PHOENIX — In April, hackers gained access to the Associated Press’ Twitter account, tweeting a false report that the White House had been attacked and President Barack Obama was injured.
Thanks to the power of social media, within seconds the report caused a major dip in the stock market.
What does that have to do with credit union liquidity risk management? According to John Myers and Adam Johnson, president and executive vice president of the Phoenix-based risk management firm C. Myers, the event illustrates how quickly credit unions could face an unexpected liquidity crisis.
The two presented a standing-room-only breakout session on liquidity risk management Tuesday at the CUNA CFO Council Conference in Phoenix.
Also from CUNA CFO Council:
Imagine what would happen if a hacker gained access to a credit union’s email accounts and sent a message to members telling them the credit union was unable to honor all deposit withdrawal requests. Like the AP, Johnson said, a credit union could probably quickly regain control of the accounts and send a second message to members telling them to disregard the hacker’s message.
“You might be thinking ‘no big deal, just inform members you were hacked. You might think the response wouldn’t create a liquidity event. But it could,” he said. “The point is to make sure you’ve taken the time to be prepared.”
Myers and Johnson outlined what NCUA examiners are looking for when they will check for compliance with the regulator’s proposed liquidity rule, which would require that all credit unions have a liquidity policy and those with more than $10 million have a contingency funding plan.
The proposed rule would also require credit unions with more than $100 million in assets to establish an emergency liquidity relationship with either the Federal Reserve or the Central Liquidity Facility.
Credit unions must consider all the aspects of potential liquidity solutions found in their investment portfolio, borrowings, deposits and loans, the risk managers said.
For example, when considering solutions involving loans, Johnson said, credit unions must determine at what point they would raise rates or stop approving or funding loans. Could a credit union stop approving loans across the board, or could it legally do so selectively? What are the legal, reputational and competitive risks associated with not funding approved loans? Is it legal to reduce credit lines when a member’s collateral value or credit profile hasn’t changed? If the liquidity scenario is systemic, would a credit union’s loan portfolio sell in the stressed market?
And, Johnson said, because the bar is being raised for even basic liquidity policies, credit unions must revisit their policy after establishing a contingency funding plan to ensure there are no policy limits or other parameters that would restrict it.
Myers also warned against bad practices in liquidity risk management, including the practice of copying and pasting another credit union’s policy. Both the NCUA and other regulators have specifically stated that liquidity policies and CFPs must be commensurate with the institution’s complexity, risk profile, and scope of operations, he said, so that practice isn’t effective.
“Nobody wants to admit it, but slapping your name on somebody else’s policy does happen,” he said.
Giving management and applicable staff enough time to provide feedback on liquidity planning – and demanding feedback if busy members of the team don’t provide it – is also crucial, Myers said.