Risk Management
Last Reviewed: August 2024
Financial institutions should use a risk-based approach to fraud detection and prevention. For effective fraud risk management, a credit union must identify areas with the greatest potential for fraud and implement targeted measures to mitigate those risks, including strong internal controls and monitoring systems.
Managing fraud proactively allows a credit union to mitigate fraud risk exposure. Important elements of fraud management include fraud risk governance, fraud risk assessment, fraud prevention and detection, and coordinated investigation and corrective action.
Risk Management: Managing Fraud Risk
The AICPA’s Managing the Business Risk of Fraud: A Practical Guide establishes five key principles for managing an organization’s fraud risk:
- Implement a fraud risk management program, including a written policy to convey the expectations of the board of directors and senior management. The following should be included within a fraud risk management program:
- Roles and responsibilities,
- Commitment,
- Fraud awareness,
- Affirmation process,
- Conflict disclosure,
- Fraud risk assessment,
- Reporting procedures and whistleblower protection,
- Investigation process,
- Corrective action,
- Quality assurance, and
- Continuous monitoring.
- Periodically perform fraud risk assessments to identify potential fraud schemes and mitigate fraud risks by implementing practices and controls. The fraud risk identification process should assess:
- The incentives, pressures, and opportunities to commit fraud,
- The potential to override controls,
- Where controls are weak,
- Where there is no segregation of duties, and
- Internal and external threats.
- Establish prevention techniques to avoid fraud risk events and to mitigate impacts on the organization.
- Prevention techniques should include policies, procedures, training, and communication that block fraud from occurring.
- A key to fraud prevention is the board promoting an awareness of the fraud risk management program, as a strong fraud deterrent is the awareness that effective controls are in place.
- Establish detection techniques to uncover fraud events and schemes. Detection techniques should enable your credit union to promptly recognize when fraud has occurred or is occurring, such as through the following controls:
- Whistleblower hotlines
- Process controls
- Data analysis and technology tools
- Continuous auditing
- Implement a reporting process to collect information on suspected fraud and a coordinated approach for investigation of fraud and corrective action to ensure it is addressed appropriately and timely.
- The board should ensure a system for the review, investigation, and resolution of reported fraud is developed and implemented. They should also ensure they there is an effective process to maintain confidentiality while investigating cases.
- A consistent process will help a credit union mitigate losses and manage the risk associated with fraud investigations The investigation and response process should involve:
- Categorizing issues.
- Confirming the validity of the allegation.
- Defining the severity of the allegation.
- Escalating the issue or investigation when appropriate.
- Referring issues outside the scope of the program.
- Conducting the investigation and fact-finding.
- Resolving or closing the investigation.
- Listing types of information that should be kept confidential.
- Defining how the investigation will be documented.
- Managing and retaining documents and information.
Risk Management: Primary Fraud Risks
According to the National Credit Union Administration (NCUA), fraud can impact a credit union in all risk areas, including transaction risk, reputation risk, liquidity risk, and strategic risk.
Transaction fraud can negatively impact a credit union’s earnings and net worth. Transaction risk exposure can be mitigated by strengthening internal controls, information systems, employee integrity, and operating processes.
In addition to financial losses, fraud can result in harmful litigation and media coverage that causes a loss of trust in the credit union and its leadership. This reputational risk exposure can ultimately lead to loss of membership.
Fraud can pose a threat to liquidity in two ways. First, a credit union may have less liquidity than they realize if financial statements are inaccurate. Second, fraud resulting in reputational harm may lead to a run on deposits.
In terms of strategic risk, if fraud drives a credit union’s net worth down, it will be unable to absorb fraud losses and be exposed to a higher risk of failure.
Risk Management: Laws & Regulations
Risk Management: Additional Resources
Risk Management: Model Policies
CU PolicyPro contains the following model content which can be used to help you craft your own policies and guidance on this topic:
- Model Policy 1100: Credit Union Culture and Governance
- 1100.17: Audits
- Model Policy 1500: Staffing and Human Resources
- 1500.10: Whistleblowing Protection
- Model Policy 1645: Fraud
Click to login if your credit union subscribes to CU PolicyPro.
If you're not sure if your credit union subscribes, contact policysupport@cusolutionsgroup.com for assistance.