Risk Management System for Credit UnionsCredit Union
In 2013, Ireland was going through the major financial downturn of the 21st Century, same as most of the economies of the rest of the world. Credit Unions were also facing a similar situation, and a number of them went through some difficult times. It became important to manage the risk in Credit Unions properly, and hence the Risk Management System guidelines were released by Central Bank of Ireland in July 2013, and a revised version is now available at this link. The document defined the guidelines which Credit Unions should follow to manage risk and ensure proper reporting and have an action plan in place.
CUDA, being the representative body of Credit Unions in the Republic of Ireland decided to take this up and provide an easy to use solution to Credit Unions to manage risk from their pre-existing platform called Credit Union Support Platform (CUSP). To learn more about CUSP click here. The final solution was integrated inside CUSP by Target Integration and delivered to individual Credit Unions with a lot of training and support by CUDA staff members as well as Target Integration.
Credit Union Development Association (CUDA) is a credit union-owned network which provides support facilities in the areas of regulatory compliance, risk management, shared services and competency development.
Risk Management as a Manual Process
Before CUSP Risk Management was rolled out, Risk Management was either non-existent in Credit Unions or for more forward-thinking Credit Unions, it was a manual process. Credit Unions had to work on Word documents/Excel sheets to manage risk, create a list of controls and then manage action plans on any of the controls which were not performing well. This was not only time-consuming but error-prone as well, and despite all good intentions this was leaving them exposed to being non-compliant with the Central Bank Regulations.
Inconsistent Risk Management Systems in Credit Unions
Every credit union was using a different method/process to manage and store risk, and it made the life of auditors and regulators difficult. They had to go through a different process every time to check and ensure that every credit union was compliant with required changes.
Improper Action Plan for Risk Management in Credit Unions
With manual and non-integrated systems/documents in place, credit unions didn’t have a proper action plan on how to address various risks in the organisation. The action plan was either written in the document itself or shared with action owners over email, etc. and it was difficult to follow up.
Inconsistent Risk Library & Control Library
Every time a credit union went through a Risk Management exercise, they had to develop their own Risk Library and Control Library. It wasn’t easy to just provide a list of risks to credit unions and tell them to apply controls to them because not all the risks applied to every credit union and some had risks which were not applicable to anyone else. That’s why the system had to be adaptable to every credit union’s requirements.
Target Integration had developed a Credit Union Support Platform (CUSP) for CUDA. CUSP had all the information on Credit Unions processes like:
- Learning & Communication
- Operational Processes
- Members’ Experience
- Financial Measures
- Compliance Library and,
- A self-assessment on Compliance
This made CUSP a perfect platform to have Risk Management extension to it.
Risk & Control Library
A full risk library and equivalent control library was implemented in the Risk Management System for Credit Unions. The library allowed all the credit unions to take advantage of the central research and development by CUDA and to make sure they were following the guidelines specified by the Central Bank of Ireland.
If a risk is identified by a Credit Union and it is not available in the shared Risk Library; the Credit Union’s Risk Manager is allowed to create it. This new risk then becomes available in the Risk Library for every credit union to use it. The shared learning for Credit Unions allows them to support each other in their compliance journey.
In cases where a particular risk is not within the risk parameters, an action is created for the credit union’s Risk Manager who can then delegate this task to the individual employee of the credit union, creating a full audit trail of the task and its completion.
Define Your Own Risk Profile & Risk Appetite
Every credit union is now able to define their own Risk Profile and Risk Appetite. A Risk Profile includes the list of risks applicable to that particular Credit Union. Once it has been defined, they can now use these risks to define the relevant controls and the performance of the controls. Every Credit Union has their own Risk Appetite as well, and they are allowed to set it as per the guidelines of Central Bank.
Track your Risk Register/Risk Assessment
The performance of each of the controls applicable to a particular risk is stored in the Risk Management System as a Risk Assessment. The performance is reviewed on a periodic basis, and the system provides a full history of the improvements made by the Credit Union over a period of time.
Reporting & Action Plan
A very detailed report with Credit Union’s performance over time was made available to show the progress in the process of Risk Management the Credit Union.