Jim Laffoon
President/CEO
Security Service Federal Credit Union
It would be a mistake to underestimate the number of new personnel that are required to build and maintain the compliance systems to meet CFPB expectations.
Share on Twitter
How Can a Credit Union Plan for This Asset Size?
No credit union leader wants to start preparing for their first CFPB exam right when the CU reaches $10 billion. Instead, Laffoon says, Security Service FCU began preparing three or four years before the organization would reach the magic number of assets.
Patrick recommends starting the planning process when a credit union reaches $5 billion in asset size. Credit unions approaching the $10 billion milestone will need to carefully craft their plans for staffing, systems and training.
Laffoon offers a key piece of advice when it comes to staffing. “It would be a mistake to underestimate the number of new personnel that are required to build and maintain the compliance systems to meet CFPB expectations,” he warns.
To give an idea of staffing needs of large credit unions, Wolfburg says that VyStar CU has more than 2,000 employees to serve 840,000 members.
And although many credit unions have a culture that prioritizes promotions from within when possible, it is likely that credit unions preparing for increased oversight will need to make external hires. New staff needs to “have experience in a CFPB-regulated environment,” Laffoon says, so “promoting from within the organization is less likely to provide the expertise required to guide the credit union through the transition.”
Be prepared to offer industry-leading compensation, benefits and perks, as the hiring market is competitive for experts in risk and compliance, Patrick advises. Survey the market and other organizations’ compliance job postings to ensure that what you offer job candidates is attractive enough to appeal to the most knowledgeable staff.
Systems are the next area of consideration. Ensuring that your credit union’s risk and compliance systems are prepared for the level of scrutiny from CFPB is crucial. Increased staffing in IT and analytics areas may also be necessary to ensure compliance.
Over a period of years, says Wolfburg, VyStar CU “invested in technology and infrastructure, strategically hired in areas needed to support our expansion, and created or built up several departments, including risk, compliance, legal, lending, data and governance.”
Some of the specific changes VyStar CU made include charging the enterprise risk management team “with developing ERM (enterprise risk management) systems and procedures, board policies and an assessment framework,” Wolfburg explains. “We have processes in place that are used by our branch teams and back office to ensure identified risks are managed consistently and appropriately.” To help determine where your credit union’s systems may be lacking, Wolfburg advises, “conduct a gap analysis of where they currently stand compared to what will be expected under the increased regulatory requirements.”
Acquisitions may offer special considerations. Carley points out that when financial institutions merge, “you have two operating systems, you have two cultures, you have two different geographies in some cases. And what can fall behind in that circumstance is the compliance management system.” If the compliance risk management team is not fully involved and the CMS is not adequately upgraded before CU systems, cultures, product lines and branch networks are consolidated, the credit union is at risk with examiners, he says. “At a minimum, you’ll have deficiencies and weaknesses in your CMS. And potentially violations of regulations will occur because the CMS isn’t capable of preventing or detecting and correcting them.”
Once your staffing needs are met and your systems are up to par, Patrick advises that training is necessary to ensure that all credit union staff know how to navigate the technology tools and provide the information required by CFPB and NCUA ONES examiners. Your systems vendors can typically offer education that ensures staff knows how the CMS works and what components of the tools they will need to interact with regularly.
In-house or outsourced training for staff can also help with softer components that need additional attention during significant growth, such as complaint management, member service and enhanced income sources.
Don’t forget to educate the board and supervisory committee too. Because of their critical role in overseeing the operations of the credit union and the actions of the senior leaders, says Patrick, they must also be trained in what CFPB requires of institutions at this size.
It Takes a Village
In addition to the above considerations, keep in mind the people and organizations around you that can help. Connections can be especially important when your institution isn’t clear on what training and support it will need to manage growth and regulation.
Both Carley and Wolfburg suggest talking with peer credit unions to get specific ideas of the types of compliance and risk changes they made when approaching or surpassing the $10 billion mark. And although Carley points out that CFPB exams are specific to each institution (and exam reports and findings are confidential supervisory information), hearing how another institution prepared for a first exam from a credit union leader you trust can help increase your comfort level with the steps you need to take to demonstrate compliance.
Hiring outside help may also be necessary. Consultants who have experience helping financial institutions prepare for CFPB examination can be well worth the expense, as they will have wider levels of experience than your peers in credit union leadership may be able to offer, Carley advises.
Also be in contact with your regulators before you grow to the $10 (or $15) billion level. Your local NCUA examiners can help you prepare and understand the differences in expectations. You may also get in touch with the NCUA ONES and CFPB examiners you’re likely to be working with. Laffoon had the opportunity to have a hybrid local and ONES team perform an exam, giving the credit union early contact with ONES regulators and ensuring that his team understood exactly what was coming.
Your credit union will also need to ensure it is connected with CFPB’s consumer complaint portal, says Carley, as consumer protections are an important part of the agency’s oversight. Complaints from consumers who may have first complained directly to the institution but were not satisfied with how their issues were resolved may reflect problems that warrant review and correction.
No matter where your credit union falls within the asset range, Laffoon offers this sage advice: When planning for growth, “avoid the mindset that ‘our credit union is good for consumers and does not need to change current practices.’” What worked for a small credit union may not work for a larger institution, and it’s important to stay relevant to members’ needs. cues icon
Former credit union stafferJennifer Roland Cadienteis a writer based in Oregon who focuses on technology and financial institutions.