CUNA Mutual Group is encouraging c-level executives at credit unions to strengthen their institutions’ risk-management posture as they grow.
“The C-suite plays a critical role in growing your credit union’s assets, employees, product portfolio, and membership reach,” explains Brad Neumann, risk and compliance solutions manager for CUNA Mutual Group. “But with growth comes more potential for risk and a new level of scrutiny from competitors, members, potential consumers, regulators, fraudsters, and even your employees.”
According to CUNA Mutual Group, by enhancing the credit union’s risk-management posture and creating an appropriate organizational culture can credit unions rise above the following challenges as they grow:
Challenge 1: Developing greater engagement and more accountability around cybersecurity vulnerabilities and fraud.
Fraudsters continue to clutter inboxes with fake emails and scams. They can take advantage of loopholes in your changing processes and go after your growing staff through business email compromise, ransomware, and phishing. But, it is more than an IT problem.
Credit union staff are your best line of defense against cyber risk. As a member of the C-suite, arm them with the latest technology solutions, help them understand emerging risks and assist them in building the necessary threat response protocol.
Challenge 2: Managing a workforce that may soon be composed of five or more generations.
These generations respond differently to change, prefer different communication methods, and can have different priorities. This may result in a loss of productivity if not addressed. Additionally, negative stereotyping and unconscious biases can have detrimental effects on morale.
Risk management should be part of every employee’s duties, and input from all levels should be encouraged. The credit union C-suite should be open to nontraditional backgrounds as they can bring new ideas and challenge the status quo.
As your credit union grows and your workforce evolves, look for individuals that not only have a strong knowledge base, but can prioritize and are eager to learn. People with these traits can often pick up the technical skills quickly through on-the-job training and a robust support system.
Challenge 3: Knowing who has access to your data and for what purpose.
Risks extend beyond the four walls of your credit union. Understand what partners and vendors are doing with your data, confirm they are aligned with your strategies, and assess whether you’re comfortable with their risk appetite.
Challenge 4: Managing ambiguous compliance risks.
Many of the recent laws and regulations addressing compliance issues—such as the Truth in Lending Act/Real Estate Settlement Procedures Act (TILA/RESPA) and the Military Lending Act (MLA)—have established effective dates and compliance requirements.
Others, such as the Unfair, Deceptive and Abusive Acts or Practices (UDAAP) or website accessibility and the Americans with Disabilities Act (ADA) have no effective date or requirements, making it difficult to know how to respond. The credit union C-Suite must continue to analyze compliance issues and determine the level of risk that may exist for the credit union due to the uncertain environment.
Like more traditional operational risks, it is critical to remain vigilant. The C-Suite should establish risk oversight processes that are deliberate and decisive, and continuously assess vulnerabilities, encourage employees to have risk dialogue, and develop a culture that balances risk and consumer expectations.
Keeping ahead of the complex array of ever-changing emerging risks and compliance issues takes a team – especially as your credit union continues to grow.
Brad Neumann is a Risk & Compliance Solutions Manager for CUNA Mutual Group, the leading provider of insurance and financial services to credit unions and their members. In this role, Brad is responsible for strategic leadership of risk and compliance content across multiple distribution channels, including oversight and development of CUNA Mutual Group’s exclusive RISK Alerts and webinar series. Contact him at email@example.com.