Compliance staff dealing with complexity and heavy loads.
Although most credit unions weathered the financial crises of the past few years better than banks did, that doesn’t mean they’ve received a lighter regulatory load.
“We’re seeing regulation upon regulation, especially related to lending,” says Carmichael. “This is an enormous job and the position where we’ve seen the most change in recent years. I don’t anticipate that letting up anytime soon.”
Staying in regulatory compliance demands a broad understanding of credit union operations, lending practices, data management, and overall risk management. While these categories aren’t necessarily new, they’ve become increasingly complex with the explosion of both electronic data and regulations.
Maine Savings Federal has a full-time person in the compliance role, and also works with several outside vendors to handle auditing functions.
“This position requires a tremendous amount of knowledge, attention to detail, and focus…and a huge amount of time,” says Carmichael. “It will take on increasing importance.”
Security officers becoming more proactive.
In the past, security largely focused on operations, notes Nassau Financial Federal’s Reh. Credit unions considered “how could people circumvent your procedures, how could they use social engineering to commit fraud. It typically occurred at the person-to-person level.
“Now, because security revolves around your technology and your electronic data, the risk has grown exponentially,” he adds. “Every time we add a new channel or allow another type of transaction to occur electronically, we open ourselves up to new types of fraud.”
This means anyone who is managing credit union security needs exceptional technology skills and the dedication and tools to constantly monitor and address security risk.
Security professionals must take a more proactive approach to protecting members’ data instead of waiting for something to happen, says Jennifer Weiss, vice president of information technology (IT) at $1.7 billion asset, multiple-SEG Sandia Laboratory Federal Credit Union in Albuquerque, N.M.
“The role of the security professional no longer will be about reviewing logs and trying to detect anomalies,” she adds, “but more about education for both employees and members, and recommending both technology changes and policies and procedures that will prevent fraud before it happens.”
Credit union size often determines whether security is managed internally or externally.
“A credit union with billions in assets probably will hire a high-level security person, while a smaller credit union probably will rely more heavily on vendors,” says Carmichael. “Our credit union is in the middle: We out-source some things and we manage some internally. It requires ongoing evaluation to strike the right balance.”
Hybrid is the new norm
It’s becoming more difficult to compartmentalize credit union functions, staffing professionals agree. Technology and tech skills are required in every credit union role in varying degrees, and roles overlap in many areas—business development and marketing, marketing and IT, and regulatory compliance and security.
“Most marketers have adjusted to managing website content, but they’re still struggling with social media,” says Weiss. “Marketers not only have to get the message right, they also need technical skills that never were required before.”
“The question shouldn’t necessarily be, ‘Where does this person sit? Are they marketing or IT? Are they in business development?’ It’s more a matter of results,” says Davis, “and finding ways for people with different skill sets to work together effectively.”
Click here for an interesting perspective on the branch of the future.