A true advocate to his discipline, it’s easy for Tony Ferris to apply enterprise risk management (ERM) principles to everyday life.
“Think about driving to the store: What could go wrong?” says Ferris, founder/CEO of Rochdale, which specializes in ERM, strategic planning, governance, lending support, and consulting for financial institutions. “You get a flat tire, you get in an accident, you forget to take your wallet. Whether you’re running a small business or financial institution, you face all types of risks.
“The difference is we usually consider those risks in our head, or through a less-formal process,” he says. “Risk management brings that to a discipline we can advance our proficiency and effectiveness at running our businesses.”
To help credit unions formalize that process, NCUA has identified seven areas of risk credit unions must manage: credit, interest rate, liquidity, transaction, strategic, reputation, and compliance.
While not every credit union has a formal ERM initiative, Ferris recommends putting a framework in place and building it out as the organization gains an understanding of its risk environment.
“It allows you to level set as an organization, align your priorities, and work through opportunities that exist,” he says.
While small credit unions have fewer resources than their larger counterparts, they can formalize their risk management process, Ferris says.
“ERM is simply a prioritization tool that says, ‘Here are the biggest things we need to worry about; where do I put my time and money?’” he says. “So if I know the biggest risk I face and the dollar impact of that, I can put my money where it is absolutely needed.”
As for the current risk environment, Ferris says credit unions are learning to cope with the pandemic. “There was nothing that came out of the pandemic that was new: human resource issues, retaining talent, the move to digital were all there before. It just got accelerated rapidly.”
One development that will affect the credit unions’ strategic performance is a reduction in nonsufficient funds fees, he notes.
Cybersecurity is also an ever-evolving issue.
“The question is how to keep up,” Ferris says. “There's no doubt the bad actors will continue to perform their magic on us, and we have to be ever diligent. That’s why we have to develop as much understanding about the risks as possible.”
He says that understanding is the key to ERM effectiveness.
“From a framework standpoint, you partner with each area of risk within your organization so you're giving and getting information, and it’s all baked into your program and considered on the same scale,” Ferris says. “It's not piecemeal, so you have a comprehensive view of what's going on in the organization.”