Credit unions float in a sea of acronyms—CAMEL, GAAP, BSA, ROI, ALM, OFAC, ALLL— plus a few score more.
One of the most important among them is ERM (enterprise risk management). “Whether you know it or not, you’re doing ERM,” says Tony Ferris, managing partner at The Rochdale Group. “The question is, are you doing it effectively?” Ferris calls ERM “an early warning system that helps you understand your appetite for risk and delineate what you will or won’t do. With ERM you have to set up a framework, a methodology, and a culture that delivers a reliable set of strategies and executes them effectively.”
The two basic elements of ERM are a framework in which to deploy a decision-making process and education to broaden the organization’s “group intellect” so it understands the goals and processes of ERM, he says.
“In the first instance, you’re talking about setting up a system to manage information better so it’s timelier and can help you make better decisions,” Ferris explains. “What do you do if, for example, your local housing market is heating up or gas prices are increasing? Does a global economic development effect you? ERM expands your probe of ‘what if’ questions.”
CUNA and The Rochdale Group have partnered to deliver a best-in-class ERM solution. It combines a thought-leader approach with risk management experience to assist credit unions with strategically focused tools and results-driving processes.
Regulators up the pressure
At its most basic level, ERM is one of those must-do chores credit unions perform to satisfy regulators. Ken Agle, executive vice president/director of risk management at AffirmX, says he’s noticed a correlation between compliance issues and financial performance.
“If your institution is barely surviving, you’re less likely to care about giving the right forms and notices to people,” he says. “Or sometimes this shows up in how many projects you’re cramming through your people to make money. Financial institutions that do this are likely to have compliance problems. But once a credit union works on solving its most likely risks first, it’s ready to move on to other areas and become more innovative and entrepreneurial.”
Regulators’ demands also affect how credit unions do ERM, says Jim Stickley, chief technology officer at TraceSecurity, a CUNA Strategic Services alliance provider. “Many credit unions try to deal with ERM via spreadsheets, diagrams, and email exchanges. But increasing regulatory pressures are forcing them to look harder at how they do ERM.”
The problem with spreadsheets, he says, is that eventually each department, with its own set of risks and needs, develops its own spreadsheet. “Then you have incompatible spreadsheets, which encourages sliding into the habit of only once-a-year comparisons and reconciliations. You can satisfy regulators with spreadsheets by showing documentation that you’ve examined risk. But if the documentation itself is inaccurate, it may not save you from failure.”
Real-time risk management
Stickley says credit unions oft en are fearful of leaving the spreadsheet behind and moving to a more sophisticated ERM soft ware solution, which can require a lot of work up front. “But once a system is up, and a ticketing process comes into play, the risk manager no longer must input spreadsheet data and is free to run an efficient, real-time risk management program.”
Vendor ERM offerings may vary, but all take a holistic approach. Stickley’s firm offers TraceCSO, an integrated solution that deals with all departments across the enterprise— information technology, risk management, security, vendor management, and finance. “Unlike products that provide a hub that then link to various third-party add-ons, ours is a stand-alone product,” he says. “We designed each component to communicate with the others so it can detect lack of controls or unnoticed risks in a department and notify the others by opening tickets that call for something to be done.
“There’s no confusion with this system,” he continues. “If a ticket is open, you work on it. Once it’s closed, assuming it has been properly addressed, you’ve taken care of the problem. The result is open communication across the enterprise.”
Sai Huda, senior vice president/ general manager of enterprise governance, risk, and compliance solutions at FIS, says the company’s Early Risk Manager offers an innovative ERM solution with a comprehensive “risk dashboard” that provides a visual synopsis of a credit union’s risk profile and risk-mitigation activities in real-time.
“It takes all of a credit union’s ambiguous data and turns it into a visualized, workable form, covering all risks the credit union faces,” he says. “Users range from board members to C-level managers to midlevel managers to line workers. Each level has a unique set of interests, going from a broad view at the top to an ‘in-the-weeds’ perspective at the midmanagement level.”
Each dashboard slices and dices differently, Huda says. The person who oversees home equity loans, for example, sees a dashboard that deals exclusively with that product.
“Key risks and regulatory requirements have already been keyed in, so this person can link specific home equity loans to prepopulated key risk indicators,” he says. “If the related risks are above the credit union’s threshold, this triggers an alert and tells the credit union to look at what’s going on. Emerging risks are identified and alerts generated to enable proactive risk management so the credit union attains its strategic objectives while avoiding any negative impact to earnings, capital, or reputation.”
Huda calls FIS’s offering “system agnostic,” meaning it can import data from any system via Excel or ASCII, and then crunch it and convert it into visually engaging dashboard displays. “Its library of risks can be tailored to a credit union’s specific needs,” he says. “Regulators are happy because this pulls risk management into one box and turns reports of risk management from anecdotes into actionable risk intelligence: ‘Here are current risks, here are emerging risks, and here’s what we’re doing to mitigate the risks.’ ”
While ERM systems are useful, credit unions first must solidify their ERM program objectives and then choose a system that meets those goals, adds Ferris, whose company offers an online credit union ERM application called ERM Director.
“Many credit unions make the mistake of shopping for an ERM system before they have a good grasp on exactly what they are trying to accomplish—and then end up with a tool that doesn’t fit their needs,” he says.
Tip your sacred cows
Vendors don’t just provide soft ware, they also provide dispassionate analyses.
“When we enter the picture, we’re not encumbered by a credit union’s culture or personalities,” says Ferris, “so asking hard questions is easy for us. We don’t understand the credit union’s sacred cows, so are free to tip them.”
Although Rochdale has substantial benchmark data and analyses of financial institutions across the country, “each credit union is different,” Ferris says. “Each has a different capacity for risk, different communities and constituencies, and differing levels of staff aptitude and experience.
“We try to deliver insights that fit that credit union’s culture,” he adds. “We meet individually with each functional area and ask, ‘what are your issues and challenges, and what keeps you up at night?’ ”
Among key risk indicators Ferris cites are employee survey results, gas prices, process errors, delinquencies, and societal and economic factors.
While credit unions may have a lot of information, they don’t always take advantage of it, Agle says. Such data can provide insights into product trends and performance, and the impact of credit union strategies on revenue. Too often, a “silo effect” permeates an organization.
“You may have a degree in accounting or management, but there’s no degree in ‘credit union,’ lending, or operations,” Agle says. “You evolve into being knowledgeable about the department you work in. A credit union is a series of departments that often don’t know much about one another. So when a department launches a new program, it often doesn’t know the impact on the whole organization.”
As technological and other changes continue, credit unions must plan how they’ll deal with the changing world, Agle adds. “ERM allows you to project into the future and ask what could stop you along the way.”
PATRICK TOTTY is a writer based in Larkspur, Calif.
• CUNA Environmental Scan Report: cuna.org/strategicplanning
• AffirmX: affirmx.com
• CUNA: cuna.org/erm
• FIS: fisglobal.com
• The Rochdale Group: rochdalegroup.com
• TraceSecurity, a CUNA Strategic Services alliance provider: tracesecurity.com