Podcasts about kelly hello

  Kelly: Hello, this is Kelly Coughlin, CEO of BankBosun. Today we're going to launch a series of podcasts on community banks and the role they have played in our history and the future. Community banks are critical to a community's social and economic ecosystem. I use the term ecosystem carefully and intentionally to describe a system of inter-connected elements formed by the interaction of a community with their environment, and in terms of a social and economic community, in my mind community banks are critical members of that ecosystem. That brings me to this podcast series, in which we're going to focus on community banks. In this series we're talking to a number of executives who are leaders in community banking, and I'm asking them to make community banks more fun and interesting. I think I used the term “humanize” community banks. The community bank has been around a long time. From the Revolutionary War in Massachusetts to the Santa Fe Trail in Kansas; expansions and contractions, recessions and depressions, community banks have seen it all. With that in mind, I have one of those leaders, Sammie Dixon, CEO of Prime Meridian Bank in Tallahassee, Florida. He's not been around since the Revolutionary War, I don't think, but he has seen a lot. Sammie, are you on the line there? Sammie: I am. Kelly: Have you been around since the Revolutionary War, Sammie? Sammie: No, I barely made the '60s. Kelly: Barely made the '60s, excellent.  Sammie, I wanted to talk to you because when I look at your bio and some of the community involvement…I looked at all the involvement that you guys have…and I counted nearly 50 organizations, whether it be the Treehouse of Florida, Toys for Tots, Young Actors Theatre, Good News Outreach, Holy Comforter School, Lee's Place, Opening Nights. I'm not sure what Opening Nights is but..., you've got Florida Tax Watch. You've got over 50 organizations that you guys support one way or another. Talk to me about that. Sammie: Well, Kelly, there was a famous banker here in town by the name of Godfrey Smith, that always stated that a healthy community makes a healthy bank. And if you take care of the community, then the bank will be taken care of, if you're providing good service and charging good, honest rates, paying people good rates, and just making sure that the well-being of each individual client and the community as a whole is taken care of. Kelly: Kind of jumping forward here, what happens in a community when a community bank ends up getting acquired by a national bank or a large regional bank? Does that go away do you think? Sammie: It does to some extent. You've got someone outside of the individual community that really doesn't understand what's important, making decisions or providing budgets to the local leadership of that regional or money center bank. And they cannot react as quickly to the needs of the community. Whereas your community banks are able to really provide a nimble outlook. And by that I mean that if there's something happening that needs to be taken care of. The decision can be made within 5 minutes and let's get the problem squared away, from supporting one of the individual not-for-profits that are providing services to our community to the hospitals, the school system. It's having that ability to make a decision on the ground floor. Kelly: That's a segue into maybe the bigger picture here. That dynamic doesn't just relate to non-profit involvement, but it gets at the for-profit activities that a bank is involved in. When you're not part of that community, you can't respond as quickly, whether it be granting a commercial loan or that sort of thing. Talk about that a little bit. How is that impacted? Sammie: Every business is nothing more than a story with substance behind it. Having people and having the executive leadership having the opportunity to not only listen and hear the story, but live it. You get to see what they do each and every day and you're able to make decisions and make judgments in extending credit; what type of depository services they need; and there's nothing about a story that fits in a box. Every one of them is different. Every individual character, if you want to say, within the story is different. Having that ability to take the time, sit down, understand what the story is and where it's going, gives us an opportunity to make very quick and rational decisions that helps each individual business that then helps the community. Kelly: You mentioned story. What's your story? What's Prime Meridian's story? Sammie: Well, Prime Meridian Bank is a newer bank, one of the last in the state of Florida to get chartered. We opened our doors February 4th, 2008. We initially capitalized with about $12.9 million dollars. We have now since grown in excess of $275 million, over the last 8 years. We decided to start the bank, myself and Chris Jensen, and we thought we could provide service to our clientele, and decisions that would help them move more prudently and faster. Kelly: You saw a need specifically in the Tallahassee market? Sammie: We did. We thought that we could provide service and compete with everybody in town. We didn't have a group of people come together and say, "Let's start a bank." We put our story together and put our model together, and went to individual business leaders within town, here in Tallahassee and said, "We're going to start a bank we'd like you to be a part of," and that was the genesis of Prime Meridian Bank. Kelly: Was there a lot of consolidation and acquisitions that had gone on prior to that, and so that kind of created this market opportunity for you guys? Sammie: No. You had several community banks here in town already, most of your southeastern regional banks and your money center bank. We just thought there was an opportunity for us to come in and provide a little different level of service that would make us a profitable entity and serve Tallahassee very well. Kelly: Let's talk about the name Prime Meridian. You do know that you're not on the Prime Meridian? You do know that you're 84 degrees west, right? Sammie: I do, but the Prime Meridian for all metes and bounds in the state of Florida is here in Tallahassee. Kelly: Oh, got it. Sammie: If you look at the Prime Meridian, what is it? It's a starting point of the metes and bounds here for the state of Florida, and starting point of time, or the starting point of a new financial institution. The Meridian line is an unwavering line going over the Earth. We're unwavering in our outlook and care of our shareholder's money, but more importantly, our clients. Kelly: The Brits claimed Greenwich was the Prime Meridian. They don't own that, so you'd redefine Tallahassee to be the Prime Meridian. Sammie: At least for a new financial institution. Kelly: Very good. Continue with the evolution of the bank and the challenges you've faced in the past, as you went from de novo Bank? You didn't acquire another bank, right? Sammie: Right. Several things that we're proud of through the evolution of our company. Number one, which goes back to the quality of our team. When we started our bank, the average startup cost was about $800,000. The day that we opened the doors and took the write-off to capital for the expenses, we wrote off $395,000. That goes to the knowledge and expertise of our team of not having to hire a lot of consultants, and understanding each and every thing that we did. Going on to 2012, four years after we opened, we looked around with the team that we had, and realized that we could do our own data items processing. Instead of having a service bureau that was processing our checks, we decided we would do it ourselves. That added an immediate $8,500 a month to the bottom line. Kelly: Wow. Sammie: That same year, we also became cumulatively profitable. That was pretty exciting for us. And then in December 11th of 2013, we became an effective SEC registered company and then started listing our stock in 2015 on the OTCQX. So those are some of the things that we have done and we're very, very proud of. Dealing with the SEC, we went through a full review, when we filed our S1, our initial going public document. Our comment letter back from the SEC was simply 2 1/2 pages, which goes to say just how good our team is, and how detailed we are in each and every thing that we do. Kelly: Yeah. I know access to capital has been good once you go public, but it's quite a task to a) go public, and b) maintain that. The requirements are immense as you know. Was it worth it, do you think? Sammie: Absolutely. We went public for 3 reasons. Number one is we could raise our capital the way that we wanted to. We didn't have to worry about an accredited offering or anything of that nature. Number two is we're looking to grow the company and grow outside of the Tallahassee MSA, and if we do that we want to have a currency that we can use. In order to have your stock act as a currency, you've got to have a market for it, and the only way to do that was to be an SEC registered trading company. Then number three, when we decided to do it, our bank is still very clean. We do not have many non-performings or any crazy things on the books. It would never be easier to go through and do it. And we look at it like these days, with capital, you can't say, "Okay, we're going to go buy someone or do something. Now let's go get approval and say, 'Okay, if you give us approval we'll get the capital.'" You've got to have capital already on hand. There's no more just in time capital. And the same way we look at it is there's no just in time human capital. Kelly: Let's talk about human capital for a minute. How challenging is it for you to compete for new talent and retain existing talent with the compensation structure that community banks have to deal with? Sammie: Well, Kelly, that's been one of our strong points. When we started the bank in 2008, we were the new kids on the block. Nobody knew us. All we had was a story. It was nothing but air. So going out and getting the top absolute talent was difficult. People had their banks, things were going well. So we decided that we would start building our own bankers. And being here in Tallahassee and having Florida State and FAMU and TCC here, gave us the opportunity to go get a lot of talented younger folks to bring in, that had the capacity, train them, educate them. And one thing that we've done is we've been very transparent with our team. Up until we went public, we went through our financials with our entire team once a month. Now that we're a publicly traded company, we do it once a quarter. But giving them the exposure, I cannot give them experience, but giving them the exposure to what we're doing, why we're doing it, and how we're doing it, is as important as finding experienced people. And our entire culture is surrounded by a one-word question and that's “why”. Any teller, relationship manager, operations person, whoever, can ask me or anybody in the bank why are we doing something. And that causes two things. Number one, the hardest thing to get people to do is think. If they're asking you questions, then they're thinking. And if you answer their questions: Why did we go public? Why did we raise capital? Why are we looking to acquire banks? What does that mean to the bottom line? Now, all of the sudden you've created an inclusive ecosystem, as you say, that people can buy-in. The biggest thing people want is to be a part of something, and what we've afforded a lot of folks to do is come in and be a part of building something from the foundation up. And constantly giving them that transparency of what we're doing and why we're doing it, is very, very inclusive. And we listen. I can't tell a teller how to make a teller line more efficient. So if I can't listen to what they're doing like I ask them to listen to me and do what I say. If we don't have a partnership there, we're not going to get any better. That's the number one. Number two, if someone asks me a question. Why are we doing this? and I can't answer it, then I might need to rethink what I'm doing. Does that make sense? Kelly: It certainly does. Have you used non-qualified benefit plans as part of that overall compensation structure? This is not a pitch for that. I was just curious if you'd ever talked about that. Sammie: Yes. We're in the process of looking at our entire compensation structure now, and figuring out how to better enhance it to a) retain, b) attract, and c) incentivize. Kelly: So say another side of say the balance sheet, since we're talking about that, municipal bonds. Anything that you've seen change here since the 2008 Dodd-Frank and all this other stuff of municipal bond rating agencies? Have you guys had to modify any of your practices on that? Sammie: We're using a third party right now to monitor our municipal portfolio. So in the old days of just buying bonds and putting them on the books, we actually have a quarterly review of all of our municipalities. Kelly: So you've had to upgrade that since the regulatory changes? Sammie: We have. And I don't think it's all that bad from the standpoint that you look at a lot of municipalities out there that are having weakness due to the down-turn, and the one thing that we have made the decision from day one, is we take risk, and there's risk in everything you do, but we take the real risk in our loan portfolio. We do not want any risk in our investment portfolio. We're looking at it as simply a hedge against interest rates, and also as just a liquidity source. Kelly: Well then you better load up with bank-owned life insurance. You've got about 50% of your financial assets in muni’s and I like the lower balance sheet risk that BOLI offers. That’s another discuss with you and Glenn. What's the future look like for community banking in general, threats that you see, opportunities? For example, 80% of millennials haven't even walked into a bank before. Sammie: Let's stop right there for a second and talk about the millennials for a minute. Number one, I talked about how we hire and what we do. The average age of our bank is 38. The average age of our management team is 41. As far as dealing with millennials and all, one thing most people have forgotten is most millennials have yet to start a company. A lot of them, due to the recession, still live with their parents. So therefore, they really haven't needed to walk into a bank. Now a lot of the millennials that we have found, and we talk with, and we do this a lot. They want to be a part of something. And they're much more community driven and doing something for the greater good. Once you are able to show them from a teammate standpoint what we're doing, they buy in. Once they actually need something other than just a regular checking account, i.e. buy their first house; buy a business or trying to finance the start of a business, they need to sit down and talk with someone who understands the market. And we have found, we've been very successful with millennials. Now we're not out there with everything online, rocket mortgage and things of that nature. We're finding a lot of success dealing with the millennials. What that comes back to is we generally don't get them until they need something. And every individual, every household is nothing different than a story too. Where's your income coming from? Is it going to be sustainable? Can you afford whatever asset you're trying to purchase? That has been very, very beneficial to us. As far as whether or not banks are going to be here, I've talked with bankers that go back to the '60s that said the community bank's not going to be around much longer. Well, as long as you have people, there's a certain segment of the population that wants to talk with people, when it comes to their financial situation. Coming up from a small town in south Georgia, and growing up the 3 most important people in the town was your doctor, your preacher, and your banker; your health care, your faith care, and your financial care. And you generally didn't do that via an email. I truly believe that there will always be a place for the community bank. Now with the regulations and thought process out there, there's going to be fewer and fewer community banks due to the fact that what we're required to do. We're operating in most cases from an asset-liability standpoint, overall balance sheet management standpoint, like a larger bank. However, we don't have the economies of scale to do it. So we have to be more innovative and more nimble. And that goes right down to talking with your regulators on a consistent basis to understanding what the rules are. If you're going to form a hospital, or if you're going to start a power company, there's regulations you have to abide by. As a community banker, you had better understand the rules and abide by them or find something else to do. That's just the approach that we've taken. And it creates a lot less heartache and stress, when you come at it from that standpoint, versus saying, "The regulators are going to kill me." Regardless what they're going to do, they're going to do it. So you better find out or figure a way to cope with it. Kelly: Great. What's the biggest threat, other than let's say cyber-security risk, which probably keeps you up at night…other than that, what's the biggest risk or fear that you have, say for the next 10 years? Sammie: As we expand, finding the human capital, finding the talent, the teammates. Kelly: Really? Sammie: The human capital. Kelly: So in Tallahassee or in some of your outlying branches? You have access to plenty of talent there, right? Sammie: There is a good supply, and it's just finding the right people that believe in what we believe in. Our culture is the most important aspect of what we do each and every day, and I go back to the question “why”. If you're questioning why we're doing something, some people look at that as somewhat of a negative. We look at it as a positive, because if you cannot explain what's going on, and you cannot understand it, then the “how” really doesn't matter. Kelly: What's the biggest opportunity that you see? What gets you up every morning after you've had a sleepless night worrying about cyber-security risks? What gets you going? Sammie: The opportunity to grow, to build our franchise here within Tallahassee; the opportunities outside of Tallahassee. Within our investor presentation, we show that we don't want to go any further north than Macon, south of Ocala, east of the Atlantic and west of the eastern border of the state of Mississippi. That is south Alabama, south Georgia, and north Florida. The opportunities to be there are endless. And that is something to get excited about and get out of bed every day, and figuring out a new challenge to go build upon. Kelly: That's great. All right. In closing, I always like to ask either your favorite quote and/or the stupidest thing you've done in your business career. Sammie: I will give you my favorite quote, and it's on our boardroom wall, and it is by a retired General, Eric Shinseki, who has been re-retired. The quote is, "If you do not like change, you are going to like irrelevance even less." Shinseki is the most recent former head of the VA. He's pretty irrelevant right now. Kelly: I would say so. Alright. Very good. Anything else you want to add Sammie, or should we sign it off? Sammie: You tell me. Thank you. Kelly: I think we're good. Thank you very much for your time. It was a pleasure talking to you. I wish you well, Sammie. Stay safe! And that’s it for my interview with Sammie Dixon from Prime Meridian Bank in Tallahassee, Florida. Thank you.

Kelly Coughlin interviews Wes Sierk, President and Co-Founder of Risk Management Advisors. Wes is the author of the book Taken Captive: The Secret to Capturing Your Piece of America’s Multi-Billion Dollar Insurance Industry. Wes is a recognized expert in using captive insurance strategies to manage and fund certain types of risk. Kelly Coughlin believes that such a strategy could be used to manage and fund cyber security risk. This is the first in a series of three podcasts covering captive insurance and cyber security risk management.   Kelly Coughlin is CEO of BankBosun, a management consulting firm helping bank C-Level Officers navigate risk and discover reward. He is the host of the syndicated audio podcast, BankBosun.com. Kelly brings over 25 years of experience with companies like PWC, Lloyds Bank, and Merrill Lynch. On the podcast Kelly interviews key executives in the banking ecosystem to provide bank C-Suite officers, risk management, technology, and investment ideas and solutions to help them navigate risks and discover rewards. And now your host, Kelly Coughlin. Kelly: Hello this is Kelly Coughlin with the BankBosun. This is the podcast that’s the first in a series of three podcasts that are going to be related to using captive insurance strategy to manage and ensure cyber security risk and loss. I’ve talked to many bankers over my 25-year career and I have observed in the past five years cyber security going from a concern of IT guys and techno geeks to top of mind attention and concern of CEOs, CFOs and boards of directors. In fact, I was at a conference in Kansas a while back, and a number of the sessions were on cyber security risk. I was thinking, “Well, should we go to that? Should we not go to that?” We talked to C-level execs. These sessions were all standing room only, completely filled with C-level execs. It occurred to me that in this environment, we have potentially overpricing of all services related to the risk management of this risk including prevention, detection, hardware, software, consulting. I thought the subject of these 3 podcasts would be the transference of this risk. I think one of the areas that I detect as potentially being mis-priced is the cost of insurance, partly because the risk of loss is all over the map. We thought, “Let’s explore cyber security risk through a captive insurance enterprise.” To help kick this series off, I am interviewing Wes Sierk, President and Cofounder of Risk Management Advisors. I came across Wes through a book that he wrote, exciting title called, Taken Captive. That sounds good so far. Here’s where it goes downhill: “The secret to capturing your piece of America’s multi-billion dollar insurance industry.” I’m interviewing Wes remotely. He’s in Long Beach, California. Wes, you heard my introduction, and the reason you would be on this call, but let’s start with a couple of minutes on your background, how it would connect to bank cyber security risk management. Wes: Well first of all thank you for having me on the show. I started out in the insurance business in 1993 in a division of Northwestern Mutual, which was a life insurance company called CCI, Compensation Consulting Inc. Mostly what we did there is qualified and non-qualified planning, retirement plans and deferred comp, things like that. I came across captive insurance companies in 2000. My first thought was, it was a perfect alternative to deferred comp. That’s how I got into it. My background is … I’m a researcher, so I started digging into why life insurance was all the same. It was you go to a life insurance company and you get a 45-year-old male, and you say, “How much is a million dollars of coverage?” The insurance company prints out that ledger. If you had ten agents going to the market, they would all come back with the same quote. PNC is completely different. You actually have one broker who goes to the market for you and it’s much more of a negotiation, which leads into the pricing issues that you alluded to earlier in your call. My partner Jared and myself went on to form Risk Management Advisors in 2004 and all we’ve been doing since is just the design, implementation and management of captive insurance companies. On a personal side, married for about 24 years, two kids, I coach baseball, and Risk Management Advisors has a Nascar team. Kelly: Give us a definition in two sentences of captive insurance. Wes: It’s an insurance company that a business sets up to insure their own risk. It’s pretty simple. Kelly: It could be a bank? Wes: Yes. Instead of them buying their general liability, their cyber, their property, all of their coverage from AIG, Zurich, Liberties of the world, they actually form their own licensed regulated insurance company and they pay those premiums to their own company. They deduct those premiums, just like they would by paying any other company. Kelly: All right. In terms of primary motivations, my research shows that one, you’ve got access to cheap insurance rates because you’re paying them directly to your own carriers so to speak, right? You’ve got first dollar loss coverage, you can accelerate loss deductions, which appears to be a fancy term for you can over-fund the risk premium and build up tax deductible reserve. Are those the three core motivations to do this, or are there others? What’s the primary motivation to do this? Wes: I think you hit the nail on the head. One thing it does give you, if you’re an insurance company, is it gives you access to the reinsurance marketplace. Kelly: How much would a bank be saving? Are you talking 5% or are we talking 40%? Wes: Well it depends on the kind of policies they’re writing and the amount of risk that they’re willing to take. One thing is, the reason why reinsurance is less expensive is because the insurance industry, insurance companies, have thousands of employees. I read somewhere that the insurance industry has three times as many employees as the US Post Office. They do a lot of the processing of paperwork and claims and things like that, so they have higher overhead. A re-insurer can get away with having 5% of the employees of an insurance company, because they only attach at a certain level whether that’s 50, 100, 250, a million, whatever. They’re not getting involved in the day-to-day operations of the insurance company and the day-to-day pay out of claims. That’s left to the insurance company level. We see, for regular insurances, I would say you could see a 30% savings over your traditional insurance. Kelly: In the banking business we have what are called banker’s banks, and they provide banking services to banks. They don’t do anything directly with the public. So would a reinsurance company be an insurance company’s insurance company where they provide services only to another insurance company, so you cut out all of the sales process I suppose, the distribution expenses? Aren’t those the core things that are cut out plus the servicing part because they’re not dealing with million to 20 million dollar cases, they’re dealing with whatever the number is, 50 million or above, the larger ones? Wes: You’re exactly right. Your analogy is very good. Where bankers have banker’s banks, this would be like an insurance company’s insurance company. Kelly: If one were going to set up a captive, that entity would have to also sign up, unless they were going to absorb all of the risk themselves, which is unlikely. If they want to transfer or share some of that risk, they have to set up relationships with reinsurance companies, correct? Wes: Correct, unless they want to take that risk themselves, which we don’t usually recommend the first couple of years. Kelly: I suppose companies like you, this is not an infomercial for your group, but is that part of what you do, is you have these relationships and there’s probably some vetting process that you would go through to bring on a new captive client, I suppose, and introduce them and negotiate terms, etc with the reinsurance company. Is that one of the roles that your company provides? Wes: Yes it is. Clients come to us because they want us to set up and manage their insurance company for them; deal with the departments insurance; do all of the regulatory filings and in most cases, not all cases but most cases; they’ll have us go and negotiate the reinsurance contracts for them. The good thing about reinsurance, reinsurance is always sold net of commissions, unlike an insurance policy where you pay an insurance agent, we’re just negotiating on behalf of the insurance company as a manager of the insurance company. Kelly: That’s where the big savings comes from. Wes: Yeah, there’s a lot of savings in that. I’m not going to begrudge brokers because brokers bring a tremendous amount of value to clients. Kelly: There are a couple of ways to set these things up from what I can tell. You could set them up as a single parent captive or a group pooled collective type where you have a group of banks. You have a single bank, Bank A that decides, “We’re going to set this up.” It’s only one bank in there. Then you have a pooled or group approach where you have Banks A and B setting up the collective. They either do it alone or with others, like kind business I suppose, right? Is that a fair assessment? Wes: Yeah, they either do it by themselves or they do it with other people. Then within the other people, there is many different ways they can do it. Kelly: You know the context and setting that this call is about. It’s specific community banks, cyber security risk, captive insurance. If you had to Google this, those three terms would be in there. One other risk if you do it as a group or collective, let’s just say there are two banks in the collective – you have Bank A and B that are, let’s say they’re putting in an equal amount. Let’s say Bank A has great internal controls and risk management processes, Bank B has terrible ones. Bank B incurs all the loss and Bank A has insured it all. There part of the reason was to put in a bunch of excess premium perhaps, build up this reserve. Then you have Bank B eating up all the reserves. Is there a way that a bank can set up a hybrid of this where they could share say, the operating expenses, maybe consulting expenses, a number of things related to the entity? It could be another class of stock, something where the actual risk is only absorbed by the individual bank and ultimately a reinsurance carrier downstream. Wes: There could be, but I wanted to go back to one point you made, which was Bank A has great internal controls and Bank B doesn’t. The issue with cyber security is many banks have good security or great security, but it’s also the luck of the draw. The person with bad security could be fine and the one with great internal controls could have that one in a million chance where somebody comes in and breaches their security or takes millions of dollars out of their company. Within the group captive there’s also cell companies. You can have a cell captive. A cell captive is one where it basically looks at and smells like one large insurance company but each individual bank has its own cell, so they kind of wall off the assets and liabilities on a bank by bank or cell by cell limit. That could go a long way to protecting the bank. Then you go get one reinsurance treaty for all of the banks, and then you carve it off. You go get 100 million dollars of coverage and you carve it off at 5 million dollars per bank for twenty banks. The insurance companies like that because they know that if they’re writing 100 million dollars in coverage and they basically divided it at 5 million between twenty banks, they know their chance of loss is actually smaller. The frequency may be higher but the severity probably wouldn’t, and that’s where they get into the pricing. They’d much rather spread it 5 million over twenty banks, than one bank have a 20 or 25 million dollar claim. Kelly: I accept your point that Bank A may have great controls and Bank B not, but Bank A could be hacked, right? I understand that’s a valid point, but I think in this environment what is going to happen is certainly you have the Top 10 banks, they’re the high-value targets of cyber criminals. They have the budget to always attempt to put up the adequate defenses to that. I fear what is going to happen is the less target-rich environments like community banks will, as the Top 10 banks for instance, get better at defense, then the smaller community banks are going to be the target and they don’t have the resources to fund that. It’s an expensive undertaking. where you’ve got hardware expenses, software, consulting, insurance, all of this stuff, and staff of course. My thinking was that you set up this captive and you develop best practices. I’m going back to my PWC days in consulting, where in consulting business you’re always looking for best practices, but you develop best practices and you share the costs. You buy them properly, buy them at the right price, right terms, etc, and then you share the cost over twenty entities and not one community bank. The reality is these banks can’t afford to set up the high-level controls that a Top 10 bank can do it. Wes: You’re exactly right. It’s the philosophy of build your ark before the flood comes. By creating their own insurance company and warehousing dollars today, because of the way the policies are written, they basically expire every 15 months. If they are the targets of cyber criminals three years from now, they would have already stockpiled a ton of money, so they can weather a claim if they have it and maybe not have to hit their reinsurance. To your point, we both know what’s happening in the cyber marketplace as far as the premium dollars in the traditional market. The reason why … it’s because insurance companies are doing the exact same thing. They’re charging exorbitant fees today because they don’t know how big this is going to be. It reminds me of the old asbestos claims. Remember when asbestos started being a problem? All of the insurance companies started raising their rates dramatically. Then what happened was, a couple of smart insurance guys said, “You’re charging $700,000 for a million dollar general liability policy for asbestos, but if the people actually get hurt, it’s going to be a worker’s comp claim.” It’s not going to be a general liability claim, but the insurance company hadn’t thought that far ahead. They just wanted to get as many dollars in their coffers as they could in case they got hit. For cyber, you went to that conference … you’re exactly right. Five years ago it would have been just the IT people and you’d have fifteen people in the room. Now it’s actually the C-level. It’s CEO, CLO, CFO that are doing this. Kelly: The board members are the ones that are saying, “Get to the conference. I want you there.” They’re telling their CEOs to get there. Wes: It’s huge. It’s such a huge problem. I was just reading an FBI report on cyber crime. Their prediction is all businesses in the next five years will be spending at least 10% of their gross income on cyber for protections and hardware and software, and everything. You can’t even fathom that today, but it’s coming. Now we have passwords on top of passwords to get into password programs. They listed off that the FBI did a study and they went into the Apple iTunes store where people get the applications and they have all these password programs. 10 of the top 20 were programs that were sold that said, “Number one password protector.” They were sold and designed by organized crime, downloading these programs for their iPhone and their Androids, putting all their passwords in, all their banking information, and all that stuff was being directly fed to Russian organized crime. They don’t have to steal cartons of cigarettes anymore when they can make 20 to 30 million dollars in one financial transaction. Kelly: Absolutely. Wes: It’s staggering. I can see why these board members and CFOs and everyone else would be concerned about it. It’s a big issue. One of our clients was just hit with it. Kelly: Let’s say we set up Newco captive insurance for community banks. You set up as part of this synthesis of best practices and captive insurance for cyber security. I’m going to throw in another term, “best practices.” I don’t necessarily think they’re into gouging. They just can’t efficiently price it because the risk parameters or the level of risk that they’re taking on an entity basis per entity, per insured, is all over the map. When you take in a company to join the captive … would you call them a shareholder? Wes: Yes. Kelly: Okay. When you take a shareholder, they have to adopt the best practices standards that the new captive insurance carrier says. Does that make sense, that would be part of the admission process? Wes: I would say you definitely want to do that. Some insurance companies, it’s really a risk assessment for cyber preparedness. There are some insurance companies that have done a great job at this. In fact, one of them, these people developed this cyber preparedness company for Ace and Chub insurance company, as freelancers. They said, “Well we want this to make sure.” For them they realized that, “Hey, there’s a real market for this.” They basically bought company back for nothing. This was a few years ago. They’re like, “Well this isn’t going to be as big as we thought it was.” That’s all they do is analyze cyber preparedness. They give you a full report. We just had them come into ours because we have a lot of data in our stuff. We have a lot of HIPPA stuff because we run insurance companies for medical, for example. They gave us a whole big report of change this, change this, change this, and some stuff you’d never even think about. You’re like, “Whoa.” The cost to do it … I thought it was going to be very expensive but it was nothing on the scale of things. Kelly: You just hope that they’re not owned by the Russian mob, right? Wes: Yeah, exactly. Three of my clients had used them and the one that just got hit for cyber, their system was set up in such a way where they were instantly notified that this was happening. This was a server in Toronto. Instantly they had to switch the whole thing offline. They flew two of their internal programmers from here in California up to Toronto. They were back online in under 24 hours without an ounce of data. I’m like, “You know what? I’ve got to have your people come in and do this.” This is a company that does 100 million dollars in sales. I think everyone should be requiring this. Kelly: I think there’s some really cool things you could do when you have many entities splitting the cost of this. I’m certainly set up best policies, procedures, all that kind of stuff. You could buy licenses. You get quantity discount, volume discounts there. There’s a lot of benefit to having a larger group in there. Even just the project team, these banks don’t have the resources to have a really good project team to do a good vendor search, for instance. That’s a costly undertaking in and of itself is, “Well what email provider should we do?” They just don’t have the resources free to do that. You threw out the 10% number. My goal would be to let’s set it up so the goal we could make that a 5% of revenue number, not 10. Wes: Or 1%. What I was saying was, that was what the FBI’s projection of what people would be spending on their cyber stuff was. In my business, I can’t even fathom that. We spend all this money a year on hardware and software, and our business is X. If I were to extrapolate that out to say, “Well how much would we do if we did 10%?” There’s like, “There’s no way.” We could buy server hubs. We could buy everything. I guarantee you if you picked ten of your banks who listen to this, one of them is doing something great that the other nine aren’t, and so having a depository … You say, “Hey this was a great idea that this bank is doing and then you could take it over to the other one.” Kelly: Yeah, but what happens, Wes, is that everybody is going to these conferences. They get the heck scared out of them, they come back and they talk to their IT guy and say, “You know I just went to a conference. We’ve got to start controlling this risk.” Then they look at it and realize that, “Oh this is going to cost $100,000? Oh I guess we can’t afford that.” There’s plenty of ideas out there. There are some great ideas and there is some not great ideas, but there’s loads of ideas. Taking the idea and having the resources to actually implement is the big challenge. I believe that the captive program is a way to pull those things together buy cost-efficiently, do vendor searches efficiently. It all comes together there through that thing. Yeah, there are some tax benefits by throwing in higher premiums, that kind of thing. That’s great but I don’t think this is primarily a tax-driven … It just so happens that taxes will be favorable … favorable tax treatment. I really think it’s the cost-effective way to manage risk and to get best practices adopted in community banks throughout the country that otherwise just can’t quite afford it in their budget. Wes: I was going to say, and you’re using double duty dollars. Right now if they buy cyber insurance from AIG, they’re not getting internal controls, they’re not getting all of this due diligence, they’re not having somebody come in. They pay them and then if there is a claim … They still on top of their premiums have to go out and do the best practices and do all of the stuff to make sure they’re secured vs. paying premiums to their own company. Let’s say the insurance company takes 10% of all the premiums that it takes in from all the companies and then uses that to go in and install the best practices and stuff, so you’re actually using money that you would have just given to somebody else to now improve your overall business operation. We’ve had people do that with worker’s comp where, hey they can’t afford a safety guy and their worker’s comp rates have gone up, so they create their own worker’s comp company and now they use the money they were giving to Liberty and AIG and all these other companies to hire their own full-time safety person. That’s actually now just an expense of the insurance company vs them having to take money out of the bottom line of their company. Kelly: One other thought that’s a great image that I have of you is set up this captive, you have fifty banks involved and you also fund a cyber security SWAT team comprised of Navy Seals and Rangers that are deployed in the event of some ransom war type deal, right? Then they get engaged, they’re ready to go, and then they go out and take them down. Wes: Yeah, that’s a great idea. Kelly: Otherwise it’s a call to the FBI and okay, they do great work, granted, but man it’d be nice to have our own team. That could be Phase 2 down the road. Anyway, let’s wrap it up. I really appreciate your time. Let me ask you this. Do you have a favorite quote? Wes: Yeah, well I do but it’s a Ayn Rand in Atlas Shrugged they talked about Rearden Metal and it was going to be too expensive to rebuild these bridges for the trains using Rearden Metal because of the engineering. The quote was, “When men got structural steel, they didn’t use it to build steel copies of wooden bridges.” Kelly: Good one. Wes: I look at captives and things like that as you can use it as a powerful tool to do something in a completely different way. You don’t have to just use it for the same way you were always doing stuff. I would say that would be the first one that popped into my mind. Kelly: What’s the stupidest thing you’ve ever done in your business career? Give people a laugh. Give people a chuckle here. Wes: Oh, I have an album on my bookshelf. You know Bill Withers, “Lean on Me”? Kelly: Lean on Me and “Use Me”. Wes: I got an appointment. His wife called and wanted me to come talk about overall financial planning and stuff. I went to see him and I’m like, “I love your music. I love the movie and everything.” They’re just sitting there like uh-huh, uh-huh. The meeting didn’t go well and I left there. I had it confused with Stand by Me instead of Lean on Me. My dad found this Bill Withers album and he said, “Keep this on your bookshelf and any time you don’t know the answer, you won’t make a complete fool of yourself.” Kelly: Oh that’s a great one! That’s very good, I love that one. All right, Wes. I appreciate your time. How can people contact you? Wes: Yeah, my website is Risk Management Advisors. It’s riskMGMTadvisors.com and my email is WSIERK@riskMGMTadvisors.com. I create a website that’s not branded by us, but it’s captiveinsurance101.com and it just has general info on captives. You were kind enough to mention my book. The book is called Taken Captive and it’s just takencaptive.com We want to thank you for listening to the syndicated audio program, BankBosun.com The audio content is produced by Kelly Coughlin, Chief Executive Officer of BankBosun, LLC; and syndicated by Seth Greene, Market Domination LLC, with the help of Kevin Boyle. Video content is produced by The Guildmaster Studio, Keenan Bobson Boyle. The voice introduction is me, Karim Kronfli. The program is hosted by Kelly Coughlin. If you like this program, please tell us. If you don’t, please tell us how we can improve it. Now, some disclaimers. Kelly is licensed with the Minnesota State Board of Accountancy as a Certified Public Accountant. Kelly provides bank owned life insurance portfolio and nonqualified benefit services to banks across the United States. The views expressed here are solely those of Kelly Coughlin and his guests in their private capacity and do not in any other way represent the views of any other agent, principal, employer, employee, vendor or supplier of Kelly Coughlin.