Manual processes: Free tools costing your credit union much more than you think

Most people consider spreadsheets, shared drives, and email to be free tools. However, if your credit union uses these tools to manually supervise risk management or compliance, the cost of Excel or other applications is just the start of your expenses.

Many credit unions facing increased regulatory scrutiny of enterprise risk management (ERM) and compliance activities have responded by allocating more and more employees to actively managing and carrying out these functions. However, few credit unions have made the necessary tool investments to guarantee that the time and effort committed are channeled to maximize effectiveness and return on investment.

One of the most significant of inefficiencies is over-reliance on spreadsheets, shared drives, and email. Spreadsheets are designed as accounting and financial tools. Shared drives and email serve as passive repositories for documents. When using these tools for risk and compliance management, it exposes credit unions to faults that may wind up losing them a lot of money.

1. Your files are in one place—but that place is a mess.

Some credit unions assume that because there is a shared drive to store files, everything is organized in one place. The problem is that many shared drives are like dusty attics—a lot of things have been stored there and forgotten and it’s hard to separate the trash from the treasure.

That leads to questions such as:

• Is this the most current version of this document? Employees often download documents to their hard drive and work on those versions, meaning there are multiple versions with different updates.
• When were changes made? While you can see when and who last edited a document, there is no audit trail showing who changed what and when. Did a task get done? You’re relying on staff to remember and update the spreadsheet. There’s no automated reports or reminders.

2. You can log information, but what about the analytics?

A blank spreadsheet can be whatever you want it to be—but only after you do all the research. That includes everything from tracking, analyzing, and deciding how to implement regulatory changes to model risk assessments.

Logging information is easy. Conducting all the research and analysis to decide what will actually need to be logged is the real heavy lift. Spreadsheets can’t help with that.

3. It’s not easy to share information with other departments.

Departments need to work together, but that doesn’t mean it’s a good idea for departments to give each other unfettered access to their documents. There needs to be a way to share read-only documents or make it easy to see who outside the department or business line has made changes. It also needs to be easy for those outside users to find the documents.

4. It’s not always easy for examiners to follow along.

You can’t give examiners access to your spreadsheets and assume they’ll understand what they mean. That means key staff members will be pulled away from their work to pull information and explain your processes to examiners.

5. There’s no way to have a complete view of risk.

Risk takes many forms including compliance, operational, financial, reputational, cybersecurity, and transaction risk, among others. If different departments and business lines are managing different types of risks, there is no easy way to bring all the data together to fully understand risk.

It also ignores the fact that risk and compliance management are interconnected. Whether it’s the Gramm-Leach-Bliley Act (GBLA), Bank Secrecy Act, vendor management, or your credit union’s internal policies, there is substantial overlap in many areas. Multiply that across all your locations, business divisions, and third-party service providers, and spreadsheets just aren’t up to the task. There’s limited transparency and no way to integrate data, meaning your FI lacks an enterprise-level view of risks, costs and opportunities. They just can’t effectively integrate all that information.

As your credit union evaluates ways to keep pace with increasing regulatory scrutiny of risk and compliance management, make sure you’re not considering the cost of a solution. Take a close look at what it will cost your staff to effectively use that solution—and whether it will be able to meet all your needs.

Consider tools that increase efficiency to create a worthwhile return on investment (ROI), especially when compared to time-consuming manual processes. Otherwise, the hidden costs of manual tools could end up costing your credit union.