Risk Management Continues Evolution

The rapid evolution of CU operations requires keen and constant risk oversight.

April 1, 2011

Credit unions face unprecedented threats in the current financial services environment. Credit union leaders must identify these threats and create strategies to manage the exposures in ways that fit with their risk tolerance. Complacency or procrastination can be costly.

A comprehensive corporate governance program will also help credit unions identify opportunities, anticipate threats, and balance risk with reward. And as credit unions look for new ways to generate income due to shrinking spreads, they’ll need to conduct proper due diligence when obtaining services through third-party vendors.

Three loss trends

Expect three prominent loss trends from 2010 to continue in 2011: employee dishonesty, wire transfer scams, and lender liability claims.

Risk management
  • Three loss trends from 2010 will carry into 2011: employee dishonesty, wire transfer scams, and lender liability claims.
  • Conduct proper due diligence when using outside vendors.
  • Board focus: Integrate governance and risk oversight into your strategic planning.

Fortunately, there are some simple procedures credit unions can follow to reduce the risk of loss in each of the three categories:

1. Employee dishonesty is nothing new, but it appears to be on the rise. Credit unions aren’t immune to this type of loss, which can range from minor to catastrophic.

Internal controls, comprehensive audits, and consistent oversight are the keys to managing embezzlement risk. These tools, in addition to minimizing risk and establishing accountability in the event of employee discrepancies, are highly effective in creating the perception of oversight to your entire staff.

Conduct comprehensive internal audits regularly. Include a full scope of all credit union operations and report the results to the supervisory committee and board of directors.

2. Wire transfer scams involving home equity lines of credit (HELOC) emerged in 2007. There was a significant resurgence in these claims in 2010 with sizeable losses.

Common trends that appear in these losses:

  • The transfer is requested over the phone;
  • A portion of the funds are pulled from the member’s HELOC; and
  • The wire is sent to a foreign bank.

HELOCs have been targeted in many cases due to the large credit lines. Fraudsters have been successful recently in circumventing credit unions’ security procedures.

If a credit union receives a wire transfer request that matches these transaction characteristics, staff shouldn’t process the wire. Instead, they should immediately refer the request to a supervisor or manager.

Based on the frequency and severity of these claims in 2010, credit unions might want to establish reasonable monetary limits for all member-not-present wire transfer requests rather than allow the full balance of the account to be wired.

3. Lender liability losses have increased significantly among credit unions during the past two years. Rising delinquency, repossession, and foreclosure rates underline the need to ensure compliance with applicable laws and regulations that govern these procedures.

Be particularly mindful of U.S. Bankruptcy Code, Fair Credit Reporting Act, Unfair and Deceptive Trade Practices Act, and Fair Debt Collection Practices Act requirements in your collection and reporting procedures.

Consult with an attorney to make sure processes, procedures, and other member-facing documents (such as “notice of intent to sell”) comply with these acts and other applicable statutory laws. Damages resulting from violations of these laws can be significant.

Next: Noninterest income

Noninterest income

The credit crisis has affected most credit unions to some degree. While credit unions are not-for-profit cooperatives, they need to grow, and that requires some degree of operating gain.

As lending volume has decreased and loan margins have shrunk, credit unions have begun looking for new ways to generate income, such as with debt-protection programs.


CUNA’s 2011-2012 Credit Union Environmental Scan

CUNA Mutual Group, Madison Wis.: 800-356-2644

CUNA Strategic Services

Essentially, these programs offer loan payment protection for total disability, loss of life, involuntary unemployment, and other perils. Debt protection isn’t considered an insurance product and, as such, isn’t regulated by individual state departments of insurance. Rather, as a two-party loan product, debt-protection products are regulated by NCUA and state regulators.

Credit unions transfer the risk and associated administration of these products to insurance companies and their subsidiaries. Credit unions may establish retail rates, terms, limits, and other conditions with these products that best suit their members’ needs and the capabilities of the underwriter/administrator.

In short, debt-protection programs can offer several benefits to credit unions and members that weren’t previously available with traditional credit insurance programs. These include broader protection for members, no credit union staff licensing, and potential income.

All new products should include a thorough analysis of risk and reward. While profit and loss are important considerations, don’t overlook compliance best practices.

Include your debt-protection products within the scope of your internal audit and compliance program, and report results to your supervisory committee and board of directors.

Areas that should be part of a comprehensive debt-protection oversight program include program design, member enrollment, retail margin/fee income, advertising, record keeping, member-complaint handling, benefit-activation administration (claims), staff training, and risk transfer.

Consult your debt protection product provider to confirm the liability protection that’s imbedded in the program (if any). Also, consult with your fidelity insurance carrier to
understand the impact of your policy’s supplemental litigation coverage as it relates to debt-protection programs.

Next: Due diligence

Due diligence

Credit unions often use third-party vendors for products and services that support their strategic direction. These vendors can provide many benefits such as enhanced member service, reduced costs, and increased service capacity.

PhishingExamples of popular third-party services include loan origination, underwriting, servicing, and collections. It’s critically important to complete a comprehensive due-diligence review when using third-party vendors.

Such reviews should document and verify all necessary information needed to evaluate and make your decision. Credit unions have many more resources available for due-diligence reviews today than they did a few years ago.

NCUA, for example, published Letter to Credit Unions No. 07-CU-13. It provides guidance and insight into the three primary stages of due diligence reviews: risk assessment and planning, contracts, and monitoring.

Ultimately, the scope of a due diligence review largely depends on the type of product or service a vendor offers. The consequences of not performing a due-diligence review or performing an inadequate review could be disastrous.

Newly enacted regulations will increase fiduciary responsibility and, in some cases, limit indemnification for directors at federally chartered credit unions. In many cases of failed natural-person credit unions during the past few years, inadequate risk oversight and monitoring was the basis for directors and officers liability claims.

Robust due-diligence and risk-oversight programs could have, in some cases, identified and reduced the risks that ultimately placed many financially stressed credit unions into conservatorship.

Credit union leaders must steer their institutions through these turbulent times and make strategic decisions with members’ best interests in mind.

Whether you’re considering a new opportunity or identifying risk within your operations, integrating governance and risk oversight into your strategic planning is well worth the investment.

BRAD MUNDINE is a senior manager, Credit Union Protection Risk Management, for CUNA Mutual Group, Madison, Wis. Contact him at 800-356-2644, ext. 5100.