Risk & Insurance Insider

Emerging Risk: 2021 Outlook

Credit unions that stay current on emerging risk trends and integrate risk management into their day-to-day business plans and operations are more likely to minimize losses.

Resources to Help

Access these resources to help you stay ahead of emerging risks in 2021:

2021 Risk Webinar Series

Save the dates for the 2021 Risk Webinar Series and Office Hours. Registration will be live soon!
2021 Emerging Risks Highlights

Manage pressing risks in an era of uncertainty by knowing what should be on your radar.
Employee Dishonesty / Internal Controls Training Module

Employee & Director Dishonesty and Faithful Performance claims account for 47% of Bond dollars paid over the last 5 years.

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, Ask a Risk Consultant or call 800.637.2676.

Previous Articles

Click on each topic to display the article.

Operations & Security

The unprecedented pandemic event has required businesses, including credit unions, to close offices, implement a more remote workforce, increase reliance of digital products/service, and re-open offices. This has been uncharted territory for many decision-makers as you face more pervasive, complex challenges than ever before.

Access these resources to help you stay ahead with changing business practices:

Business Resiliency: Lessons Learned On-Demand Webinar

This 90-minute discussion provides tips for refocusing operations considering recent and past business resiliency lessons learned to help prepare for the next possible interruption. Access On-Demand Webinar

The credit union workplace has been rocked in many ways – from the way you manage day-to-day tasks to how you interact with members and each other. Credit unions are now focused on re-opening operations and bringing employees back to the workplace and it could be one of the most critical decisions you’ll ever have to make.

Check out the latest resources

Access these resources to ensure your credit union can effectively and efficiently handle the transition to the workplace of tomorrow.

Emerging Risk: Cyber Threats

The cyber landscape is evolving quickly, forcing you to prioritize strategies and threats to data security. It’s critical to stay on top of next-generation vulnerabilities to minimize risk and increase your organization’s preparedness.

Cybersecurity Threat Resources

  • Check out the Cybersecurity Threat Outlook eBook for actionable insights on seven cybersecurity threats and challenges your credit union could face.
  • Hear what top cyber professionals see as key cyber trends, risks and insights. Access recording.
  • Beazley Breach Response Services shares their perspective on cyber risk after handling thousands of breaches and hundreds of instances of ransomware in 2019. Access overview.
  • Data governance should be integrated throughout your entire credit union as part of your fabric and culture.
  • Biometric technology can improve cybersecurity but be sure to understand the risks and challenges of biometric technology.


Emerging Risk: 2020 Outlook

Staying ahead of emerging risks requires keen awareness, effective preparation, and loss control scrutiny. Whether the risk hasn’t previously been identified, has become more aggravated, or is evolving more broadly – your credit union must have appropriate protocols in place. Leverage these resources to gain actionable insights and details to help your credit union be prepared.

Uncover 10 emerging risks that our Risk Consultant team has pinpointed as potential threats in 2020.

Check out the latest resources

Be sure to continue to stay ahead of emerging risks by accessing the latest resources.

  • Help ensure your employees are informed of courses of action to take in the event of an active shooter incident by using this policy template guide.
  • Mergers & Acquisitions can be a time-consuming and emotional process that can come with unanticipated risks and challenges if proper oversight isn’t maintained.
  • Employees are driving the change for a better work-life balance and that includes more unique options for work.

Emerging Risk: Year in Review

2019 has been a year full of both anticipated and unfamiliar emerging risks. From cryptojacking to growing Overdraft / NSF fee litigation – credit unions have seen a lot. Thank you for taking time to protect your credit union and trust our risk consultants along the way. The 2019 risk video series has wrapped, but we wanted to share some of our favorite outtakes with you!

Check out the latest resources

Be sure to continue to stay ahead of emerging risks by accessing the latest resources.

Emerging Risk: Mobile Devices & Technology

With more than 50% of all Internet traffic coming from mobile devices, it’s no surprise that attackers have turned their attention to mobile employees, apps, and mobile devices as the next frontier of fraud.1 Corporate devices hold a vast array of data for attackers to target. While many apps authenticate with single sign-on services, many employees have their own user credentials.

Rise Above Your Risk

48% of phishing attacks take place on mobile, and users are 3x more vulnerable to phishing on mobile than on desktop.2 Watch this video to learn more

  • Mobile Device Risks & Security: Mobile devices are prone to similar risks and attacks as other devices in your credit union. Use this guide to ensure you have the right policies in place. (User ID and Password Required)
  • Fake Banking Apps: Learn how fraudsters have jumped on the opportunity to exploit members into providing sensitive information via fake banking apps. (User ID and Password Required)
  • Bring Your Own Device Policy Best Practices and Template: Use these best practices and sample policy to ensure you have the appropriate bring your own device guidelines in place. (User ID and Password Required)

1StatCounter, 2019
2Wandera, 2019

Emerging Risk: Employer Rights, Risks, and Obligations

As an employer, you must exercise caution with changes in the workplace to ensure fair accommodations for your employees and potential employees. It’s critical to know your risks, rights and obligations while managing risks related to drugs in the workplace, self-expression, personal appearance, and discrimination/harassment.

Rise Above Your Risk

Nearly 50% of Management & Professional Liability claim dollars paid over the last five years are related to employment practices losses. * watch this video to learn more.

*CUNA Mutual Group Internal Claims Data, 2013-2017

Emerging Risk: Branch Operations

The investment in your branch and your day-to-day operations is often only as good as your people and the training related to policies, procedures, and internal controls that they receive. Given that branches can vary greatly, not everything can apply from one branch to the next.

Rise Above Your Risk

Branches aren’t going away…61% feel it’s important to have a local branch and typically prefer to apply for a loan or deposit account in a physical branch.* Watch this video to learn more.

*PwC’s 2019 Digital Banking Consumer Survey

Emerging Risk: Employee Safety

Identifying potential risks and hazards coupled with a concerted effort by the entire organization to enforce safety…can save your credit union time, money, and minimize preventable injuries. A robust strategy also demonstrates your commitment to keeping your employees safe, secure, and even making them more productive at work.

Rise Above Your Risk

79% of executives/leaders are more concerned about employee or student safety than they were two years ago. * watch this video to learn more.*

*Everbridge, Active Shooter Preparedness Research Report

The online channel helps deliver the optimal 24/7-member experience. However, fraudsters continue to exploit the point of entry by concealing their true identity during member authentication and verification. Check out these resources to create more obstacles for fraudsters during the online experience.

Rise Above Your Risk

Account takeover losses reached $5.1B last year; watch this video to learn more.*

*2018 Javelin Strategy & Research, Identity Fraud Study

Ransomware is a cheap, easy, and accessible form of disruption for cyber criminals, a perfect cover for other forms of attack like cryptojacking. Watch the video below to hear how fraudsters are raising the bar for credit unions. View the video.

Rise Above Your Risk

The average ransom demand was $116,324 and the median amount was $10,310.*

*2019 Beazley Breach Briefing

When risk management is effective, typically nothing bad happens, But, if you’re blindsided by a problem, your credit union reputation takes a hit. By staying ahead of emerging risks, you can help mitigate potential losses and minimize impact to your credit union’s bottom-line.

Ensure your credit union is ready to rise above your risk.

Emerging Risk: Threats in the Cyber Security Landscape

Cybersecurity is one of the most dynamic risks to manage. Fraudsters continuously find new social engineering tactics to exploit the weakest link at your credit union – your employees. By understanding threats in the cyber landscape, you can help minimize the impact of these growing risks.

Ensure your credit union is ready to rise above your risk.

Access these three resources to gain a greater understanding of the latest cybersecurity threats and social engineering tactics:

  • Cybersecurity is more than an IT problem; Protecting Your Credit Union’s Data(Opens in a new window) introduces next-gen threats to data security and shares key considerations to strengthen your risk posture.
  • Hackers look to exploit an individual’s inclination to trust, review The Rise of Social Engineering Fraud(Opens in a new window) eBook to learn about the latest social engineering tactics. (User ID / Password required)
  • Phishing emails are hard to detect at a quick glance. The Employee’s Guide to Phishing Emails(Opens in a new window) can help identify common red flags. (User ID / Password required)

Emerging Risk: Workplace / Employee Safety

Safety initiatives are essential when it comes to maintaining a work environment that is both safe and productive. However, programs, policies, and procedures don’t mean much if you aren’t focused on taking necessary precautions to minimize the risks involving hazards, injuries, and accidents.

Be ready and rise above your risk.

Access these 3 resources to help your credit union consider the right safety measures:

By embracing regulatory complexity, your credit union can stay focused on performance and get ahead of changes to better navigate the regulatory and compliance landscape.

Be ready and rise above your risk.

To keep a pulse on emerging compliance risks, check out these resources:

Credit unions, small and large, collaborate with partners, vendors, and third parties to deliver products and services to their members. These relationships play a critical role in your credit union’s success; however, providing vendor oversight is vital throughout the entire life cycle to minimize risk.

Be ready and rise above your risk.

Use these resources to help you assess and manage vendor risks.

Natural disasters and catastrophes disrupt credit unions throughout the nation each year; in fact, many were impacted in 2017 due to bad weather, hurricanes, wildfires, and even man-made or infrastructure threats. And while it is impossible to prevent a disaster, you can take measures to ensure both your credit union and employees are prepared.

Be ready and rise above your risk.

How quickly and completely your credit union recovers from direct and indirect losses depends heavily on how well you are prepared. These risks typically occur with little or no warning.

Leveraging different backgrounds, skills, perspectives and knowledge of your workforce, while following sound employment practices, can set your credit union up to be more effective and successful. Changing your workplace culture won’t happen overnight, but there are steps you can take immediately.

Ensure your credit union is ready to rise above your risk.

Employees are your greatest asset! Protect and educate your them by understanding the most pressing risks of an evolving workforce.

Active shooter incidents are unpredictable and evolve quickly. And, unfortunately, we continue to see them impact our communities. It is critical for your credit union staff to be aware of their surroundings and know how to instinctually respond.

Ensure your credit union is ready to rise above your risk.

Active shooter incidents are often over within 10-15 minutes before law enforcement arrives on the scene. Are your employees prepared to protect themselves?

Virtually every aspect of your credit union business poses risk. Understanding how each new service, operational change, regulatory update, and technological advance impacts your credit union is critical to your success.

Ensure your credit union is ready to rise above your risk.

To stay ahead of the complex array of ever-changing risks and compliance issues, review these resources to assist you as your credit union grows and evolves:

Employee or director dishonesty accounts for more than half (56%) of credit union losses in terms of dollars paid within the Bond policy.1 And, lack of internal controls and oversight are significant issues contributing to the losses.

Ensure your credit union is ready to rise above your risk.

Having the right controls in place in addition to knowing how to detect internal fraud is critical to your loss mitigation success. Review these resources to help your credit union prepare:

1Employee or Director Dishonesty & Faithful Performance losses, Claims Data, CUMIS Insurance Society, Inc. 2012-2016

Cybersecurity threats continue to evolve in unimagined ways. In fact, breaches and related fraud continue to thrive. And, with consumers being tech savvy and more connected, the risks are becoming even more difficult to manage.

Ensure your credit union is ready to rise above your risk.

While no one is immune; you can establish a strong set of cyber controls to operate safely and remain ready.

  • Watch this Cybersecurity Trends & Tips webinar clip (8:21) to get a closer look at how to manage third party access, email fraud and ransomware.
  • Security companies are warning of a malicious attack on Internet of Things (IoT) devices. Check out this IoT Risk Overview (User ID / Password required) to learn how connected devices can add exposure to your credit union ecosystem.
  • Cloud adoption rates are also on the rise. Review this Cloud Computing Risk Overview (User ID / Password required) to help with your strategic considerations related to the cloud.

Your day-to-day operations are the center of activity. Those same operations also introduce risk, especially if policies, procedures, and controls are lacking, out-of-date, or employees just become too complacent. Unfortunately, recent credit union losses have shown that a common denominator has been the lack of internal controls.

Ensure your credit union is ready to rise above your risk.

Credit unions need a strong and effective system of internal controls to operate safely and effectively.

Whether you believe your employees are all trustworthy or that you have strong internal controls in place, you may be unknowingly setting your credit union up for a devastating loss down the road. Losses include embezzlement, theft of vault or teller cash, account and expense manipulation, or fictitious/unauthorized loans.

Generally, employees who have a need, an opportunity, and who can rationalize their actions are the ones who commit internal fraud. Why learn the hard way? Take the self-assessment below to discover where you may be vulnerable.

Self-Assessment Questions:

  • Are you checking and verifying previous employers, references, and performing criminal background and Bondability checks for new hires and volunteers?
  • Do you have zero tolerance in a Fraud Policy Statement?
  • How are you proactively monitoring employee warning signals?
  • Have you implemented dual control over vault cash, currency shipments, ATM / teller cash replenishments, and cash dispensers?
  • Are vault cash, cash drawers, and ATMs subject to frequent surprise audits?
  • Are transactions initiated by tellers or vault tellers before and after a surprise cash audit?
  • Are sound controls used to monitor expense and general ledger accounts?
  • Is a whistleblower policy in place to encourage staff to report incidents?

You can also do a deeper dive self-assessment evaluating your internal processes >>

Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.

October marks National Cyber Security Awareness month reminding you to take the time to review your digital policies and procedures.

7 out of 10 businesses hacked learned from an external party.*

Your members count on you to protect their sensitive information from falling into the wrong hands. A data breach can result in more than lost data. It can damage your credit union’s reputation, shake your members’ trust and could cost you tens of thousands of dollars to repair.

CUNA Mutual Group’s cyber solutions will help you better manage risk and keep your business open in the event of an attack. Additional valuable tools and resources are available within the Protection Resource Center.

*Mandiant M-Trends 2015 Report, February 2015

With certain legal protections afforded to employees, charges and lawsuits related to retaliation and other employment practices charges have increased. In fact, there is a one and eight probability of having an employment charges filed against an U.S. company.* (The 2015 Hisox Guide to Employee Lawsuits)

Personal relationship conflicts and workplace romances make for sensational headlines; however, they also lead to gossip, damaged credibility, and claims of harassment and/or retaliation.

Ensure your credit union is ready to rise above the risk.

  • Watch this free Risk Video (4:36 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to proactively manage workplace relationships.
  • Check out Unlawful Workplace Retaliation Overview (User ID / Password required) to see losses related to this frequently filed employee complaint.

Extra Expense is the necessary extra costs you incur to minimize the suspension of your business and allow you to continue operating your credit union as close to normal as practicable, after a covered loss.

Here are some things to consider:

  • The loss as a worst case scenario.
  • The politics and ordinances that could impact your recovery timeline.
  • The construction timeline for building a better and newer building, especially considering weather delays, building code issues, and demand for resources.
  • Due to the high volume of equipment requests from other businesses and a limited supply in a disaster zone, increased costs can be associated with the necessary equipment.

 Use our Coverage Calculator to identify potentially risky coverage gaps.

Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.


Emerging Risk: Lending in a Pandemic

Lending channels and practices are always evolving. However, today’s environment requires that credit unions rethink their lending strategies, processes, and collection practices to meet their organizational goals and members’ needs.

Rise Above Your Risk

  • Participation Lending Risk Overview: Better understand the risks and rewards of investing in participation loans. Access Resource (User ID and Password Required)
  • The Evolution of Loan Servicing Risk Overview: Uncover the new normal for lending and see what's shaping the future of loan servicing and collection. Access Resource (User ID and Password Required)
  • Paycheck Protection Program (PPP) Implementation and Risk Overview: Use this guide to understand how to implement and manage associated risks of the Paycheck Protection Program at your credit union. Access Resource (User ID and Password Required)

*2014-2018 Internal Claims Data, CUMIS Insurance Society, Inc.

Emerging Risk: Lending Oversight

Solid, sound, prudent practices. That’s a basic component to lending program governance – weighing need for growth and opportunity versus proper security and controls. Risks related to a lack of diversification, loan concentrations, Board reporting, and the resurgence of internal fraud can impact your portfolio performance.

Rise Above Your Risk

More than 35% of all Management and Professional Liability claims (frequency) over the last five years have been for Lender Liability.*

  • Board Governance & Oversight: Your credit union’s board should be forward-thinking and must adequately understand the challenges and opportunities of appropriate lending oversight. (User ID and Password Required)
  • Collections Risk Overview: Mistakes by the loan officer or collection staff can result in legal liabilities and damage to the credit union’s reputation. Ensure you have well-documented policies and procedures. (User ID and Password Required)
  • Internal Controls: Internal controls are an integral part of all credit union operations – especially lending. Lending oversight should include a review of lending-related internal controls. (User ID and Password Required)

*2014-2018 Internal Claims Data, CUMIS Insurance Society, Inc.

Impact of Legalized Marijuana

The legalization of marijuana and its impact on the American workplace is a growing problem. Credit unions are now faced with questions such as: Do we provide account services and/or lend to marijuana-related business; Should or can we test employees or applicants; and, Are our policies in line with this changing landscape?

Ensure your credit union is ready to rise above your risk.

Access these resources for a greater understanding of the risks associated with marijuana legalization:

What should credit unions be doing to manage due diligence and indirect lending in our dealer relationships?

- VP of Lending, $765M Credit Union

Ongoing due diligence for automobile dealerships in an indirect program is critical to your program’s success. In fact, in situations where relationships were loosely managed and monitored, credit unions have seen some of the largest losses caused by unscrupulous dealerships and their employees or practices. Be sure to:

  • Understand how the dealership fits into your member demographic, loan growth, and risk appetite strategies
  • Have a clear understanding of the operational structure and conduct reviews regularly including on-site visits and sales staff interviews
  • Establish appropriate growth goals, concentration limits, and minimum standards for creditworthiness, such as credit score and debt-to-income requirements and loan-to-value limitations
  • Maintain quality control on the vendor’s program administration, underwriting, and contract expectations
  • Manage your incentive structure effectively to ensure dealers and staff are focused on loan quality, not just loan volume

Lastly, if you find that one of your lending relationships shows red flags or adverse performance trends…take early action to revise the dealer relationship.

This question was asked during our October 5, 2017 Office Hours. For more questions from your peers, watch the full recording. Topics included loan fraud, indirect lending, and compliance issues related to the Home Mortgage Disclosure Act, Military Lending Act, and the Telephone Consumer Protection Act.

Managing lending risks can be tricky – especially when dealing with the many types of lending: consumer, real estate, indirect, business, etc. Your credit union needs a robust risk management program in place to help you provide proper lending oversight.

Be ready and rise above your risk.

Use these resources to help you manage your lending risks:

Keeping pace with lending risks can be challenging. It takes constant monitoring and ensuring employees follow sound practices to make sure risks don’t turn into lending program losses.

Check out these recently introduced resources:

Payments and Deposits

Scams targeting your members can range from ATM and gas pump skimming to identity theft and account takeovers. And, these scams are continuously evolving – so it’s nearly impossible to keep up. However, there are steps you can take to help educate and protect your members.

Rise Above Your Risk

24.9 million Americans lost an estimated $8.9 billion to telephone scams alone.* Watch this video to learn more

  • Elder Financial Abuse: Help protect your elderly members from the growing threat of senior scams. (Log-in required)
  • Protect Member Transactions: Help protect your members from themselves and fraudsters with these tips. (Log-in required)
  • Flood Protection: Help your members understand common myths and protect themselves from flooding. (Log-in required)

*2018 Truecaller Report

Compliance Overload

In today’s uncertain regulatory landscape, one thing is certain – things are changing. And, keeping pace with compliance updates isn’t easy, but is critical in mitigating risks. Use these resources to help ensure you are doing your best to manage compliance risk at your credit union.

Rise Above Your Risk

Credit unions in the U.S. face a combined $6.1 billion in annual regulatory costs.* Watch this video to learn more

  • Check Collection & Return Guidelines: Check fraud continues to plague credit unions. Use this guide to understand how check collections and returns can help minimize risk. (User ID and Password Required)
  • Partner Perspectiv-LOANLINER: Learn how lawsuits are alleging deceptive practices and excessive overdraft / NSF fees.
  • CECL Implementation Guide: Use this practical guide with six steps to assist in implementing the new CECL rule. (User ID and Password Required)

*CUNA Mutual Group Internal Claims Data, 2013-2017

Fraudsters are attacking credit unions through a variety of channels and scams. Some of the more prevalent methods include: fraudulent online account opening, account takeovers through online banking, wire transfer scams, ACH booster payments, and card fraud.

Be ready and rise above your risk.

Use these resources to help you assess and manage payments and deposits risk:

Fraudsters master old tricks and continuously evolve new ways to gain access to sensitive member, financial, and corporate information. They thrive by targeting those that are most vulnerable: the elderly, holiday shoppers, military members, disaster victims, donation-givers, job candidates, employees, and consumers in general.

Ensure your credit union is ready to rise above your risk.

Scammers succeed by catching you off guard. And, unfortunately recognizing scams can be difficult for both you and your members. Review these resources to help your credit union and members combat scams:

The difficulty in navigating the complex chargeback process has led consumers to, knowingly or unknowingly, add $11.8 billion in expense to the payment industry in the form of "friendly fraud" according to Visa estimates*. Friendly fraud can be hard to spot and even more difficult to navigate given the various regulatory and compliance considerations surrounding it.

Ensure your credit union is ready to rise above your risk.

Error resolution compliance doesn't have to be an uphill battle. In fact, there are processes and tips that can help you work within the regulations, balance risk, and still maintain positive member experiences. The key is to not to allow friendly fraud get the best of your credit union.

  • Watch this Risk Video (6:31 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to understand the most common risks and how you can proactively manage friendly fraud.
  • Check out one credit union’s perspective as they share key tips on how to handle these member claims,
    CU Perspective: Friendly Fraud (User ID / Password required).  

*This fraud may be "friendly," but costs are high, CBS MoneyWatch

Plastic card fraud is predicted to reach a staggering $31.67 billion worldwide by 2020.*

While your Plastic Card Insurance Policy helps to protect your credit union’s card program(s) from catastrophic fraud losses, you can help control your exposure by:

  • Converting to EMV chip-based cards and authentication system, if you have not already done so.
  • Establishing success metrics for fraud and understanding the levers that can help you maintain the right balance between security and member experience.
  • Leveraging the valuable tools, resources and expertise CUNA Mutual Group’s Risk and Compliance Consultants make available to you through the Protection Resource Center.
  • Keeping a watchful eye and finding the pattern as close to real-time as possible.
  • Accessing the prerecorded February webinar: Card Fraud Trends Continue to Grow. 

*Card Fraud Losses Reach $21.84 Billion, The Nilson Report, October 2016.
CUPRM, PC-1705792.1-0217-0319

ID theft-related tax refund fraud involves fraudulently filing tax returns under another person’s name and Social Security number. Each year, credit unions and credit union members report these schemes impacting them even though the IRS has made significant progress in combating this type of fraud.

Despite this encouraging trend, credit unions should remain vigilant as taxpayer identities continue to be stolen in a number of ways including through data breaches and phishing scams. Since you are on the receiving end of the transaction – refunds via ACH credit or check – you can help combat this fraud by watching for these red flags:

  • Multiple tax refunds deposited to a member’s account
  • Incoming tax refunds via ACH credit where the name does not match the account number
  • Suspicious presentment of refund checks (e.g., double-endorsed checks), or a large number of refund checks deposited to a business member’s (e.g., a check cashing business) account


a man working on his phone

Ask a Risk Consultant

Our experienced consultants are here for you. Submit your question here or call us at 800.637.2676 for assistance, insights and risk mitigation tips.

This resource is for informational purposes only. It does not constitute legal advice. Please consult your legal advisors regarding this or any other legal issues relating to your credit union. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value, and implementing loss prevention techniques. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.