Constantly calculating risk is what credit unions do on a daily basis. Whether that risk is related to a potential investment, protection from theft or cyber security attacks, the thought process is always the same: Identify the potential dangers, and then make sure you put plans in place to give yourself the best chance at a positive outcome.
However, there are some risks that are much more difficult to predict. "Black swan" events, as they are known, require a much more focused risk-management plan to try to manage or prevent. While a black swan event is rare, it is a massively disruptive event that in hindsight could have been prevented.
The Evolution of Risk
As technology advances and our knowledge base expands, black swan events have evolved into a much more controlled form of risk. For example, 100 years ago, hurricanes were considered black swan events; but today because of our sophisticated technology and enhanced knowledge of weather patterns, hurricanes can be more accurately tracked, saving lives and property.
This same principle applies to credit unions. One of the lurking black swan events in our industry is a large-scale corporate account takeover, where computers infected through an unsafe e-mail attachment or web link allows hackers to access the account information of a massive number of members. Imagine the devastation if a coordinated attack across many institutions took place at one time. But as our working knowledge of these takeovers grows and the protections advance, the uncertainty of these types of threats becomes a much more manageable risk.
Steps To Take
The best way to avoid a black swan situation is to adopt, but more importantly follow a solid risk management plan via the following steps:
Identify and Understand Major Risks. One of the most important and sometimes difficult steps to preventing black swan events is to correctly identify and gain a solid understanding of the major risks in your CU. At SWACHA we suggest CUs perform regular risk assessments to identify new risks in a constantly changing environment. These risk assessments can be the key to creating a stronghold to protect your institution from fraud or theft.
Decide Which Risks Are Natural. Once all of the risks have been identified we suggest going through a sorting process. Some risks in financial services are simply natural risks that come with the territory. It is important to sort these risks and understand that while you can place all of the necessary precautions in place to make incidents unlikely, there is no way to eliminate the risks completely.
Once you have identified all of the natural risks, many CUs may find there are other risks that can be completely eliminated by changing a policy, upgrading technology, or further training their staff. To prevent a devastating black swan event, all of these avoidable risks must be eliminated.
Determine Capacity and Tolerance for Risk. Once natural risks have been identified and the others have been negated, the next step in the risk assessment process is to calculate how much risk your credit union can afford to take.
This risk tolerance will differ between credit unions based on numerous factors such as revenue, the number of daily transactions made through the institution, number of members, the different types of services offered or management style.
This is one of the most important steps in the risk-assessment process because it requires a delicate balance. Every CU must maintain some level of strategic risk to continue to grow, so complete caution unnecessarily puts the brakes on success. However, if the risk tolerance is overestimated there may not be enough security measures in place and the door is open for a potential black swan event.
Embed Risk in all Decisions and Processes. Once your credit union has a firm grasp on your risk tolerance you must remember to keep it in your thought process any time you are making management decisions. It is a comforting feeling having a solid understanding of how much more risk your institution can maintain and operating your business based on that principle.
Align Strategies and the Organization Around Risk. The final sign that your CU has succeeded in risk management is when all of your big picture strategies and the mission of your organization are aligned around strategic risk. The most successful credit unions are always the ones who naturally consider risk with every step taken.
But this is not a finish line; it is the end of a cycle that should be always repeating. As time passes and your organization grows the risks change. We suggest you constantly move through this risk-management process to keep the black swan at bay.
In our industry, which deals with so many member transactions on a minute-by-minute basis, a potential black swan event is all around us. But with the proper risk management processes, many of these devastating events can be avoided, and the stability of your credit union never questioned.
Dennis Simmons is president and CEO of SWACHA, Bryan, Texas. For info: www.swacha.org