Standing on the chair did the trick.
My mother taught me a technique when I was a child that’s still useful today. If I couldn’t find something I had just dropped on the floor, she told me, try changing your perspective. Look at the problem in a new way. (Hence, the chair.)
A risk framework for credit unions is really no different; it’s time to change our perspective, to view risk as an opportunity and not a threat.
As an industry, our long-term viability is being challenged more than ever. Many forces are working against credit unions—from economic headwinds and regulatory oversight to evolving shifts in societal values, the ongoing technology revolution, and a growing field of non-traditional competitors.
An alarming 60-70% of public company boards question whether their business model will still be relevant within five years. There’s no reason to believe credit unions are any different. We can’t bury our heads in the sand. Instead, we must change our business models to adapt and evolve with the trends we see in the marketplace—and the world. And to do that, we have to understand what it will take to deliver on our value propositions for members. We must understand the present risk and know exactly how much more we can take to achieve our new goals.
We must view risk management not just as a set of factors and variables to be managed and mitigated, but as a core business function that allows organizations to think dynamically about strategy, relevance and excellence.
Beyond the acronyms
It’s not about GRC or ERM. It’s about building a risk framework for better decision-making, sustainability and long-term success.
GRC and ERM fall very closely with each other. While ERM specifically focuses on the risks associated with the accomplishment of organizational goals, GRC incorporates the interconnectivity of other functions that play a role with controlling risk and providing assurance. Both refer to a broad framework within the organization that are relied upon to deliver risk-weighted information to make business decisions (risk management) and ensure adequacies of controls (assurance) in compliance with laws, regulation and policy standards.
Both risk and assurance processes make up the larger organizational-wide efforts necessary to effectively manage and govern an organization. Regardless of what you call it (GRC or ERM), the objective is to build an effective culture and set of processes that are complementary but carry their own specific objectives within the overarching governance framework that effectively balances risk-taking and risk mitigation in carrying out ongoing operations. As a part of this, there are five primary areas of distinct, but synergistic, objectives critical to an organization’s success:
- Governance – Oversight of vison and progress toward your established mission, as well as fiduciary responsibilities to members, compliance with legal, regulatory requirements and ethical principles.
- Capital adequacy and allocation – Capital management of capital to balance the future organizational needs and the effective allocation of capital to deliver on strategic directives.
- Strategy development – Determination of broad-based efforts that move the organization forward in its pursuit of value and returns, and in alignment with its mission and vision.
- Strategic execution – Management of organizational and operational efforts to meet the defined strategic objectives.
- Legal and regulatory compliance – Development of policy-based controls to ensure consistency and compliance with legal and regulatory requirements.
Regardless of what you call it (or others market it), move toward a comprehensive risk framework designed to ensure operational integrity, elimination of unforeseen problems, and the identification of future scenarios to capture real value.
There is no “silver bullet”
Beware of the many software companies promising a “silver bullet” to managing risk. Under the guise of comprehensive GRC platforms and programs, they require heavy investments, clunky processes, time and resources. And in the end, they only deliver data with no plan to act on it. Many of these vendors will simply jump to tactics and activities, rather than starting with your core values, key initiatives and organizational objectives.
Building a risk framework that addresses your specific member needs, market conditions and short- and long-term goals – plus ensures the entire team (from teller to CEO) is aligned with the values and plan for success – requires collaboration, planning and expertise from someone who’s been there.
The question then becomes, how you do you build a program that identifies the big things—the things that will define you as an organization?
Look for a partner that offers a holistic vantage point of the organization – one that highlights strengths as well as vulnerabilities – and that builds out a framework across three main areas:
- Culture – Everyone must be culturally aligned with the risk-taking approach for it to succeed. Be sure your partner works with every level of the organization to build a risk-positive culture.
- Strategy – By looking at how an organization interprets risk, you can better define your strategy, integrate it with operations and then act quickly to mitigate potential problems (or seize new opportunities).
- Execution – The best solution allows you to leverage real-time, risk-based information and align resources with larger problems, rather than chasing little things.
A path to relevance
Take a risk to garner a return. It’s the principle on which businesses are built. The intent and hope of any business is, of course, the return will be greater than the risk. If we extrapolate that to the entire scope of a credit union’s purview, we’re able to see opportunity across the board.
For example, look at the recent and dramatic change in consumer behavior toward digital and mobile adoption. Inherently we all know our business must keep pace, but the level of investment and the complexity of change can make it difficult to move forward with agility and urgency. Delays at such an important inflection point will undoubtedly leave our business at a competitive disadvantage for which we may never recover. Using a risk-based scenario analysis can produce the intelligence for confident forward-looking decisions. From that, we build long-term strategies to pivot and better position our clients for the future.
Through our proprietary process of analyzing risk, we use predictive modeling and fact-based data to evaluate scenarios. This arms credit union leadership with the information to make sound, probability-based decisions.
The path forward for credit unions
It all comes down to this: If your organization can’t move from a philosophical debate over acronyms or process to a place of data-based decision-making, risk management doesn’t mean anything. Wading through the data only gets you so far. Instead, ask yourself:
- What’s important to us, and how do we define importance?
- What’s actionable, and how do I act on my information?
- What are the biggest problems facing our organization today? What opportunities can come from these?
If you have trouble answering any of these questions, it may be time to sit down with our team. We work with credit unions of all sizes to assess and analyze risk factors to create actionable plans. Your future success and viability requires a change in perspective and an openness to doing things in a new way. If you’re ready to build the path to relevance and sustainability, talk to us today.