Beyond Financial Literacy: The Board's Role in Managing Risk
On Jan. 25, 2011, the Credit Union Leadership Forum held its first web seminar entitled, "A Practical Perspective: Regulatory Realities," featuring Paul Peterson, NCUA associate general counsel, Teresa Halleck, president/CEO, San Diego County Credit Union and Sarah Snell Cooke, editor-in-chief of Credit Union Times, and myself. We discussed the practical and real-world implications of the new NCUA regulations regarding board of director responsibilities.
The new regulation states that at the time of election or appointment, or within a reasonable time thereafter, not to exceed six months, a director must have at least a working familiarity with basic finance and accounting practices, including the ability to read and understand the federal credit union's balance sheet and income statement, and to ask, as appropriate, substantive questions of management and the auditors.
In addition to having a basic understanding of finance and accounting practices, we believe that directors should also have a basic understanding of the risks that can affect credit unions such as credit, interest rate, liquidity, transactional, compliance, strategic and reputational risk, as well as the internal controls to monitor these risks. Having this understanding will enable directors to ask "appropriate, substantive questions of management and the auditors." Understanding risk mitigation must be a shared learning for all directors of a board.
Boards must question strategic plans and identify the underlying assumptions of these plans. Asking "what if" scenario questions will help to reveal underlying assumptions and determine whether alternative plans and actions to mitigate risk have been put into place. Directors should be aware of an institution's policies, such as in the area of credit, and should participate in a discussion that is respectful and challenging.
I remember the story of a young board member who questioned a CEO on the turnover numbers in a problem area within the company. He was told to be grateful he was on the board and to stop asking these types of mundane questions. In truth, this problematic location had 200% turnover numbers and led to a full investigation by a regulatory agency and ultimately to a fine of $15 million. Had these questions surfaced, making this problem area a subject of discussion, years of investigations and a huge fine could have been avoided.
Boards need both a structure and a method of identifying, measuring and documenting risk. This is a dual responsibility of both the board and management. The board must execute a vigorous what-if exercise. For example, if a CEO brings in a new chief lending officer and after six months this person does not deliver, what happens? Is there a succession plan in place? The board should be asking, 'what is your plan B if this candidate doesn't work out.' A realistic and ongoing monitoring of the planning process is required. This starts with boards truly understanding the plan.
The board needs to understand the business of the credit union. The business of the credit union involves members, employees, regulators and competition. When a board member is presented a plan or an initiative by management that will require a decision, the what-if scenarios must be exhaustive. This can include assumptions on human resources, IT resources, products and service initiatives, pricing initiatives, and the competition.
What-if challenges surface sources of risk and red flags including interest rate fluctuations, resource absences or failures including staffing, technology, project failure, legal liabilities, credit risk, natural causes and disasters and competition. Once sources of risk are identified, they need to be scoped in size and prioritized based on potential loss and probability of occurring. The board must be presented a risk management plan by management, but then be able to review and challenge it. As a board member, make sure that you have a chance to hear directly from line management on specific elements of the planning process and to ask appropriate questions.
The board needs to watch trends and be able to interpret the data effectively.
It's not enough to be able to read an income statement or a balance sheet. You need to understand the existing strategy and the assumptions underlying that strategy. One of the survey questions from our Jan. 25 web seminar was, "What do you believe is the most important characteristic that a Federal Credit union director should have?" Surprisingly, only 3% said financial literacy. The majority, 52%, said intelligence and good judgment. Rated below this was integrity at 25% and strategic vision at 12%.
So how does a board member become competent at asking the right questions to express their intelligence and good judgment? Financial literacy will help, but this literacy needs to be applied to your credit union's current circumstances and plans. That's where intelligence and judgment comes into play. Directors need to conduct reasonable inquiry, which includes asking appropriate questions and doing more due-diligence on complicated issues as well as taking appropriate actions. Directors can rely upon one or more officers or employees of a credit union whom the directors believe is reliable and competent in the functions performed. However, the phrase "trust yet verify" is important.
That's where the culture of the board becomes critical. The board must have effective oversight of the credit union's strategy, which includes oversight of management's execution of policies and procedures to ensure that policies are followed. Allowing for these challenging discussions requires the right culture on the board, as well as self-confidence on the part of the CEO, chairman and board members to address each issue in a professional and not personal way. Tone at the top establishes whether these important discussions can be held so the right issues can be addressed.
Stuart R. Levine is the founder and chairman/CEO of Stuart Levine & Associates, a director of Broadridge Financial Solutions and lead director for D'Addario & Co. He can be reached at 516- 465-0800 or email@example.com