CUInsight.com | By Floretta Sharpless, AACUC Interim COO
The risk management function has been one that many credit unions have struggled with, as they find themselves not fully understanding the importance of it from a companywide perspective. The role of a risk manager has taken on many forms and today with the Covid-19 pandemic still lingering about; the role of risk management has become even more complex. The political shift and the regulatory burden are other factors that add to the intricacy of managing risk.
A new era of managing risk is on the horizon and the need to break down the silos; or shall I say working alone with solving problems or even implementing new products and services without including the necessary individuals and/or departments can be alarming for your credit union. There is value in managing risk in every aspect of your organization. In these uncertain times, the risk management process is one that should be the main ingredient from strategic planning to performing daily functions.
What is the risk management process? And why is it a need to have it in our credit unions? The risk management process is the act of identifying, monitoring and managing potential risks to minimize the negative impact they may have on an organization. Examples of potential risks include security breaches, data loss, pandemics, cyberattacks, system failures and natural disasters. There are three stages of the risk management process, which are as follows:
Risk Assessments & Analysis – A risk assessment evaluates the credit union’s exposure to uncertain events that could impact the day-to-day operations and estimates the damage those events could have on the credit union’s revenue and reputation. Effectively assessing and analyzing the credit union’s risks helps protect assets, improve decision making and optimize operational efficiency across the board to save money, time, and resources.
Risk Evaluation – A risk evaluation compares estimated risks against risk criteria that the credit union has already established. Risk criteria may include associated costs and benefits, socio-economic factors, legal requirements, and system malfunctions.
Risk Treatment & Response – Risk treatment is the implementation of policies and procedures that will help avoid or minimize risks. Risk treatment also extends to risk transfer and risk financing. It is important to note that risk management is an ongoing process and does not end once risks have been identified and mitigated. A credit union’s risk management policies and procedures should be revisited on a yearly basis or as changes occur to ensure they are up-to-date and relevant.
The credit union landscape is constantly evolving as technology continues to disrupt financial institutions. The need to have more automated systems for the products and services offered has become a necessary factor. The member experience is a driving force that requires all credit unions to streamline manual processes and ensure efficiency and effectiveness in the handling of all member requirements, etc. Risk management from a companywide perspective or an enterprise-wide view needs to continuously be a part of the strategic planning process along with the day-to-day operations so that possible threats of all kinds to the organization can be managed in all areas, thus decreasing negative impacts to the organization.
The National Credit Union Administration (NCUA), has guidance on Enterprise Risk Management (ERM). While it is not a requirement from a regulatory standpoint for a natural person’s credit union to implement an ERM program, ensuring that a risk management process is a part of all aspects of your credit union helps with reducing adverse circumstances to your organization, possible audit findings and out-of-compliance issues.
Floretta Sharpless has over 25 years of leadership experience in all areas of business management. She started her career in the credit union industry over 15 years ago. Floretta is a strategic thinker with strong communications skills. She has an extensive background, education and certifications in lending operations, compliance and risk management, with a focus in Enterprise Risk Management.