The document discusses strategic planning for banks. It emphasizes that the first step is defining the bank's mission and goals for both the short and long term. It advises creating a short term plan to maximize current performance and a long term plan to clarify future changes. Overall it stresses the importance of determining a destination before embarking on strategic planning.
1. strategic planning. “The
process starts with
clearly understanding
what your mission is,
then what your culture
and values need to be,”
he said. “Then identify
your objectives and
what key performance
metrics you’ll use
to hold yourselves
accountable.” The final
step in this process
is to determine the
specific opportunities
and threats that could
help or hinder those
objectives, including
both internal or external
factors and resources.
You Are Here:
Set Your Destination
Defining your
bank’s mission starts
with knowing who you
are as an organization
today and who you
want to be in the future.
Many institutions have
a mission that defines
one or the other, but
both are necessary.
They are your start and
end points on the map.
Smith advises creating
a short-term plan
(usually 12-24 months)
that addresses the
bank’s current structure
and maximizes
performance of where
the bank is now.
The long-term plan
should look 3-5 years
in the future and clarify
when and how to put
changes in place.
PRSRTSTD
U.S.POSTAGE
PAID
UMS
WisconsinBankersAssociation
4721SouthBiltmoreLane
Madison,WI53718
JANUARY 2016 WISCONSIN BANKERS ASSOCIATION FOUNDED 1892
Chart the Course, But First Determine Your Destination
To create an effective strategic plan, directors
must first establish specific end goals
According to NetDili-
gence’s 2015 Cyber
Claims Study,* the
average number of
records exposed in a
data breach has climbed
from 1.4 million in
2012 to 3.2 million in
2015, and the financial
services sector remains
a popular target (with
17 percent of data
breaches, second only
to the healthcare sector
with 21 percent). As a
result of this growing
Cyber-Liability: Are You Covered?
Don’t “set it
and forget
it” with your
protection
By Amber Seitz
(continued on p. 29)
(continued on p. 32)
degree and complexity
of risk, the landscape
of cyber-liability and
cyber-security insurance
is undergoing dramatic
change. “The coverage
By Amber Seitz
The first step in
formulating a
successful strategic
plan is defining where
you want that plan to
take your institution.
Skipping this step is
like going on a road
trip without picking a
destination. Any map
you bring along on that
trip will be useless until
you know where it is
that’s available in this
area is in greater flux
than any area since
the product liability
insurance crisis in the
1980s,” said Mark
Foley, attorney at von
Briesen & Roper, s.c.
“About a dozen of the
major companies writing
cyber-security coverage
are reviewing their
policies on an annual
or semiannual basis for
changes in coverage.”
This accelerated
evolution requires bank
directors and manage-
ment to reassess their
you want to end up.
“Many banks go into
the strategic planning
process without
knowing where they
want to go,” said Philip
K. Smith, president
of Gerrish McCreary
Smith Consultants and
Attorneys. To avoid that
pitfall, bank directors
must take the time to
fully describe their
high-level goals for the
institution.
“If you get the
high-level stuff right,
the details will fall
into place,” said Ken
Johnson, principal
at Ken Johnson
Consulting. To
accomplish that, Cass
Bettinger, president
of Cass Bettinger
and Associates,
recommends engaging
in mission-driven
coverage on a much more
frequent basis than in the
past. Many D&O policies
offer coverage for signi-
ficant expenses associ-
ated with cyber-liability,
but typically do not
include post-breach
response assistance.
Because of that, more
community banks are
purchasing specialty
insurance to protect the
institution. According to
Jeff Otteson, vice presi-
dent of sales at Midwest
Bankers Insurance
Services (MBIS),
2. roughly 50 percent of
institutions purchase a separate
specialty cyber-liability and
crisis management expense
policy. In order to make an
informed decision regarding
the bank’s cyber-liability and
cyber-security insurance,
management and the board of
directors must first understand
their options and then undergo
an assessment to determine
the best coverage for their
institution’s unique needs.
Understand
Your Options
It’s important for bank
management to understand
that cyber-liability coverage
is not simply coverage for
e-banking services. Nicholas
Economidis, E&O underwriter
at Beazley, a specialist
insurer, clarified this common
misconception. “Cyber-liability
is about coverage for liability
associated with a loss, theft
or unauthorized disclosure
of information, as well as for
expenses associated with a
data breach event,” he said.
The two basic classifications
of coverage are first- and third-
party. Foley explained that
first-party insurance protects
the institution against its own
losses and expenses related to
a breach, whereas third-party
coverage protects against
claims by third parties (such as
the bank’s customers, affiliates,
or service providers) for losses
they suffer because of a data
breach at the bank. “You need
both first- and third-party
coverage in connection with
a data breach,” Foley advised.
One benefit of choosing a
policy with both first- and
third-party coverage is that it
avoids overlapping policies
with the bank’s other insurance
carriers. “Overlapping policy
language can lead both to
unnecessary and expensive
duplication of coverage or to
dangerous coverage gaps and
disputes,” Foley added.
Due to the complex
nature of cyber-security,
there is a wide variety of
coverages available to financial
institutions, each with its
own merits. “Many bankers
feel that all cyber-liability
policies are created equal, but
they’re not,” said Otteson.
“Each carrier has unique policy
language, limit structure,
exclusions and pre- and post-
breach risk management
offerings or services.” That
variety means it is critical
for bank management and
directors to ask questions
and thoroughly review their
options. “The most important
thing for directors is to
Cyber-Liability
(continued from p. 1) The nature of the risk is changing quickly, so the nature
of the insurance that’s available is also changing quickly.
It’s not just a matter of looking at whether the premium has
changed when it comes time for renewals.
– Mark Foley
von Briesen & Roper, s.c.
Many bankers feel
that all cyber-security
policies are created equal, but
they’re not.
– Jeff Otteson
Midwest Bankers
Insurance Services
More than $225,000 in Scholarships
Available Annually
gsb.org
The Wisconsin Bankers Association is pleased to
offer scholarship opportunities to its member
bankers through the Herbert V. Prochnow Educational
Foundation, a supporting organization to the Graduate
School of Banking at the University of Wisconsin –
Madison. The GSB Prochnow Foundation offers nearly
one quarter million dollars in scholarships every year
to bankers who want to improve their careers and
organizations through education.
Scholarships are distributed through the WBA for the
Graduate School of Banking and the GSB Human
Resource Management School.
Apply today for a scholarship to attend a program at the
nation’s leading and most progressive banking school.
For details, contact Nick Loppnow at the Wisconsin
Bankers Association at nloppnow@wisbank.com.
Sponsored by:
Educating Professionals, Creating Leaders
32 JANUARY 2016
(continued on p. 33)
3. By Mike Semmann
nVestWisconsin launched on
Giving Tuesday (Dec. 1, 2015)
with the help of WBA and
Crowdfund i94. This WBA
website is one of the state’s
first crowdfunding websites
to support local nonprofits,
businesses and projects. Spe-
cial Olympics of Wisconsin,
Madison Scouts Drum & Bugle
Corps, Habitat for Humanity of
Wisconsin and the Zoological
Society of Milwaukee are the
first four nonprofit organiza-
tions to launch fundraising
projects on nVestWisconsin.
Each nonprofit ran a 30-day
fundraising campaign through
individuals and businesses
to make a contribution to a
non-profit or business to
assist with a specific project.
nVestWisconsin Securities,
which will launch in 2016, will
allow institutional and individ-
ual investors to purchase
securities in an online platform.
Donor. Investor.
nVestWisconsin’s users may
fall into one or both categories,
but what unites all of them is
a desire to see the Dairy State
grow and prosper.
Semmann is WBA executive
vice president and chief opera-
tions officer and also serves as
president of nVestWisconsin.
they choose or to truly own
a piece of something good in
their home state. This is also
true for banks and bankers.
You see, nVest is unique
because it has two separate
but related pages within it:
nVestWisconsin Donate and
nVestWisconsin Securities.
nVestWisconsin Donate
provides opportunities for
nVest in order to meet their
specific needs and goals.
One goal of nVestWisconsin
is to encourage people to
consider how they invest in
their community. Donating is
not a one-size-fits-all activity,
and by offering an option to
either donate or invest, the new
crowdfunding platform allows
Wisconsinites to give however
WBA Launches nVestWisconsin: Wisconsin’s Local Crowdfunding Platform
New website takes the "give local" campaign digital
Association
Update
Michael B.
Semmann
WISCONSIN
> Visit nVestWisconsin today!
donate.nvestwisconsin.com.
make sure they understand
the nature, likelihood, and
potential ramifications of
all the risks and therefore all
of the types of coverage that
they could purchase so that
they’re making an informed
decision as to which ones to
buy,” said Foley.
Economidis suggested
looking for three different
coverage features. One
important type of coverage to
consider is regulatory defense
and penalties coverage,
preferably provided on a duty
to defend basis. “Financial
institutions are heavily
regulated and may be subject
to regulatory scrutiny after a
breach event,” Economidis
said. He also recommended
seeking coverage for breach
response services provided
outside the limit of liability
available for defense and
indemnity of a claim, as
well as a careful exploration
to determine what coverage
is offered to the bank in the
event a third-party vendor
they use suffers a breach or
loss of information in their
care. Otteson recommends
bank management also
consider each policy’s limit
structure with regard to the
liability limits and the crisis
management expense limits.
Typically, crisis management
expense limits include
forensics, credit and identity
monitoring, public relations
and notification expenses
after a breach. Some policies
offer separate “towers” of
coverage limits, which will
not erode the liability limit.
Otteson said that when the
expense limits are shared with
the liability limit, community
banks should increase their
liability limit in proportion
with the expense limit.
Follow a Selection
Process
Each institution has unique
coverage needs, so assessing
policies will be different.
However, establishing a set
procedure for identifying the
bank’s needs and risk tolerance
and evaluating policy options
will make the renewal process
much smoother. “The nature of
the risk is changing quickly,
so the nature of the insurance
that’s available is also changing
quickly,” said Foley. “It’s not
just a matter of looking at
whether the premium has
changed when it comes time
for renewals.” He advised boards
to do in-depth review of the
bank’s coverage at least annually.
The first step in such a
review should be to forecast
the bank’s expected losses and
determine its risk tolerance.
“Banks should attempt to
forecast the expected loss
associated with a data breach
event both from a worst-case
scenario as well as a probable-
loss scenario,” said Economidis.
“Then, with these figures in
mind, banks should consider
how much risk they are
comfortable retaining, and
seek to purchase insurance for
the remaining risk.” Otteson
advises bank management to
also consider the number of
customers the institution has
(including past customers,
current employees, and past
employees), as that drives the
cost for notifications after a
breach, along with the cost of
credit and identity monitoring.
Economidis also recommended
using benchmarks as a litmus
test regarding the amount of
coverage that institutions of
similar size have purchased.
“This benchmarking process
can provide a reality check for
the loss forecasts generated
earlier in the process,” he said.
Perhaps the most important
step in any cyber-liability
coverage assessment is
determining what isn’t covered
under a particular policy.
“Businesspeople typically
don’t know what a policy does
not cover,” Foley said. He
explained that confusion results
from both new technology
terms unfamiliar to senior
management and state-of-
the-art insurance terms which
have been litigated for decades
– sometimes centuries – and
Cyber-Liability
(continued from p. 32) The biggest mistake insured and potential insureds
make is assuming that they’re prepared to handle a
data breach event.
– Nicholas Economidis
Beazley
JANUARY 2016 33
(continued on p. 34)
4. Rose Oswald Poels is WBA president and CEO
ropoels@wisbank.com | 608/441-1200
Twitter: @RoseOswaldPoels
There’s certainly no shortage of information channels in this day and age.You
can find out news from around the globe in newspapers, online and even on your
smartphone. If you don’t have time to sift through hundreds of articles and news bytes,
here’s what you need to know about what’s going on in the banking industry this month:
WBA Perspective Industry briefings for Wisconsin bankers
Legislative Advocacy
House Passes Portfolio Lending
and Mortgage Access Act
H.R. 1210, the Portfolio Lending and Mortgage
Access Act, passed the House on Nov. 19, with
a vote of 255-174. This legislation provides that
loans originated by insured depository institu-
tions and held in portfolio are treated as Quali-
fied Mortgages under the Truth in Lending Act.
A letter of support was sent the day before the vote by WBA and
53 other banking associations. However, three members of the
Wisconsin delegation voted “no,” so WBA promptly contacted the
offices of those Representatives to express our serious disappoint-
ment in their vote on this signature issue. This was the latest effort
in three years of lobbying to provide relief to Wisconsin bankers on
this issue. Thanks go out to all bankers who contacted their legis-
lators. WBA extends a special thanks to the bankers who attended
our two Government Relations summits last spring as this was
one of the priority issues taken to legislators during those events.
Industry News
WBA Raises Over $5,000 for Charity
The WBA staff raised over $5,000 for United
Way during a week-long fundraiser boasting a
variety of activities for staff participation. The
United Way gave WBA their Bronze Award,
which is awarded to companies where em-
ployee gifts average $50-$99 per employee.
Judicial Advocacy
Wisc. Sup. Ct. Hears Oral Argument in Walworth
State Bank v.Abbey Springs Condominium Assn.
The Wisconsin Supreme Court heard lively
oral argument on Nov. 9, 2015 in Walworth
State Bank v.Abbey Springs Condominium
Association, a case in which WBA submitted
an amicus brief. The primary issue before the
court was whether a condominium association
may legally enforce a policy that forbids new owners of a condo-
minium unit, purchased at foreclosure, to use the condominium’s
recreational facilities until the previous owner’s delinquent dues
and assessments for such facilities are paid up to date. WBA
noted that if the case is decided in favor of the association,
lenders would be less likely to make condo loans or would
increase costs to borrowers to cover the higher risks associated
with condo lending. The Court’s opinion is expected in 2016.
NEWS
require a level of expertise that
most individuals outside the
industry haven’t acquired.
Get Expert Advice
Obtaining the services
and advice of external experts,
such as a broker or lawyer,
is crucial for a thorough and
successful review of the bank’s
cyber-liability and cyber-
security insurance coverage.
“Because the changes are so
fast and furious, you should
work with a broker, consultant,
or lawyer who knows this area
and can help you assess what
you need and help you find
someone who’s offering it,”
Foley said. “Foremost, work
with a broker that has expertise
in cyber-liability,” Economidis
agreed. “After that, attain quotes
from key markets and work
with your broker to understand
the key distinctions between
various offerings.” In addition
to external expertise, Otteson
highly recommends that
bank management involve
their IT Department when
doing carrier reviews and due
diligence. “As the climate
changes and exposures
become greater, a best practice
would be for community
banks to engage their IT
experts regarding their cyber
exposures and the policies
the bank purchases,” he said.
Involving the bank’s IT experts
in the insurance assessment
may also lead management
to better understand which
vulnerabilities can be rectified
through technical or policy
means, and which risks require
insurance because they cannot
be fully mitigated by the bank.
Bank management should
ensure that the board of
directors understands that
they cannot – and should not
– assume the bank can handle
a data breach internally. “The
biggest mistake insured and
potential insureds make is
assuming that they’re prepared
to handle a data breach event,”
said Economidis, noting that
most institutions have little, if
any, experience handling such
events and are therefore ill-
equipped to do so effectively or
efficiently. “Institutions should
seek insurers, or other partners,
with significant breach
experience for assistance
with a breach event,” he said.
“Every bank should have a
written computer incident
response and investigation plan
that is practiced and updated at
least annually.” In short, don’t
handle a breach event alone.
Seitz is WBA communications
coordinator.
*View the full 2015 study online at
www.netdiligence.com/downloads/
NetDiligence_2015_Cyber_
Claims_Study_093015.pdf.
Cyber-Liability
(continued from p. 33)
“I am very proud of the significant dollars this staff personally
donates each year for United Way. It is great to be able to say
to our members and to the community that the WBA staff
understands the importance of giving back to their community and
proves that through the generous donation of their hard-earned
dollars,” explained WBA’s Rose Oswald Poels.
For more industry updates like these,
sign up to receive the WBA Executive Letter
ePublication by visiting www.wisbank.com/subscriptions.
JUDICIAL
ADVOCACY
LEGISLATIVE
ADVOCACY
34 JANUARY 2016