What’s your credit union’s operational (transaction) risk appetite?

When a member can’t withdraw money from an ATM, they don’t wonder whether or not the credit union has set its operational risk appetite correctly – they just want to know when they can access their cash. IT or third-party supplier errors/failures, cyberattacks, bad weather or any other external hazard can result in excessive operational risk, as well as a poor member experience.

An area of growing concern for many financial institutions, operational risk primarily measures a credit union’s ability to deliver products and services to their members. A good place for credit unions to start for guidance is to look at how the National Credit Union Administration (NCUA) defines operational risk. The following is an excerpt from the NCUA Examiner guide:

Transaction (Operational) risk is the risk to earnings or net worth arising from fraud or errors that result in an inability to deliver products or services, maintain a competitive position, and manage information. This risk (also referred to as operating or fraud risk) is a function of internal controls, information systems, employee integrity, and operating processes. This risk arises daily in all credit unions as they process transactions.

Why should credit unions be assessing their operational risk program? As our industry has increased the use of technology to deliver digital services to members, we have also amplified the complexity and dependent nature of our systems. This category of risk, firmly rooted in technology, is now a common boardroom subject.

 

continue reading »