3 Big Compliance Problems Facing Small Credit Unions – and How to Solve Them
October 8, 2024
By John 'Ogie’ Sheehy, Global CEO at ViClarity
Being small isn’t necessarily a bad thing. Smaller credit unions can more quickly respond to changes in the marketplace, often enjoy greater agility when it comes to decision making and have closer ties between staff and members than their larger counterparts. Members experience a financial institution “where everybody knows your name.”
Of course, being small can also come with challenges, often rooted in having fewer resources that impact a credit union’s ability to comprehensively meet the needs of their members. Although making do with less time, staff and capital can impact many areas of a credit union, one of the most potentially consequential is regulatory compliance.
Inclusiv and ViClarity recently partnered to take a deep dive into the biggest governance, risk and compliance (GRC) challenges faced by small credit unions. We spoke with a number of small credit union leaders, including CEOs of Minority Depository Institutions (MDIs) around the country.
Across our conversations, three vexing issues inevitably emerged:
- Managing consumer complaints
- Sticking to an adequate audit schedule and managing findings resolution tracking
- Staying on top of vendor management
We weren’t surprised to hear leaders raise these challenges, as each requires resources to manage effectively. At the same time, we deeply empathized with the executives who recognized these challenges, knowing full well the implications of failing to comply with the rules in these areas.
The good news is each of these mission-critical and demanding GRC tasks can be made easier with solutions that systematize and organize operating procedures and best practices every credit union should follow.
The sheer number of channels through which a credit union member can communicate a concern or poor experience makes the processes of monitoring, investigating and documenting complaints both time-consuming and error prone. It’s a big reason why every credit union needs a well-documented, formal complaint management policy, with staff thoroughly trained on how to implement the associated procedures.
Centralizing complaint management is a best practice even small credit unions can deploy. Nowadays, low-investment regtech platforms can automate much of the tracking, assigning, monitoring and reporting this job calls for.
If integrating such a platform is not in the cards, a shared spreadsheet can do the trick, although that will require a designated team member to track down status updates and manually enter them in a timely manner.
Another best practice for complaint management within a small team is prioritization. Compliance officers are in the best position to establish a framework for those complaints that should receive the quickest attention. That’s because they typically have the best grip on the severity of the potential impact associated with each type of complaint. And, they’re perfect traffic cops, comfortable with directing complaints to the appropriate staff member or escalating them to the credit union’s Supervisory Committee.
Although many organizations may be well-protected by a single annual audit, those in highly regulated industries typically require multiple audits. Credit unions, large and small, fit that description, as they need to undergo several reviews (e.g., external financial, internal risk, BSA/AML, website review, UDAAP/Fair Lending, ACH, and even IT) to ensure regulatory compliance and financial soundness.
Staying on top of audit compliance can be a notable challenge for small credit unions. Internal and external reviews often flag multiple areas for improvement, and while these flagged issues initially cause significant concern, they can be put on the back burner when the next urgent issue arises. Not addressing findings, especially those that identify a systemic issue, can lead to even greater problems down the line.
Here again, centralization of findings—and most importantly, the documentation of progress to address them—can be a big help to credit unions when examiners come calling. Demonstrating a good-faith effort to improve or to correct a mistake goes a long way with regulators. But that can be difficult to do if the leader heading up the task isn’t in the office, or even more prohibitively, has moved on to another job. Tracking everything in a software platform is the easiest way to create a helpful audit trail. That said, careful manual tracking in a spreadsheet also works.
The National Credit Union Administration (NCUA) sees vendor management as part and parcel of safety and soundness. The agency has made it clear that credit unions are solely responsible for staying in compliance with rules and regulations even in the circumstance where a vendor causes a violation.
Especially today, when credit unions are meeting demand for digital banking experiences by working with fintechs and other providers at exponentially accelerating rates, maintaining a clear line of sight into every vendor’s practices and safeguards is critical.
As with complaint management, manual tracking of vendor due diligence and ongoing risk assessment is a fine practice, so long as it’s maintained, and someone is monitoring it for important dates and red flags. Automated vendor management systems, however, can dramatically reduce the number of hours already time-strapped staff need to devote to keeping an eye on the credit union’s many partners.
Compliance officers can be terrific allies to their colleagues in charge of vendor management by helping them plan appropriate review schedules. A landscaping business, for instance, which requires no member data to perform their duties for the credit union, may only need to be evaluated periodically. However, a digital banking vendor with access to member data may need much more frequent spot-checks to ensure their practices remain in alignment with expectations.
Human Talent + Simple Technology = More Time for Members
As mentioned above, there are low-tech practices small credit unions can implement to ease complaint management, audit and vendor due diligence burdens. However, the addition of regtech can dramatically accelerate the process. These solutions help credit unions combine human talent with simple technology to automate tasks, enhance accuracy and ensure compliance, freeing up staff time for more high-touch experiences. Being able to delegate routine, yet high-stakes compliance tasks to a reliable software platform allows credit union staff to spend more time with members, ensuring they continue to bank where everybody knows their name.
Originally published in Credit Union Times on October 4, 2024, co-authored by Anna Foote, Senior Credit Union Operations and Compliance Specialist for Inclusiv, the national network of community development credit unions and a CDFI Intermediary.
Back