Ins and Outs of Fiduciary Outsourcing for Credit Unions

By: Richard W. Rausser, Senior Vice President of Client Services, Pentegra Retirement Services

With retirement plans seemingly becoming ever more complicated, outsourcing of fiduciary investment responsibilities has steadily become more commonplace. This is especially true in the case of the C-Suite at credit unions, which can find outsourcing very appealing.

Not only is the passing along of fiduciary responsibilities one less burden for credit union managers, allowing them to focus on day-to-day business and obviating the need for them to become qualified plan experts, but the practice can also serve to insulate them and their credit union from a number of risks.

Benefits of Outsourcing

Outsourcing to a sanctioned third-party fiduciary guarantees that a given plan’s documentation is up to date, complies with all laws and regulations, and delivers appropriate disclosures to plan participants and sponsors.

If a plan is large enough (meaning it has roughly 100 to 120 participants) it requires an independent auditor – the selection of which again can be provided by the external fiduciary, saving the credit union time and money. (It should be noted that investment fiduciary outsourcing can be appropriate for defined benefit and defined contribution plans of all sizes.)

In addition, the day-to-day management of a plan involves, among other things, making sure the plan is running as it should be; nuts and bolts record-keeping; and administrative decisions about such issues as a plan participant’s request for a loan or a hardship distribution.

Customizing Responsibilities

Arranging the responsibilities of a third-party fiduciary should be fairly easy to customize; one can outsource all of the above or cherry-pick whichever duties one wishes on an ala carte basis.

A credit union needs to provide a reputable third-party fiduciary with the following:

  • Data on the plan participants;
  • The money involved with the plan; and
  • A commitment to regularly review the plan’s performance (usually once a year).

In that way, any questions or concerns can be addressed efficiently. (Of course, any issues that rise before the review date can also be discussed at any time.)

Fiduciary Responsibility

If there are record-keeping errors made by the outside fiduciary, it is that fiduciary’s responsibility to make amends, including making up any monetary shortfall. In the unlikely case of a participant-filed lawsuit, the outside fiduciary is again front and center, providing the defense in the case and making good on any claims or settlements.

The credit union’s board and senior management are insulated from responsibility; even though the plan ultimately belongs to the credit union, it is the named fiduciary who holds the liability in such instances.

Such an arrangement can also be of value in the case of multiple employer plans (MEPs), an employee benefit plan that can be maintained as a single plan in which two or more unrelated employers participate. As each credit union has its own separate boards of directors, the advantages of having an independent fiduciary to manage and administrate the plan are readily apparent.

Credit Union Responsibilities

All of that said, there will remain some fiduciary responsibilities and liabilities for the fiduciary responsible for selecting and contracting with the outsourced fiduciary. Breach of contract is the most obvious of these, but there is also the matter of monitoring/reviewing with the outside fiduciary that I mentioned previously.

In addition – and this should go without saying – it is incumbent upon the relevant credit union executive to read all communiques from the third-party fiduciary, and to ask and follow through on any questions or concerns.

None of these duties should be particularly onerous, especially if you have chosen a reputable external fiduciary. When considering such a company – as you should with all outside vendors – “test drive the car”: Find out all you can about several different ones, ask lots of questions, and make as informed a final decision as possible.

Learn more from Rich by watching the recorded webinar: “Innovative Retirement Plan Design for Maximum Results.”

About Rich Rausser:
Richard W. Rausser has over 25 years of experience in the retirement benefits field. He is Senior Vice President of Client Services at Pentegra Retirement Services, a leading provider of retirement planning services to financial institutions and organizations nationwide, founded by the Federal Home Loan Bank System in 1943. Rich oversees Pentegra’s consulting, marketing and communications and actuarial service groups at Pentegra. He is a frequent speaker on retirement benefit topics; a Certified Pension Consultant (CPC); a Qualified Pension Administrator (QPA); a Qualified 401(k) Administrator (QKA); and a member of the American Society of Pension Professionals and Actuaries (ASPPA).

Pentegra_Logo_FinalPentegra is the NAFCU Preferred Partner for Qualified Retirement Plans for Credit Union Employees

3 Critical Stages of Third-Party Vendor Management

By Vanessa Stanfield, Insurance Solutions powered by Affinion

Did you know your credit union could be responsible for the performance of your vendors? No credit union wants to encounter regulatory trouble or face reputational risk; especially as a result of vendor activities. It’s because of that fact that vendor management due diligence is a topic of increasing importance.

But what is the right way to go about choosing  third party vendor? The National Credit Union Administration (NCUA) has provided clear direction regarding vendor due diligence. Additionally, the NCUA has deemed the following areas as critical in third-party vendor management: Risk Assessment & Planning, Due Diligence, and Risk Measurement, Monitoring and Control.

Risk Assessment & Planning

Risk Assessment

Prior to engaging a third-party relationship, assess the current risks and document how the vendor will relate to your credit union’s strategic plan. When conducting a comprehensive risk assessment, the key areas of focus are: credit, interest rate, liquidity, transaction, compliance, strategy, and reputational risk. In this discovery phase, your credit union can identify the current risks and establish expectations of the new relationship.

Due Diligence

There are four fundamental due diligence elements to consider when choosing a vendor: organizational, business model, financial health, and program risks. In these areas, your credit union can assess what degree of due diligence is required.

But remember- not all vendors are created equal. More complex vendor relationships with more risk will typically require increased due diligence; less complexity and risk means less rigorous due diligence. For a comprehensive report and the five key due diligence questions you need to ask your vendors, read the full whitepaper here.

Risk Measurement, Monitoring and Control

Credit unions must be able to continually measure performance and risk throughout the relationship with the vendor. To do this, your credit union should clearly outline the vendor’s responsibilities and policies before taking on the vendor. In the end, this will allow for proper vendor performance management so that you can ensure expectations are being met.

Credit unions should not think of vendors as a third party, but as an extension of their organization. Because of this, it is important to consider the three critical areas above when deciding on a vendor. As the NCUA has conveyed, the utilization of vendors does not in any way diminish the credit union’s level of responsibility and for that reason, credit unions should carefully select their vendors.

What Should We Ask Our Vendors?

To be confident that the vendor’s management programs are the right fit, credit unions must discuss the vendor in great detail and ask the hard questions. Failure to conduct thorough due diligence and effectively monitor these vendors place the credit union at risk. Again, not all vendor relationships call for the same level of due diligence and ongoing monitoring, but in order to determine what level is necessary there are key questions that your credit union must contemplate.

For an in-depth look at the five key due diligence questions that credit unions must ask when selecting a third-party vendor, read the full whitepaper here.

InsuranceSolution_4CAffinion is the NAFCU Services Preferred Partner for AD&D Insurance

Cybersecurity Ratings: The Third Party Cyber Risk Management Solution

BitSight Cyber Lock

So, you have identified your top partners.  You have thoroughly evaluated their cybersecurity services in order to keep your members’ financial data safe and secure. But before you sit back and relax, you have to ask yourself “what about tomorrow?”

The Pitfalls of Traditional Evaluation Methods for Cybersecurity

Traditional methods of evaluating your partners may include detailed questionnaires and conversations, audits, and maybe you have even conducted some vulnerability scans. These are all sound methods for establishing whether your partners are on the right track, but they are only a start.

  • One-time snapshot. The problem with this type of evaluation method is it only gives you a snapshot of the organization at one small point in time. It would be the equivalent of checking the locks on your doors once and then not doing it again in the future.
  • Expensive. Numerous questionnaires and audits can become very costly very quickly. If you are a small credit union, it may not seem practical to spend the cash or the manpower on these efforts.
  • Regulation struggle. In addition to an ethical obligation to your members, regulators are creating new legal obligations aimed at third party risk management plans. The sooner you can get in front of this issue, the easier it will be.

Vendors, especially high priority ones that have direct access to your network or your most sensitive data, really need to be monitored for their security practices all the time. This may seem daunting or even impossible, but it doesn’t have to be. The key to locking up holes in your partners’ security is through security rating and monitoring solutions.

How Cybersecurity Ratings Work

Cybersecurity ratings work essentially like a credit rating company issuing a FICO score, but instead it issues a security rating. For example, companies can be rated on a scale from 250 to 900. A high number indicates a strong security performance and a lower security risk.

A security rating platform gathers and analyzes publicly available information and noted incidents to create its security rating. It considers things like spam propagation, malware propagation, botnet infections, and then calculates a rating. You will also be able to see where the infections and incidents relating to a company’s security are occurring.

Utilizing Ratings as a Resource

BitSightRatings2Cybersecurity ratings can be a very useful tool in prioritizing which vendors require the most attention from your credit union. A company with a consistently high score probably doesn’t need a tremendous amount of your effort, so you can allocate your time and budget to the vendors that are creating greater risks for you and your members.

In addition, this rating can be a valuable resource when having a more sophisticated conversation with your vendors about cybersecurity. If you are grappling with what questions to ask or what risk vectors you should be focused on, the security rating information can give you a road map to do that.

web logo.bitsightNAFCU Services and BitSight Technologies have partnered to provide an independent security monitoring service that provides continuous data on outside vendors’ security practices. If you would like to learn more about BitSight’s solutions for credit unions, or formulating a third party risk management plan, you can check out our webinar here.

Best of NAFCU’s 48th Annual Conference and Solutions Expo (Video and Educational Highlights)

Credit union leaders from around the country gathered to network and discuss the most pressing issues impacting the industry during NAFCU’s 48th Annual Conference and Solutions Expo in Montreal, Canada. The conference was NAFCU’s largest event in nearly a decade.

Here’s a quick video of some highlights from this year’s conference:

During the conference, attendees heard from NAFCU management and leading industry professionals that included keynote conference speakers such as Founder and CEO Jeremy Gutsche, and MasterCard’s General Counsel and Chief Franchise Officer Tim Murphy.

Solutions Expo at the NAFCU 48th Annual ConferenceThis year’s conference included the annual Solutions Expo, spotlighting the latest technologies, applications, and resources available to help improve credit union operations.

Our Preferred Partners exhibited during the conference and shared their thought leadership, innovations, and solutions during educational sessions throughout the conference.

The complete list of sessions and available presentation slides are available on Here’s a quick listing of key topics presented during the conference to help your credit union grow, retain members, manage risks, protect members, and improve overall operations:

Topic Category Presentation Title Preferred Partner
Growth & Retention Building A Strong Payments Strategy Vantiv
Health Savings Accounts, IRAs and Millennials: A New Generation Presents New Opportunities  Ascensus
Using Credit Scores to Grow and Engage Membership VantageScore
Why Your Credit Union Should Offer Wealth Management Services to All Members Money Concepts
Risk & Security A Deep Dive Into EMV Implementation MasterCard
Cybersecurity Risk Mitigation: Protect Your Member Data Knowledge Consulting Group (KCG)
Top Ten Fraud Risks That Impact Your Financial Institution Allied Solutions
Uncovering the Faces of Fraud Q2
Using Moneyball Tactics and Risk Rating Assessment Models Wolters Kluwer Financial Services
Financial & Insurance Trends in the Retirement Plan Industry Pentegra Retirement Services

Thanks again to the 2015 Annual Conference signature sponsor MasterCard, our 5-star preferred partner sponsors Allied Solutions and Vantiv, and all of our partner sponsors, exhibitors, and speakers.

We’re looking forward to seeing you all at NAFCU’s 49th Annual Conference and Solutions Expo in Nashville (Music City) next year! Get more information, sign-up for updates on the latest conference details, and register by visiting

VantageScore’s Top Five Most Popular Questions at NAFCU’s Annual Conference

Credit Scoring with VantageScoreWritten by Jeff Richardson
Vice President, Communications and Public Relations

NAFCU members aren’t exactly known for being shy or reserved.  So you can imagine how many questions I fielded about credit scoring, both during my breakout session presentation and while chatting with conference participants in VantageScore’s networking lounge during NAFCU’s Annual Conference and Solutions Expo in Montréal, Canada last month.

Because some of the questions during the conference were particularly popular, I thought it might be helpful to compile and share the five most common questions that came my way. Here are those questions and related answers, presented in no particular order.

1. How does the VantageScore® credit scoring model help credit unions grow?

One of the key differentiators of the VantageScore® model is its ability to score more of your credit union members. Your lending portfolio will benefit from capturing the widest possible base of qualified and relevant prospects within your target demographics and risk strategy, without having to relax credit standards to attract more members.

Traditional credit scoring models limit your lending universe to a smaller percentage of qualified U.S. adults than the lending population available with the VantageScore® 3.0 model. The VantageScore® 3.0 model gives lenders, like your credit union, access to 30-35 million consumers who are invisible to traditional credit scoring models. That’s a group larger than the population of Texas!

  • VantageScore® 3.0 credit scoring modelThe model expands the lending universe by using broader and deeper credit file data and more advanced modeling techniques that capture unique consumer behaviors more accurately.
  • Nearly 25% of these newly scoreable consumers are actually prime or near-prime credit quality—excellent candidates for mainstream lending products.

A terrific infographic that provides a more detailed explanation is available on our website.

2. Why does your member’s credit score go down after he/she opens a new credit account?

One of the characteristics that contribute to the calculation of a VantageScore® credit score is opening a new credit card account. This is far less influential than the main factors that affect a score, such as missing payments or maxing out a credit card account, but it does have an impact.

A small drop in a person’s credit score is possible after opening a new credit card because that new account represents new risk of potential overextension, with no available history to demonstrate that the consumer can effectively manage the new account. Applying for a new account also likely involved a credit inquiry with one or more of the three credit reporting companies (CRCs: Equifax, Experian, or TransUnion). That inquiry is also likely to cause a slight drop in an individual’s score.

As long as your member doesn’t max out the credit card or miss any payments on the new account (or any others), the member’s score should return to its previous level in about three months.

3. Who uses the VantageScore® model?

Nearly one billion VantageScore ® credit scores were used in 2014, by over 2,000 lenders and other industry participants, including 6 of the 10 largest banks. In that same vein, credit unions should know that the National Credit Union Administration (NCUA) recognizes the VantageScore® model, and there are no regulatory hurdles for credit unions that want to take advantage of the model.

4. How can our credit union switch to VantageScore®?

The VantageScore ® model is marketed and sold exclusively through licensing arrangements with the three major CRCs (Equifax, Experian and TransUnion). Your credit union likely already has a relationship with one or more of these companies and can obtain more information about VantageScore® through your CRC representative. Get contact information for the three CRCs on our website.

5. Did I win the VantageScore® Drone Giveaway?

VantageScore's DJI Phantom 2 VISION GiveawayVantageScore’s giveaway of the DJI Phantom 2 Vision personal drone generated almost as much attention as our presentation session. Inspired by our company tagline, “A Higher Level of Confidence,” the high-flying prize was a constant object of curiosity – and longing by conference attendees.

Thanks to all who submitted a business card or had their badge scanned for a chance to win. You’re all winners in our book, but only one lucky NAFCU Annual Conference attendee could take home the drone. Congrats to credit union attendee Michael O. who is the new owner of a DJI Phantom 2 VISION!

It was a real pleasure meeting you all at the conference. And, if you want to connect with VantageScore® further, sign up for our e-newsletter The Score, and follow us on Twitter: @VantageScore®In the meantime: À l’année prochaine (Until next year)!

Download your copy of the free white paperMaximizing the Credit Universe” to get valuable insights into ways to revise current strategies to manage risk, while expanding the ‘credit accessible universe.’

VantageScore LogoVantageScore Solutions, LLC is NAFCU Services Preferred Partner for credit scoring. For more information on VantageScore’s products and services, visit