Leave No Risk Unchecked

Globalization and electronic fraud heighten risks for CUs.

April 21, 2011
KEYWORDS insurance , risk , security
/ PRINT / ShareShare / Text Size +

Privacy liability coverage

One way to guard against security breaches is with information security and privacy liability coverage, which defends credit unions from financial loss, penalties, and defense costs, says Nick Grant, CEO of SWBC’s property and casualty division.

He says common causes of this type of loss include lost or stolen portable computers, computer hacking, employee misuse, improper disposal of paper documents or computer equipment, and vendor negligence. “Not only can these situations wreak havoc on your ability to keep data safe and secure, it can be expensive to restore security and consumer confidence afterwards.”

SWBC’s information security and privacy liability coverage offers:

  • Electronic media liability, which covers the display of content on a credit union’s website;
  • Financial damages arising from unauthorized disclosure or general corruption of personal data;
  • Defense costs and damages for regulatory agency investigations or requests associated with control and use of personally identifiable information; and
  • Coverage for regulatory penalties.

Common mistakes

Mundine says credit unions make four common mistakes when trying to mitigate risks:

1. Assuming an insurance policy covers all losses. Credit unions should know what a policy does and doesn’t cover.

2. Assuming third-party vendors take on all risk. Outsourcing certain functions doesn’t transfer all risk to the third party.

Also, it’s important to conduct proper due diligence on vendors.

3. Being complacent. Don’t adopt the attitude of, “it can’t happen to us.” Globalization and remote threats can circumvent security even at small, tight-knit organizations.

4. Not knowing where fraud is likely to come from and what patterns to look for.

The most common culprits for internal fraud, Slagel says, are collections staff, tellers, and loan officers. Even tellers can abscond with a surprising amount of cash.

“One credit union with a small staff couldn’t segregate functions,” Touhey recalls. “The head teller, who was in charge of verifying money amounts, buying and selling cash, and making ledger entries, had full control over the credit union’s money. As a result, over a three-year period she walked out with $1 million.”

He says the greatest internal control over employee theft is one most credit unions no longer use: the compulsory two-week vacation.

“That two-week period allows the credit union to detect anomalies the vacationing employee would otherwise cover up,” says Touhey. “If a fraudster knows he can be detected during his vacation, the two-week requirement is a huge deterrent.”

Next: CPI rounds out protection

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory ( will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive