In 2016, ORNL consolidated ERM management under the umbrella of a single individual, and a single committee.
Because of the ever-evolving nature of risk, the credit union is considering more frequent committee meetings, from quarterly to monthly.
When ORNL Federal Credit Union($1.9B, Oak Ridge, TN) promoted Lisa Thompson to vice president of ERM in 2016, the cooperative effectively centralized enterprise risk under a single individual. To ensure a holistic approach to identifying and assessing risk, one of Thompson’s first tasks was to establish a formal ERM committee.
We wanted to make sure it had organizational structure as well as executive- and board-level awareness and influence behind it, says Joy Wilson, the credit union’s chief administrative officer.ContentMiddleAd
The ERM Committee Is Cross-Sectional
Fifteen employees representing each of the organization’s business lines comprise the ERM committee. Vice presidents and assistant vice presidents typically sit on the committee; however, if the position doesn’t exist within a specific line, a manager-level position fills in.
Joy Wilson, Chief Administrative Officer, ORNL FCU
It’s a cross-section from across the organization, Wilson says. We want to make sure all of our key business lines are accounted for.
Those lines include lending, marketing, payments services, operations, and others. Even project management has a seat at the table.
The committee currently meets every quarter for 90 minutes; however, Thompson is evaluating whether the committee should meet monthly.
We don’t have enough time to cover our agenda items, Thompson says. Risk is ever-changing, and quarterly meetings do not seem to be frequent enough to identify emerging risks.
Lisa Thompson, VP of ERM, ORNL FCU
The ERM Committee Tackles Many Topics
When the risk committee meets, it has several items on the agenda.
One, the group discusses emerging risks through the lens of what’s in the news whether it’s the Equifax breach or another financial services matter.
We look at real-life scenarios that have occurred since our previous meeting and discuss how those scenarios could affect ORNL, Thompson says.
The group also discusses upcoming credit union projects and the risks associated with each.
Risk management is an evolutionary process for all credit unions and banks. Everyday we are trying to figure out how to strengthen it.
To do this, the credit union uses a risk matrix to examine pre-set risks and controls for various business lines, products, and services.
We can see inherent risk and residual exposure, what insurance coverage we have, the control mitigations, and the effectiveness of those controls, the ERM vice president says.
ORNL runs new product and service proposals through the matrix and debates other, less tangible, associated risks.
Reputational risk has become a focus in all of our discussions, chief administrator Wilson says.
Find your next partner in Callahan’s online Buyer’s Guide. Browse hundreds of supplier profiles by name, keyword, or service area.
ORNL wants ERM considerations infuse into the early stages of project development. That’s why the committee includes a spot for the credit union’s vice president of project management.
When we take on strategic projects, department-level projects, or just-in-time projects, we need to incorporate risk evaluation prior to launching, Wilson says. It helps us make more concerted decisions about what to do or why not to do it.
Finally, the scope of the ERM at ORNL also includes elements of business continuity and disaster recovery planning. Before, ERM and business continuity teams met separately. The credit union folded them together because the two teams overlapped people and conversations.
This prevents redundancy in meetings and individual expectations, Wilson says.
CU QUICK FACTS
Data as of 06.30.17
HQ: Oak Ridge, TN
12-MO SHARE GROWTH: 10.2%
12-MO LOAN GROWTH:4.2%
ERM Changes And Stays The Same
What happens in ORNL’s ERM committee does not stay there. Findings and recommendations flow up through the cooperative to decision-makers at the highest level.
Thompson reports on behalf of the ERM committee in quarterly executive committee meetings, where she’s in front of ORNL’s CEO, C-level leaders, and board of directors.
The reporting structure works well, Wilson says. It gives the committee visibility and awareness and puts Lisa at the table where she needs to be.
Of course, the credit union is always looking for ways to improve. The nature of risk continues to change, so why shouldn’t the credit union’s risk committee?
Thompson says the credit union will launch a risk dashboard by first quarter 2018 that will clearly, visually display where ORNL falls in relation to the risk appetites laid out by the board of directors.
Risk management is an evolutionary process for all credit unions and banks, Wilson says. Everyday we are trying to figure out how to strengthen it.