Strengthening Risk Management in Light of Recent Bank Failures

A nearby house fire caused by the lack of fireproofing might prompt a family to install fire-resistant materials inside their house, update smoke detectors and sprinklers, and perform recurring maintenance to the furnace and any other equipment that could start a fire. The family is now at an advantage, having the opportunity to safeguard their home and family members from a possible tragedy.

Similarly, credit unions stand on a learning platform following the multiple bank failures that have made headlines in 2023 and now 2024, but they must start “fireproofing” the business now. For years, financial institutions mainly focused on the external side of the business to generate revenue and put services in place that make them unique to their client base. Too few banks or credit unions had an internal comprehensive risk management plan in place. A perfect example is California’s First Republic Bank, which started facing a crisis in the first quarter of 2023 and operated without a chief risk officer for more than half a year.

The financial services industry has dramatically changed over the last 15 years. Consumers and members are constantly looking for a more personalized experience. With new technologies like artificial intelligence rolling in faster than regulation, the policies and procedures that most banking institutions have in place are no longer relevant, nor will they be able to identify potential risks or implement protective measures. Credit unions can use this opportunity to review and update their governance framework and monitor it continuously.

With Great Services Comes Greater Regulatory Risk

The nature of the credit union business is to find options that maximize their members’ profit and experience. It is an opportunity to adopt top-tier technology and partner with external service providers offering different products that benefit the credit union’s members. Improving services and the member’s experience should be at the forefront of any credit union board, but with that comes the need for a more comprehensive and holistic risk management team. Although significant financial regulations like the Dodd-Frank Act in 2010, the framework by the Basel Committee on Banking Supervision and the recent Third-Party Risk Management guide have primarily targeted banking institutions, credit unions should proactively adapt and rigorously enforce these standards in their operations. It will be just a matter of time before the National Credit Union Administration starts to focus on regulations to safeguard credit unions and prevent a domino effect like the one we have seen with Silicon Valley Bank, New York Community Bank, First Republic Bank and the latest—Republic First Bank, a regional institution with branches in Pennsylvania, New York and New Jersey that failed in April 2024.

Design a Preventative Compliance Approach

The weaknesses in Republic First Bank’s internal controls serves as a stark reminder of the need for financial institutions, including credit unions, to develop a comprehensive internal governance, risk and compliance program. An effective governance structure involves adherence to internal policies and procedures, as well as active oversight of boards and management to ensure all policies are updated, followed and adjusted to evolve with the current times. Credit unions have an advantage, having sat on the sidelines observing bank failure after bank failure. It might mean establishing an independent board of directors and committees to lead audits, governance and risk. Credit unions, whether they decide to create an internal compliance team or find an outsourced partner, should consider looking at enterprise risk management from a holistic view.

We often ask our credit union clients what relationship they want with regulators. It is necessary to have a team of compliance experts who understand the business and the goals the institution is looking to accomplish. Risk management starts with a well-informed team that performs health checks on all procedures. At best, an irreparable collapse can be prevented, but regardless, credit union members will want to know that the institution operates under the safest regulatory boundaries.

Building Confidence That Preserves the Deposits

Just as a family will want to take all the preventative steps to avoid losing everything in a house fire, depositors want to know their hard-earned money is safe in the hands of any financial institution. Once that confidence is broken, the organization has little to no control over customers or members closing their accounts and leaving. When financial institutions, big and small, lose depositor trust, massive withdrawals strip them of the necessary funds to operate—a liquidity crisis that is often irreversible.

Forward-thinking institutions prioritize understanding potential risks and respond to regulatory changes in real time. Part of that process involves anticipating potential shifts in regulatory guidelines and proactively protecting itself by finding gaps and material weaknesses before they become significant drags on the business. Creating an environment that promotes regulatory safety builds confidence among members and protects the legacy of the credit union. By enhancing risk management practices and staying ahead of regulatory changes, credit unions can fire-proof their future and fortify the trust and confidence of their members, ensuring long-term stability and success.

Michael Durette is chief revenue officer at Compliance Risk Concepts, New York.