Risk Management

Risk management is generally defined as the process of identifying, measuring, monitoring, and controlling risk associated with conducting the credit union’s business activities. Through this process, risks may be reduced, eliminated, transferred, or accepted. Risk management is essential to the safe and sound operation of a credit union.

Often, credit unions organize individual groups to manage specific risks such as:

  • Business continuity

  • Compliance

  • Credit

  • Cybersecurity

  • Fraud

  • Interest rate

In many cases, the groups managing these risks report to different members of the executive management team. When multiple people or functions manage risks, it may be difficult to see how they affect each other, which controls might be interrelated, and what gaps exist in the credit union’s management of risk. This could lead to problems caused by disparate risk management, inconsistent risk communication, and risk aggregation difficulties.

Centralized oversight of risk management helps the credit union form a holistic view of risk. Responsibility for risk oversight begins with the credit union’s board of directors, followed by the executive management team. Through their roles of risk oversight, the board and management support a culture of risk management by clarifying and communicating three things:

  • Risk Appetite—The risk appetite statement frames the risks the organization is willing to accept, the risks it avoids, and the organization’s strategic, financial, and operating parameters. This could be defined using a quantitative method where risk is measured based on a dollar amount; as a percentage of net worth or assets; or by a qualitative method where risk is classified by tiers such as critical, high, medium, or low.

  • Risk Management Philosophy—The risk management philosophy ingrains the risk appetite statement into shared beliefs and attitudes that shape the credit union’s approach to everything from strategy development and implementation to its day-to-day activities.

  • Control Environment—Risk oversight and internal control monitoring are unique but complementary functions. They jointly affect everything from high-level governance and strategy, core operations, and monitoring and reporting.

In short, a centralized risk management program enables the credit union’s board of directors, executive management team, and internal and external stakeholders to communicate more effectively. Effective risk-focused communication aids discussion on issues important to the credit union’s safe and sound operations, such as governance, risk assessment and monitoring, and contingency planning.

Last updated on August 23, 2022.