The .Bank Executive Interview Series is our way of sharing the wisdom and insights from some of the most important minds in cybersecurity, networking technology, and banking.
This interview with Jeff Plagge is an illuminating glimpse into the world of agricultural banking and state banking regulation.
For more than 40 years, Jeff has helped lead the Iowa banking community—including serving as the Iowa Superintendent of Banking from 2019 to 2023, where he oversaw the regulation of over 240 state-chartered institutions. He has also served as the Chairman of the American Bankers Association (ABA) and the Iowa Bankers Association (IBA).
Although he describes himself as a “horrible retiree,” the deeper truth is that Jeff has a staunch love for community banking and the role that it plays in the economy of Iowa.
We’re beyond pleased to add Jeff’s voice to our roster of banking and cybersecurity executive interviews, including:
- Dave Piscitello, “Security Skeptic” and partner at Interisle Consulting Group.
- Cybersecurity pioneer and entrepreneur Paul Walsh.
- Engineer and educator Bill Newhouse.
- Author and speaker Thomas P. Vartanian.
- Erick Cook from Cook Technology Solutions LLC.
- J. Trent Adams from Proofpoint.
- Lorri Janssen Anessi from BlueVoyant.
This interview has been edited for conciseness and readability. We hope you enjoy it. And don’t forget to check back here for future interviews with other leaders in the space.
Sowing the Seeds of a Future in Banking
Q: Can you share some of the defining moments of your early career in banking?
I grew up on a farm in central Iowa with a plan to return to farming after college. However, when my older brother decided to return to the family operation first, there simply wasn’t room for two.
I joke that back then, with an agricultural business degree from Iowa State, you could sell feed, fertilizer, money, or go home and farm. I decided selling money sounded much better than selling fertilizer.
I started with the Farm Credit System in 1978, quickly moving into a branch manager role in Council Bluffs, IA.
In 1984, I was working as a Regional Manager for PCA in Webster City and a local bank CEO approached me to become their chief credit officer, marking my first official entry into commercial banking. Looking back, I now appreciate that every banking and industry volunteer position I held—from the Ag Committee at the ABA to the board of the Chicago Fed—prepared me for the next.
Q: What advice would you give to a young person considering a career in banking today?
I look back at myself and say, “How does some of this stuff even happen?”
My parents were farmers, and my dad was very entrepreneurial. So, he started several different businesses as well as his farming career. I have three brothers and a sister, and all of us were naturally entrepreneurial in our own rights.
I was always curious and had a good work ethic, and I was willing to raise my hand if somebody needed something, whether it was in a volunteer capacity in the community or within the bank itself. I did a lot of activities outside of banking, but banking was my career and my hobby.
One of my early and most eye-opening experiences was my first ABA committee meeting. Being from central Iowa, I expected to talk about corn, soybeans, cattle, and hogs. Instead, 70% of the meeting was about water and grazing rights. It hit me like a bolt of lightning that the world was much bigger than my hometown.
So the thing I tell young people is, “Don’t be afraid to raise your hand.” Even if it’s in an area where you don’t think you have much knowledge, you’ll learn a lot. And even more importantly, you’ll meet some really great people along the way who are experts in that field.
Banking Is Personal and Highly Technological
Q: You’ve witnessed the transition from hand-written spreadsheets to cloud computing. How has technology fundamentally reshaped the business of banking?
The change has been phenomenal. In the late 70s and 80s, we did everything by hand: pencils, erasers, and manual spreadsheets.
I remember when early software like Lotus 1-2-3 came out; I initially thought I didn’t need it because I could calculate faster manually. But once I adopted it, I quickly realized it was the “AI of its day” in terms of lightning-fast efficiency.
Today, the efficiency gains are staggering. At Northwest Financial Group, since 2009, we grew from about a $1 billion, three-bank holding company to a $3 billion single-bank financial services holding company. During that same period of time, we also started a wealth management firm from scratch in the holding company which now has over $1 billion in assets under management.
Remarkably, our employee count only increased by about 35% during that growth. That is 100% due to good talent, technology and improving efficiencies. Customers now enjoy self-service convenience for many banking products and services that eliminate a lot of traditional manual services including the need for manual teller interactions for every transaction.
In the agricultural space, technology has also revolutionized production. Farmers are now incredibly tech-savvy, using advanced systems in their operations. While ag banking remains a deeply personal, private banking style relationship, the tools we use to analyze cash flows and manage risks have moved from the manual work of the past to sophisticated automated systems.
Q: What cybersecurity threats and trends do you think bankers should be tracking?
Back in 2013, when I chaired the ABA’s cybersecurity committee, the conversation was almost entirely about protecting the core—making sure someone didn’t attack Fiserv or Jack Henry to steal the database. Today, the walls around those systems are much stronger, so criminals have shifted their focus to the back door: the customers.
The biggest issue now is social engineering; mainly phishing and spoofing. It’s fascinating and sad to see that as digital walls get higher, old school fraud like check whitewashing has resurfaced. Criminals steal checks from mailboxes, wash the names, and cash them because they can’t easily break into the encrypted systems.
We have seen a rise in wire fraud, particularly in real estate transactions. Fraudsters will compromise an individual email or a title company’s email and wait for a transaction to develop, then send a last-minute email to the buyer with “updated” wiring instructions. These are big-dollar losses that can financially and emotionally ruin individuals.
Q: How is artificial intelligence changing the landscape for both banks and the criminals attacking them?
AI is a double-edged sword. From a security standpoint, it’s scary because it’s becoming nearly impossible to tell if social media content or an email is real or AI-generated. Criminals can use it to create more believable scams and automate their attacks.
However, for banks, the potential for AI in areas like compliance, auditing and operational efficiency are huge. Currently, audits are built around spot-checking, where you check a sample of transactions twice a year. With AI, we can move to a model where every single transaction is monitored in real-time, every day. It eliminates the need for spot checks and dramatically reduces risk.
I experiment with different AI systems myself to see how they’ve improved. A year ago, I asked an AI about myself, and the answers were bizarre; today, it’s spot on. Banks that assertively and smartly adapt to these technologies will be the ones that remain viable in the long term.
What Banks Can Do to Build Stronger Organizations
Q: Where do you see the banking industry headed, especially regarding the “talent gap” and institutional security?
The industry is reaching a tipping point regarding talent.
In many community banks, if you don’t have a young person who is naturally interested in technology, you are entirely reliant on your vendors.
There is also a real burnout factor for cybersecurity experts: it’s a 24/7 adrenaline rush that can lead to high-level people exiting the industry to do something entirely different.
Succession planning is the biggest driver of M&A activity today. Many family-owned banks are deciding to sell simply because there isn’t a next generation ready or willing to take the helm.
To counter this, banks must embrace flexible work models to find talent. While customer-facing roles need to be in the office, technology talent doesn’t have to be homegrown. If you find great talent that doesn’t live in your market but would work remotely, you may want to grab them and figure out how to integrate them into the culture and get them to know and understand the people and organization.
Q: How much responsibility should consumers have for their cybersecurity and fraud risk?
I think banks have a big role in it, and as technology advances, people in the banking industry want to make it easy for customers and they want to make it frictionless.
But when it comes to cybersecurity, you’ve got to have some friction in the system. You’ve got to force people to stand back, take accountability, and to think about what they’re doing.
Zelle has been a great example. We were one of the first Zelle banks in the state of Iowa. And I had a lot of community bankers go, “What in the world are you doing? You see how costly that is?” I said, “we go where our customers are going.” And our customers want immediate, easier payments. And even those customers that say they don’t want it will want it in the future. Get and keep them on your system.
Zelle forces you to answer the question, do you really know this person? Is this who you are really thinking about? Is the phone number right? It forces a consumer to say, “All right, I’m taking responsibility here.”
Immediate payments are designed to take friction out of payments, but you have to keep some friction there from a cybersecurity standpoint to protect not only the bank, but also your customer.
The threat has moved from the institution to the human element, making consumer education more important than ever.
We do a lot of training. In fact, in several of our markets (we have 23 locations), we join forces with other banks in those communities and hold community, cybersecurity, and consumer-protection events together.
And I think that’s just fabulous. This is not about bank competition. This is, “How do we inform our customers? How do we protect our customers?” and I think the more of that we do as an industry, the better.
Thankfully, the Fed has all sorts of stuff and the FDIC and OCC have stuff too, but all you can do is try to bring people to the trough. They’ll come at their own pace.
Q: What actionable steps should banking leaders take today to harden their cybersecurity posture?
For any community bank, there are several foundational steps that should be prioritized:
Implement Domain Integrity
To me, .Bank is the foundation of cybersecurity for community banks.
It tells the customer exactly who you are and ensures that the entity behind the website has been vetted—not everyone can get a .Bank domain name.
It’s a simple step that provides a lot of watchdog protection and doesn’t take a lot of work. It’s not a size issue either. I’ve seen banks in the state of varying sizes convert to the .Bank domain.
Audit Your Vendors Continuously
Loyalty to a vendor is nice, but you have to occasionally look at other options because the field is advancing so fast.
A vendor who was top-of-the-game five years ago might be number ten today. Hold them accountable for how they are using AI and protecting your data. As President Reagan said, “trust but verify.”
Embrace “Healthy Friction”
As I said before, we all want a frictionless experience, but in cybersecurity, you need friction. You have to nudge and sometimes force customers to take accountability for their own protection.
Collaborate With Competitors
Security and cybersecurity are not competitive. If two banks in town get attacked, the whole town can lose trust in all of the banks in the community. Join forces with other local banks to hold community training events and consumer protection seminars.
I’m very optimistic that community banks can compete, especially if they can attract the right talent. I acknowledge that the challenges are different, but I still think the future is just as bright as it’s always been. Cybersecurity scares a lot of people, but technology, to me, is what can help a community bank remain viable in the long term.
To learn more about .Bank and stay ahead of the cybersecurity curve, we invite you to:
✅ Stay connected: Sign up for our monthly newsletter to receive exclusive banking and cybersecurity insights.
✅ Follow us on LinkedIn: Don’t miss important updates, including our upcoming webinars, by following our page.
✅ Schedule a call: Let’s discuss how .Bank can enhance your bank’s security.
