Below, you will find the seven steps to create an incident response playbook appropriate for your organization.

STEP 1:

Identify Riskiest Threats

Study your organization’s technology risk assessment(s) and other audit activities, such as penetration tests and vulnerability assessments, to find your organization's top five riskiest threats (cyber or otherwise).

STEP 2:

Identify Common Attack Vectors

Research the common attack vectors around the top five threats based on your risk assessment(s) and audit activities, as discussed in Step 1. Understanding how hackers perform such attacks in today’s environment, including the tools they deploy and methods they use, will help you build out better incident response scenarios (which we’ll discuss in the next few steps).

A prime instance of being up to date on an attack vector rings true when discussing one of today’s scariest incident response scenarios: ransomware. Although ransomware has been on the rise over the years, the most prominent ransomware attack methods have changed. Attackers will always use whatever tools are convenient to attack an organization’s network. Just like everything else in the cybersecurity field, attack vector methods are constantly changing, making it even more important to stay educated on recent attack trends.

STEP 3: Create Scenarios

Take the top five riskiest threats (cyber-threats or otherwise) identified in the first two steps and create a scenario for each covering how that threat may affect your organization. These scenarios should incorporate your research about how those threats are realized (step 2) and allow you to document a realistic scenario about how the threat (i.e., ransomware) may happen to you.

For example, while ransomware is the “threat,” the scenario likely includes an employee receiving an intriguing email, clicking on the email, and inadvertently installing ransomware on the network.

Outlining these scenarios will be your pivot step in preparing for a tabletop walkthrough, which leads us to our next step.

STEP 4: Perform Tabletop Walkthrough

Before performing an official tabletop test, perform a tabletop walkthrough of each scenario on your own or with your team. This first-stage tabletop walkthrough allows you to work through different scenarios and find how they mimic real-world instances. For example, if your organization needs to be wary of phishing emails, a part of your phishing scenario should discuss the possibility of malware delivered by the phishing email spreading to other computers in the organization.

Taking that additional step with your incident response scenarios can be beneficial because it puts in perspective what your organization needs to consider in addition to just phishing email awareness (how do we stop malware from spreading?) and allows you to discuss what steps in reacting and recovering from these scenarios may need to be improved.

STEP 5: Modify Scenarios

Make any necessary changes to the walkthrough scenarios based on your initial tabletop walkthrough. Keeping your organization’s walkthrough scenarios up to date is important to performing tabletop tests (next step) and helping to think through how to respond to incidents before they happen. This step will also ensure that your organization keeps up with the ever-changing field of cybersecurity.

STEP 6: Perform Tabletop Testing

Your playbook should be ready for an official tabletop test with representatives from your incident response and

business continuity teams. Tabletop tests are critical to an organization because they reveal where your incident response and business continuity plans need to be improved and allow those teams to communicate through conflict effectively. There is no better way to mimic a possible incident than to test relevant scenarios based on your organization’s risk assessment(s), penetration tests, vulnerability assessments, and other audit activities.

Tabletop tests should be performed at least annually (more often if needed), and documenting the results of your testing is extremely important each time a test is performed. Documentation not only proves your organization is staying up to date on testing its incident response and business continuity plan but also outlines areas for improvement and shows that you’re continually exercising your team’s ability and communication effectively.

STEP 7: Review Incident Response Plan

After you perform an official tabletop test of your playbook, it is time to revisit your incident response plan. Based on your testing, you should have several questions that need answers or edits to make to your incident response plan. Keeping your IRP updated with recent changes is good practice; it ensures your plan is better prepared if an incident occurs.

Keep Evolving Your Playbook

As your organization grows and expands, so do your risks and vulnerabilities. It’s a good idea to evolve your playbook as your organization evolves. Revisit your audit activities every time they are performed. This will ensure that you stay current on what your organization’s network needs to improve on. In addition, continue to assess the top threats your organization faces compared to the vulnerabilities revealed during your audit activities. Re-analyze your IRP and tabletop walkthroughs and update these with newfound scenarios based on updated threats that may affect your organization.

ARTIFICIAL INTELLIGENCE –BANKING ON OUR FUTURE

HOW WILL AI IMPACT COMMUNITY BANKS AND WHO IS WILLING TO LEAD THE CHARGE?

“The development of AI is as fundamental as the creation of the microprocessor, the personal computer, the Internet, and the mobile phone. It will change the way people work, learn, travel, get health care, and communicate with each other. Entire industries will reorient around it. Businesses will distinguish themselves by how well they use it.”

Trends

The evolution of AI within the banking sector is progressing from exploration to comprehensive integration. To unlock the transformative potential of emerging artificial intelligence and machine learning advancements, banks are urged to transcend mere speculation and embrace the tangible applications of AI. Banks need to explore the practical avenues for implementing AI and learn the strategies for ensuring successful execution.

Banking regulators are closely watching the evolution of AI and its relationship to banking. While there are no banking regulations specifically targeted at AI yet, the

Consumer Financial Protection Bureau (CFPB) issued guidance last September regarding banks that utilize AI and related complex modelling in their consumer credit decision-making processes. The CFPB guidance warns that precautions are necessary to protect consumer access to nondiscriminatory credit decisions given the continued surge in AI use for consumer credit decisions—and its concomitant algorithms, machine learning and voluminous data processing. The CFPB made clear that banks must be able to specifically explain their reasons for denial. The decision must be tailored to the action and there is no special exemption for artificial intelligence. The CFPB's guidance further reiterated banks must comply with the Equal Credit Opportunity

Act and Regulation B by providing accurate and specific explanations when they take adverse actions against consumers, regardless of AI use that may, by nature, be difficult to explain. While this guidance focuses on adverse action notices, it also highlights the importance of using AI as a decision-making tool with proper checks and balances, rather than relying on it explicitly. As pointed out in the recently released report on AI from the US Department of Treasury , like all emerging technologies, the use of artificial intelligence poses risks to the banking industry. The wise bank management team will be the one that moves into the realm of AI armed with sound policies, procedure and processes and well-trained employees, ready to identify and mitigate the risks posed by this exciting technology.

Use Cases

Assessing the benefits and drawbacks of adopting a more extensive enterprise AI strategy is step one in that expansion and execution. As banks contemplate making moves in this space, delving into practical use cases that our team has been exposed to can provide invaluable insights for decision-making. By examining current use models, executives can make well-informed decisions customized to their banking institution’s unique requirements, thus maximizing any capital expenditures. Use cases do not cover every possibility, they simply demonstrate a variety of ways in which AI is currently being used enhancing value across a banking institution.

1. Customer Experience - Data-driven AI, which can allow micro-segmenting of existing customers and prospective customers, enables banks to better predict preferences and behaviors, providing tailored solutions that foster deeper engagement, opportunities for crossselling and avenues for innovation.

2. Service - Advancements like conversational bots handling basic inquiries or "smile-to-pay" identification for seamless transactions are enhancing customer service. Bots can also harness historical data to provide personalized discussions, including social media, and provide operational efficiencies using call center patterns and calculating to the second customer wait times. Additionally on the service side, SSO (single signon) applications using AI enhanced authenticators are being used to improve security protocols.

3. Collections - AI has the potential to boost efficiencies and develop proactive strategies to assist both customers and lenders. Banks can capitalize on customer data to detect early warning signs of potential delinquencies and defaults,

anticipate reasons why customers may fall behind on payments and provide tailored solutions to prevent such occurrences.

4. Underwriting - Combining robotic process automation with machine learning models and a range of data sources can speed up the loan underwriting process and enhance risk evaluation. Automating tasks such as document scanning and manual data collection streamlines the process of gathering pertinent information. Machine learning models can then analyze data from multiple sources to precisely assess borrowers' risk profiles, enabling quicker loan decisions.

5. Compliance - Banks can enhance efficiencies and reduce costs by harnessing AI to automate laborintensive procedures and swiftly identify changes to the regulatory landscape, ensuring continual compliance. Further, machine learning models may spot consumer compliance issues, trends and patterns unseen by even the keenest human compliance review team.

6. Risk - Fraud detection stands as the most utilized application of AI in banking today. Banks are experiencing the advantages of such applications, not only through decreased losses and more streamlined resource allocation, but also in terms of customer experience. For example, credit card companies utilize transaction and authorization data to enhance the precision and speed of fraud prediction and detection. By minimizing false positives, fewer legitimate transactions are halted, thereby enhancing the overall customer experience.

AI Readiness

Market research entity Avanade reports that 92% of organizations will need to shift to an AI-first operating model by the end of 2024 to keep pace with competitors. Further, the IAPP-EY Privacy Governance Report of 2023 shows AI rocketing to the top of list for most important strategic priorities in privacy for the future.

To stay abreast of AI marketplace trends and confidently navigate the future, banks should prioritize several key actions:

1. Embrace Data-Driven Innovation: Recognize the potential of AI technology to drive innovation at an accelerated pace. Utilize AI to enhance operational efficiency, facilitate growth initiatives, differentiate services, address risk and compliance requirements and elevate customer experiences.

2. Adapt to Evolving Technology: Acknowledge the changing landscape of AI technology, including the decreasing costs and barriers to adoption. Stay informed about advancements in AI tools and methodologies, and be prepared to integrate these technologies into existing systems and processes.

3. Make Strategic Investments: Allocate resources strategically to support AI initiatives, focusing on areas such as cloud computing, big data platforms and updated data architectures. These investments can help streamline AI development, deployment and scalability without necessitating significant upfront capital expenditures.

4. Address Operational Challenges: Recognize and address operational and organizational hurdles associated with AI implementation. Invest in developing necessary skills among staff and ensure effective integration of AI technologies into the broader organizational framework.

By taking these proactive steps, banks can position themselves to leverage the full potential of AI technologies, driving innovation and maintaining competitiveness in an increasingly data-driven landscape.

Impact

As a whole, the use cases show that AI is becoming essential for business success in the banking world and beyond. While enthusiasm for AI is robust, banks are still adopting a cautious approach. This is rooted in the fact that while the technology is undeniably impressive in its capabilities, its applicability is still not flawless. Banks want and need AI to be tested and proved before adoption. Furthermore, banks are likely

to face heightened regulatory scrutiny regarding the "explainability" of AI systems and their decision-making processes. They will need to establish protocols that enable users to comprehend the outputs generated by machine learning algorithms. Embracing explainable AI as part of a responsible AI implementation strategy offers increased transparency, enabling the identification and rectification of potential flaws and vulnerabilities in models. This approach not only enhances the performance and accuracy of AI models but also ensures fairness and transparency. Banks that actively engage in developing AI algorithms with robust explanatory capabilities will be better positioned to earn the trust of both customers and regulators.

At the end of the day AI is simply data, and the key to all data is governance – how this data is collected, stored and used is critical. Without the proper understanding, organizations incur risks, including reputational risks, data risks and security risks.

For questions regarding this evolving landscape, or if you require assistance updating your banking cybersecurity policies to account for AI risks, contact Dinsmore attorneys Christian Gonzalez, Craig Horbus or Michael Dailey for more details.

Craig S. Horbus Partner, Cleveland, Dinsmore craig.horbus@dinsmore.com

Michael G. Dailey Partner, Cincinnati, Dinsmore michael.dailey@dinsmore.com

Christian Gonzalez Partner, Columbus, Dinsmore christian.gonzalez@dinsmore.com

OBL SCORES INITIAL VICTORY IN CASE TO PROTECT COMMERCIAL LENDING IN OHIO

Yesterday, the Supreme Court of Ohio accepted review of a case that could significantly impact commercial lending in Ohio. With the Court only accepting about three percent of jurisdictional appeals, where it is up to the Court’s discretion, this is a significant victory and the first step to remedying the problematic decision out of the appeal’s court below.

The Ohio Bankers League led an industry coalition including the OBL, the American Bankers Association, and the Ohio Credit Union League in submitting an amicus brief to the Supreme Court of Ohio defending banks’ ability to utilize guaranties in commercial lending in the case of Huntington v. Schneider, Case No. 2024-0208. One of OBL’s most potent legal tools is filing amicus briefs to flag issues for the court that impact the banking industry. With the limited number of appeals accepted, this can differentiate cases and highlight their importance.

The brief, prepared by Frost Brown Todd LLP, appropriately summarized the issues as follows:

“The ramifications of this case on Ohio’s lending industry can hardly be overstated. The First District rolled back longstanding precedent and industry practice to hold that guarantors who guarantee payments when due and payable are sureties instead. In so doing, the court retroactively transformed most existing guaranties to suretyships—effectively abolishing the longstanding distinction between the two concepts under Ohio law and creating enormous uncertainty for the financial services industry. The court then compounded its error by imposing increased duties on lenders toward sureties, thereby creating additional obstacles to commercial lending.

Guarantors are essential to the commercial lending industry and Ohio’s economy because they make it financially possible for financial institutions to lend money to small businesses, startups, expansions, and other high risk/reward endeavors. By effectively invalidating standard guaranty agreements, the First District eviscerated this important tool of economic development. If this decision stands, it will create significant new collection risks for financial institutions, reduce the availability of credit or make it significantly more costly, and undermine the value of existing loan portfolios. Thus, not only will the First District’s judgment hurt Ohio’s financial institutions, it also will impact Ohio’s economy by restricting the flow of commercial capital. It is vital that this Court accept this case for review.”

In addition to OBL’s work legislatively to advance and defend the industry, OBL continues to grow its legal presence on behalf of the industry to ensure that those the laws OBL has fought so hard on behalf of the industry to pass or defend against are appropriately interpreted and upheld. If you are interested in being more involved in the legal efforts of the OBL, please contact OBL General Counsel, Don Boyd.

Ohio Bankers League dboyd@ohiobankersleague.com

THE RISK OF DEEPFAKE FRAUD FOR FINANCIAL INSTITUTIONS

Deepfakes – a portmanteau of "deep learning" and "fake" – refer to hyper-realistic videos or audio recordings generated using artificial intelligence (AI). These AI-crafted illusions are so convincing that they can mimic individuals' appearances and voices with uncanny accuracy, raising eyebrows – and significant concerns.

As deepfakes become more sophisticated and accessible, financial institutions face new threats of fraud that challenge the foundations of trust, security, and data privacy across the sector, from online banking to communications.

The potential for deepfakes to impersonate customers, officials, or any key individual in financial transactions opens a Pandora's box of fraudulent possibilities.

Deepfake Technology: How Does it Work?

At the heart of deepfake technology lies a fascinating yet somewhat daunting intersection of AI and machine learning. To put it simply, deepfakes are created using sophisticated algorithms that learn from vast amounts of data, including images, videos, and audio recordings of real people. These algorithms analyze the nuances of human expressions, gestures, and speech patterns. Over

time, they become adept at synthesizing content that mimics these human characteristics, resulting in videos or audio that appear startlingly real.

Imagine watching thousands of hours of video footage, studying every smile, frown, and eyebrow raise of a particular individual. Then, this understanding is used to generate new footage where that person appears to say or do things they never actually did. This capability is what makes deepfakes both incredibly impressive and deeply concerning.

The Impact of Deepfakes on Fraud and Finance

Fraud in the financial industry is hardly a new phenomenon; it's as old as the industry itself. Traditionally, financial fraud has encompassed a range of deceptive practices, from forging checks to identity theft, aimed at illicitly obtaining money or assets. However, digitalization has brought about sophisticated cyber fraud tactics – and deepfake technology is another formidable tool in the fraudster's arsenal.

Deepfake technology escalates the threat of fraud by enabling malicious actors to create highly convincing fake audio and video recordings. These recordings

can be used to impersonate key individuals in financial transactions, such as bank officials, company executives, or customers themselves.

For example, a fraudster could use a deepfake video to impersonate a CEO, issuing fraudulent instructions for a wire transfer, or a deepfake audio clip that convincingly mimics a customer's voice to authorize transactions and gain sensitive account information over the phone.

Eroding Trust and Compromising Security

In finance, trust is paramount. Customers entrust their personal and financial information to institutions with the expectation of utmost confidentiality and security. Deepfakes introduce a disruptive element to this relationship. If a customer can't be sure whether the bank official they're speaking with on a video call is genuine, or if an institution can't trust the authenticity of instructions received from what appears to be a high-ranking executive, the very foundation of trust begins to crumble.

This erosion of trust can have far-reaching consequences, potentially deterring customers from engaging with digital banking services or undermining investor confidence.

Financial institutions have long relied on multi-factor authentication (MFA) processes. Deepfakes pose a direct threat to this by enabling fraudsters to replicate individuals' biometric features convincingly. This compromise forces a reevaluation of security protocols and the development of new strategies to detect and mitigate the risks posed by deepfake technology.

Moreover, finance firms must navigate compliance with data protection and privacy laws. This becomes much more complex when dealing with deepfakes, especially in jurisdictions with stringent regulations regarding digital identity verification and consumer protection.

Mitigating Deepfake Fraud Through Advanced Cybersecurity Solutions

The realism of deepfakes adds a new layer of complexity to the challenge of detecting and preventing fraud. Traditional security measures, such as PINs, passwords, and even biometric identifiers like fingerprints and facial recognition, rely on the assumption that the person's identity being verified is authentic.

A multi-faceted approach to cybersecurity and data protection is essential for mitigating the risks of deepfake fraud. This approach must be proactive, dynamic, and encompass a blend of technology, regulatory compliance, continuous monitoring, and community awareness.

1. Technological Solutions and Innovations:

• AI and Machine Learning Detection: Leveraging the same technologies that enable deepfakes, financial institutions can deploy advanced AI algorithms designed to detect anomalies and inconsistencies in audio and video that may indicate a deepfake. These tools analyze various aspects, such as facial expressions, lip movements, and voice patterns, to identify discrepancies that human eyes might miss.

• Blockchain for Digital Verification: Implementing blockchain technology can enhance the integrity of digital identities and transactions. By creating an immutable ledger for verifying the authenticity of documents and communications, blockchain can provide a robust defense against the manipulation of information.

• Enhanced Biometric Verification: Developing more sophisticated biometric verification methods that can detect the 'liveness' of a subject can help counteract deepfake impersonations. Techniques such as 3D face mapping, iris recognition, and skin texture analysis can add layers of security that are more resistant to deepfake technology.

2. Strengthening Policies and Protocols:

• Regular Security Audits: Conducting thorough and regular audits of security systems and protocols ensures that vulnerabilities are identified and addressed promptly. These audits should include assessments of potential deepfake threats and the effectiveness of detection tools.

• Employee Training: Educating employees about the nature and risks of deepfakes is crucial. Training programs should include identifying signs of deepfake attempts and protocols for verifying information and reporting suspicious activities.

• Customer Education: Informing customers about the potential risks of deepfakes and providing guidance on how to protect their accounts and personal information can empower them to be vigilant and cautious in their interactions.

3. Collaborative Efforts and Industry Standards:

• Sharing Intelligence: Financial institutions can benefit from sharing intelligence and best practices related to deepfake detection and prevention. Collaborative efforts, through industry associations or partnerships, can enhance collective security.

• Advocating for Regulatory Frameworks: Engaging with policymakers to develop regulations and standards specifically addressing deepfake technology can help establish a unified approach to mitigating its risks.

4.

Ethical Considerations and Privacy:

• In implementing these measures, it's imperative to balance security enhancements with respect for privacy and ethical considerations. Any technological or procedural changes must comply with privacy laws and respect individual rights.

Diminish the Deepfake Dilemma and Strengthen Your Security Posture

The key to mitigating the risks associated with deepfakes lies in understanding their capabilities, embracing technological advancements for detection and prevention, and fostering a culture of awareness and collaboration.

It's more important than ever for the finance industry to fortify defenses with the expertise of cybersecurity

professionals. ThreatAdvice specializes in safeguarding financial institutions against insidious cyber threats with advanced threat detection and response, including safeguards against deepfake fraud.

Reach out to us today for a consultation to assess your institution's current security posture and explore tailored solutions that can protect your operations, customers, and reputation against fraudulent cyber-attacks.

Offering feature-rich, modern standards-based core and digital banking solutions, combining intuitive user experiences and APIs to streamline advanced fintech integrations.

INDUSTRY AWARDS TAKE CENTER STAGE AT OBL MAIN EVENT

OBL Industry Awards celebrate and recognize the exceptional achievements and contributions of banks across the state of Ohio. From innovation and customer service excellence to community involvement and leadership, these awards highlight the incredible impact that Ohio's banking industry has on its communities and the economy. We are excited to honor the outstanding individuals and institutions that have been instrumental in shaping the landscape of banking in Ohio. So, get ready to be inspired and amazed by the remarkable stories and accomplishments that will be showcased during the 2024 Main Event (November 13-15 at the Hyatt Regency Columbus) and beyond.

THE AWARD CATEGORIES ARE AS FOLLOWS:

Bank of the Year

Two winners based on asset size.

Banker of the Year

Two winners based on asset size.

Next Generation Leadership Award Already awarded.

Woman in Banking Rising Star Award

Exceptional Woman in Banking Award

OBBT Wellness Award

For those banks that are a member of the healthcare trust.

Milestone Club

For those with 40 years of service in the banking industry. All nominees will be recognized in this category.

Nominate a bank or banker today!

DEADLINE IS SEPTEMBER 1

The Ohio Banking Industry’s Premier Professional Development & Networking Event.

Join industry leaders as we roll out the red carpet for this second annual program which features multiple learning tracks and networking opportunities, as well as the OBL Annual Business Meeting and OBL BankServices Expo. Plus! For the first time, the OBL will present Industry Awards in categories such as Bank of the Yea r, Banker of the Year, Next Generation Leadership Award, Exceptional Woman in Banking Award and many more!

REGISTRATION

Full Member Registration - $695

*Includes all scheduled programming, receptions and events Nov. 13 - 15.

WATCH FOR COMPLETE DETAILS REGARDING LEARNING TRACKS AND SESSION DETAILS.

WEDNESDAY, NOVEMBER 13

2:30 – 4:30 p m

2:30 – 4:30 p.m.

5:00 - 6:30 p.m.

8:30 - 10:30 p m

CEO Roundtables Lessons in Leadership Session Welcome Reception Cards, Cornhole, Cocktails and MORE!

THURSDAY, NOVEMBER 14

8:00 a.m. - 2:00 p.m.

9:00 - 10:00 a m

OBL BankServices Expo Opening General Session

11:45 a.m. - 12:45 p.m. LUNCH & 2024 OBL AWARDS

Registration Industry Awards

QUESTIONS?

For program questions, contact Susan Poling Jones at spoling@ohiobankersleague.com.

For registration assistance, contact Megan Peiffer at mpeiffer@ohiobankersleague.com.

Morning & Afternoon

8:00 - 10:00 p m

Learning Tracks: Executive, Finance, HR & Employee Development, Legal, Lending, Marketing, Retail, Risk Management & Compliance, Technology & Innovation, and Trust & Wealth Management

OBL BankPac Silent Auction & Desserts Reception

FRIDAY, NOVEMBER 15

8:00 - 9:15 a.m.

9:30 -11:30 a.m.

OBL BankServices Expo, Breakfast & Prize Announcements

Closing General Session, OBL Annual Business Meeting & Closing Comments

RANSOMWARE ATTACK: HOW TO PREPARE FOR THE WORST-CASE SCENARIO

SHOULD YOU PAY OFF A RANSOMWARE ATTACK?

HERE’S WHY EVERY ORGANIZATION SHOULD HAVE A PROCESS IN PLACE BEFORE IT HAPPENS. WHO IS WILLING TO LEAD THE CHARGE?

With 66% of organizations reporting a ransomware attack for the second year in a row, ransomware remains one of the biggest cyber risks facing organizations today. If your organization hasn’t been impacted by ransomware yet, it is likely only a matter of time. The FBI received nearly 3,000 alerts of ransomware attacks in 2023 in critical infrastructure sectors, with healthcare, manufacturing, and government entities most affected.

Although the advice of law enforcement is not to pay the ransom, 2023 saw a record-breaking increase in total value received by ransomware attackers, jumping from $567 million in 2022 to $1.1 billion in 2023. Companies are still handing over the money to recover their data—if

they can recover their data, as more cybercriminals are taking the money and keeping the info.

The bad news is that a ransomware attack is going to cost you no matter what you decide about paying the ransom. The worse news is that too many organizations aren’t prepared for the aftermath of a ransomware attack. While many companies have set up a cyberattack plan, they don’t always include the pointby-point checklist of what to do if that cyberattack is a ransomware attack.

It is crucial to think about your approach to a ransomware attack before it happens. If you decide to pay—and that’s a decision that should be spelled out long before the

attack happens—do you have funds for a ransom built into your budget? Do you know what your cyber insurance will cover? And how do you set up a transaction if it’s a cryptocurrency ransomware? In addition, it’s important to keep in mind some government agencies have put in legal implications if ransoms are paid.

Writing a ransomware position statement

Ransomware doesn’t fit neatly into typical incident response planning and testing because it all comes down to one different factor: the data is being held hostage by cybercriminals and you have to determine if it is worth paying a ransom to recover. Sometimes all the steps normally taken to address a cyber incident—the detection, remediation, recovery—doesn’t work, and that’s when the difficult call has to be made.

A best practice is to run a ransomware tabletop exercise. The exercise intends to mimic a realistic scenario and includes key stakeholders across the organization. The goals include creating transparency in communication, assessing the plan of action, minimizing potential gaps in your cybersecurity program and eventually helping to answer the question: do you pay the ransom?

Ultimately, your decision shouldn’t come in the middle of a cyber incident. Every company should have, as part of its incident response plan, a ransomware position statement that identifies when and why the company would pay a ransom. This statement should be devised with a group of corporate stakeholders that include legal, financial, executive leadership, IT, and security.

Should you pay the ransom?

Some things to take into consideration against paying a ransom:

• Legal implications (American law enforcement recommends against it)

• Risks of becoming a repeat target

• Lack of insurance (many cyber insurance firms are declining ransomware protection)

• Reputational damage

• Tax and audit considerations

Putting the budget together

Despite the reasons to avoid it, some companies will decide that paying the ransom is the best option for them. It could be that they don’t have a good backup

system or that the amount of time it will take to bring the backup online will do more damage to the business, especially where human life is concerned. If that’s the case, then you have to think about how to best budget for a ransomware attack.

That begins with deciding where the money will be coming from. Not every organization has the ability to set aside a few million dollars to use for a ransom, and even if they do, there needs to be agreement on where that money is coming from. What department will be responsible for releasing the funds, or will it be a mix of departments?

An approval chain must be put in place. Paying for a ransom shouldn’t be the decision of one person. Any ransomware recovery policy will include a decisionmaking and approvals chart from each entity.

The worst time to be figuring out any of the financial implications of a ransomware attack is during the middle of the crisis. Having a plan and budget in place before the worst happens will make it easier if you do decide to pay.

Anyone can attack your network. Endeavor IT can help protect cyber criminals from invading yours. Get ahead of possible attacks now; call, email or visit our website today at endeavorit.com!

OBL BANKING CALENDAR

REGULATOR ROUNDTABLE

August 9 – Virtual

This annual OBL program brings together compliance officers from across the state to hear the latest in consumer compliance regulations from the CFPB, the OCC, the Federal Reserve Bank of Cleveland and the FDIC. Moderated by Scott Daugherty from Bankers Alliance, the 3-hour program features comments from each regulator, as well as best practices and the opportunity for attendees to submit questions in advance and during the program.

What do past attendees have to say about the program?

I find the most beneficial part of the program is when participants can ask questions. It's great to hear responses to “real-world” questions.

Hearing about what the regulators are finding is beneficial.

This is definitely my favorite program that the OBL hosts.

This program, priced at just $99 per attendee, will benefit compliance officers, consumer lenders and/or any employee involved in the regulatory examination process.

Check the website for complete details or contact Sarah Husk at shusk@ohiobankersleague.com

OBL IT FORUM

Continues August 20 & November 19 –Quest Conference Center

Attention IT and cybersecurity professionals! If you are not already involved in the OBL IT Forum – consider giving this program a try.

More than 50 IT professionals from across the state gather to discuss relevant topics, find solutions, and exchange ideas relating to IT and cybersecurity within their organizations. Plus! Session agendas are built by attending members of the forum to best meet their needs.

Now in its 10th year, the IT Forum provides a mix of peer sharing and discussion with free exchange of ideas and challenges, as well as guided education and lectures from seasoned facilitators SBS CyberSecurity and infotex. In addition, Jon Waldman (SBS) leads managerial breakout sessions, while Dan Hadaway (infotex) leads sessions on technical topics.

Current members note the program is a great return on investment as it provides an opportunity to ask and find answers to questions about the most pressing IT and cybersecurity challenges, as well as a chance to compare IT plans, performance and goals with peers.

Single session pricing is available – or register for both programs at a discounted rate. For additional information, contact Susan Poling Jones at spoling@ohiobankersleague.com.

COMMUNITY BANKERS FOR COMPLIANCE PROGRAM

Continues September 10 & 11 – In-Person

The OBL and leading consulting firm Young & Associates, Inc. continue to help banks navigate the often-complicated compliance frontier through Community Bankers for Compliance and Community Bankers for Compliance PLUS.

Nearly 80 bankers from 48 banks already take advantage of this tailored, multi-level compliance program that is designed to strengthen the bank's ability to manage the complex requirements of consumer compliance. In addition, CBC Plus builds on the tried and tested CBC Program by offering bankers the opportunity to put together a custom-made consumer compliance suite, tailored to the individual needs of their bank.

Benefits of the CBC Program include quarterly seminars, monthly newsletters, compliance hotline and a CBC members-only web page –not to mention gaining a network of compliance officers from across the state. If your bank is not already a member, please note pro-rated pricing is available for the remaining sessions held in person on September 10 & 11 in Findlay and Columbus. The December 10 & 11 sessions will be held virtually.

The CBC Program has received approval from regulatory agencies not only for its comprehensiveness, but also for its practicality and user-friendly solutions. In addition, all sessions are available for CRCM credits through the ABA.

For more details, contact Sarah Husk at shusk@ohiobankersleague.com.

GSB BANK TECHNOLOGY SECURITY SCHOOL

October 7-11 – Madison, Wisconsin

Offered by the Graduate School of Banking –Madison, this week-long innovative school is designed by, and especially for, information security officers in the financial industry. The state-of-the-art program is divided into two core areas of study – the business of banking and information technology security; and is packed with real world information about the latest in IT security and information assurance — practical information that will help you stay a step ahead of those who’d do your organization harm.

According to Kathy Berman, GSB vice president, marketing and communications, “The school uses a mix of lectures, small group discussions and interactive computer labs. Plus, the hands-on, computer-based simulation labs allow attendees to explore penetration and vulnerability testing, security attacks, early detection of data breeches and more.”

Whether a veteran Information Security Officer or new to the IT security field, this school provides the skills and knowledge to effectively secure your bank’s and your customers’ most sensitive information.

If interested in further details, visit www.gsb.org or contact Susan Poling Jones at spoling@ohiobankersleague.com.

AROUND THE INDUSTRY

Focus On: First National Bank of Pandora

First National Bank has announced that Brendon Matthews has been promoted to President of First National Bank, succeeding Todd Mason, who will remain CEO and was also named Chairperson of the Board.

Matthews has worked in a variety of roles in his 22 years in banking, including teller, branch manager, small business lender, sales manager, Senior Lender, Executive Vice President, and his most recent role as Chief Lending Officer. Brendon received his undergraduate degree in English at Anderson University in Anderson, IN in 2002. After starting his banking career at Madison Community Bank in Anderson (now First Merchants Bank), Brendon earned his MBA from Anderson University and then moved back to Bluffton in 2006 and joined First National Bank.

Brendon is a graduate of the Barret Graduate School of Banking in Memphis, and the Ohio Banker’s League Blythe Bank Management program. In 2021, he earned a Doctorate degree in Interdisciplinary Leadership from Creighton University.

At the Ohio Bankers League, Brendon served as a member and then Chair of the Next Gen Advisory Board.

Mason states, “Brendon has been a vital leader in First National Bank’s growth over the last 18 years. His background and experience will add strength and a unique perspective to lead FNB into the future. His steadfast commitment to the bank’s mission and values will strengthen First National Bank’s position as a leading community focused bank.”

Mr. Mason has a combined 39 years of banking experience in various roles at community banks, 20 of those years serving at FNB. He has served as President of First National Bank since 2007. Todd has previously served on the Board of the Federal Reserve Bank of Cleveland, the Board of the Community Bank Council of the American Bankers Association, and the Ohio State University Lima Advisory Board. He is currently a Board member of the Ohio Bankers League and serves as their Treasurer.

“I am excited to continue to serve the bank and live out our mission of improving lives through community banking in the capacity of CEO and Chairperson of the Board.”

Bluffton, Ohio

The Board of Directors of Citizens National Bank officially named Eric Faulkner as Chief Executive Officer (CEO) of the bank. Faulkner has been acting President of the bank since 2019. He replaces Mike Romey in the role of CEO.

Greenville, Ohio

GNB Banking Centers recently celebrated two retirements. Mike Batten, Vice President and Consumer Loan Manager retired after 38 years. Mike spent his time at GNB in the Consumer Loan office, where he served as manager the last 14 years. President and CEO of GNB Banking Centers, Kent James, also retired after 38 years of service. Kent started his career with GNB as Auditor in 1985. Over the years he held multiple roles and titles including VP/Controller, SVP/Chief Financial Officer, EVP/Chief Operating Officer, and finally President/CEO. He served in that final role from January 2015 through March 2024. Kent will continue to serve as a GNB Board Member.

Ohio Bankers Benefits Trust COMING TOGETHER TO CONTROL BENEFIT COSTS

Upon Kent’s retirement, GNB Banking Centers is pleased to announce that Susan Shields has been promoted to President and Chief Executive Officer. Susan has 40 years of banking experience at GNB. She has held various positions in the organization including Teller, Loan Processor, Compliance Assistant, Auditor, and Executive Vice President/Chief Financial Officer.

West Salem, Ohio

Marlene Barkheimer, CEO, Farmers State Bank, West Salem, has been named to the FDIC Advisory Committee on Community Banking. Composed of a cross-section of community bankers from around the country, the FDIC’s Advisory Committee shares input on a broad range of community bank policy and regulatory matters. She will serve a two year term.

In today’s competitive marketplace, benefits have become as important as compensation when hiring or retaining the best and brightest. But health insurance is not inexpensive. The Ohio Bankers Benefits Trust was developed in 1952 to mitigate health benefits costs by bringing bankers together. When we harness the collective resources of Ohio’s banks and thrifts, everyone wins.

For more information about the OBL health plan options contact: OBBTCustomerService@ohiobankersleague.com

THE TOP TEN

In this quarterly feature, the OBL highlights the ten news articles that you have visited the most at www.ohiobankersleague.com.

1

OBL FILES COMMENT LETTER OPPOSING REG II

Last week OBL filed an official comment letter opposing the proposed Reg II interchange cap reduction.

2

CEO TO CEO: NEW STATE HOMEBUYER PLUS PROGRAM A GAME CHANGER FOR BANKS

Has your bank applied to participate in the State Treasurer’s Homebuyer Plus Program? This is a specialized, tax-advantaged savings account to assist Ohioans on their homebuying journey.

3

OCC STATE PREEMPTION LETTER

The OBL along with all 50 state bankers’ associations wrote this week to the OCC asking them to impose their clear national preemption over state law to legislatures when they are enacting legislation that would cause conflicts for federally chartered banks.

4 FEDERAL TRADE COMMISSION VOTES TO BAN NON-COMPETE AGREEMENTS

On April 23, 2024, the Federal Trade Commission (FTC) held a public hearing where members voted 3-2 to adopt a final rule effectively banning employers from enforcing non-compete clauses against employees with very limited exceptions.

5 ELECTION ROUNDUP: WITH PRIMARY OVER, FALL ELECTIONS SET

Yesterday, the contentious primary election season ended, setting the stage for the fall and yet another contentious election season.

7

OBL SCORES INITIAL VICTORY IN CASE TO PROTECT COMMERCIAL LENDING IN OHIO

Yesterday, the Supreme Court of Ohio accepted an appeal for review that would have significant ramifications for the banking industry. Previously, the Ohio Bankers League led a coalition in the filing of an amicus brief asking the Supreme Court of Ohio to review a decision out of the Ohio First District Court of Appeals that could upend the ability to use industry standard guaranties in commercial lending.

8 WHAT DOES RECLASSIFYING CANNABIS MEAN FOR BANKING?

News broke this week that the U.S. Drug Enforcement Agency (DEA) – at the urging of the U.S. Department of Health and Human Services (HHS), the Biden White House, and Congressional Democrats – will move to reclassify cannabis from a Schedule I to Schedule III controlled substance under the US Controlled Substances Act.

9 THE SOLAR ECLIPSE IS COMING IN APRIL, IS YOUR BANK PREPARED?

The OBL has been fielding questions from Member Banks about preparing the Solar Eclipse event that will take place on April 8, 2024 throughout much of Ohio. In response, OBL has put together a bank preparedness tip sheet.

10

CFPB MAKES FINAL RULING ON CREDIT CARD LATE FEES FOR LARGER CARD ISSUERS

Despite stakeholder comments offering reasonable alternatives, the CFPB has made their final ruling setting a safe harbor amount for late fees at $8 and eliminating the annual inflation adjustments to that safe harbor amount, for larger card issuers.

6 BREAKING NEWS: US SUPREME COURT UPHOLDS

CFPB FUNDING STRUCTURE

Moments ago, the US Supreme Court released its opinion in the Community Financial case and decided that the funding structure of the CFPB is constitutional.

OHIO BASED, OHIO OWNED

For

With 25 years of experience as a trusted partner for Ohio community banks, Banc Consulting Partners is the stable provider in BOLI design, analysis, compliance and plan administration.

And don’t just take our word for it. Ask the Ohio Bankers League, where we have been a reliable Endorsed Business Partner for the last 19 years. In fact, we have earned the trust of more Ohio community banks than any other firm in the country.

So when you want the best relationship for your BOLI portfolio and a firm that is dedicated to Ohio community banks, talk to Lou Moore at Banc Consulting Partners.