ERM Strategy for Credit Unions

By: William Hord, Vice President of Enterprise Risk Management Services for Quantivate.

When tackling an ERM strategy, your board and management must discuss and articulate your credit union’s risk management attitude and risk appetite. Both need to fully agree on the level of risk that the credit union is willing and able to take in the pursuit of their ERM strategic objectives. In the absence of this understanding, it is difficult for management to achieve the desired results and for the board to effectively fulfill its risk oversight responsibilities.

When your credit union’s management develops a formalized risk management processes, it is possible to successfully act upon risks at an enterprise level- in relationship to the strategic objectives you are seeking to achieve.

When these enterprise level risks are uncovered and openly discussed, management and the board can efficiently determine whether they are in line with their risk appetite.

Since risks for the credit union are always evolving, having an understanding of the most significant risks and their related responses will provide timely and quality risk information across the credit union. In turn, the addition of key risk indicators will help to identify emerging risks that may ultimately impact the achievement of strategic objectives.

When property executed, enterprise risk management will assist executives and boards in strengthening risk management in their credit union. Ultimately, this enhances the board’s risk oversight capabilities and provides a more robust credit union for the membership.

For a deeper dive into questions that credit unions need to know in order to implement an ERM structure strategically and successfully, listen to ERM Strategy for Credit Unions, the last installment of the podcast series, “A 360 View of ERM.”

You can catch up on the previous sessions by listening to them here: Part 1 – Getting Down to the ERM Basics or Part 2 – How to Create a Successful ERM Program.

Logo for Quantivate  Quantivate is the NAFCU Services Preferred Partner for Vendor and Contract Management Software. More educational resources are available

Finding New Ways to Serve the Nation’s Underbanked

By: Lawrence Pruss, Senior Vice President and Payments Expert, Strategic Resource Management.

According to the Federal Deposit Insurance Corporation, approximately 27 percent of all American households are unbanked or underbanked – that’s 50 million individuals.

For purposes of this article, unbanked refers to individuals who don’t have a bank account and underbanked refers to those who supplement their bank account with alternative financial services like check cashers. Both underbanked and unbanked households are typically forced to rely on nonbank financial or high-rate lending solutions such as payday lending, tax refund, and settlement loans.

How did we get here? Why are so many people in the United States outside of traditional banking security in 2016? There are several reasons why, with many people falling into more than one category. This article addresses these issues and provides solutions your credit union can offer to serve the underbanked and help them become members of your credit union.

Case One: During the Great Recession from late 2007­— early 2009, many people with previously good credit had their credit history tarnished. Most financial institutions now exclude these individuals with a record of bounced checks, overdrafts, or delinquencies.

Solutions: Offer second-chance checking accounts, debit or prepaid solutions, and credit building tools generally available at local banks or credit unions.

Case Two: A significant portion of the immigrant population is underbanked. They often arrive to our country with a distrust of traditional banking systems, and depending on legal status, avoid traditional banks that require government issued identification. Increasingly stringent Know Your Customer (KYC) and other anti-money laundering regulations have exacerbated this situation.

Solutions: Develop easy account applications and use alternative identification solutions like individual taxpayer identification numbers (ITIN). The IRS issues ITIN numbers to non-citizens who are working in the U.S., but are not eligible for a Social Security number. Develop inexpensive money transfer solutions which can help alleviate high fees typically associated with transfers, and consider alternative lending scores to help qualify these individuals for financial products.

Case Three: Approximately half of the 80 million millennials in America (those between 18 and 29) are unbanked or underbanked. The 2009 Credit CARD Act put strict limits on how credit cards are marketed and issued, and an inherent skepticism of large money-making institutions and Wall Street means many young adults are hesitant to pursue credit cards and other traditional banking products. In fact, more than one-third of that population has never had a credit card.

Additionally, because of their digital communication preferences and desire for fee and pricing transparency, companies that offer clear debit, prepaid, or increasing alternative financing solutions are winning over this segment. Examples include PayPal, Google, and some of the more creative credit unions with “young and free” efforts geared toward the younger generation.

Solutions: Establish your institution as a trusted, tech-savvy brand to build loyalty with this consumer group, locking them in as future, long-term members.

Case Four: While the official unemployment number is at 5 percent, or 7.9 million people, an estimated 30 million Americans are still out of work or underemployed – an audience typically avoided by banks.

Solutions: Develop lending based on an individual’s potential. Many of these individuals have returned to school or pursued further training while being un- or underemployed. This offers a great opportunity for establishing lifelong loyalty for those institutions willing to take a chance on their future success.

The number of un- and underbanked individuals in the United States is larger than the total populations of many countries. As such, it offers a huge opportunity for American financial institutions willing to better understand “why” they are underbanked and then find ways to support them and help them reach their unique needs.

Strategic Resource Management is the NAFCU Services Preferred Partner for Vendor Cost Benchmarking and Negotiation Services.

Building a Third Party Risk Management Program

By: Jake Olcott, VP of Business Development at BitSight Technologies.

When looking at cyber security threats to your credit union systems, it is no longer sufficient to enlist the best practices for your institution without evaluating the practices of all your vendors and partners. In consideration of some high profile cases of cyber breaches in the past few years— including major corporations such as Target, American Express, and Experian—it is evident how serious third party breaches can be.

These breaches cost a great deal to the companies and customers affected. It is critical that credit unions move forward with plans to evaluate and mitigate the risks posed by vendors and other business partners. In light of this growing need, BitSight Technologies recently hosted a webinar entitled “How to Build a Third Party Risk Management Program” for credit union executives around the nation.

Legal Implications of Ineffective Third Party Risk Management

Third party risk management programs are more than an obligation to your customers; these programs are being brought to the forefront and scrutinized by those conducting oversight. During BitSight’s webinar, credit union executives participated in a poll indicating that 85 percent of them had been asked by regulators about their third party risk management practices. In fact, regulators are starting to pursue actions for failure to properly implement programs to prevent third party cyber risk.

What are the Immediate Steps to Ensure Appropriate Third Party Cyber Security?
There are four key steps to take for a top-notch security program:

  1. Identify and Tier Third Parties: A working group including IT, IT security, procurement, and legal should identify and classify vendors. Vendors handling data that is regulated or confidential should be prioritized as critical.
  2. Assess Security: There are a number of methods credit unions can use to assess security. In BitSight’s webinar poll, the most common tool utilized by credit union executives was audits and requests for documentation, with nearly all respondents already doing these. In addition, about a quarter of executives involved in the webinar said they were conducting onsite visits or desk assessments- 38 percent of managers are currently using vulnerability scans and penetration tests, and 43 percent of the webinar poll respondents were also using questionnaires.
  3. Negotiate Contractual Terms: Existing contracts need to be reviewed to ensure they reflect the level of security you expect. Use “point in time” tools to evaluate third parties.
  4. Ongoing and Continuous Monitoring: This involves constant oversight integrated into the lifecycle of the security assessment process, and leverages the use of automated feeds.

The Vendor Risk Management Maturity Curve

This curve represents each step of the security process as outlined above. When asked which level on the vendor risk management curve their credit unions fall, 16 percent of executives at BitSight’s webinar said they were at level one,  just over half of all executives were at level two, 30 percent were at level three, and two percent were at level four. One of the problems many executives have in reaching levels three and four pertains to small organizations: the process can become costly and require extensive manpower.

The entire webinar slide deck with in-depth graphics, tips, techniques, and tools your credit union can leverage is available for download here.

BitSight Technologies is the NAFCU Services Preferred Partner for Cybersecurity Ratings for Vendor Risk Management and Benchmarking. More educational resources and partner contact information are available at

How to Create a Successful ERM Program

By: Bill Hord, Vice President of Enterprise Risk Management Services for Quantivate.

Credit unions seek to accomplish their strategic objectives within the framework of their mission. Once management has determined their strategic objectives, they set about creating strategies to achieve their objectives. Having a solid ERM framework applied in the strategy-setting process allows the credit union to identify and mitigate or accept the risks in pursuit of their objectives.

Utilizing an ERM framework helps the credit union provide reasonable assurance to the board of directors and management related to the achievement of the credit union’s objectives. This assurance is based upon the understanding of risks related to the objectives, and furthermore, that the risks have been reduced to acceptable levels.

Proper use of ERM will assist the credit union by also providing better governance and management processes that ultimately lead to informed risk-based decisions. These decisions and the internal controls in place to help mitigate the risks will reduce the risk associated with achieving the credit union’s objectives and help ensure they are within the stated risk appetite.

In order to create a successful ERM program you should:

  • Determine and utilize the proper risk framework for your credit union
  • Define and prioritize significant risks and identify the weakest critical control
  • Measure risk and controls
  • Complete a risk assessment and build a risk committee

Listen to the full podcast, “How to Create a Successful ERM Program”, for and in-depth discussion about how your credit union can strategically create an ERM program that is set up for success from the very first day of implementation.

During this 25-minute podcast, industry expert Bill Hord, Vice President of Enterprise Risk Management Services for Quantivate, joins Devon Lyon, Director of Education for NAFCU, and breaks down the steps your credit union should take to properly determine, assess, and prepare for risks when evaluating the best ERM program for your organization.

If you missed Part 1- Getting Down to the ERM Basics, you can listen to the  full podcast here.

Logo for Quantivate  Quantivate is the NAFCU Services Preferred Partner for Vendor and Contract Management Software. More educational resources are available at

Let’s Talk – Seriously – About Retirement

As an industry leader, we are fully engaged in the continued national dialogue around retirement readiness. A major part of that effort is speaking with retirees as well as those still in the active phases of their careers to determine what issues and concerns they have about strategizing for their futures.

To learn more about retiree perspectives, Pentegra regularly commissions a Harris poll to determine the state of the retirement nation. This year we also independently interviewed dozens of retirees for additional insights as part of our Beyond the SmartPath™ initiative.

The results of the survey and follow-up interviews held no spectacular surprises. Among those we interviewed, every respondent echoed the long-standing plea of the retirement industry and our Harris poll results: Save early and often. Most suggested doing this by getting involved as soon as possible in any retirement savings vehicle offered by one’s employer – especially a 401(k), if available – and to contribute enough to take full advantage of employer matching contributions.

Our respondents also universally advocated the truism that it’s never too early – or too late – to start saving for one’s retirement. “The key thing is that the cost of living keeps going up, which makes it difficult to set money aside,” noted one. “But a little something is still better than nothing.”

A recurring theme was that conversations about planning for retirement are not taking place with enough frequency today. Most of the folks we spoke with said they grew up in households where serious advice about the topic was entirely absent.

The establishment of the 401(k) in 1978 changed all that. Workers became more directly involved in the topic, and as a result they tended to offer practical advice to their own children … if not from a young age, then certainly as their kids began weighing, and embarking upon, their own career options.

However, how seriously those children – and successive generations – have taken those talks remains very much in doubt. A constant misnomer that “comes with the territory” of being young is that thinking about retirement is viewed as something that does not need to occur for years to come … a fallacy that is unfortunately all too common.

Although retirement services providers like Pentegra can explain the ins and outs of various retirement savings strategies, the fact that so much misunderstanding, misinformation – or, for lack of a better word, apathy – about retirement planning remains, is a sobering fact. Thus, we are introducing and promoting the hashtag #talkaboutretirement, designed to help spur dialogue among family members, business associates and friends, in addition to industry professionals.

We hope that #talkaboutretirement will indeed become a trending topic – one that continues to trend for some time. Having an open dialogue about how you view your retirement savings (if at all) can only help, both in the short term and the long run.

Pentegra Retirement Services is the NAFCU Services Preferred Partner for Qualified Retirement Plans for Credit Union Employees. More educational resources can be found at