Home > Home  > Resources  > Credit Union Protection  > Risk and Insurance Insider

Risk & Insurance Insider

Emerging Risk: Preparing for Disasters of All Types

Natural disasters and catastrophes disrupt credit unions throughout the nation each year; in fact, many were impacted in 2017 due to bad weather, hurricanes, wildfires, and even man-made or infrastructure threats. And while it is impossible to prevent a disaster, you can take measures to ensure both your credit union and employees are prepared.

Be ready and rise above your risk.

How quickly and completely your credit union recovers from direct and indirect losses depends heavily on how well you are prepared. These risks typically occur with little or no warning.

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Previous Articles

Operations & Security

Managing the Changing Workforce

Leveraging different backgrounds, skills, perspectives and knowledge of your workforce, while following sound employment practices, can set your credit union up to be more effective and successful. Changing your workplace culture won’t happen overnight, but there are steps you can take immediately.

Ensure your credit union is ready to rise above your risk.

Employees are your greatest asset! Protect and educate your them by understanding the most pressing risks of an evolving workforce.

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Active Shooter Incidents

Active shooter incidents are unpredictable and evolve quickly. And, unfortunately, we continue to see them impact our communities. It is critical for your credit union staff to be aware of their surroundings and know how to instinctually respond.

Ensure your credit union is ready to rise above your risk.

Active shooter incidents are often over within 10-15 minutes before law enforcement arrives on the scene. Are your employees prepared to protect themselves?

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Emerging Risks

Virtually every aspect of your credit union business poses risk. Understanding how each new service, operational change, regulatory update, and technological advance impacts your credit union is critical to your success.

Ensure your credit union is ready to rise above your risk.

To stay ahead of the complex array of ever-changing risks and compliance issues, review these resources to assist you as your credit union grows and evolves:

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Internal Fraud

Employee or director dishonesty accounts for more than half (56%) of credit union losses in terms of dollars paid within the Bond policy.1 And, lack of internal controls and oversight are significant issues contributing to the losses.

Ensure your credit union is ready to rise above your risk.

Having the right controls in place in addition to knowing how to detect internal fraud is critical to your loss mitigation success. Review these resources to help your credit union prepare:

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.


1Employee or Director Dishonesty & Faithful Performance losses, Claims Data, CUMIS Insurance Society, Inc. 2012-2016

Next Generation Vulnerabilities

Cybersecurity threats continue to evolve in unimagined ways. In fact, breaches and related fraud continue to thrive. And, with consumers being tech savvy and more connected, the risks are becoming even more difficult to manage.

Ensure your credit union is ready to rise above your risk.

While no one is immune; you can establish a strong set of cyber controls to operate safely and remain ready.

  • Watch this Cybersecurity Trends & Tips webinar clip (8:21) to get a closer look at how to manage third party access, email fraud and ransomware.
  • Security companies are warning of a malicious attack on Internet of Things (IoT) devices. Check out this IoT Risk Overview (User ID / Password required) to learn how connected devices can add exposure to your credit union ecosystem.
  • Cloud adoption rates are also on the rise. Review this Cloud Computing Risk Overview (User ID / Password required) to help with your strategic considerations related to the cloud.

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Lack of Internal Controls

Your day-to-day operations are the center of activity. Those same operations also introduce risk, especially if policies, procedures, and controls are lacking, out-of-date, or employees just become too complacent. Unfortunately, recent credit union losses have shown that a common denominator has been the lack of internal controls.

Ensure your credit union is ready to rise above your risk.

Credit unions need a strong and effective system of internal controls to operate safely and effectively.

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Complacency can cost your credit union millions

Whether you believe your employees are all trustworthy or that you have strong internal controls in place, you may be unknowingly setting your credit union up for a devastating loss down the road. Losses include embezzlement, theft of vault or teller cash, account and expense manipulation, or fictitious/unauthorized loans.

Generally, employees who have a need, an opportunity, and who can rationalize their actions are the ones who commit internal fraud. Why learn the hard way? Take the self-assessment below to discover where you may be vulnerable.

Self-Assessment Questions:
  • Are you checking and verifying previous employers, references, and performing criminal background and Bondability checks for new hires and volunteers?
  • Do you have zero tolerance in a Fraud Policy Statement?
  • How are you proactively monitoring employee warning signals?
  • Have you implemented dual control over vault cash, currency shipments, ATM / teller cash replenishments, and cash dispensers?
  • Are vault cash, cash drawers, and ATMs subject to frequent surprise audits?
  • Are transactions initiated by tellers or vault tellers before and after a surprise cash audit?
  • Are sound controls used to monitor expense and general ledger accounts?
  • Is a whistleblower policy in place to encourage staff to report incidents?

You can also do a deeper dive self-assessment evaluating your internal processes >>




Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.
CUPRM-1540425.1-0716-0818

Data Security

October marks National Cyber Security Awareness month reminding you to take the time to review your digital policies and procedures.

7 out of 10 businesses hacked learned from an external party.*

Your members count on you to protect their sensitive information from falling into the wrong hands. A data breach can result in more than lost data. It can damage your credit union’s reputation, shake your members’ trust and could cost you tens of thousands of dollars to repair.

CUNA Mutual Group’s cyber solutions will help you better manage risk and keep your business open in the event of an attack. Additional valuable tools and resources are available within the Protection Resource Center.


*Mandiant M-Trends 2015 Report, February 2015
CSS-1617716.1-1016-1118

Personal Relationship Conflicts


With certain legal protections afforded to employees, charges and lawsuits related to retaliation and other employment practices charges have increased. In fact, there is a one and eight probability of having an employment charges filed against an U.S. company.* (The 2015 Hisox Guide to Employee Lawsuits)

Personal relationship conflicts and workplace romances make for sensational headlines; however, they also lead to gossip, damaged credibility, and claims of harassment and/or retaliation.

Ensure your credit union is ready to rise above the risk.

  • Watch this free Risk Video (4:36 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to proactively manage workplace relationships.
  • Check out Unlawful Workplace Retaliation Overview (User ID / Password required) to see losses related to this frequently filed employee complaint.

To identify, measure and mitigate credit union risk, call our dedicated team of risk & compliance consultants.

Risk & Protection Response Center
800.637.2676, option 4

Your Weakest Links

It's probably not all that surprising to you that employees can be a significant cause and often the beginning of a much bigger cybersecurity threat. Getting hooked on a phishing attempt is one way that cyber thieves use employees to intrude an organization’s systems or break through normal security procedures.

Just a reminder that there’s a great deal of power that can be handed over to cyber thieves simply by using weak and easily guessable passwords. According to SplashData, a staggering two million passwords are leaked annually.1

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

CUNA Mutual Group Bond Policyholders have access to a multitude of risk management tools and resources to help better protect your credit union. Go to the Protection Resource Center to learn more.




1Worst Passwords of 2015, SplashData, January 2016
CUPRM-1502652.1-0516-0618 © CUNA Mutual Group, 2016 All Rights Reserved

Overlooking extra expenses could cost you

Extra Expense is the necessary extra costs you incur to minimize the suspension of your business and allow you to continue operating your credit union as close to normal as practicable, after a covered loss.
Here are some things to consider:

  • The loss as a worst case scenario.
  • The politics and ordinances that could impact your recovery timeline.
  • The construction timeline for building a better and newer building, especially considering weather delays, building code issues, and demand for resources.
  • Due to the high volume of equipment requests from other businesses and a limited supply in a disaster zone, increased costs can be associated with the necessary equipment.

 Use our Coverage Calculator to identify potentially risky coverage gaps.

 


Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.

PBL-1547664.1-0716-0818



Lending

Ask A Risk Consultant: Due Diligence and Indirect Lending

What should credit unions be doing to manage due diligence and indirect lending in our dealer relationships?

- VP of Lending, $765M Credit Union

Ongoing due diligence for automobile dealerships in an indirect program is critical to your program’s success. In fact, in situations where relationships were loosely managed and monitored, credit unions have seen some of the largest losses caused by unscrupulous dealerships and their employees or practices. Be sure to:

  • Understand how the dealership fits into your member demographic, loan growth, and risk appetite strategies
  • Have a clear understanding of the operational structure and conduct reviews regularly including on-site visits and sales staff interviews
  • Establish appropriate growth goals, concentration limits, and minimum standards for creditworthiness, such as credit score and debt-to-income requirements and loan-to-value limitations
  • Maintain quality control on the vendor’s program administration, underwriting, and contract expectations
  • Manage your incentive structure effectively to ensure dealers and staff are focused on loan quality, not just loan volume

Lastly, if you find that one of your lending relationships shows red flags or adverse performance trends…take early action to revise the dealer relationship.

This question was asked during our October 5, 2017 Office Hours. For more questions from your peers, watch the full recording. Topics included loan fraud, indirect lending, and compliance issues related to the Home Mortgage Disclosure Act, Military Lending Act, and the Telephone Consumer Protection Act.

To learn even more about lending risk, or submit your own questions, contact the Risk & Protection Response Center at riskconsultant@cunamutual.com or 800.637.2676.

Lending Risk Oversight

Keeping pace with lending risks can be challenging. It takes constant monitoring and ensuring employees follow sound practices to make sure risks don’t turn into lending program losses.

Check out these recently introduced resources:

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.



Payments & Deposits

Fraud & Scams

Fraudsters master old tricks and continuously evolve new ways to gain access to sensitive member, financial, and corporate information. They thrive by targeting those that are most vulnerable: the elderly, holiday shoppers, military members, disaster victims, donation-givers, job candidates, employees, and consumers in general.

Ensure your credit union is ready to rise above your risk.

Scammers succeed by catching you off guard. And, unfortunately recognizing scams can be difficult for both you and your members. Review these resources to help your credit union and members combat scams:

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, contact the Risk & Protection Response Center at 800.637.2676.

Friendly Fraud & Error Resolution

The difficulty in navigating the complex chargeback process has led consumers to, knowingly or unknowingly, add $11.8 billion in expense to the payment industry in the form of "friendly fraud" according to Visa estimates*. Friendly fraud can be hard to spot and even more difficult to navigate given the various regulatory and compliance considerations surrounding it.

Ensure your credit union is ready to rise above your risk.

Error resolution compliance doesn't have to be an uphill battle. In fact, there are processes and tips that can help you work within the regulations, balance risk, and still maintain positive member experiences. The key is to not to allow friendly fraud get the best of your credit union.

  • Watch this Risk Video (6:31 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to understand the most common risks and how you can proactively manage friendly fraud.
  • Check out one credit union’s perspective as they share key tips on how to handle these member claims,
    CU Perspective: Friendly Fraud (User ID / Password required).  

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, call the

Risk & Protection Response Center
800.637.2676, option 4

*This fraud may be "friendly," but costs are high, CBS MoneyWatch

Find the Pattern. Minimize Plastic Card Fraud.

Plastic card fraud is predicted to reach a staggering $31.67 billion worldwide by 2020.*

While your Plastic Card Insurance Policy helps to protect your credit union’s card program(s) from catastrophic fraud losses, you can help control your exposure by:


  • Converting to EMV chip-based cards and authentication system, if you have not already done so.
  • Establishing success metrics for fraud and understanding the levers that can help you maintain the right balance between security and member experience.
  • Leveraging the valuable tools, resources and expertise CUNA Mutual Group’s Risk and Compliance Consultants make available to you through the Protection Resource Center.
  • Keeping a watchful eye and finding the pattern as close to real-time as possible.
  • Accessing the prerecorded February webinar: Card Fraud Trends Continue to Grow. 

*Card Fraud Losses Reach $21.84 Billion, The Nilson Report, October 2016.


CUPRM, PC-1705792.1-0217-0319


Tax Refund Fraud – Remain Vigilant

ID theft-related tax refund fraud involves fraudulently filing tax returns under another person’s name and Social Security number. Each year, credit unions and credit union members report these schemes impacting them even though the IRS has made significant progress in combating this type of fraud.

Despite this encouraging trend, credit unions should remain vigilant as taxpayer identities continue to be stolen in a number of ways including through data breaches and phishing scams. Since you are on the receiving end of the transaction – refunds via ACH credit or check – you can help combat this fraud by watching for these red flags:

  • Multiple tax refunds deposited to a member’s account
  • Incoming tax refunds via ACH credit where the name does not match the account number
  • Suspicious presentment of refund checks (e.g., double-endorsed checks), or a large number of refund checks deposited to a business member’s (e.g., a check cashing business) account

Log into the Protection Resource Center or keep up with RISK Alerts – both available exclusively to Bond policyholders – for additional mitigation tips and to become more familiar with ACH (Automated Clearing House) transaction rules.



CUPRM-1704078.1-0217-0319





This resource is for informational purposes only. It does not constitute legal advice. Please consult your legal advisors regarding this or any other legal issues relating to your credit union. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value, and implementing loss prevention techniques. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.