WASHINGTON — The financial services industry is a risk-taking industry, NCUA Deputy Director of the Office of Examination and Insurance Tim Segerson told CU Enterprise Risk Management trainees during a lunch speaking slot Oct. 1 at the Capital Hilton. Credit unions that don’t take risk earn less income, which makes them a risk to the share insurance fund, he said.
To effectively regulate risk, Segerson said the NCUA has instructed its examiners in its Examination Guide to step back from examination details and key ratios and think about the big picture. Examiners are also supposed to assess management’s ability to correctly identify and manage risks.
That marks a long-term trend away from mathematical CAMEL matrices to a more qualitative review, which began in 2003 when the NCUA began conducting risk-based exams, he said. Now, examiners implement an enterprise risk management approach in which they review seven risk categories–credit, liquidity, operational, reputation, interest rate, strategic and compliance–and weigh how they fit into the CAMEL matrix.
Those seven categories are very close to the seven risk categories that make up enterprise risk management, according to an introductory guide to ERM provided by the event’s sponsor, The Safety & Soundness Report. According to the guide, which was reviewed in depth by instructor Bill Nayda, principal of the Glen Allen, Va.-based Second Pillar Consulting, the seven risk categories that an effective ERM program address mirror the NCUA’s exam reviews, with the exception of compliance replaced by legal.
The guide also repeats what Segerson said, that credit unions should be monitoring several risk categories and how one category may affect another.
“When NCUA or state examiners arrive for your next regularly scheduled exam, your CU will need to have not just a sophisticated understanding of ERM but also daily policies and procedures in place to address potential and existing risk to your institution, its products and services, and your members,” the guide said.
Segerson confirmed that examiners don’t just expect a credit union to manage current risks but also be prepared to respond to risks of the future. He said he has repeatedly seen credit unions experience risks that have emerged and grown so quickly, they’ve been shuttered within 18 months.
While an ERM program may just seem like additional work, but Nayda said the discipline can actually make life easier for board and committee members because the use of ERM tools prioritize a credit union’s most important risks. That’s a relief from monthly board packages that can grow to be two or more inches thick, he said, because they include full reports on all risks. Instead, ERM programs use heat maps and peer benchmarks to show where true risk lies. Managers can then refer volunteers to reports and data if they want to dig in deeper on a particular risk topic, he said.
Credit unions tend to be good managers of credit, liquidity and interest rate risk, but they struggle with overhead risks such as operational, reputation and legal, Nayda said.
The biggest hurdle to overcome in managing operational risk is having a game plan, he said.
“For example, a football team has a different play for first and 10 versus fourth and one,” he said. “It all depends on how many yards to go, so quantify your risks.”
Ways to quantify operational risk include reviewing internal data and loss histories for bad wires, incorrect posting and other operational events that may already be documented by internal audits.
The benefits of operational risk management include more precise insurance coverage and lower premiums, he added.
ERM also helps credit union managers show examiners they are on top of risk management. Segerson provided a Top 10 list of examiner red flags when evaluating effective risk management that include a lack of commitment to risk management, disengaged leadership, concentrated power over decision making, failure to adhere to policies and procedures, disproportionately high yields compared to risk, and misaligned incentives.
Paying lending executives on volume without concern to quality or sustainability will take credit unions down quickly, the exam deputy said. In fact, although he declined to name names, Segerson said volume-based incentives were the reason behind a credit union failure earlier this year.
The NCUA is working with nine other regulatory agencies to write new rules that limit incentive-based compensation plans mandated by the Dodd-Frank Act, he added.