As the third largest credit union in Tampa Bay, Grow Financial Credit Union operates in 25 neighborhood store locations throughout West Central Florida and the Columbia/Charleston areas of South Carolina, and serve approximately 200,000 members.
We sat down with their Vice President of Enterprise Risk (Risk Management, Fraud, BSA, Physical Security and Information Security), Chase Clelland to learn more about how Grow Financial manages risk, incident and IT risk to better serve their large customer base.
The National Credit Union Association (NCUA) is urging credit unions to become more involved in enterprise risk, a long-lasting effect that has been in place since the 2008 financial crisis. We recognized that our ERM process was more of a check-the-box exercise rather than working as “a cog in the decision-making process”. Our team required more insight into what’s happening in our 30 departments, as well as create an organizational understanding of enterprise risks – and be able to do that quickly.
We were leveraging a homegrown product; I would actually classify it as an advanced Excel spreadsheet. It got the job done, but that was about it. We are looking for vision. We learned how to crawl – now we need to walk and eventually run. Our homegrown solution couldn’t support us in that.
We’re asking teams to do risk assessments on an individual unit. We have 30 departments, and limited staff on the Risk team. We don’t have the bandwidth to go department by department every month or quarter and walk through everything. We meet with them annually at a minimum. Our goal is to empower users to be able to interact with the system regularly and without our team’s support. We want to be able to send out reminders and have risk assessments completed.
Our team has to be able to make lending decisions quickly. To do that effectively, we need to be cognizant of what is happening in the departments, and the departments need to be aware of what is happening at the enterprise risk level.
From an ERM perspective we look at a variety of metrics. Some of these include:
There are a number of things that Resolver has helped our team do. We have been able to centralize our risk register which allows us to understand what all the risks are at the credit union.
Since implementing Resolver, we’ve been able to prioritize our risks. It’s given us insight into how to mitigate, as well as document if/how we accept those risks.
With Resolver, we’ve been able to standardize our risk assessment process so that it’s much more consistent. Each department’s tolerances are completely different, so making the assessment process consistent across the organization has been essential for helping us scale as the organization grows.
We’re embedding risk management into decision-making processes because we’re able to include our risk appetite statements right into the system. We have a holistic view of our risk profile that allows us to see what issues we have stemming from where, what controls need to be in place and how we’ve been able to manage them. There has improved transparency and accountability and we can quickly identify and manage issues more proactively.
I would say that Resolver’s solution is totally customizable. The team works closely with you to understand your goals and your process. They don’t try to change your process to fit the solution, they make the solution fit your process. It’s a real partnership.