THE NAFCU tells Credit Unions exactly where to focus risk management?

The NAFCU’s compliance team recently confirmed the seven risk categories that they consider in their examinations. These risks are:

Credit Risk
Interest Rate Risk
Liquidity Risk
Transaction Risk
Strategic Risk
Reputation Risk
Compliance Risk

Obviously, these are not all inclusive and examiners will review any risks that are pertinent at the time. But these risks do give us a solid understanding of the basis of an examination. While these risks are not new to management each presents a unique standalone risk as well as an integrated impact to an organization. We could discuss each risk individually but it makes more sense to us to look at risk management holistically. With that in mind, let us suggest a couple of approaches that helps leadership manage and address these risks regardless of how we might define each one and regardless of whether or not they are managed individually.

Integrated Risk Management: ERM is a proven approach to managing risks. Each risk is considered either a driver or a contributor to other risks. As such, ERM approaches to risk management will provide the most useful and comprehensive path to successful risk management. An ERME committee, or even a senior management risk committee presents a great forum for serious risk discussion. This also may mean that rather than having a sole risk manager the organization may manage risk as a unified management team. COSO provides value in understanding the ERM principles that easily apply to Credit Unions.

Combined Assurance: managing risks under the ERM umbrella is commonplace but combined assurance is not. Most Credit Unions have compliance testing, quality assurance or self-assessments and internal and external audit providing assurance services. Bringing these assurance teams together in their strategy, approach and reporting can only benefit management and shareholder. And yes, Internal Audit is an independent third line of control, but that does not mean that they, compliance and other second lines of defense controls cannot work together and shareholders with a combined look at the control environment.

Technology Solutions: trying to manage ERM and combined assurance manually proves difficult. That is why technology solutions, like GRC software, that supports individual risk review and integrated reporting enhances risk coverage and makes risk management cost effective.

ZHORSE provides excellent risk management consulting and technology solutions for Credit Unions. Please reach out with any questions and check out our webpage at ZHORSE.Net.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Governance

Risk

Compliance

Governance

Risk

Compliance

New Jersey