The Federal Credit Union March-April 2014 - (Page 44)

COMPLIANCE CENTRAL Risk Management: Takeaways From NCUA's Supervisory Guidance on Enterprise Risk Management By Bernadette Clair I n November 2013, NCUA released Letter to Credit Unions 13-CU-12, regarding supervisory guidance the agency provided to examiners on enterprise risk management (ERM). The guidance, contained in Supervisory Letter No. 13-12, provides insight into how NCUA views ERM as well as the agency's supervisory expectations for credit unions' risk management systems. Unlike corporate credit unions, which are required to establish a formal ERM policy pursuant to Part 704.21 of NCUA Rules and Regulations, natural person credit unions ("credit unions") are not required to implement a formal ERM framework. However, credit unions are expected to implement sound risk management processes tailored to their individual business model and risk tolerance. NCUA's Supervisory Expectations for Credit Union Risk Management Risk management is critical to sound corporate governance, and examiners are tasked with evaluating the overall effectiveness of a credit union's risk management program. Examiners are expected to assess a credit union's risks and level of exposures, both financial and nonfinancial, to determine whether exposures are reasonable in relation to operational controls, decision support systems, policies, procedures, internal controls and capital. Risks are evaluated individually and collectively, and then measured in relation to capital adequacy, asset quality, management, earnings and liquidity/asset liability management (CAMEL), and seven risk factors - credit risk, interest 44 rate risk, liquidity risk, transaction risk, compliance risk, strategic risk and reputation risk. NCUA refers to this process as the "total analysis process." When evaluating a credit union's risk management processes, examiners are expected to consider the following factors in all cases: employs a comprehensive risk management approach, which may or may not include a formal ERM program. the credit union's risk posture, risk appetite and risk management strategies; ■■ the depth and breadth of potential exposures, including the types of products and services offered by the credit union; ■■ the strategic objectives and operational policies, procedures and controls in relation to potential exposures; ■■ concentration of risk; ■■ risk-mitigating factors; ■■ capability and resources of management; ■■ current and historical performance management; and ■■ the financial strength of the credit union in relation to assets and activities. ■■ Examiners are required to gauge the effectiveness of a credit union's risk management programs against identified and perceived risks, management's capability for and commitment to a culture of risk management, and the financial strength of the credit union in relation to individual and collective risk exposures. For smaller, less complex credit unions, this includes ensuring that the risk management framework is sufficient to manage the major risks present in the credit union's business strategy and objectives. For larger, more complex credit unions, examiners are expected to ensure that the credit union Deficiencies in risk management are expected to be addressed using action consistent with the severity of the deficiency. This includes addressing poorly managed or excessive risk by addressing underlying operational, strategic and managerial deficiencies. A document of resolution (DOR) may also be issued regarding unacceptable risk if management does not have an adequate identification, measurement, monitoring, control and reporting structure. Core Enterprise Risk Management Principles NCUA encourages credit unions to explore the potential benefits of incorporating core ERM principles into their overall strategic planning and risk management processes. ERM integrates risk management across an organization. ERM is designed to encourage an organization to take a broad look at all risk factors and define an acceptable level of risk and continuously monitor functional areas to ensure that the defined risk threshold is maintained. NCUA recognizes that most credit unions do not possess the depth of resources to warrant the significant investment necessary to implement a formal ERM program. However, NCUA's supervisory guidance provides an overview of basic components that an ERM program would likely include: THE FEDERAL CREDIT UNION MARCH-APRIL 2014

Table of Contents for the Digital Edition of The Federal Credit Union March-April 2014

Voices & Opinions
From the Chair
Inside NAFCU
Succession Success
100 Ways to Grow
Marketing Winners
Getting to Know...
Managment Insight
Compliance Central
Inside NAFCU Services
From the President's Desk

The Federal Credit Union March-April 2014