Add to collection(s) Add to saved
  1. Business
  2. Finance

Global RISK POLICY

advertisement 
Global Risk Policy
The purpose of an enterprise wide risk management policy is to fulfill obligations to our
members, employees and stakeholders, and comply with regulatory requirements
across functional areas. The policy identifies addresses and mitigates potential risks that
may exist in the organization in addition to maintaining a strong system of corporate
governance and internal controls as the basis for a robust a secure business and
operating environment. Specific areas addressed are as follows:
 Concentration Risk
 Compliance Risk
 Disaster Recovery
 Internal Controls
 Reputation Risk
 Credit Risk
 Strategic Vendor Risk
Concentration Risk Policy
The Concentration Risk Policy outlines the higher concentration risks and sets
appropriate guidelines and tracking requirements. The policy focuses on our loan
portfolio, since this is our largest asset group with the most risk. We have reviewed
several shock tests at prior Board meetings on individual loan products, and the limits in
this policy are based on the results of those tests. Reviews are conducted on a routine
basis for both the individual exposure and aggregate exposure of these shock tests.
Therefore, Management believes that the maximum concentration risk limits set forth in
this policy are within our risk tolerance levels relative to our net worth and would not
threaten the ability to maintain core operations. Due to the complexity of the policy, it
is addressed in its entirety under a separate policy.
Page 1 of 6
Compliance Risk Policy
XYZ Credit Union is committed to serving its members on a fair, legal and
nondiscriminatory basis. The Compliance Risk Policy outlines the prudent and proactive
approach to managing the risks associated with non-compliance. As a State chartered
credit union we are subject to Wisconsin state law, in addition to Federal laws and
regulations, including NCUA Rules and Regulations. It is necessary for the credit union
to be in compliance with all applicable consumer protection laws at all times. The
management of compliance risk cannot be restricted to compliance, as it is dependent
upon not only a risk-conscious and structured environment, but the maintaining of a
strong ethical culture where sound judgment is applied within.
The Enterprise Risk Management framework includes Compliance in order to help
safeguard the credit union from any violations or additional scrutiny concerning
regulatory requirements while ensuring that commitments to members are met. It is
required that the credit union formulates and updates policies and procedures to
maintain compliance with current applicable statutes, regulations, and interpretations.
The laws and regulations include but are not limited to Cash Transactions, Accounts,
Lending, Operations, Advertising and Privacy.
Reviews of compliance procedures, including risk assessments in critical areas, are
conducted annually. Reviews include but are not limited to third party vendors or
outsourcing arrangements; product offerings; disclosures, investment and lending
activities; sales practices and employee relations. Failure to stay current with all
regulations can result in measures that include violation assessments and/ or fines.
Page 2 of 6
Disaster Recovery – Internal Control Risk Policy
Disaster Recovery Risk
In order to fulfill our implicit obligations to our members, employees and stakeholders,
and to comply with regulatory requirements, XYZ Credit Union must be able to provide
financial services in a timely manner. We recognize that our ability to provide timely
services is dependent in large part on the availability of facilities and technology; this
availability can be disrupted by a variety of disasters, both large and small. As such,
XYZ Credit Union will develop, maintain and test a Disaster Recovery Plan covering a
variety of scenarios that could disrupt our ability to provide timely services.
Core system and network penetration risk
Threats from internal and external sources are constantly evolving, while the volume of
threat attempts continues to increase. XYZ Credit Union has an obligation to
adequately protect the credit union from these threats in order to protect the assets
and information of our members, employees and stakeholders, and to continue to
provide timely services. As such, XYZ Credit Union will continue to develop and
implement policies, procedures and capabilities in compliance with regulatory
requirements, to monitor and protect access to the network, core system and other
critical systems and to safeguard confidential information.
Internal Control Risk
In order for XYZ Credit Union to adequately protect the assets and information of
members, employees and stakeholders internal control procedures are in place and
reviewed regularly. Internal controls are necessary to detect, discourage and prevent
incomplete, erroneous or fraudulent activity. This includes system controls as well has
internal audit functions concerning employee accesses, separation of duties, member
account accuracy and quality control. Internal control also addresses Bank Secrecy,
Anti-Money Laundering and Fraud Detection. Risk assessments in all areas of internal
audit are conducted, maintained and independently audited. XYZ Credit Union will
continue to develop and implement policies, procedures and methods ensuring that
critical processes are adequately monitored and controlled.
Page 3 of 6
Credit Risk Policy
XYZ Credit Union is committed to providing our membership with a comprehensive
selection of credit products to meet their financial needs. The Credit Risk Policy outlines
the prudent and proactive approach to managing the risks associated with extending
credit to our members. As a State chartered credit union we are subject to Wisconsin
state law, in addition to Federal laws and regulations, including NCUA Rules and
Regulations. It is necessary for the credit union to be in compliance with all applicable
consumer protection and lending laws at all times. The management of credit risk
cannot be restricted to the lending departments, as it is dependent upon not only a
risk-conscious and structured environment, but the maintaining of a strong ethical
culture where sound judgment is applied within.
The Enterprise Risk Management framework includes Credit Risk in order to help
safeguard the assets of the credit union by ensuring that proper judgment is being used
in credit decisions. It is required that the Credit Union formulates and updates policies
and procedures to maintain compliance with current applicable laws, statutes,
regulations, and interpretations. The laws and regulations include but are not limited to
consumer lending, mortgage lending and business lending.
Lending policies have been developed and instituted by the Credit Union to properly
assess each loan applicant’s borrowing qualifications that include, but are not limited to,
the borrower’s capacity to pay, their character and the collateral associated with the
loan. Credit Union staff members with lending authority are required to be properly
trained on the Credit Union’s lending policy as well as the laws, statutes and regulations
that apply to the different types of credit products that the Credit Union provides. The
Lending policy is detailed under a separate heading.
Page 4 of 6
REPUTATION RISK POLICY
The enterprise risk management framework seeks to safeguard the credit union while
ensuring that commitments to members are met and our reputation is protected.
XYZ Credit Union’s reputation is one of its most valuable assets and it is vital that it be
safeguarded. The purpose of the Reputation Risk Policy is to outline the prudent and
proactive approach to managing reputation risk.
The management of reputation risk cannot be restricted to compliance with rules and
controls; it is dependent upon a strong ethical culture where sound judgment is applied
within a risk-conscious and structured environment. XYZ Credit Union’s clearly
communicated corporate values emphasizing integrity and ethical conduct in every
business decision and activity; and integrated approach to managing risk set the
foundation for minimizing reputation risk. Minimization of reputation risk concerns
includes processes to monitor and escalate, as appropriate, any existing or emerging
risk exposures. Any incidents must be responded to with a sense of urgency, addressing
the concerns of all members in accordance with the Safeguarding Member Information
policy, which is addressed under separate heading.
Part of managing risk includes but is not limited to the following principals:
 Conduct business with integrity and in compliance with the spirit and intent of
all applicable laws and regulations.
 Adhere to the principles of confidentiality and privacy in employee and member
relations, following the guidance set out in the Company’s Code of Business
Conduct and Ethics, policies and legislation that protect personal information.
 Maintain conflict of interest rules for employees, officers and directors to protect
the interest of XYZ Credit Union’s members and shareholders.
 Recognize that the reputation, integrity and character of organizations with
whom we do business, such as service providers and vendors, is a reflection of
XYZ Credit Union.
 Maintain a diverse workplace where the terms and conditions of employment
are equitable and nondiscriminatory for all currently employed and those
seeking employment.
Page 5 of 6
Strategic Vendor Risk Policy
XYZ Credit Union is committed developing strong relationships with reputable vendors
based on a fair, legal and nondiscriminatory basis. The purpose of the Strategic Vendor
Risk Policy is to outline the prudent and proactive approach to managing the risks
associated with third party associations. As a State chartered credit union we are
subject to Wisconsin state law, in addition to Federal laws and regulations, including
NCUA Rules and Regulations. The management of strategic vendor risk is not an
isolated policy as it is dependent upon not only a risk-conscious and structured
environment, but the maintaining of a strong ethical culture where sound judgment is
applied within.
The Enterprise Risk Management framework includes Strategic Vendors in order to help
safeguard the credit union from risks related to third party relationships through a
vendor due diligence and review process. The process addresses but is not limited to
such risks as system threats used to support member transactions, the accuracy,
integrity and security of member’s non-public, personal financial information, or vendor
compliance with federal regulations. The process may include, but is not limited
background investigations (organization and principals), financial review and privacy
compliance documentation. The due diligence process also includes vendor selection
guidelines which include pricing, scope of engagement, and vendor ability to perform.
It is required that the credit union continue to formulate and update policies and
procedures to maintain compliance with current applicable statutes, regulations, and
interpretations.
Reviews of vendor relationships, including risk assessments in critical areas, are
conducted annually.
The Global Risk Policy, including subsets is reviewed regularly by Risk Management and
Executive staff.
10-2010
Page 6 of 6
Related documents
waiver of all claims [form]
waiver of all claims [form]
Normal Family of Distributions
Normal Family of Distributions
hand-out - Office of Assessment & Evaluation
hand-out - Office of Assessment & Evaluation
Reducing stormwater pollution – the single biggest threat to the
Reducing stormwater pollution – the single biggest threat to the
PR-presentation
PR-presentation
- Grant Professionals Association
- Grant Professionals Association
sample letter - National Tobacco
sample letter - National Tobacco
Solutions - Missouri State University
Solutions - Missouri State University
Download
advertisement