Start your ERM process by defining your credit union’s risk appetite and tolerance

by Lisa Hochgraf

An important foundation for a good enterprise risk management program is a clearly defined risk appetite and tolerance, John Bugalla told attendees of the CUES School of Risk Management this week in Boston.

“Authorities expect you to eventually have, for their reading, a statement about this,” said Bugalla, principal of ERMinsights, Indianapolis.

The basic idea is to define how much risk your credit union is willing to accept (appetite) and what that really looks like in practice (tolerance), including metrics that define the boundaries of that tolerance.

Bugalla used the diagram below to illustrate.

The blue line, planned performance, is essentially the strategic direction a Credit Union sets, he explained. The risk universe, the area between the dark black lines represents the CU’s tolerance, the amount of risk it is willing to take. Performance on a key metric that falls outside the dark black line, which represents the limit of the CU’s defined tolerance, is an important red flag.

“If the variations become too big (in a particular area of the CU’s operations), the CU needs to take corrective action,” Bugalla said. “At what threshold would you begin to” make changes is what a CU’s leadership needs to determine. “One way to manage the balance is to buy insurance.” For an insurance purchase to look good to a credit union, the “perfume of the premium has to be greater than the stench of the risk,” Bugalla quipped.

continue reading »