Hot Button Issues For Today’s Risk Manager

Michael Martin of FedChoice Federal Credit Union discusses what issues his credit union is focusing on in 2013 and how regulation is playing an increasing role in credit union risk management.


FedChoice Federal Credit Union ($315.0M, Lanham, MD) serves close to 25,000 members in the Washington, DC, Baltimore, and Philadelphia metropolitan areas. At the end of September, the credit union with a TIP charter for civilian federal employees posted a 12-month share growth of 5.89% and a 12-month loan growth of 13.4%. 

Before joining FedChoice five years ago, risk manager Michael Martin worked for more than 30 years in the credit union industry and for consultants in IT management. Here, Martin discusses the evolving role of the credit union risk manager and how risk assessment is changing.

How has credit union risk management evolved in the past few years?

MM:Risk management is now a total business focus. NCUA wants us to look at seven standard risk categories and look at the total business as a conglomeration of different kinds of risks. Risk management has to evaluate the categories and come up with a total risk assessment. NCUA wants us to be strategic, but also grounded, and have all our policies and procedures in place.

What is behind the evolution of risk management? Is it mostly driven by compliance?

MM:The main driver goes back to the recession, the consequent drop in house values, and what those events did to credit unions. Then add to that the storms and other natural disasters we’ve struggle with over the past several years. In addition, there was the corporate credit union collapse and subsequent strain on natural person credit unions to support the share insurance fund.

NCUA is now focused on risk, especially risks not previously thought of in terms of “risks.” NCUA does not want 2008-2010 to ever happen again.

Which risk factors concern your credit union the most right now and why?

MM:We are concentrating on liquidity and capital. We also have to focus on regulation compliance. We have to manage our risks to conform to NCUA’s conceptions of critical risks.

What are you doing to mitigate those risks?

MM:We’re working to do better with our in-house talent while tapping outside expertise. We try to educate our staff through webinars and other means to make better decisions. We go to outside experts to help us with best practices.

Enterprise risk management (ERM) is a relatively new way for credit unions to evaluate risk. Has it helped you identify risks that would have been harder to spot otherwise?

MM:ERM is a bit too new for us to have adequately assessed it. Basically ERM is another way of looking at the seven risk areas and then guiding you to aspects you need to work on. We have our own ERM approach in-house; we are not buying expensive ERM consultation and tools.

Can ERM be misleading as well as helpful, and if so, have there been any instances where your risk models led you astray?

MM: It’s all a bit too new to assess. Nothing in our own models has led us astray at this time.

Do credit unions have the resources to keep up with all of the new regulations in such a way that they can be factored into their risk models?

MM: Most credit unions will keep up with new regulations, but some will not be able to. They’ll need to have the right people and the right focus. If they don’t, they’ll begin to slip and might say it’s just not worth staying in business any longer.

Are your risk models computer-based? If so, is this dependence on computerized models a risk in some way?

MM: Some is computerized, some is not. What I track for the Bank Secrecy Act (BSA) and ACH is on computer. I assess other areas by sitting at a table and talking through the components or by reviewing reports and other data.

Is there any new regulation that has caused you grief?

MM: What is most on my mind at the moment is the possibility of a new regulation, and that is conforming U.S. GAAP to international rules. If we did this, very possibly U.S. banks and credit unions will have to write-off bad loans more aggressively, which in turn would significantly affect earnings, capital, and loan loss reserves. It could take a real adjustment on our part on how we view our loan portfolios, which of course is the heart of our business.

How much of your risk management is specific to your region and its economy? What are you doing to mitigate the risks?

MM: Region and economy does not greatly affect us. We operate in three cities: Washington, DC, Baltimore, and Philadelphia. Our accounts are scored higher for BSA, on account of factors such as these cities being noted drug trafficking areas, but our unemployment is less than the national average, which helps sustain growth. We are trying to ramp up membership and loans in order to spur growth; we are doing more in member business loans and participation loans in particular.

Over the next year, what areas of risk do you anticipate paying a lot of attention to and why?

MM: We are going to focus on business continuity, concentration risk, troubled debt restructuring, and how we calculate loan loss reserves because of the potential for write-downs, which can impact net income.

Have any new regulations changed your mind about a specific type of risk and caused you to reassess your original strategy or your exposure to a particular area?

MM: When NCUA announced it was moving to a more risk-based and risk-focused examination, it forced us to react and conform. We discuss and assess how we need to adjust so we do not run afoul of NCUA guidelines.

How would you identify your credit union’s appetite for risk today? Which areas are you bullish about, and which ones are you bearish about?

MM: We tend to move between conservative and moderate, the latter on account of our pursuit of business and participation loans. You can’t make money on overnight federal funds, so our CEO has a third party advisor for investments, which helps him make better investment decisions. Our participation loans have been good ones and we expect them to remain so.

Do you have a risk dashboard?

MM: I do some risk assessment internally — for BSA, ACH, ID theft and the like. We have some informational dashboards in-house but they are not risk-based. Next year we intend to build a dashboard that is risk-based and that incorporates factors included in our present one.