NCUA releases ALERT for Credit Unions Servicing Marijuana and Hemp related businesses
Since returning from RMA GCOR, I've been flooded with conversations about Third-party risk management. Customers, partners and prospects alike are going through an awakening regarding the risk posed by third-parties and it's interesting hearing all perspectives on the issue. The guidance provided by the regulatory bodies such as the OCC 's Bulletin has been clear regarding what needs to get done, however, there seems to be a lot of confusion regarding the "how" of the requirements.
Enter, "Third-Party Risk Management: Driving Enterprise Value" by Linda Tuck Chapman. In this recently released book, Linda lays out how financial institutions should go about building a world-class third-party risk management program. She does an excellent job of providing deep context on the problem, clear definitions of the risks associated and guidelines on implementation.
From her crystal clear definitions in chapter 1 to her tactics on monitoring in the last section of the book, Linda does a great job clarifying a difficult subject. I'm going to gift this book to all of my banking friends.
The book should be available on Amazon in the coming days. I'll update the post with a link to purchase. In the meantime, I have few to spare so send me a message if you'd like a copy HERE.
Last week we attended (and sponsored) the Risk Management Association's 12th Annual Governance, Compliance and Operational Risk Conference in Cambridge, MA. What follows are some key takeaways and summary.
Credit Unions and CUSO's are facing a tough compliance landscape. After the passing of Dodd-Frank, vendor management, as applied to financial institutions became much more complex. Each regulatory body (OCC, FDIC, NCUA, OCC and the Federal Reserve) has issued their own rules and guidelines for achieving and maintaining compliance with the new regulations. The monitoring aspect of these guidelines require financial institutions and their vendors to communicate and exchange critical information more frequently and on a much deeper level. CUSO's (Credit Union Service Organizations for the uninitiated) and some financial "super vendors," have a particularly challenging problem with compliance due to the multiple layers of one-to-many relationships.
The monitoring requirement for Credit Union and CUSO compliance, increases the number of minimum interactions between a vendor and credit union exponentially. The frequency and depth of these interactions depend upon the risk posed by each service provided. High risk vendors (payments, clearing, settlement) must be monitored at a higher frequency than low risk vendors (non-core, staffing, facilities etc.). For example, a high risk vendor might require the review of monthly SLA's, quarterly performance and qualifications, whereas a low risk vendor might only require the review of insurance and qualifications annually.
Adding to this compliance complexity for CUSOs is the fact that many of them provide more than one service and may utilize downstream vendors as well. Each of these services has an independent risk profile and associated monitoring frequency. Just delivering these compliance documents to their Credit Union clients can quickly become an unmanageable problem: a seemingly infinite number of interactions. This is an exponential problem and unfortunately, the existing tools (email, spreadsheets, people) are linear solutions and won't solve it without increasing costs.
Fortunately, the latest influx of solutions from the Internet has provided us with several models that give us hints on how to untie this knot. For instance, the sharing or collaborative economy model illustrates a clear path to getting to scale without breaking the bank by opening up the data and enabling each participant to create valuable data.
At TrustExchange, we've studied this problem from several industry points of view: finance, logistics, shipping and healthcare and have built a product that leverages a few of these key innovations to solve the compliance problem. Credit Unions and CUSO's have a unique compliance challenge because of their position as a "super vendor" and sitting in the middle of a large compliance interchange. By creating a solution that leverages lessons from the collaborative economy, we've built a scalable collaborative compliance platform that solves this problem for CUSO's and Credit Unions simultaneously.
Contact us to learn more about how we can solve this problem for you!