Business Viewpoints

>> Music
(music)

>>Abby Matia
Hello and welcome to Wells Fargo's Business Viewpoints podcast. In this episode, we're looking at the current interest rate environment and what it means for business borrowers. Specifically, we're going to discuss how to decide when to lock in a fixed rate, the pros and cons of taking a wait and see approach, and important conversations to have with your commercial lender. We'll be looking at real world scenarios when rates rise and fall, and the ways your business can navigate a volatile rate environment. I'm Abby Matia, Managing Director Division Executive for Wells Fargo's Commercial Banking Market Coverage. I've been with Wells and Commercial Banking for 31 years and am responsible for the Northeast Division. I'm here with John Crum, who's an expert in commercial lending and equipment financing. John, I'll turn it over to you.

>>John Crum
Thanks, Abby. I'm John Crum, Managing Director with Wells Fargo Commercial Banking Equipment Finance division. I've been with Wells Fargo 18 years and 35 years in the equipment financing and leasing business and excited to be here to talk about interest rates and what they mean to our customers.

>>Abby Matia
Great. So, let's dive in. We have been on a bit of a roller coaster with regard to rates through the pandemic. And now out of the pandemic. John, what are your commercial borrowers asking you? And what are their concerns right now?

>>John Crum
Yeah, yeah. Great point about the roller coaster. And the only thing I would add about coming out of the pandemic is going into the pandemic we had almost a decade of really stable low interest rates and, historically speaking, very low for a very extended period of time. Right before the pandemic, they shot up a little bit. And then, of course, as we all know, in, in around March slash April of 2020, going into Covid, their rates really dropped down to effectively historic lows again. That caused, of course, a little bit of stability after a slight increase, but then coming out in mid-2022 or thereabouts, really, they rocketed back up and the fed funds rate went from, again, those historic lows all the way up to, you know, in the mid fives. And then coming into this year with, with some slowdown in economic activity and inflation being tamed a little bit, expectations were that rates were going to drop significantly. We have seen some of that. And, of course, here, as we're recording this late 2024, we've seen some recent rate cuts. And, the most recent guidance we're receiving here in December is that there might be some slowdown of what we had anticipated for maybe more aggressive rate cuts going into 2025. But nonetheless, there is still in anticipation of some degree of rate cuts heading into 25. What that means for our customers and what they're asking us about is how much do we think they're going to drop. You know, what are some of the strategies that they should employ relative to their fixed rate versus floating rate business, and how can they maximize the benefits in an environment like this where there may be some downs, and or is this the right time to jump in consider moving stuff from floating rates to fixed rates, and or considering leasing as part of their capital strategies there.

>>Abby Matia
Yeah. Agree. We hear it from all of our customers, some thinking that they've missed the window, watching a window, deciding, you know, trying to determine how long that window is open. John, talk to us a little bit about, you know, how can business borrowers get past the wait and see approach and reconcile to themselves, making a good decision for their business?

>>John Crum
As you and I have talked about in the past, and you pointed out, when our customers don't make a decision, they actually are making a decision, right? They are, choosing to maintain the status quo rather than looking forward. So what we asked them to do is consider all the options, weigh them out, and make a decision based on what could be in the best interest of their business.

>>Abby Matia
Got it. With that, as we're out talking to clients, a lot of our conversation, at least that I'm involved in, tends to be around the volatile in the business, not just the volatility in interest rates. Right? As you look at a business, you think about inflows, outflows and how much volatility kind of business withstand. And one of the things that is often top of mind for business owners is liquidity. So can you talk to us a little bit about cash position and is that really a big driver for clients in making these interest rate decisions.

>>John Crum
Absolutely. Cash position is a lot of times cash is king right. That's kind of a monitor that you hear all the time. And you know, if you're utilizing cash instead of potentially borrowing when you can against assets other things that you have in the business that may be able to borrow on, you know, you're really making a decision that, not going to reinvest that cash in my business. So one of the considerations that we always look at is, what's your cost of borrowing versus what return you would have by reinvesting that money back into your business. And oftentimes it's cheaper and more effective to borrow than it is to pay cash because you can get a better return if you just go out reinvest in and making money the way your business traditionally does.

>>Abby Matia
That's a big topic of conversation for us. I can tell you that in market coverage right now. You know, I've used the phrase, I think already lock in a rate or fixed rate. Can you talk to us a little bit about other options? You know, fixing your rate isn't the only option that clients have. Can you walk us through some of that?

>>John Crum
Yeah, absolutely. So, when we're thinking about it, we kind of walk them through a 3 or 4 step process. And the first is: Are you going to borrow or are you going to reinvest the money back in your business or what are you going to do? So, with that, we always look at the cash position and what where you're going to manage that. Of course we talked about floating rate options. You know, one of the big things that a lot of our customers don't consider is they traditionally think of their revolving facilities as a floating rate piece, and they think about their equipment or term debt in a fixed rate piece. But you certainly have the option to consider floating rate term debt for your equipment and other assets. What that does, it really could give you the best of both worlds. It could free up some of that liquidity on your line of credit. It could take that and put it back into your cash. But you then still get the benefit of a floating rate environment. You know, other things you might want to consider a hybrid. You might want to consider floating your term debt for a while and then fixing it at a future point. That can be a strategy. So if you're on the fence, whether, fixed rates are going to go up or down and you think they may go down, you can certainly float it for a while and then fix it at some point in the future. That's a good option. The other thing that I think, a lot of people don't consider is what does leasing mean and where does that have a place in their overall capital stack? And a lot of our customers, when they evaluate really where they're at with fixed assets, we try to point out that you ought to consider leasing as one component of the capital that you have there. If you have assets that you know you're going to use for a fixed period of time, and you may not need them in 3 or 4 or 5 years, and you want to pass the risk of residual value and disposal of the assets on to a third party. You ought to consider leasing as it relates to that. The other thing that's really kind of a hot topic and important for people to consider right now as it relates to leasing is, let's say your margins are down this year and you're not making the kind of traditional money that you had, say its slowed down, you could being a highly cyclical industry, and you're kind of at the bottom of the trend right now. You know, when you're making a lot of money, you need to utilize all the depreciation that you can. But if you're in a position where you can't effectively use all that depreciation, you can pass the ownership of the asset on to a third party, your bank, financial institution and manufacturers captive and, obtain the benefit of that depreciation through the form of a lower overall interest rate. So, there's a lot of options. And really what we encourage people to do talk to their lenders and their financial institutions about what the options are and consider everything, rather than just any one particular way to go about it.

>>Abby Matia
I think that's a great third option. You know, just so to recap, John, we've talked about using your cash versus reinvesting it in the business. We've talked about fixed versus floating rate structures and other rate options. And then the third option being leasing. Let's close out with some next steps for our listeners. Like what are some of the important conversations that we would encourage businesses to be having with their commercial lender right now?

>>John Crum
Yeah, if I were a stack ranking that I would say, what options do you see? What do similar companies in our position do? Obviously we're not going to name names, but you know, what are other people in the industry doing? What strategies has your lender seen others deploy that are successful? And then having that conversation internally as well is what is our overall strategy as relates to funding this business? What percentage should we be using cash? What percentage should be on our line of credit? What percentage should we consider leasing? What percentage should we be thinking about fixed rate and or floating rate equipment debt really need to balance all of these. And when you diversify your risk like that, you're usually thinking ahead and have a pretty good strategy.

>>Abby Matia
Agree. And you raise a really good point. You know, we as lenders should have the information for our clients on what are other companies in your industry doing, what are some best practices, and those best practices relative to like size companies for the clients that are coming to us. We owe our clients that kind of advice and some of those examples. John, thank you for all of this, thank you for the information, and thanks to the listeners for being with us for this presentation.

>>John Crum
Thank you. Abby, we are here to help and happy to have conversations about this or any other topic. Thank you.

>> Disclosures
2025 Wells Fargo Bank N.A. All rights reserved. All transactions are subject to credit approval. Some restrictions may apply. Wells Fargo Equipment finance is the trade name for certain equipment, leasing and finance businesses of Wells Fargo Bank N.A. and its subsidiaries.

(music)

>>Anil Khilnani:
Hello and welcome to Wells Fargo's Commercial Banking Business Viewpoints podcast. On today's episode, we're going to be focusing on two main areas payments, fraud and cybercrime and the vulnerable points of entry that cybercriminals exploit for their schemes. We'll be covering the current fraud threat landscape. We'll talk about the impact of artificial intelligence and specifically generative AI on cybercrime. And we share best practices for protecting your people and your systems. I'm Anil Khilnani. I lead the Fraud Education and Awareness Program for Wells Fargo's Global Treasury Management Fraud Prevention Team. Matt?

>> Matthew Simmons:
Hi, Anil. I'm Matthew Simmons and I am the head of our Cybersecurity Vulnerability and Patch Management team here at Wells Fargo. Looking forward to the conversation today. We want to talk through two things people and systems. Anil, we’ll hand back over to you to talk through the people topic.

>>Anil Khilnani:
Sure. Thank you. So when it comes to people, did you know that according to a recent Gartner report, human errors account for approximately 74% of all security breaches. And in line with that, while most organizations do consider their employees to be their greatest asset, they can also be the biggest cybersecurity liability. Cybercriminals have realized that often the easiest way to breach security is to exploit the human factor. You know, employees are human. They make mistakes. They fall for scams, or they can just plain ignore security best practices for the sake of convenience or to save time.

>> Matthew Simmons:
That’s interesting, Anil, and when you say people, we mean more than just employees. When we're talking about people, we mean anyone who has access to your systems. So your employees, your suppliers, your business partners, contractors, anyone who would be able to access any of your information systems.

>> Anil Khilnani:
Yes, truly. That's a great point, Matt. Threat actors certainly do target a variety of channels and entities to execute their scams.

>> Matthew Simmons:
Do you have any specific examples?

>>Anil Khilnani:
Sure. On the people front, I’ll share three common examples of how people and employees become victims of cybercrime. Number one, they may click on a link that's been included in either a deceptive email, a phishing email, or text message. Specifically, or especially, I should say, if that message appears to be coming from a known entity or a trusted brand. And then they may, for example, either enter their banking portal login credentials or they may give out other sensitive information, or they may open an attachment that's been included in that deceptive email or text message, which could then install malware on their device. You know, I just heard a report from Know Before that talked about how one third of users will fail a phishing test prior to receiving training. My number two example is that employees will use a work device for their personal tasks, which could potentially expose their device to malware. You know, they may, for example, download personal information such as their health data, or they may inadvertently visit a malicious website, or they may allow family members or friends to use their work devices. So, for example, if an employee's child is using their corporate device for surfing the Internet and the child unknowingly clicks on a link or visits a bad Web site that could potentially Install malware on their device. Number three, that relates to connectivity. You know, users will take shortcuts and they will ignore the standard guidance to avoid using free non password protected public wi-Fi for accessing their corporate networks or their accounts without going through a VPN. And as I understand it, it's actually relatively easy for cybercriminals to hack into non password protected Wi-Fi networks. And then once they've access that network, they can then very easily access any devices that are connected to it.

>> Matthew Simmons:
Back to phishing for a second. Is that still a primary venue for the cyber criminals to target.

>>Anil Khilnani:
It certainly is, Matt. I would say that the vast majority of cyber attacks start as phishing messages. And this could be business email, compromise schemes, account takeovers, even ransomware. 90%, according to Proofpoint, of these attacks, start as phishing messages. One additional point I want to make in terms of the risky actions that employees take is, you know, Proofpoint does an annual state of the Phish survey where they survey working adults and I.T. professionals worldwide, and according their latest survey, seven out of ten respondents admitted to taking a risky action, and nearly all of them, 96%, knew they were taking a risk and they did it anyway. And not surprisingly, the number one reason they gave for taking the risky action was convenience. 

>> Matthew Simmons:
And some of these risky actions include things like reusing your password across different applications sites, and potentially sharing your credentials with an untrustworthy source or even writing down your password where someone could gain access to it.

>>Anil Khilnani:
Yep. And even Matt, in some cases sharing their passwords with other employees, you know, which is a big no no. We always, you know, advise our clients that your password is unique to you. Do not share it with anyone. But yes, absolutely. Those are all great examples of the risky actions that employees take at work. 

>> Matthew Simmons:
We also understand employees and our suppliers or anyone that we that has access aren't necessarily taking these actions intentionally. They're not out to do malicious activity, but they're busy and they're moving fast. And these actions do lead to open doorways and open pathways for cyber threat criminals. And so this is just an opportunity have employees take an extra second, take an extra minute review the email, confirm sender, you know, change that company culture to look for those red flags and take that extra time to validate those actions are necessary on the behalf of the employee.

>>Anil Khilnani:
Absolutely, Matt. Security over immediacy should always be the mindset for all employees. So, Matt, let's maybe change gears a little bit now and let's talk about how generative A.I. is transforming the fraud threat landscape. You know, it seems to me that with this new technology, it's now more important than ever to have good protections in place for your people and your systems. Can you please tell us more about this new threat?

>> Matthew Simmons:
Yeah let's do so. Generative A.I. or artificial intelligence is something that's built off of a model that is learning and providing responses to prompts such as chatGPT. It's taking a model, it's learning off of that data and providing you a response based on that, that model and generating new data with similar characteristics to it. And so from a cyber threat perspective, what this is, this is creating a situation where threat actors are able to build more realistic emails for their phishing campaigns or develop code in a much faster and robust manner. And so the things that we would have looked for in the past, whether it was the misplacement of words in an email, maybe English would have been a second language. those types of things going away with the emergence of some of this generative A.I. that's out there.

>>Anil Khilnani:
So any examples to share, Matt, of, you know, recent incidents involving the use of generative AI, perhaps even the use of a DEEPFAKE. Anything you can share with us?

>> Matthew Simmons:
it's definitely easier and faster now, as I was mentioning, to create those fraud scams. And so these the ability not only to generate emails but also to to take videos off of social media too, and taking all of this data about a person being able to put that into one of these A.I. models, they can then generate audio and video that looks and sounds exactly like you. And so if you think about an employee receiving a phone call from somebody claiming to be the CEO of the company or the CFO of a company and asking them to take action, we have seen this being used and targeted against some of the financial institutions in the United States, and it just becomes a much higher quality and harder to spot type of attack. They are able to automate these things, these attacks and these processes. And so it just continues to again, make it much more difficult to determine is, is what you're facing an attack or is it real?

>>Anil Khilnani:
So, yes, absolutely. You know, given this new fraud threat landscape involving the use of generative AI, it becomes all that much more important for organizations to make sure they're protecting their people and their systems. So far, we've talked about people as vulnerable points of entry. Let's talk now about system vulnerabilities. Matt, how are threat actors targeting systems and networks?

>> Matthew Simmons:
Thanks Anil, so your systems are vulnerable and cyber criminals are targeting and I think you can see that the media in the news today specifically if you look at the Identity Theft Resource Center 2023 set the record for most publicly disclosed security compromises ever. There were over almost a 43% increase in the number of incidents being reported as far as targeting systems by cyber criminals.

>>Anil Khilnani:
 So are there any specific systems or devices that are likely to be targeted by the cybercriminals? You know, just so organizations can be proactive in protecting or updating them?

>> Matthew Simmons:
Yes. So there's three things I’ll cover here. So first is your network footprint. It's really the cyber criminals are looking at your your network from outside. And so understanding your footprint and where your critical systems and devices are and we're not just talking about servers or desktops or laptops, but you've really got to narrow in on what are your critical systems to make your business work on a day to day basis and finding where those sit in your network, how they're protected. then the second piece is really outdated software and antivirus and operating systems. It’s critical to have what we would call a cyber hygiene program, something where you're updating and regularly patching to make sure that you're staying at the latest version of those software, because what we've seen is a large increase in these vulnerable systems being attacked by cyber criminals. Once they're in, they're able to start to move laterally through your network. And so making sure you've updated those and patched those critical software for your company is important. And then the third thing I would say is really understanding the full ecosystem of your network. This includes now where do you send your data? Does it go to a third party or to a customer, another company that leverages the data or has network connections to you? And so really understanding where your data is at, where your how your network is set up and establishing standards for the security footprint, the security architecture that should be around those systems. Let’s close with a few proactive steps to protect these vulnerable points of entry. Anil, do you want to share your top three for people?

>> Anil Khilnani:
Sure. So my number one recommendation is having a regular and ongoing employee education program. I would say that this is probably the most important aspect of any effective fraud prevention program. And really, the training should be provided to all employees at all levels and in every department, especially the employees who are involved with money movement or vendor management. Now, the training should cover how to recognize and report suspicious activity. And again, it really has to be a very regular program to this topic. Always stays top of mind for all your employees. And they never forget that they are the first line of defense against fraud. My number two recommendation would be to institute strong security requirements for accessing your networks and accounts. And some examples of how to do this can include requiring the use of strong passwords. And that may be up to 16 characters long with uppercase and lowercase letters, numbers, special characters. And also they need to be changed. The passwords should be changed on a regular basis. And perhaps also utilizing two factor authentication, including biometrics, as an additional layer of security. Number three recommendation would be to utilize a dual custody or dual approval set up for managing your outgoing payments, vendor payment instruction changes and your user entitlements administration. You know, dual custody requires two users on two different devices to separately initiate and approve all payments new set up for any changes. And it can really serve as a very effective second chance to spot a fraudulent payment before it goes out the door.

>> Matthew Simmons:
Those are great examples I would Add on the employee training to include some level of phishing recognition, some kind of phishing awareness program as well. But those are great. Thank you.

>>Anil Khilnani:
Yeah, definitely. So, Matt, how about how about your recommendation for protecting systems? What are your top three?

>> Matthew Simmons:
Yeah. So I would say the first one is stay current. first you want to understand the threat environment that you're operating in. So I would look at monitor for new and emerging threats keep your software and antivirus is updated, assign dedicated resources to doing this and so that really stay current. The second piece is manage service providers. So if the in-house capabilities are not there or the resources, you know, there are experts out there who can help and who can build programs to support your cybersecurity program. And so I would I would encourage you to use that. And then third is really establish your business continuity plans, establish procedures around that, create those, update them, keep them updated and test them continuously. The more you test them, the better you're going to be. If and when a real event takes place.

>>Anil Khilnani:
Yes, absolutely. Those are great recommendations.

>> Matthew Simmons:
Well, thank you, Anil, this has been great. Thank you for joining me today and thank you for all that are listening. We hope you have a great day.

>>Anil Khilnani:
Thank you, Matt, and thanks everyone for listening.

Disclosures:

Wells Fargo provides best practice information related to cyber risk and/or topics for educational and information purposes only.  This podcast is not intended to and should not be relied on to address every aspect of the risks discussed herein.  The information provided in this podcast is for the purpose of helping customers and clients better protect themselves from cyber risk and highlight industry best practices for operating in a more secure manner.  This podcast does not provide a complete list of all cyber threats or risk mitigation activities, nor does it document all types of best practices.  Wells Fargo is not providing cyber-related advice or consulting services and customers and clients should decide whether to engage a cybersecurity firm for specific questions or advice. It is the responsibility of our customers and clients to determine their best approach for mitigating cybersecurity risk through implementation of best practice aligned to the level of risk.

Commercial Banking products and services are provided by Wells Fargo Bank, N.A. and its subsidiaries and affiliates. Wells Fargo Bank, N.A., a bank affiliate of Wells Fargo & Company, is not liable or responsible for obligations of its affiliates. Deposits held in non-U.S. branches are not FDIC insured. Products and services require credit approval. 

Global Treasury Management products and services are provided by Wells Fargo Bank, N.A. Wells Fargo Bank, N.A. is a bank affiliate of Wells Fargo & Company. Wells Fargo Bank, N.A. is not liable or responsible for obligations of its affiliates. Deposits held in non-U.S. branches, subsidiaries or affiliates are not FDIC or CDIC insured. Deposit products offered by Wells Fargo Bank, N.A. Member FDIC.

© 2024 Wells Fargo Bank, N.A. Member FDIC.