Enterprise Risk Management (ERM) | CreditUnions.com | Data & Insights For Credit Unions https://creditunions.com/keyword/enterprise-risk-management-erm/ Data & Insights For Credit Unions Mon, 18 May 2026 10:38:20 +0000 en-US hourly 1 https://creditunions.com/wp-content/uploads/2022/02/cropped-CreditUnions_favicon-32x32.png Enterprise Risk Management (ERM) | CreditUnions.com | Data & Insights For Credit Unions https://creditunions.com/keyword/enterprise-risk-management-erm/ 32 32 Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. https://creditunions.com/features/perspectives/fraud-is-faster-smarter-and-harder-to-stop-heres-how-to/ Mon, 18 May 2026 04:36:23 +0000 https://creditunions.com/?p=113804 RKL offers insight, expertise, and experience to help fight off growing threats.

The post Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. appeared first on CreditUnions.com.

]]>
Barry Pelagatti, RKL
Barry Pelagatti, Partner, RKL

No longer solely a back-office issue, fraud attacks against credit unions are becoming faster, more technology-enabled, and more pervasive across all member touchpoints.

As digital capabilities advance, institutions must view fraud within a broader risk management framework, especially as financial crimes grow more scalable and irreversible, with schemes like business email compromise, cryptocurrency fraud, identity theft, and lending scams exploiting speed, anonymity, and control gaps.

But there’s also a way credit unions can protect themselves: by implementing practical solutions to counter threats. These include proactive approaches based on internal controls, training, monitoring, and governance, along with identifying weaknesses and addressing them before they can be exploited.

Barry Pelagatti, a partner in RKL’s Audit Services Group and leader of its Financial Services and Risk Management Service groups, shares insight from his 30 years of experience helping financial institutions across the Mid-Atlantic strengthen controls, respond to evolving threats, and manage risk in a practical, proactive way.

How does RKL support credit unions in preventing, detecting, and responding to fraud and identity theft?

Barry Pelagatti: RKL supports credit unions in designing risk-based plans focused on preventing, detecting, and responding to fraud and identifying theft by emphasizing strong internal controls, data protection, access management, security awareness, and incident reporting.

Internally, we focus on safeguarding sensitive information through restricted access, password controls, secure data storage, device security, ongoing training, and prompt reporting of lost devices or suspected unauthorized access.

These same practices help us support credit unions as we work with them to strengthen fraud prevention, improve detection of suspicious activity, and respond quickly to potential incidents.

What are the key fraud trends you’re seeing today, including some recent data and the rise of cyber-enabled and cryptocurrency-related schemes?

BP: Fraud trends today show that financially motivated crime is increasingly digital, fast-moving, and scalable. The FBI Internet Crime Complaint Center’s 2024 Report shows the Internet Crime Complaint Center has received approximately 836,000 complaints per year on average during the past five years, reflecting the persistent nature of online fraud. The report also highlights that cyber-enabled fraud accounted for roughly 38% of 2024 complaints but nearly 83% of total reported losses, with approximately 333,981 complaints and $13.7 billion in losses.

Investment scams were the largest category by reported loss at about $6.57 billion, whereas business email compromise caused roughly $2.77 billion in losses. Cryptocurrency continues to play a major role due to its speed, pseudo-anonymity, and limited recovery options, with more than $9.3 billion in losses in 2024.

Common payment channels include cryptocurrency, wire transfers/ACH, debit and credit cards, peer-to-peer payments, and gift cards. Overall, fraud is becoming more technology-enabled, more cross-border, and harder to reverse once funds leave the victim’s control.

How are fraud schemes evolving, and what should credit unions know about identity theft risks, modern scam tactics, and loan fraud red flags?

BP: Fraud schemes are evolving by blending traditional deception with modern technology, social engineering, and increasingly realistic fake documentation.

Identity theft remains one of the fastest growing crimes, with fraudsters targeting personally identifiable information such as Social Security numbers, addresses, driver’s license numbers, email credentials, insurance data, and loan information.

Tactics include phishing, spear phishing, vishing, smishing, pharming, skimming, mail theft, pretexting, typo-squatting, and whaling. Newer scams like “pig slaughtering” involve building trust over time before steering victims into fake investment platforms, often involving cryptocurrency.

An important takeaway is that scams are no longer always crude; fake websites, executive impersonation, and AI-assisted document creation can make fraud attempts appear legitimate. On the lending side, red flags include unusually large loan requests, questionable repayment terms, inconsistent or forged documentation, discrepancies in personal information, frequent applications, and reluctance to provide supporting details.

What practical steps can credit unions take to strengthen fraud risk management, including detection methods, internal controls, employee training, and overall risk strategy?

BP: Credit unions can strengthen fraud risk management by starting with a formal fraud risk assessment that identifies vulnerabilities, measures risk, and connects those risks to specific control activities.

Strong internal controls are foundational, especially since fraud often arises from control weaknesses. Key measures include segregation and rotation of duties, mandatory vacations, surprise audits, employee account reviews, and background checks for higher-risk roles.

Maintaining a confidential reporting system allows employees, agents, and the public to report concerns without fear of retaliation, which is critical since tips are a leading method of detecting fraud. Continuous monitoring, including automated tools, helps ensure controls are working as intended.

Employee training should be mandatory and ongoing, covering fraud awareness, warning signs, reporting procedures, and consequences. Targeted, frequent, recurring training is especially important for high-risk functions.

At a broader level, organizations should align fraud management with governance, oversight, and a prevention-first strategy, as prevention is generally more effective than recovery after losses.

To learn more about RKL, visit the firm’s website and follow RKL on Instagram, Facebook, X, and LinkedIn for updates on services, insights, community involvement, and career opportunities as well as information about RKL’s mission and values.

The post Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. appeared first on CreditUnions.com.

]]>
QFD® by Quavo | Product Overview https://creditunions.com/supplier_demos/qfd-by-quavo-product-overview/ Sun, 01 Feb 2026 11:00:29 +0000 https://creditunions.com/?post_type=supplier_demos&p=106964 Quavo is a leading technology partner and strategic advisor, helping financial institutions (FIs) build trust-driven customer relationships through faster, more transparent dispute resolutions. Our mission is to restore financial trust by simplifying fraud and disputes. Quavo’s award-winning technology automates the entire dispute lifecycle, from intake to resolution. FIs can pair this end-to-end solution with our […]

The post QFD® by Quavo | Product Overview appeared first on CreditUnions.com.

]]>
Quavo is a leading technology partner and strategic advisor, helping financial institutions (FIs) build trust-driven customer relationships through faster, more transparent dispute resolutions. Our mission is to restore financial trust by simplifying fraud and disputes. Quavo’s award-winning technology automates the entire dispute lifecycle, from intake to resolution. FIs can pair this end-to-end solution with our expert-led back-office investigation team in one turnkey managed service. Scalable for institutions of all sizes, Quavo’s solutions reduce losses, ensure compliance, and enhance customer loyalty. Learn more at www.quavo.com.

Book a Demo

The post QFD® by Quavo | Product Overview appeared first on CreditUnions.com.

]]>
Risk In Motion: Why Your Risk Program Needs To Move Faster https://creditunions.com/features/perspectives/risk-in-motion-why-your-risk-program-needs-to-move-faster/ Mon, 23 Jun 2025 04:00:34 +0000 https://creditunions.com/?p=107682 Risk might or might not impact your organization, but you must be ready regardless.

The post Risk In Motion: Why Your Risk Program Needs To Move Faster appeared first on CreditUnions.com.

]]>
Risk doesn’t stand still — and neither should your enterprise risk program.

Terence Lee, Protecht Group
Terence Lee, VP of Risk, North America, Protecht Group

Risk is always in motion. It might impact your organization, or it might not. But to achieve your strategic objectives, you must be ready regardless. And that means rethinking how you manage enterprise risk today.

Many credit unions and banks are still relying on frameworks designed for a slower, simpler era. Periodic risk reviews, siloed systems, and static reports are outdated tools that create the illusion of control while leaving your institution exposed to today’s fast-moving threats. Instead of enabling enterprise risk management, they obscure it.

At Protecht, we believe it’s time for a new approach — one that reflects how risk actually behaves. That’s why we created “Risk in Motion: A Guide to Connected, Continuous Risk Management.” This practical e-book is a blueprint for transforming your GRC program from reactive to resilient, from fragmented to fully connected, from slow to agile.

In this article, I’ll share a few highlights from the guide and why these ideas matter now more than ever.

Static Risk Management Is Holding You Back

For many risk teams, managing risk still means wrangling spreadsheets, color-coded heatmaps, and quarterly reports. But let’s be honest, those tools can’t keep up.

From AI disruptions to supply chain shocks to real-time cyber threats, today’s risks move too fast for static snapshots to offer meaningful protection. And the cost of inertia is real:

  • Siloed data means decisions made in the dark.
  • Outdated reports mean missed warning signs.
  • Untested controls mean you’re relying on assumption, not assurance.

As we say in the guide: You might have a strong risk culture in your first line — but without visibility across lines, insight disappears into the Black Hole of Risk Management.

What Does It Mean To See Risk In Motion?

“Risk in Motion” is more than a catchy phrase. It’s a shift in mindset from viewing risk as a point-in-time task in a traditional GRC checklist to managing it as a continuous cycle that’s powered by six integrated gears:

  1. Risk And Control Self Assessments (RCSAs) — Performed frequently, not annually.
  2. Metrics And KRIs — Early warning signals, not lagging indicators.
  3. Incident And Near-Miss Management — Feeding directly into control improvements.
  4. Controls Assurance — Structured, real-time testing and validation.
  5. Issues And Actions — With clear accountability and tracking.
  6. Compliance & attestations – Embedded across the risk lifecycle.

Each gear is valuable on its own. But the real transformation happens when they move together, in sync, within a unified system.

Seeing Risk Before The Incident

The most advanced organizations don’t just respond to incidents, they act on early signs to avoid them.

That’s the power of Risk in Motion. Visibility isn’t just about exposure; it’s also about engagement. Protecht ERM’s dashboards don’t just show scores, they surface weak signals. They spotlight the areas of low engagement where a business process may not be sticking, long before it becomes a breach or failure.

One of the standout innovations that we discuss in this e-book is the Linked Risk Report available in Protecht ERM. It’s a real-time, unified view that connects KRIs, incidents, compliance obligations, audit findings, control effectiveness, and more. It’s not a snapshot. It’s a living, breathing map of your enterprise risk environment.

Real Results. Real Resilience.

A connected, continuous ERM approach does more than improve reporting. Organizations that adopt Risk in Motion see measurable benefits:

  • Fewer audit findings and control failures.
  • Greater executive confidence and insight.
  • Tighter alignment between risk appetite and business strategy.
  • Faster, more informed decision-making.

They don’t just avoid what could go wrong — they enable what could go right.

You Don’t Need To Be Perfect. You Just Need To Start.

Whether you’re still managing risk in spreadsheets or using legacy tools that don’t talk to one another, Risk in Motion meets you where you are.

You don’t have to overhaul everything at once. Start with one gear — RCSAs, KRIs, or issue management — and build from there. What matters is momentum: Building a living risk ecosystem that moves at the speed of your business.

Because risk is always in motion. The question is: Will you see it coming?

Ready To Experience Risk In Motion?

  • Start your research by downloading Protecht’s Risk in Motion e-book
  • Book a demo to see how Protecht ERM can transform your program — from reactive to resilient, from siloed to strategic, from slow to agile.

Terence Lee is the vice president of risk, North America, for Protecht Group. He joined Protecht in 2022 to facilitate the company’s growth in North America, bringing extensive experience in governance, risk, compliance, and incident management. Terry is a recognized expert and speaker in ERM, vendor risk, business continuity, regulatory change management, and resilience. Connect with him on Linkedin.

The post Risk In Motion: Why Your Risk Program Needs To Move Faster appeared first on CreditUnions.com.

]]>
Compliance Without Compromise https://creditunions.com/features/perspectives/compliance-without-compromise/ Mon, 05 May 2025 04:00:56 +0000 https://creditunions.com/?p=107190 Leveraging cutting-edge technology, like AI automation and intelligent document processing, can streamline portfolio protection, minimize disruptions, and ensure accuracy.

The post Compliance Without Compromise appeared first on CreditUnions.com.

]]>
Balancing risk management and regulatory compliance while maintaining strong member relationships is a significant challenge for credit unions. This article explores how credit unions can navigate these complexities by focusing on innovative technology, transparency, and reliability in their portfolio protection strategies.

Ensuring CPI Compliance

Compliance should be fundamental to any portfolio protection solution. Credit unions face increasing challenges, including economic uncertainty and regulatory scrutiny, making a comprehensive and proactive approach essential. At State National, compliance isn’t just a priority, it’s built into everything we do.

Key Elements Of Compliance

  • Regulatory Expertise — Staying current with federal and state mandates is crucial. At State National, our skilled team actively monitors federal and state-level mandates to ensure your program remains compliant.
  • Proactive Adherence — Managing regulatory filings and staying ahead of changes from bodies like the NCUA and CFPB is vital. State National’s dedicated Compliance Department manages more than 50,000 regulatory filings annually, helping you stay ahead of federal and state mandates, including guidance on NCUA, CFPB, and other key industry regulations.
  • Comprehensive Audits — Meticulous audits and legal reviews ensure your credit union is prepared not just for current regulations but also for future challenges.
  • Proven Reliability — With 30+ consecutive years of an AM Best ‘A’ Rating, achieved the very first year we were eligible, State National has demonstrated exceptional financial strength and dependability. This provides confidence in a portfolio protection program.
  • Future-Forward Research — We actively collaborate with industry organizations and regulatory bodies to anticipate and adapt to upcoming compliance changes, ensuring your credit union is always ahead of the curve.

Comprehensive Risk Management

Effective risk management is essential for protecting credit unions and ensuring compliance. State National’s industry-best risk management services go above and beyond to protect your credit union, ensuring compliance every step of the way. This includes rigorous measures like audit trails and prevention-focused processes to safeguard against potential issues.

  • Accurate, prevention-first approach.
  • Focused portfolio protection expertise with decades of specialized experience.
  • Complete audit trails for ongoing compliance.
  • Reduced member friction with proactive solutions.

When you work with a dedicated provider, you gain more than just a portfolio protection service; you gain a partner whose focus is safeguarding your credit union’s long-term success.

Technology And Innovation

Staying compliant in a rapidly changing financial environment requires advanced tools and forward-thinking innovation. Solutions should integrate tools that enhance efficiency and control. At State National, we integrate advanced technology into every facet of portfolio protection, designed to simplify compliance while improving efficiency and control.

  • Automation — A proactive approach ensures that the vast majority of insurance updates — about 79% — are handled completely behind the scenes, with no credit union or member involvement. This includes AI-powered processing to extract and update insurance information.
  • Platform Technology — A proprietary platform can streamline insurance tracking and reporting, giving you the tools needed for real-time program oversight, clear audit trails, and automated accuracy to prepare for any internal or external review. This technology should also automate payment changes, adds, and refunds, heightening accuracy, speed, and ease of use for your staff.
  • Intelligent Document Processing (IDP) — Utilizing AI and machine learning can revolutionize the way we process incoming insurance documents, increasing speed and accuracy. State National’s industry-first IDP solution has revolutionized the way we process incoming insurance documents.
  • Proactive Member Communication — Technology should enable time-optimized outbound calls, web searches, automated notifications, customized member videos, and automated chatbot support. These features contribute to fast, effective resolution of member issues, reducing the risk of uninsured members and enhancing transparency.

Client-Centric Support

A strong provider acts as a dedicated partner invested in the credit union’s success. At State National, we’re more than just a vendor. We’re a dedicated partner invested in your success. This involves:

  • Customizable Solutions — Tailoring programs to meet specific needs.
  • Dedicated Support — Providing personalized guidance and responsive assistance.
  • Direct-to-Client Efficiency — Streamlining communication and processes for faster, more accurate results.

Reliability Through Experience

Experience and a commitment to consistent excellence are essential for reliable portfolio protection. State National has built a legacy of reliability, with a commitment to providing consistent excellence. A provider should offer expertise and dedicated support to ensure successful partnerships and safeguard the credit union’s long-term success.

Compliance is a critical investment in the future of your credit union. At State National, we help you face the complexities of today’s regulatory landscape with advanced technology, deep compliance expertise, and an unwavering commitment to transparency. By prioritizing advanced technology, expertise, and transparency, credit unions can navigate the complexities of the regulatory landscape effectively and build a foundation for trust and growth.

At State National, we’re dedicated to being your trusted partner in compliance and transparency. Discover how we can support your credit union’s needs and develop a strategy for long-term success.

As the leading insurance carrier in the United States specializing in CPI, State National offers single-source solutions for credit unions, banks, finance companies, and specialty lenders of all sizes. Our services are cost-effective and tailor-made to safeguard assets against uninsured collateral losses.

The post Compliance Without Compromise appeared first on CreditUnions.com.

]]>
How First Tech Federal Credit Union Transformed Its Risk Culture https://creditunions.com/features/perspectives/how-first-tech-federal-credit-union-transformed-its-risk-culture/ Mon, 11 Nov 2024 05:01:49 +0000 https://creditunions.com/?p=105151 The California cooperative transitioned to a centralized platform where risk assessments and controls are woven into the fabric of everyday processes.

The post How First Tech Federal Credit Union Transformed Its Risk Culture appeared first on CreditUnions.com.

]]>
Known for its pioneering approach in serving technology companies and their savvy employees, First Tech Federal Credit Union ($16.7B, San Jose, CA) found itself grappling with an all-too-common dilemma: It had a fragmented risk management system that had evolved into a complex ecosystem of disconnected systems mired in spreadsheets and outdated processes.

As this leading U.S. credit union faced the complexities of a rapidly evolving business landscape, its growth-oriented leadership knew it was time for a change — a transformative shift toward a unified, streamlined risk management strategy. This realization marked the beginning of a strategic partnership with Protecht Group, which would reshape its approach to enterprise risk management.

The Catalyst For Change

First Tech, with deep roots in the technology sector, understood innovation was not just about adopting new technologies but optimizing processes to harness its full potential. The credit union’s enterprise risk management (ERM) system, burdened by incompatible tools and manual data entries, was ripe for innovation. The system not only hampered efficiency but also heightened the risk of errors. Each spreadsheet represented a potential pitfall in accuracy and compliance.

Selecting Protecht: A Strategic Decision

The search for a solution led First Tech to Protecht ERM. The system is recognized around the world by both users and analysts for robust functionalities that provide a holistic view of risk and compliance. Protecht stood out with its comprehensive tools for managing risk use cases, designed to provide real-time insights and enhance data integrity. The platform’s user-friendly interface and strong vendor support promised to ease the transition for First Tech’s team, ensuring the new system would be embraced across the organization.

Protecht’s proven success in the financial sector gave First Tech the confidence this partnership could meet the complex demands of its operational and compliance requirements. The decision to choose Protecht was not merely about adopting a new system — it was about embracing a partner that could grow and adapt with the credit union’s evolving needs.

From Fragmentation To Integration

With Protecht, First Tech transitioned to a centralized platform where risk assessments and controls are woven into the fabric of everyday processes. This integration significantly reduced reliance on manual spreadsheets, replacing them with a coherent, secure environment that streamlines data collection and analysis.

One of the most significant enhancements was in Risk and Control Self-Assessments (RCSAs).

“With Protecht, we’ve modeled a very detailed step-by-step RCSA that engages business units directly within the tool, ensuring every step is documented and nothing is overlooked,” says Cary Oswald, Senior Director of Enterprise Risk Management at First Tech.

Likewise, Protecht’s issue management features enabled First Tech to track and resolve issues more efficiently.

“Findings and actions are one of my favorite modules,” Oswald says. “I like how Protecht manages findings and links actions to it. In the previous system, people were accessing and muckraking in the findings all the time. I like the way Protecht thinks about it, a finding is created and closed. All of the actions to fix the finding are done at the action level. That intuitively makes sense to me. That’s like the Holy Grail.”

Cultivating A Proactive Risk Culture

Implementation of Protecht ERM fostered a new risk culture at First Tech, transforming risk management from a back-office function to a front-line necessity. The Protecht platform didn’t just change how risks were assessed — it changed how people felt about their roles in risk management. Employees at all levels became engaged with the process, understanding their part in the bigger picture of the credit union’s health and success. The customizable dashboards and reporting tools provided by Protecht offered a panoramic view of the risk landscape. This enabled quick and informed decision-making that was previously bogged down by manual processes.

First Tech is reinforcing its technology investments with Protecht ERM through Protecht Academy, featuring comprehensive training designed to reinforce risk knowledge that empowers staff to become effective and engaged managers of risk. The credit union’s control owners are now participating in a Protecht Academy eLearning module on best practices for controls assurance.

A Strategic Partnership For The Future

The relationship between First Tech and Protecht has blossomed into a strategic alliance, with ongoing support and regular updates that ensure the system continuously meets the credit union’s needs. This partnership has not only improved operational efficiencies and compliance but also fostered a stronger, more proactive risk culture across the organization.

First Tech Federal Credit Union’s journey with Protecht ERM illustrates the transformative impact of ERM digitalization. This partnership has enabled First Tech to not only navigate the complexities of day-to-day risk management but also pave the way for risk-informed growth and innovation. For credit unions seeking to better leverage enterprise risk management, First Tech’s story with Protecht stands as a testament to the power of strategic partnership and technological advancement in the quest for greater efficiency, accuracy, and resilience.

 

 

For more than 20 years, Protecht has been redefining the way businesses think about risk. Our enterprise risk management platform, Protecht ERM, empowers organizations worldwide to take smarter risks and drive sustainable success. Learn more at protechtgroup.com.

The post How First Tech Federal Credit Union Transformed Its Risk Culture appeared first on CreditUnions.com.

]]>
Macroeconomic Indicators To Watch In 2024 https://creditunions.com/blogs/industry-insights/macroeconomic-indicators-to-watch-in-2024/ Mon, 17 Jun 2024 04:00:48 +0000 https://creditunions.com/?p=103528 Six data points showcase what's happening in the larger economy that could direct credit union decision-making for the rest of the year.

The post Macroeconomic Indicators To Watch In 2024 appeared first on CreditUnions.com.

]]>

Automate Your KPI And Peer Comparative Performance. The NCUAhas dropped first quarter data. Wouldn’t it be nice to have your KPIs and comparative performance results sent directly to your inbox? Let Callahan’s advisors show you how Peer Suite can help you stay on top of your game and give you back hours of your time. Learn More Today.

The post Macroeconomic Indicators To Watch In 2024 appeared first on CreditUnions.com.

]]>
The Importance Of Conducting Tabletop Exercises https://creditunions.com/features/perspectives/the-importance-of-conducting-tabletop-exercises/ Mon, 10 Jun 2024 04:00:51 +0000 https://creditunions.com/?p=103460 This practical evaluation tool is a simple, easy way to ensure your credit union is prepared for a continuity event.

The post The Importance Of Conducting Tabletop Exercises appeared first on CreditUnions.com.

]]>
Being prepared for a continuity event involves more than just having a plan in place and distributing it to the team. Your credit union should run periodic tabletop exercises, where credit union executives and other team members review how the credit union would respond in the event of a cyber-attack, natural disaster, terrorist attack, or other continuity event.

As hurricane season begins, it is especially important to have a tested plan in place, as hurricanes often only provide a few days of preparation and can shift to new paths at the last minute. In this blog, we’ll discuss what a tabletop exercise is, and why your credit union should conduct them.

What Is A Tabletop Exercise?

A tabletop exercise serves as a practical evaluation tool to assess a group’s preparedness in responding to various hypothetical scenarios, such as fires, major weather events, pandemics, or cyber incidents. Facilitated by an organizer, participants simulate their reactions based on their established business continuity plans, discussing the necessary steps as if the crisis were unfolding.

The participation of executives is crucial, with representation from all functional areas of the credit union. The facilitator may introduce additional challenges and test decisions against existing response procedures, ensuring a focus on adherence to the established plans. This approach minimizes the risk of straying from the planned response and proves invaluable in a credit union’s business continuity program (BCP).

If your credit union regularly experiences hurricanes, you might think your response plan doesn’t need further review or testing; however, as storms continue to strengthen and each season brings a new historic storm and level of damage, it is important to continue to assess your credit union’s readiness. Hurricane season may only last six months, but the effects of a single storm can take years for a community to recover from.

Why Are Tabletop Exercises Important?

As the quote “By failing to prepare, you are preparing to fail” implies, inadequate preparation sets the stage for failure, while thorough preparation leads to success. Tabletop exercises embody this principle by fostering collaboration among staff while rehearsing their response plans. Regularly conducting these exercises enhances a credit union’s readiness for the inevitable occurrence of an actual crisis.

For credit unions in areas regularly affected by hurricanes, it has the added benefit of ensuring your staff is prepared to take care of themselves in the event of a storm. Remind staff they should always have bottled water, batteries, shelf-stable food, and flashlights on hand during hurricane season. Members would also benefit from reminders to keep these supplies on hand.

However, merely enacting a disaster scenario is just one facet of the exercise. Debriefing, considered a best practice, allows participants to reflect on the lessons learned during the tabletop exercise. The true value of these exercises lies in identifying weak areas or missing steps — known as gaps — within incident response plans.

If your credit union’s hurricane plan does not have contingency for structural damage to a branch or a plan for allowing employees to work from home in the immediate aftermath, those gaps should be documented during the exercise and transformed into actionable steps for plan enhancement. Each identified, addressed, and rectified gap contributes to the overall strength of response plans and the BCP.

How Often Should My Credit Union Conduct A Tabletop Exercise?

How often your credit union conducts these exercises will depend on its unique needs. If you have had continuity events in the past that your credit union has managed well, you might want to pursue only a once or twice a year approach, focusing on those events your credit union has not yet experienced or on ways to improve on plans you have had to use.

If your credit union is smaller or younger and is just building continuity plans, you might benefit from a quarterly schedule. This will allow your credit union to begin practicing your responses and prepare for any potential threats headed your way.

If your credit union regularly experiences hurricanes, it might be beneficial to conduct an exercise at the start of hurricane season. Sending a reminder of the plan to staff, at the very least, can ensure all staff are prepared to respond to a potential storm.

In the end, how often your credit union conducts tabletop exercises will depend on its situation and needs. Be aware of your environment. If you are in an area prone to natural disasters — such as the Florida coast with its hurricanes or California with the potential for wildfires — make sure your credit union is aware of and ready for those potential events.

Tabletop exercises are simple, easy ways to make sure your credit union is prepared for a continuity event. For more information on how Trellance can help your credit union with its business continuity needs, please contact us.

The post The Importance Of Conducting Tabletop Exercises appeared first on CreditUnions.com.

]]>
Everyone’s A Risk Manager At Logix FCU https://creditunions.com/features/everyones-a-risk-manager-at-logix-fcu/ Mon, 08 Apr 2024 04:00:49 +0000 https://creditunions.com/?p=102767 For the past decade, the credit union’s head risk leader has been evangelizing the idea that everyone must be a risk manager to ensure the credit union stays on top of risk profile changes.

The post Everyone’s A Risk Manager At Logix FCU appeared first on CreditUnions.com.

]]>
Daniel Tschopp, CPA & SVP of ERM, Logix FCU

Identifying, measuring, and managing risk effectively is a growing area of focus for credit unions nationwide. Enterprise risk management has been making headlines for years, but last spring’s banking crisis coupled with growing cybersecurity and other concerns are keeping leaders up at night now.

Here, Daniel Tschopp, CPA and senior vice president of enterprise risk management for Logix Federal Credit Union ($9.6B, Valencia, CA), shares his cooperative’s decentralized approach to risk management.

Talk about your role at Logix.

Daniel Tschopp: I started with Logix about a decade ago and began building a risk management practice. Enterprise risk management is a strategic way of looking at various risk categories, and as we built out our ERM framework, I began evangelizing the idea that everyone is a risk manager. If you see something, you need to say something to ensure we’re aware of risk profile changes across the organization.

What other elements are needed for effective risk management?

DT: Other key building blocks include specifying your credit union’s risk appetite, assembling risk management committees, creating dashboards, and conducting regular risk assessments to identify changes in your posture or risk profile. Overall, it took about five years to put that kind of risk management practice in place at Logix.

CU QUICK FACTS

LOGIX FCU
DATA AS OF 12.31.23

HQ: Valencia, CA
ASSETS: $9.6B
MEMBERS: 247,367
BRANCHES: 18
EMPLOYEES:832
NET WORTH: 13.8%
ROA: 0.43%

How has Logix’s risk management evolved?

DT: At first, it was me, myself, and I focusing on risk management, which is typical for many credit unions. There aren’t always resources available, so ERM often becomes a side job for an existing leader. Areas that are most likely already mitigating risks, such as the fraud department, collections, business continuity, or internal audit departments, are tasked with overall risk management. It’s a balancing act for those leading a division to try to build something across the organization to manage risk. Once you hit a certain level of maturity and complexity, leaders typically begin asking for more resources.

For me, that happened about two years ago, when I added two specialists and began looking at the next phase of building a risk management program. That’s the operational risk management (ORM) piece, which translates risks into controls that can directly help mitigate and measure residual risk in dollar values. My team runs both ERM and ORM concurrently, and we’ve pushed accountability down into business units by repeatedly preaching the gospel that risk management is everyone’s job.

What steps did Logix take to spread risk management across the organization?

DT: We created risk management liaisons, so each business unit has a single person who acts as the point person for everything risk related. That includes helping update risk assessments, identifying potential issues, and generally advocating for risk management as the voice of risk in their area. These liaisons are vital and have really spread the duty of thinking about risk into the larger organization.

Can you provide a specific example of how this model works?

DT: Yes. AI, for example, is on everyone’s minds. It could easily be just me or my staff asking the entire organization what risks it might pose, but that’s not efficient. When an integrated risk management framework combines ERM and ORM, you can quickly identify where AI might have an impact. Specifically, you’ll be able to see where it’s already in use and where it might be beneficial or detrimental and then connect the departments that are already using AI with those exploring future use to discuss use cases and best practices.

Did you encounter any roadblocks in convincing others to prioritize risk management?

DT: Of course. We’re a relatively large credit union with almost 900 employees. Turnover can be a big issue, especially after you’ve built relationships and alliances. It takes time to get back to that same level of understanding with a new team member who hasn’t been exposed to the level of risk management preaching as their predecessor. Ultimately, you need all your peers and executive colleagues spreading the same gospel that risk management is everyone’s job. This area is so big that if I try to do it all by myself, I will fail. Fortunately, the tone coming from the very top, our CEO, is very helpful. She spreads the same message that everyone is a risk manager.

How do you maintain communication with your risk management liaisons?

DT: We have biweekly meetings to touch base with our approximately 45 risk management liaisons. In those meetings, we discuss recent changes and ask if there are any developments that stand out. If there are none, we typically share a recent risk scenario and use that as a training opportunity. For example, last week we discussed credit risk and had an underwriting guest speaker share their risk mitigation strategies and how they might have to adjust to address the latest changes.

Quarterly, we have a formal risk management training for our liaisons. This is a refresher for some and a great opportunity for new liaisons to learn what we expect from them as risk ambassadors. The liaisons themselves are typically at the management level, so they have time to focus on risk but are still in tune with the details about what’s going on in the market and with their staff. They understand how processes work and can help us pinpoint any pitfalls.

How do you communicate with senior executives?

DT: For executives, reporting is important, and finding something that is concise but still deep enough to provide relevant information can be challenging. We haven’t found a silver bullet yet but are close. We provide quarterly reporting and recently shifted from meeting quarterly to meeting monthly to take a deeper dive into one risk category on a rotational basis.

Previously, these 45-minute monthly meetings were with senior managers only, but now that we’re approaching $10 billion in assets, we’ve expanded them and created a separate ERM committee that includes board participation.

Reporting is important, but it shouldn’t be a distraction from the discussion about actual current issues. You can have all the dashboards in the world, but at the end of the day the conversations regarding what leads up to the reporting — which might be lagging the market — and the solutions being evaluated or implemented are critical. It takes time for processes to have an effect, so we must be in tune with what’s going on within each risk area and speak regularly with risk owners.

We’ve also done risk huddles where we focus on what keeps each executive up at night. These can be very effective. From them, we defined three current and emerging risks and formalized ongoing monitoring that will help us manage them.

Lastly, sometimes there are really pressing issues, such as dealing with charge-offs, that require a task force to be assembled. This kind of interdisciplinary team complements our risk management approach and happens separately from our regular risk management framework and communications.

Do you have any parting words of wisdom or advice for others?

DT: Don’t lose faith or patience. Making everyone a risk manager is not going to be an overnight process. Networking with larger credit unions that have a more mature risk management framework and have already received validation through examination feedback can be helpful as you look ahead.

There’s no one-size-fits-all tool for managing risk. Vendors often promise the world, so it’s important to know what you need and want in advance. We have a multitude of tools we use, including some built in-house, and each has its own strength.

This interview has been edited and condensed.

Evaluate Strategies And Collaborate With Industry Peers

Callahan Roundtables offer C-suite executives the chance to collaborate with like-minded leaders on upcoming strategies, discuss roadblocks and lessons learned, and connect on industry hot topics. Ready to empower the leaders of your organization? LEARN MORE

Ampersand

The post Everyone’s A Risk Manager At Logix FCU appeared first on CreditUnions.com.

]]>
ValleyStar Credit Union Taps Student Talent https://creditunions.com/features/valleystar-credit-union-taps-student-talent/ Mon, 12 Jun 2023 04:01:07 +0000 https://creditunions.com/?p=99191 A collaboration between the credit union and Virginia Tech is benefitting the credit union while also providing master’s degree candidates real-world business experience.

The post ValleyStar Credit Union Taps Student Talent appeared first on CreditUnions.com.

]]>
ValleyStar Credit Union ($679.5M, Martinsville, VA) was sold from the start on a mutually beneficial partnership with the Center for Business Analytics at Virginia Tech’s Pamplin College of Business.

With Virginia Tech’s campus less than two hours away from the credit union’s headquarters, working with graduate students pursuing their Master of Science in Business Administration — Business Analytics was an easy sell.

CU QUICK FACTS

ValleyStar Credit Union
DATA AS OF 03.31.23

HQ: Martinsville, VA
ASSETS: $679.5M
MEMBERS: 45,277
BRANCHES: 6
EMPLOYEES: 119
NET WORTH RATIO: 9.8%
ROA: 0.50%

“I was fortunate to meet the leadership team of ValleyStar last year,” says Jay Winkeler, executive director at the Center for Business Analytics at Virginia Tech. “Our master’s program in business analytics and the capstone project focuses on applying analytical techniques to understand the challenges and problems credit unions and other organizations may be facing.”

Soon after that introduction, representatives from Virginia Tech and ValleyStar began exchanging thoughts on a definition statement. Once the group developed a tight enough scope to serve the credit union’s needs and provide practical experience for the master’s students, Winkeler matched ValleyStar with the right team.

The credit union’s four-person team includes a finance major graduate, a person with business information technology expertise, an individual with an engineering background, and a marketing/communications professional.

“We bring together a team that includes skills in the organization’s core business area but also new viewpoints,” Winkeler says. “Then, we turn the work over to the team, similar to a consulting project.”

Robert Sparrow, SVP & Chief Risk Officer, ValleyStar Credit Union

ValleyStar’s “consulting” team of master’s students officially started their capstone project at the end of September 2022 and will wrap it up in June 2023.

“We’re looking for efficiency within our enterprise risk management process,” says Robert Sparrow, senior vice president and chief risk officer at ValleyStar. “For this project, we narrowed that focus to a few key risk areas such as interest rate risk and lending risk.”

Although the capstone project hasn’t concluded yet, ValleyStar has already benefited from the perspectives these four master’s students are bringing to the table. The team started by learning more about the credit union industry and how ValleyStar performs in relation to its peers. That work included analyzing financial data using Callahan’s Peer to Peer software.

Peer helped us onboard the team from Virginia Tech and allowed them to get up to speed quickly on what credit unions do and how they create value for members.

Robert Sparrow, SVP & Chief Risk Officer, ValleyStar Credit Union

“Peer helped us onboard the team from Virginia Tech and allowed them to get up to speed quickly on what credit unions do and how they create value for members,” Sparrow says. “And while we don’t have the final presentation yet, they’ve already uncovered new opportunities to enhance efficiency in our ERM process.”

That jump-start into what cooperatives are all about was essential. The students commit a significant amount of time to their capstone project, and like in the consulting world, they needed to deeply understand their client and the market.

Jay Winkeler, Executive Director, Center for Business Analytics, Virginia Tech

“Although it can vary, we estimate students spend five to 10 hours per week on meetings, research, and getting up to speed in the fall semester,” Winkeler says. “In the spring that ramps up to 10 to 15 hours per week. And in the last two weeks of the year, preparing for the final presentation becomes an all-day, everyday commitment.”

ValleyStar has already committed to continuing its partnership with Virginia Tech next year. That partnership includes paying a fee to the Center for Business Analytics to cover the delivery of the work product back to the credit union. Next year, the credit union likely will focus on a different area outside of ERM; conversations regarding the exact scope will occur this summer.

According to Sparrow, the ability of ValleyStar to tap into these resources is invaluable. The master’s students represent a highly in-demand talent pool with skillsets that many institutions can’t typically access.

“They’ve brought new tools and different perspectives to our team,” Sparrow says. “Having access to those types of insights from an institution like Virginia Tech is a wonderful experience.”

What’s Happening In Your Market?

Callahan’s Peer software offers endless opportunities to pull custom research and comparative performance benchmarking to make strategic, member-driven decisions for your institution. Let us show you how it works with a free custom scorecard with metrics and peer groups of your choosing.
Claim Your Custom Scorecard Today
Ampersand

The post ValleyStar Credit Union Taps Student Talent appeared first on CreditUnions.com.

]]>
5 Lessons For Credit Unions From Silicon Valley Bank’s Collapse https://creditunions.com/blogs/industry-insights/5-lessons-for-credit-unions-from-silicon-valley-banks-collapse/ Wed, 15 Mar 2023 04:00:25 +0000 https://creditunions.com/?p=97971 The crisis is still unfolding, but the latest high-profile bank failure has plenty of takeaways for credit unions around asset management, net worth, communication, and more.

The post 5 Lessons For Credit Unions From Silicon Valley Bank’s Collapse appeared first on CreditUnions.com.

]]>
The story is still unfolding, but the failure of Silicon Valley Bank (SVB) appears to have resulted from a combination of bad governance, fundamental financial mismanagement, and regulatory failures, too! Having been in the credit union world for nearly five decades, this kind of sounds familiar – think the S&L crisis of the 1980s or the banking crisis that led to the “Great Recession.” From a credit union perspective, look back at all of the claims paid by the National Credit Union Share Insurance Fund for failed credit unions. The common denominator is almost always governance failures combined with financial mismanagement and often significant fraud committed by insiders.

The challenging financial conditions faced by credit unions today present a heightened level of risk that all those charged with governance should carefully consider to ensure that appropriate risk-mitigation measures are in place. Here are five issues related to the SVB failure that should be noted and addressed if appropriate at your credit union.

1) Regulatory Net Worth Vs. An Expanded Net Worth Ratio

As has been widely publicized, prior to its failure, SVB had massive amounts of unrealized losses on its “held to maturity (HTM)” investment portfolio. Such unrealized losses are not charged to earnings (or retained earnings) as long as the institution has the intent and ability to hold those securities until maturity. The drop in value of such securities is simply disclosed on the institution’s financial statements.

At December 31, 2022, SVB disclosed approximately $15 billion in unrealized losses on its HTM portfolio, compared to net worth of approximately $16 billion. In other words, had SVB been forced to write down these unrealized losses or at least account for them in an alternative manner, there would virtually be no equity left in the institution. Further, SVB had unrealized losses of approximately $2.5 billion on its “available for sale (AFS)” investment portfolio. Of this amount, $1.4 billion had been in an unrealized loss position for more than 12 months.

An expanded analysis of net worth (and the related liquidity management impacts) incorporating both the unrealized losses on HTM and AFS securities should have sounded the alarms. How could this have been missed by an experienced management team, by those directors who were charged with governance, by the regulators and even by the auditors – not to mention sophisticated investors who had both deposits in the bank as well as stock ownership?

Another critical question is whether SVB truly had the ability to hold these HTM securities until maturity, especially considering the continued drop in value that began to develop as a result of increasing interest rates in early 2022. This should have prompted SVB to take evasive action to grow earnings and build equity to better manage this extremely risky financial structure. Continuing business as usual should never have been an option. And perhaps the post-mortem analysis will indicate that actual losses on these securities should have been recorded and, therefore, charged to net worth despite the “intent” to hold to maturity. Ironically, the 2022 audit report by KPMG was released on February 24, just two weeks short of the FDIC takeover. Stay tuned on this.

For credit unions, the regulatory net worth ratio excludes the unrealized losses on the AFS portfolio even though those losses have been recorded on the balance sheet. Why is this critical? From a financial structure standpoint, net worth should represent the excess of the book value of assets minus liabilities. All credit unions combined reported a total decline in fair value of their AFS portfolio of approximately 200bp of assets as of December 31, 2022. If this were reflected in the net worth ratio, the average credit union would have reported net worth of 8.9% rather than 10.75%, a difference of 1.85%. And as of year-end 2022, there are roughly 350 credit unions with net worth ratios under 6% (the amount required to be considered adequately capitalized) if these unrealized losses on AFS securities are included in the calculation.

Credit Union Lessons

  • Is consideration given to both the regulatory amount of net worth and an expanded definition of net worth? Since the beginning of 2022, unrealized investment losses for all credit unions combined have reduced net worth by nearly 185bp. For many credit unions, unrealized losses have reduced their true net worth to dangerously low levels. It is critical that those charged with governance understand the difference between these two ratios and implement risk-management procedures to deal with the unfortunate results of investment losses that have developed in this very unusual interest rate cycle.
  • Does your credit union have the ability to hold all AFS and HTM securities to maturity? Or should an impairment loss be recognized based on deteriorating liquidity levels?
  •  SVB’s failure has resulted in a period of extreme anxiety for many consumers. Has your credit union developed a communication plan to clearly articulate the differences between SVB and your credit union’s financial strengths? Doing so could provide a measure of comfort right now.

2) Some Basic Asset/Liability Management (ALM) Issues

It appears SVB grew the liability side of the institution with short-term instruments and invested the proceeds in long-term Treasury and agency securities. Sound familiar? This created a classic mismatch of maturities, with a deadly impact in a rising-rate environment. So as customers began withdrawing their deposit balances late last week, the bank had no significant sources of liquidity and therefore had to start selling HTM investments, thereby turning unrealized losses into realized losses. The realized losses resulted in inadequate levels of regulatory net worth, which led to the FDIC takeover. But as noted above, the true net worth of the organization was already seriously impaired as a result in the decline in investment valuations, but not measured as part of regulatory net worth.

Many credit unions find themselves in exactly the same situation. The result has been massive amounts of borrowing to avoid having to sell the underwater investment securities. Further complicating the process has been the rapid rise in dividend costs, as credit unions have had to aggressively promote share certificates to retain and attract share balances.

Credit Union Lessons

  • Is your credit union’s investment portfolio well diversified, both in terms of investment types as well as investment maturities? The lack of credit risk in the portfolio is not the measure by which interest rate risk should be assessed.
  • Does your credit union have guidelines in place that would deter or prevent the buildup of massive amounts of investments that would have negative impacts in a changing rate environment?
  • Has the credit union considered derivatives to help control or mitigate interest rate risk? It is now being reported that SVB actually had interest rate hedges in effect in 2022, but those hedges had expired and were not renewed. Is this further financial mismanagement?
  • Does your credit union have adequate borrowing agreements in place, and have these agreements been recently reviewed for compliance? Has your credit union recently executed a draw on an existing line of credit to test the operational readiness of the line?

3) Deposit Retention And Growth

One important element of maintaining adequate liquidity is to ensure a vibrant and compelling product menu, especially on the deposit side of the balance sheet in this current economic cycle. I’ve noted the following weaknesses in many credit unions, which can have a very negative impact on liquidity:

  • Lack of competitively priced share products. Does your credit union have competitive rates on deposits at various maturity stages?
  • IRA products lacking competitive pricing. Are your IRA products competitively priced?
  • Large numbers and amounts of uninsured shares. Has your credit union identified members with relatively large deposit balances (say, over $100,000) and ensured those members have competitively priced products so as to alleviate the need for withdrawal to another institution?
  • Failure to proactively approach members with maturing CDs. Does your credit union actively reach out to members with upcoming CD maturities for the purpose of promoting competitively priced products and perhaps offering an early withdrawal without penalty if the proceeds are immediately rolled over to a new CD?
  • Failure to provide MSRs with authority to match rates. Do your MSRs have the OK to match other institutions’ rates in order to avoid a potential withdrawal?

4) Curtailing Loan Growth

With tightening liquidity on the horizon, additional borrowings and/or deposit growth might result in impaired levels of net worth. Although probably a last resort, consideration should be given to slowing loan growth for the purpose of building liquidity.

With the economy expected to move toward a recession in the near future, slowing loan growth may have positive impacts on loan quality and earnings.

Mike Sacher, credit union consultant

5) A Word About Regulators

As with past cycles of financial institution failure, the blame extends to regulators as well as those charged with governance of the various institutions. The regulators are too often silent during the early phase of the crisis, and then go into overreaction mode once the crisis unfolds. To put this into the context of a doctor/patient relationship, this seems analogous to a patient gaining way too much weight over an extended period, then suffering a serious heart attack and being told to not only lose weight, but to have gastric bypass surgery on an emergency basis.

Credit unions have been gaining way too much weight, so to speak, over the past 15 months. It shouldn’t have taken a doctor to point this out. But when the doctor finally made the house call (in the form of regulator exams and call report submissions), the scale didn’t measure total weight or body fat. The scale measured regulatory net worth! GAAP-based net worth ratios combined with impounding the impact of losses on HTM securities into the net worth ratio have become increasingly impaired at many credit unions, just as they did at SVB. But the regulators have continued to focus on regulatory-based net worth rather than giving equal weight to expanded net worth calculations.

Don’t wait for the regulators to tell you to lose weight! Get the proper scales in place to measure your financial fitness and be proactive in getting back in shape.

About Mike Sacher

Mike Sacher has been serving credit unions for over 40 years. He is a retired partner of RSM/McGladrey and O’Rourke Sacher & Moulton, and the former EVP/CFO of Xceed Financial Federal Credit Union. Mike continues to provide consulting services to credit unions.

The post 5 Lessons For Credit Unions From Silicon Valley Bank’s Collapse appeared first on CreditUnions.com.

]]>