A Larger Look At Today’s Risk Landscape

Credit union executives charged with overseeing the many facets of risk face a heady mix of technology, compliance, operational, and competitive pressures along with shifting local, national, and global economic influences on the members they serve and the balance sheet they maintain.

All in all, risk management is a dynamic space.

“The risk profile is adapting to market conditions and to emerging technologies,” says Todd Link, chief risk officer at Dupaco Community Credit Union ($3.3B, Dubuque, IA). “Increased use of AI, for example, continues to be an emerging risk that needs proper policy and controls around it.”

John Orton, vice president of enterprise risk management at University Federal Credit Union ($4.0B, Austin, TX), also sees risk growing on multiple fronts.

“Cybersecurity and fraud risks continue unabated, growing more than 30% a year for financial institutions,” he says. “Credit risk has grown considerably over the past year as financial challenges for members increase. That’s reflected in higher loan delinquencies and charge-offs. And liquidity challenges continue as member savings decline and money is more easily moved across platforms in pursuit of higher rates.”

Orton, who joined UFCU two years ago after 16 years serving as the chief financial officer at another Austin credit union, says he’s worried about over-extended consumers — those who might have a mortgage with a now-higher rate, an eight-year car loan, maxed out credit cards, student loans, and active buy now, pay later accounts.

These members are one missed paycheck away from real trouble, which calls for help from a multi-front approach. At UFCU, that help comes in the form of credit counseling, skip-a-pay options, and other member programs. The credit union also is adding technology to help it predict future issues and proactively reach out to help members.

The Real Risk Of Artificial Intelligence

The potential and perils of ChatGPT and its competitors, and AI and machine learning in general, are rapidly evolving, and leaders are working diligently to assess the space in real time. What’s already clear is the need for strong policies, procedures, and controls.

According to Link, who has overseen risk management at Dupaco for the past decade, machine learning can create efficiency and improve service delivery; however,  like any technology, it comes with risk involving regulation and privacy plus data confidentiality and proprietary information sharing in public generative AI systems. Link says the industry will ultimately need to ask itself whether the technology creates enough value for the energy and effort being invested.

AI And Cyber Risk: Tools That Cut Both Ways

In its 2024 State of Omnichannel Fraud Report, TransUnion notes some 13.5% of digital account creations are flagged as fraudulent. But that’s just one aspect of what risk managers face on the cyber front.

“Bot attacks, credential stuffing, member impersonation, and spoofing are some of the current member-based challenges we fight,” says Orton at UFCU. “Looking forward, AI-enhanced phishing and identity theft are major member security concerns. AI-enabled decryption of account protections would be a nightmare if it occurs.”

But AI also can be part of the solution. For example, Link at Dupaco says AI and machine-learning can help to better detect and prevent account and card fraud.

“We need to go to the strengths of the technology,” Link says. “That includes pattern recognition, managing infinitely large data sets, and analyzing multi-variable data sets.”

Link also points to conversational AI with dynamic speech recognition and response as another valuable tool. According to the risk office, all of these resources raise the bar for protecting member data and a credit union’s technology infrastructure, especially as integration with third-party services grows tighter.

“Privacy, confidentiality, and trust is the backbone of our ecosystem,” Link says. “We must ensure all partners share that same mindset and have invested appropriately in the controls necessary to meet those high levels of performance.”

At Dupaco, enterprise risk management is continually evolving. It currently uses software that identifies and measures risk in key organizational areas and provides a composite enterprise risk profile that leaders can compare against the credit union’s risk appetite and business plans.

“I want to see as many employees as possible actively engaged in our ERM program,” Link says. “I don’t believe ERM is about the destination but rather the use and value it provides throughout the credit union itself.”

The Complications Of Compliance Risk

Credit union leaders can expect rules around AI use to emerge while rules and regs for vendor management, lending, credit, and more also will continue to evolve. This all requires a strategy for monitoring and responding, adding to the complication of compliance risk.

“Regulation will always be an area where we will spend a considerable amount of time, energy, and resources,” Link says. “It’s part of our industry DNA.”

According to Link, one particular challenge is the indirect but very real effect and competitive consequences of regulations on credit unions and banks above the $10 billion line — corollaries that eventually spread to all credit unions.

“If we continue to see increasing pressure on margin, interchange reductions, and fraud losses, credit unions will be forced to take a look at a lot of presently free or low-priced products and services,” Link says. “This isn’t healthy for credit unions, our member-owners, and especially those of modest economic means.”

Costs, Vulnerabilities, And Collaboration

Although cost and vulnerabilities are major risks inherent in the use of technology, those investments must continue for competitive and operational reasons alike. But the way credit unions can collectively meet these challenges provides Link with reason for optimism.

“What makes me bullish on our industry’s future is the collaborative nature with which we leverage unique fintech relationships and share knowledge with one another,” the veteran Dupaco risk manager says. “This is one of the leading risk mitigation tools we have at our disposal, which ultimately translates directly into helping our member-owners build financial wellbeing.”