Risk management – measuring risk and planning how to mitigate it – really is a hot topic for credit union professionals right now, but what are the regulatory examiners looking for when they evaluate the risk management systems at your credit union? When examiners come – what should you expect?
In our Compliance 101 handbook, NAFCU’s regulatory compliance team looked at the seven risk categories NCUA considers in examinations. This is, for the most part, what examiners will be thinking about when they look at your credit union. Here is a brief summary of that discussion.
Credit risk. This is the type of risk relating to any contract between a credit union and a person or entity – usually involving loans. If a member defaults on a loan agreement, that will have a negative impact on the risk level for the credit union’s assets. If a credit union invests in a third party, that also introduces credit risk.
Interest rate risk. This is the type of risk related to fluctuating interest rates, which can hurt a credit union’s capital and earnings. Rising interest rates can also put pressure on credit unions to increase dividend rates on share products. Interest rates have to be carefully monitored for their potential effects on a credit union’s balance sheet.
Liquidity risk. This risk relates to a credit union’s liquid funding sources and its ability to meet obligations when they come due. For instance, if there were a “run” on your institution and members withdrew as much money as they could without penalty, that drain on liquidity could hinder your credit union’s operations.
Transaction risk. This relates specifically to fraud committed in financial transactions – or in errors arising during such transactions. This is also known as operating risk or fraud risk. Transaction risk is a function of internal controls, employee integrity, information systems and operating processes. Every credit union should have a plan to mitigate the risk of fraud from within and outside the credit union.
Strategic risk. This is the type of risk arising from adverse business decisions, improper implementation of decisions or a lack of responsiveness to changes in the industry. Dealing with this risk requires the development of strategic goals and business strategies – something your credit union should deal with at the executive level and with your board of directors.
Reputation risk. Risk to your credit union’s reputation, arising from negative public opinion or perception of the credit union, can affect a credit union’s future in a community. This is a good reason to stay active on and monitor social media!
Compliance risk. This risk relates to the failure to comply with legal and regulatory requirements, which can expose your credit union to litigation or administrative actions and enforcement. This is, of course, a big focus for regulators. NCUA’s scope for compliance risk is very broad. It can apply to laws, rules and regulations affecting credit unions, or to credit unions’ internal policies, procedures, ethical standards, contractual obligations and exposure to litigation.
There are many types of risk to assess and many different ways to approach risk management – but NAFCU is here to help credit unions get a handle on it. One opportunity to learn more will be at NAFCU’s Risk Management Seminar in Denver this August. During the seminar, we’ll talk about NCUA’s and other regulators’ approaches to risk management as well as cybersecurity risk, biometrics and how to implement an enterprise risk management system.
The seminar will be a great chance to hear from experts and other credit unions about what has worked for them, and to get a feeling for how risk management is evolving in the industry. I hope to see you there!
NAFCU’s Risk Management Seminar is set for Aug. 8-10 at the Grand Hyatt Denver in Denver. Colo. Registrants can save $100 with the promo code RISKSAVINGS if they register before June 10.