Commander Dana De Coster is a member of the elite Navy SEALs. He has completed multiple combat tours in Iraq and the Pacific Command, has provided support to the FBI’s Counter Terrorism Division, and served as the Operations Officer for the first-ever SEAL-led Combined Joint Special Operations Task Force in Baghdad. There, he orchestrated the counterattack to take back Ramadi from ISIS control across seven different coalition commands, setting the stage to retake Mosul.
Commander De Coster is currently the Operations Officer for the Naval Special Warfare Center, overseeing all operations of the NSW’s two training commands. He recently spoke at CUNA/Rochdale Paragon Group’s second annual GRC Conference in San Diego, where he provided information about how the Navy “attacks” risk, including examples from a real-world operation carried out under his command.
The most fundamental principle underscoring the SEALs’ approach to managing operational risk is that they play to win. This is an important strategic consideration for any organization, including credit unions, but for the SEALs, it’s a matter of life and death.
The SEALs consider three components in assessing the risk of an operation:
The risk of not acting is a key consideration. This risk is weighed against the various risks associated with an operation. The planners may not have all the information needed to ensure operational success, or may not be able to fully mitigate those other risks, but what is the risk of not acting? Will the opportunity to carry out a given operation present itself again (e.g., will the location of a particular target be known again in the future)? This consideration requires what CDR De Coster calls “operational patience” – we may need to accept that the current risks outweigh the risk of not acting now, or vice versa.
Information related to these risks is used to develop a matrix that considers the potential severity and probability of each risk (either to mission or to force), and specific controls and mitigation strategies are identified. This is analogous to Rochdale Paragon Group’s approach to assessing risk by identifying and quantifying the impact (severity), likelihood (probability) and mitigation of a broad spectrum of risks facing the credit union.
In addressing risk mitigation, CDR De Coster spoke to the SEALs’ tenacious preparation. “We don’t do runs (drills) until we get it right, we do runs until we don’t get it wrong.” This preparation is vital in ensuring the success of life-and-death missions. Incorporating it into credit unions’ preparation for emerging risks could also mean the difference between success and failure, for example in executing core system conversions or rolling out new products and services. The lesson is to not just test and prepare until we get it right once, but to continue testing and preparation until we don’t get it wrong, under any scenario.
Using risk to mission, risk to force and the risk of not acting as the basis for risk assessment and mitigation planning, the SEALs “attack” risk using two categories of tools: the Formal and the Informal. The Formal tools include:
CDR De Coster emphasized that the Informal tools used in attacking risk are more important than the Formal tools. They include:
CDR De Coster noted a couple of pitfalls that can threaten operational success. One is the unrecognized accumulation of risk; i.e., the compounding of risks that appear to be sufficiently mitigated individually, but when taken together, could produce an unacceptable overall level of risk. This underscores the importance of assessing risk enterprise-wide.
The other potential pitfall is performing with good outcomes: being lulled by past successes into not adequately preparing for future operations or developing contingency plans. He noted that just because one operation goes well, it’s still critical to prepare and develop contingency plans for future operations.
CDR De Coster presented a “Risk Management Learning Loop.” This uses the lessons learned from an operation to inform future mission planning. The steps in this loop are as follows:
Finally, CDR De Coster set forth four risk management principles that guide the SEALs’ approach to attacking risk:
Below are ten key takeaways for credit unions from CDR De Coster’s presentation:
For more insights into governance, risk management and compliance, join us at the 2019 CUNA Governance, Risk Management and Compliance Leadership Conference, September 23-25, 2019 in Nashville.