A risk management framework will help you manage existing and emerging threats in real time.
That framework must encompass the full range of risks facing credit unions, from vendor management and cybersecurity to software risk assessments and business continuity planning.
It even includes reassuring members about the tried-and-true security of share insurance.
Mitchell Klein, senior vice president of risk services for Ncontracts, says this enterprise-wide approach to risk management creates “a secure state of mind” for staff and members alike.
Klein will address the CUNA Regulatory Compliance Certification School March 31 to April 5 in Louisville, Ky.
Klein believes it’s important to train front-line staff to discuss share insurance with members who question the safety of funds deposited in the credit union.
“As credit union staff, it’s our job to make sure we make members feel comfortable that the funds they deposit will always be there,” Klein says.
Credit unions must also ensure they comply with the myriad regulations designed to protect members, such as state-level rules for handling interest on lawyer trust accounts. That includes small but significant details such as documenting that interest is properly transmitted to the right funds.
‘A robust enterprise risk management program shows exposure trends within the credit union.’
As a risk management expert, consultant, and speaker, Klein addresses “all things risk” all the time. His work at Ncontracts builds on 30 years working at credit unions, first as general counsel and then as chief risk officer when risk management gained a defined role in ongoing operations.
Vendor management is a critical risk management challenge for credit unions today.
Klein will address the CUNA Regulatory Compliance Certification School, March 31 - April 5 in Louisville, Ky.
Klein says vendor management policies must classify vendors so the credit union addresses risk to members at the right level, with examiners looking closely at risk assessments and vendor management.
“Credit unions are mandated to conduct due diligence on the vendors they’re using to make sure they have proper controls in place,” Klein says. “For example, make sure your core provider has a business continuity plan in place, remains strong financially, has a good reputation, and has effective controls such as firewalls in place to make sure member information is secure.”
Enterprise risk management is the “umbrella” that covers all risks the credit union faces. Understanding those threats starts with determining inherent risk by assessing the probability and severity of potential damage for a specific function or operation within the credit union.
Ongoing risk assessments help credit unions evaluate the effectiveness of controls to identify and correct deficiencies.
“A robust enterprise risk management program shows exposure trends within the credit union—where it’s peaking, where it’s staying constant, and where you need to place more attention to certain items,” he says.
Klein shares three best practices to help you manage risk:
“By doing the right due diligence,” Klein says, “credit unions can know they are managing risk.”