Adopt the Proper Risk Management Approach

NCUA instructs CUs to employ a comprehensive program, which might include ERM.

January 10, 2014
KEYWORDS ERM , ncua , risk
/ PRINT / ShareShare / Text Size +


In November, NCUA issued a Supervisory Letter as part of Letter to Credit Unions No. 13-CU-12. The letter clarifies the agency’s expectations regarding natural-person credit union risk management systems.

NCUA points out that enterprise risk management (ERM) might benefit larger, more complex credit unions and that examiners should make sure credit unions employ a comprehensive risk management approach. This might or might not include a formal ERM program, NCUA says.

CU Directors NewsletterBut it’s likely the letter created more questions than it answered. The overall question the letter raised: What’s the difference between our industry’s traditional approach to risk management and ERM?

To better understand ERM, compare the different approaches and responsibilities.

Risk management vs. ERM

Traditional risk management encompasses only hazard and transactional (operational) risk exposures. There’s no upside or positive outcome for these risks, other than the status quo. ERM includes all risks your credit union faces, regardless of their source or potential outcome.

With ERM, you consider the upside of risk, such as the possibility your credit union will outperform your strategic goals. ERM also removes the NCUA’s key risk indicators (credit risk, interest-rate risk, liquidity risk, transactional risk, compliance risk, strategic risk, and reputational risk) from individual silos, and addresses all risks as part of your credit union’s overall strategy.

The ERM process optimizes risk taking in relationship with strategic goals, while traditional risk management simply aims to prevent or reduce losses.

For example, ERM would include an assessment of competitive challenges, such as plans by competitors to build new branches within your local market. It would also examine the potential impact of a significant reputational hit, such as a highly publicized data breach or a top executive being prosecuted for embezzlement.

NCUA acknowledges that most credit unions don’t have the means for expensive ERM software and other tools used to consolidate and assess this broad swath of information. But a basic understanding of how to transcend individual operational risk assessment can improve your credit union’s value.

Risk manager vs. enterprise risk manager

In traditional risk management, the responsibility for managing all of a credit union’s operational risk belongs to one department or one individual. This person or department owns all operational risk.

In ERM, the enterprise risk manager (often referred to as the chief risk officer) acts as a facilitator and educator about the ERM process.

This person serves as a coach to all the risk owners in the credit union. In ERM, all employees are risk managers. They manage the risk for functions within their responsibility. The person closest to the risk is best positioned to evaluate and manage it. Each function has a risk owner who reports to the enterprise risk manager.

ERM allows information to flow throughout your credit union, avoiding information silos that prevent critical information from reaching key people.

The “enterprise” in ERM includes all employees, management, board of directors, committees, members, the community, and regulators. The more your employees know about the risks your credit union faces, the more they can participate in finding and executing solutions, and in capitalizing on opportunities.

JOETTE COLLETTS is a senior manager in risk management for CUNA Mutual Group.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive