Posts in

Risk Management

COVID Risk Management for Credit Unions
Oct 5, 2020

Impact of Covid-19

Covid 19 has upended normal life as we know it. Apart from a gigantic impact on the economy as a whole, the pandemic has also put the future of credit unions at risk. In this article, we'll be examining the impact of Covid 19 on credit unions, steps to manage the impact, and a quick checklist for credit unions to manage risk in uncertain times. 

Stay at home orders have resulted in a disruption of local and international economies. Loss of assets, income, and unemployment in turn prevent people from being able to pay their loans. Decreased liquidity, increasing provision costs, and a decrease in loan portfolio income are just some of the negative impacts of the health crisis on credit unions. The resulting institutional stress has led to reduced capital reserves of credit unions. 

Credit unions around the world are now talking about cash flow management, liquidity management, and spending considerable time restructuring loan implementation. Some other measures credit unions are taking include managing and analyzing non performing loans, dealing with regulatory constraints, and gradually moving towards collections at some point in the future.  The best course of action for credit unions is to focus on asset recovery, building their reserves, and mitigating risks as far as possible. 

Risk Considerations for Credit Unions During Covid-19 

Here are 7 common types of risks credit unions should consider managing during Covid-19

Legal risk 

Credit unions may face potential legal consequences if employees working from home are not compliant with any of their policies, or they end up carrying non-compliant activities. 

Credit risk 

Owing to reduced income and increasing layoff during the pandemic, this is one of the major risks credit unions face. 

Liquidity risk

An increasing demand in loans causes a shortage of funds and liquidity for credit unions. 

Interest rates

Low interest rates put a pressure on interest rate margins, and consequently reduce earnings for credit unions. 

Reputation risk

An inability to communicate properly with employees and members result in negative comments on social media, leading to a damaged reputation. 

Strategic risk

A huge economic impact on industries such as travel and tourism, increasing healthcare expenses, and spikes in loans all lead to failure to meet strategic targets and plans. 

Organizational risk 

Work from home orders and closure of schools leads to a decline in the workforce. It may also lead to frauds, decreased productivity, and an inability of vendors to provide services. All of this disrupts the functioning of a credit union. 

Mitigating the Impact of Covid 19 on Credit Unions 

Each credit union's strategy to manage risks will differ as per the restrictions laid down by their government and their state. 

Managing the health crisis

If a state allows workplaces to be open, then credit unions must take all measures to keep their members safe. This includes keeping their reading areas of their lobbies free of crowds, and implementing social distancing measures in earnest. They must also digitize any processes that do not require in-person meetings. 

Ensuring security of members 

The next priority of credit unions should be protecting the interests of their members. 

To provide monetary assistance to members, they should help members with restructuring loans, providing loans at low interest rates, helping  members with deferred payments, and providing loan extensions. They must also communicate with their governmental institutions and get recognized as an essential service provider. They should also offer financial counseling to their members to help them get through this challenging phase. 

Cash flow management 

It's imperative for credit unions to manage their liquidity during this period. Even though they must expect slow growth during the pandemic, they should use cash flow management tools to proactively make projections for the future and manage the flow of cash. 

As credit unions make concessions and become more flexible in their loan services for members, they also have to identify its impact on portfolio performance and proactively plan their loan recovery strategy. 

Education and support

Governments across the globe are taking aggressive fiscal stimulus measures to reduce the impact of the recession. Credit unions must serve as educational institutions, helping their members and the public at large take advantage of these measures. They should also help members rebuild their savings. As the public starts to see a credit union as an ardent supporter of its members and their welfare, they will be more confident to bring their savings to credit unions. They will also likely be more loyal to credit unions. 

Risk Management Checklist for Credit Unions During Coronavirus 

It is quintessential for credit unions to keep a constant tab on the developments taking place in their state, with regards to Covid 19. This includes keeping an eye on stay at home orders, new regulations to control the spread of the virus, and expected developments in various industries. This is a critical component of risk management for credit unions. 

Risk assessment helps credit unions identify and assess threats during Covid 19. 

Here's a quick checklist to help credit unions identify and mitigate risk during the pandemic: 

  1. Function according to the policies implemented by the government and ensure safety of its members. 
  2. Offer low interest loans to people and implement flexible loan recovery strategies as well to handle credit risk.
  3. Limit their exposure to long-term investments and loans, and balance the duration of all assets. This will help them to control interest rate risk. 
  4. Promote communication with their members and ensure the availability of help to members when needed. This will help them handle reputation risk. 
  5. Conduct regular meetings with teams and maintain ongoing communication. Analyze and evaluate policies and plans, to balance strategic risk. 
  6. Help their workforce adjust in a work-from-home environment.  Have necessary backup plans and policies in place to avoid transaction failure.


While Covid 19 has presented never-seen-before challenges for credit unions, by carefully assessing and considering all possible risks, it is possible for credit unions to sail through this difficult time with minimal damages. The first priority of credit unions should always be to safeguard their members’ interest. Without member support, credit unions cannot thrive. 

If you’re a credit union looking to manage risk and governance in a hassle-free way, check out GRC software by VComply

VComply Editorial Team
Read More
The Importance of Risk Assessment for RIAs
Oct 8, 2020

The Securities and Exchange Commission has laid down various rules and regulations for registered investment advisors (RIA.s), to prevent fraud and unlawful activities. One of the activities that a RIA must undertake to ensure that they comply with all of SEC's requirements is an internal risk assessment of their firm. 

Risk assessment for R.I.As helps them identify the different types of risks based on their business model, conflicts of interests, and affiliations. While conducting a risk assessment, they might discover operational and compliance risks related to their firm, and thus be able to remedy it. 

Investment advisory firms are prone to some common errors such as incorrect filing of form ADV, making wrong fee calculations, and also a lack of organization of records and books. 

Let's take an in-depth look at the importance of risk assessment for RIAs and how firms can conduct it. 

What is an RIA?

A registered investment advisor is a person or firm, that helps institutional investors and affluent individuals manage their wealth and investment portfolios. 

All investment advisors must register either with the SEC (Securities and Exchange Commission) or state securities administrators. The latter is usually a government or regulatory agency, or official, overseeing and enforcing state-level regulations and rules regarding securities transactions.

Apart from managing assets for their clients, RIAs also create portfolios by using bonds, mutual funds, and individual stocks. They may also use a mix of individual issues and funds or only funds for streamlining asset allocation and cutting down on commission costs.

Registered investment advisors must follow the fiduciary standard. This means they must always keep the interest of their clients at the forefront. They receive compensation from their clients for their investment advice. 

What is Risk Assessment?

The purpose of risk assessment is twofold: to assess risks to the investment firm and assess potential risks to its clients. They must carefully assess and prioritize operational issues, procedure, and vulnerability in their organisation. Ultimately, they must try to mitigate and minimize risks. 

Purpose of Risk Assessment

The best way to detect and prevent regulatory violations is having written policies and procedures. This is usually the responsibility of the Chief Compliance Officer (CCO). 

Firms should conduct an annual audit for all their processes. This helps them: 

  • Understand the risks their organization may be exposed to
  • Assess of they have the right processes and procedures in place to mitigate risks
  • Customize processes and procedures to be able to mitigate newly identified risks

Risk assessment serves as a timely shot in the arm to help firms know if their organizational policies and procedures are sufficient to manage risks. Identifying potential compliance slip ups can help them avoid penalties in the future. 

Issues That Risk Assessment Should Address 

Risk assessment for RIAs begins with identifying all conflicts and compliance factors that may create risk exposure for the firm and its clients. Then, they must design policies and procedures that address those risks. It is expected that the policies and procedures should address the following (but not limited to) issues:

  • Safeguarding records and information of clients
  • Preventing fraud and incorrect usage of client assets  by employees for the from
  • Accurately storing and maintaining records, so they cannot be modified or altered unauthorized  
  • Ensuring full disclosure of statements and advertisements to clients, regulators;# and investors.  
  • Portfolio management processes
  • Fair trading practices
  • Business continuity plans

Identifying Risks for RIAs

There are many types of risks that may harm the interests of a firm and its clients. Take a look:  

  1. Strategic risks arise from inadequate business decisions. 
  1. Operational risks arise from the inadequate operations systems, mismanagement of information systems, and transaction processing. These risks can result in unforeseen losses. 
  1. Being unable to meet the financial obligations counts as a financial risk.
  1. Compliance risks arise from the possibility that a breach of internal policies or procedures may impact negatively or disrupt the firm's condition or operations. 
  1. Finally, reputation risks arise from the possibility that inappropriate management or employee actions may cause the public or press to form a negative opinion of the firm or its products and services.

An individual or a risk committee may identify these risks or any other risks by brainstorming about possible threats to the interests of the firm and its clients. 

When identifying the risks, it is important for the advisers to think outside the box. After successfully identifying the risks, the individual or the risk committee should assign a person or team to examine a firm's policies, day-to-day business processes, procedures, and systems surrounding the risks. Then, they must ascertain the level of risk, and propose reasonable compliance solutions for eliminating or decreasing the risk.

Wrapping Up 

Risk assessment is an essential responsibility for a registered investment advisor. It allows them to safeguard their clients against potential harm, and also ensures their firm complies with the necessary regulations and laws. 

If you're an RIA looking for a better way to assess and manage risks, take a look at the governance and legal compliance solutions provided by VComply

VComply Editorial Team
Read More
Digitizing GRC and managing compliance remotely in a COVID world
Oct 6, 2020

Compliance takes work. Surprise audits, producing relevant documentation, coordinating compliance needs across your organization, assigning responsibilities--the list is endless. 

If you've been using spreadsheets, or worse, physical records to manage compliance, you know it's nothing less than a nightmare.  Now imagine doing all of this virtually, without any of your key stakeholders in the same room. A few scenarios come to mind: chaos, miscommunication, and finally, penalties for noncompliance. 

Covid 19 has forced all of our essential work to shift to the virtual world, and this includes compliance. Regulatory agencies are now conducting virtual audits, and nonprofits need to be prepared in case their facilities come under review.  There is reprieve for nonprofits though: VComply offers simple, quick, and hassle-free compliance and regulation software, so nonprofits can manage their compliance needs smoothly. 

In this post, we'll discuss key features that enable seamless compliance management and the transformation nonprofits can undergo when they adopt VComply's compliance solutions. 

VComply Helps Nonprofits Manage Compliance During Covid 19 In a Stress-free Way 

VComply is a cloud-based governance, regulation, and compliance software built especially for nonprofits and organizations such as credit unions. It allows companies to manage compliance virtually, making it ideal for remote teams. 

Let's drill deeper into features that power VComply's compliance solution and make them unique: 

  1. Centralized documentation: The larger an organization grows, the more complex and diverse its compliance needs become. It's fine to work with spreadsheets in the beginning, but soon you need a central repository to manage all of your regulatory needs. VComply offers a centralized system to manage compliance, that helps you simplify compliance structures across your organisation, build accountability, escalate issues, and nurture a culture of proactive compliance. 
  1. Cloud-based: In a world where  work from home is the norm (at least for a while) and in-person gatherings are restricted, VComply's cloud-based solutions are a boon for nonprofits. No matter where your employees are  based, they can access their compliance information at the click of button and produce it when required for review. 
  1. Secure: Data security is a major concern for nonprofits, as breaches become common. Data theft can cost a nonprofit millions in penalties due to violation of laws such as HIPAA. Luckily, all data stored in VComply is compliant with local storage laws and 100% secure. 
  1. Evidence collection: VComply allows you to upload images or take pictures within the app, and store them as evidence. And it's available in an easily searchable format, so you don't have to scramble for important data again. 
  1. Powerful reporting: Unless you love rummaging around in spreadsheets to find compliance details and reports, you'll find VComply's robust reporting tools to be a boon. You can search for compliance reports by person, location, department, and organization.
  1. Compliance dashboard: See at a glance what every department in your organisation is up to. Escalate issues that matter, and focus on areas where you're lagging behind. Say good-bye to endless follow ups and say hi to a smarter way of working. 
  1. Notifications: Automated notifications help you track your compliance timelines with ease. The more processes you automate, the more time and resources you can save, and redirect towards your core mission. 
  1. Diligence score: This is an effective metric that helps you gauge the performance of each team member, and how well they complete their compliance responsibilities. By tackling compliance bottlenecks at an individual level, you can eliminate compliance issues and penalty risks once and for all. 


Benefits of Using VComply for Non Profit Compliance 

Now we've gone over the key features that make VComply an indispensable tool for nonprofits, especially in a stressful time such as Covid 19. 

Let's take a look at how exactly VComply can help you make compliance less of a headache, and more of a piece of cake. 


Improved processes 

Electronic or manual filing systems are not just difficult to scale, but also an administrative burden. 


A lack of streamlined processes for managing compliance can quickly get overwhelming. For example, quality and compliance specialist at Center for Human Development, Dan Sadowski, told us about how they managed compliance before adopting VComply: 


"Programs were managing their compliance requirements in a variety of ways. Often a series of emails were required just to confirm a simple obligation. The abundance of documents for policies and procedures can get overwhelming at times,”


On the other hand, a tool such as VComply provides you with an enterprise-level view of compliance activities and gaps, in real time. Track your progress, deadlines, and updates with a few clicks. 


Proactive compliance 

If your nonprofit is fairly old, you're aware of the dynamic nature of regulations and laws. Take a look at this: One of VComply's clients has over 8 different regulatory bodies, including eight that don't speak the same language. Combined, these bodies account for 1,000 regulations and over 400 standards to keep track of. Without a better system, managing compliance with such a high level complexity can often feel like a knee jerk, panicked reaction. 


VComply allows nonprofits to build a strong culture of compliance in their organization. This involves tracking and monitoring areas for improvement, staying vigilant at all times, and benchmarking compliance performance against previous years. Our clients have reported higher levels of accountability and compliance success. 


Time savings 

We'll let Michelle Cove, director of compliance at Center of Health Development explain, 

"Confirming with programs that they all have inspections to complete took at least 4 hours. Now we can see all that on our dashboard and produce a report in seconds.” Naturally, all of these time savings result in reduced areas levels across an organization, better performance, and an increase in quality of work and life. 


Always prepared, no matter what 

Surprise audra can often be a source of anxiety for nonprofits. When each department has a different location for storing documents and a different naming convention too, procuring all requested reports in one place can be cumbersome. 


With VComply, nonprofits can instantly generate reports based on responsibility, person, facility location, and/or state or federal regulation (ex: HIPAA requirements). 


During the pandemic, this can be especially helpful, as you're able to virtually access all information in one single place. 

Focus on people's welfare

While compliance is an unavoidable part of running a nonprofit, it's only a means to an end, and not the reason why you exist. As a nonprofit, you likely have a long term goal in mind to serve your community and beneficiaries

Adopting a robust system of compliance such as VComply helps you save time, resources, and manpower, and focus solely on your mission and purpose. 

Putting It All Together 

Covid 19 has accelerated the adoption of cloud-based applications and software, and the effects can only be described as revolutionary. 


Nonprofit companies looking to better manage their compliance needs and build a culture of accountability, should definitely seize the opportunity of virtual audits to give VComply a try! 

VComply Editorial Team
Read More
Healthcare Non-Profit Compliance Primer
Oct 1, 2020

As a healthcare nonprofit, you have the opportunity to impact thousands of lives. However, being a healthcare nonprofit comes with it's fair share of regulatory and organizational issues that can affect your long term future. 

In this article, we’ll take a look at some common types of healthcare nonprofits, common compliance requirements for healthcare nonprofits, including HIPAA, and the best ways to manage healthcare nonprofit compliance.  

Types of Healthcare Nonprofits 

As varied as healthcare issues can be, there are many different types of healthcare nonprofits too. Let's take a look at some of the most common ones below. 

Community Healthcare Centers

These are federally funded 501(c)(3) organizations that provide healthcare services to low income groups. They are generally located in areas where people do not have access to medical support. They serve people from diverse backgrounds and communities. Apart from basic healthcare, they often provide programs related to nutrition, exercise, and wellness. They form a critical component of the public healthcare system, ensuring people in both urban and rural areas benefit from healthcare innovations. Even though they’re nonprofits, they work with cutting edge technology, equipment, and systems to ensure the best care for patients.  

Drug de-addiction centers

Rehabilitation centers for drug addicts are another type of healthcare nonprofit. The cost of enrolling in a private de-addiction facility can be out of bounds for people from low income households. Unfortunately, such people are more likely to develop habits of drug abuse and dependency. Thus, they are more in need of such services. Nonprofit centers such as these help people cope with depression and anxiety, and ultimately, eliminate their dependence on drugs. 

Mental healthcare centers

While physical health is important, mental wellbeing is also a crucial aspect of healthcare. Non profit mental health organizations help people recognize signs of mental distress and address them in a timely manner. Generally, mental health is considered a taboo topic and people refrain from talking too much about it. An important role of these nonprofits is also to raise awareness about mental health issues, and encourage people to come forward and seek help. Mental healthcare centers consist of professionals who help people cope with distress, both emotionally and psychologically. 

Common Compliance Requirements for Healthcare Nonprofits

Nonprofit healthcare organizations enjoy various benefits from the government, including a waiver of taxes. Hence, they are closely scrutinized by government bodies and must comply with certain rules and laws to maintain their nonprofit status.  Organizations that fail to meet federal compliance guidelines face penalties and fines, and can also be barred from raising funds. 

Some common compliance requirements for nonprofit healthcare organizations include: 

  • Form 990: Nonprofit healthcare organizations must submit form 990 to the IRS (Internal Revenue System). This form informs them of its mission, motives, and upcoming programs. 
  • Donation receipts: Healthcare nonprofits must keep a regular account of all the donations they receive. For donations higher than $250, the nonprofit must provide the donor with an acknowledgement receipt. Donation records must be presented to legal authorities when required. 
  • Fundraising: In order to raise funds, healthcare non profits must have a state license, and renew it on a yearly basis. Those organizations that do not have a valid state license are not permitted to raise funds. 
  • HIPAA for healthcare nonprofits: HIPAA is an act that protects the healthcare information of patients and ensures it is not shared without consent. Under this act, healthcare organizations must employ a set of measures to protect sensitive health information. We have covered this act in detail below.  

Board  and Grant Reporting

The board of a healthcare non profit organization serves as the guiding light for its actions, helps ensure that it is legally compliant at all times, and manages and supervises it's activities. Each board member should have a specific role. 

First and foremost, it is important for a board to ensure a healthcare nonprofit meets rules and regulations in the healthcare industry on an ongoing basis. Board members are also responsible for providing strategic leadership, financial stability, and executive support to a nonprofit organization. 

The board must develop and communicate the organization's vision, mission, and goals. It must continually monitor the organization's progress and outcomes. Typically, a robust system for evaluating performance should include the budget, balance sheet, income statement, annual report, and financial reports. These are all critical documents when filing the 990 form. 

In terms of legal compliance, the board must ensure all 990 filings are made on a regular basis. Finally, the board is also responsible for heading fundraising activities for a healthcare nonprofit.  Successful healthcare nonprofits are generally managed by enthusiastic board members, who regularly attend meetings, actively participate in every aspect of the nonprofit's functioning, and represent the organization in a positive manner. 

HIPAA for Healthcare Nonprofits

HIPAA stands for Health Insurance Portability and Accountability Act, implemented in 1996 to safeguard the privacy of healthcare information. The goal of HIPAA is to ensure that healthcare information of the public is not shared with any unauthorized parties, without an individual’s consent. 

To maintain the security of patients’ health information under HIPAA, healthcare nonprofits are expected to do the following: 

  • Encrypt emails that contain sensitive data
  • Draft policies around how health information should be distributed and documented 
  • Avoid using fax as a method of sending health information
  • Use passwords to protect sensitive information when sending it via email or another electronic system 

The HIPAA is enforced by the U.S Department of Health and Human Services. If an employee or consumer makes a complaint, it is investigated and corrective action is taken against non compliant organizations. 

Often, HIPAA violations occur when healthcare information is stolen, sensitive data is copied, or information is disclosed verbally.  

Violation of HIPAA can incur severe penalties for healthcare organizations. These include: 

  • Civil monetary penalties for unknown violations between $100 and $25000 per calendar year per violation, enforced by the Office For Civil Rights
  • Penalties up to $50,000 and one year of  imprisonment for knowingly obtaining or disclosing individually identifiable health information. 
  • Up to $1,00,000 and five years of imprisonment, for violations made under false pretenses. 
  • Up to $2,50,000 and ten years of imprisonment, for violations made with the intent to sell, transfer, or use for commercial advantage, personal gain or cause potential harm.

HIPAA violations have cost many hospitals and organizations hefty fines. St. Elizabeth’s Medical Center was charged a fine of $218,400 after they put the public health information of nearly 500 patients at risk. In another case, the Anchorage Community Medical Health Services had to pay a fine of $150,000 after a malware revealed the records of more than 2,700 patients. The center used outdated systems and software, and did not upgrade their technology. This case underlines the importance of processes and procedures, as well as regularly checking your software for malware. 

Why does a GRC software solution make sense for a healthcare non-profit?

It can be hard to detect security and compliance issues in growing and complex healthcare nonprofits. Moreover, compliance with HIPAA and other regulations often entails huge amounts of paperwork that healthcare organizations can find cumbersome. 

A simple solution to their compliance needs is using an automated compliance software that extends across through their entire organization. This will help them maintain consistency and minimize human error. 

An automated system for healthcare compliance such as VComply offers the following benefits to nonprofits: 

  • Efficient processes: A cloud based platform for storing data protects healthcare nonprofits from manual labour, helps redirect resources to patient care, and eliminates errors. With simple checklist and reporting capabilities, you can see patient data and well as any pending compliance requirements at a glance. 
  • High level of security: Violations of HIPAA and other regulations are often a result of human error. This can be eliminated with the help of a digital system. An automated system for organizing and managing patient data is both convenient and effective for healthcare nonprofits. Regular checks and updates ensure patient data is always secure, up-to-date, and easily accessible. 
  • Compliance with HIPAA and other regulations: You already know that compliance is of utmost importance to healthcare nonprofits. With automated compliance you'll be able to enforce reliable compliance processes, keep track of changing rules and regulations, as well as get regular updates of compliance actions needed on your part. This helps you consistently meet your compliance requirements in a quick and timely way. 

We hope this article sets you up to successfully fulfill your legal compliance needs. Violations of laws such as HIPAA are often the result of technical oversight and not keeping pace with changing technology. With the right tools and software, they are completely avoidable, so you can focus on what matters most: providing world-class patient care. 

VComply Editorial Team
Read More