As the threat landscape facing financial service providers evolves in complexity, more credit unions are formalizing their risk management programs by dedicating a C-suite or senior leadership position to the task.
Often carrying the title of chief risk officer, this leadership role tends to be misunderstood. It’s easy to see why. The title alone conjures up the image of a single individual heroically shouldering the weight of all risks facing the credit union.
In actuality, the chief risk officer is a much more collaborative role. In fact, a better professional title may be chief risk facilitator. That’s because the role is less about owning risk, and more about facilitating discussions and decision making between the many individual risk owners across the organization.
To stay on the collaborative path, chief risk officers (or those individuals filling the role of such) can follow a few best practices:
At regular intervals, sit down with each department owner and/or executive sponsor of special projects to discuss the risks associated with operating their pieces of the business. For example: How have risks changed in substance or severity? What can be done to mitigate them? Which controls are in place and effective and which need to be reconsidered or modified?
Categorize risks by department, rank them by severity and document your mitigation strategies. Keep this risk library fresh/up-to-date, and importantly, keep it centrally located. With talent churn still a major problem for credit unions, chief risk officers must prioritize seamless communication and fully accessible, comprehensive record keeping. Part of sharing the responsibility for successful risk management is ensuring everyone has at-your-fingertips access to as much information as possible to understand the risk profile of the credit union.
The NCUA provides credit unions seven categories of risk for assessment. This is a great place to start. However, every credit union is unique. Risk should be considered based not solely on the NCUA’s seven categories, but also on a range of other aspects, such as asset size, growth stage, membership makeup, services provided and products offered. Credit unions do not need a large quantity of risks to operate a successful risk program.
Spreadsheets have long been a go-to tool for chief risk officers. However, the risk function in most credit unions has outgrown the once-adequate resource. With multiple owners and assessment to-do’s, a seamless, cloud-based automation tool is critical for a well-managed risk. It’s no longer optimal to be emailing around a spreadsheet, making changes on individual computers and hoping the right version reaches the risk officer, board or external examiners when they request it. If they haven’t already, chief risk officers should begin the transition from spreadsheet to automation platform right away to provide the benefits of streamlined processes in risk data collection and reporting.
Credit unions are operating in a much different world today than even three years ago, and it’s changing the profile of risk. Pandemic-era changes to business, such as increased digital services, the proliferation of remote employees and boards and the massive threat of sophisticated cyberattacks, are drawing down a slew of new (and still emerging) risks for credit unions. The resulting new complexity requires a strategic refreshment of everything from risk assessments to risk tolerance, and that calls for a strong, capable leader. This is not to say such an individual should be forced to do the heavy lifting alone. The most successful chief risk officers in the modern era will fully embrace the credit union way by making collaboration and facilitation their presiding values.
ViClarity is a company of the California and Nevada Credit Union Leagues and a benefit of League membership.