GRC for Credit Unions

Regulation in lending is as old as lending itself. Before the role of governments and formal law, a regulation was the law and will of God, and as lending became more mainstream and banks became commonplace, the governments stepped in to ensure the control risk and compliance to the law. Financial services have always been at the forefront of regulation.


Ancient history tells us little about the cost of compliance, but if the last 20 years are anything to go by, it is ever-increasing, and the cost of non-compliance even more so. Credit Unions are bearing the brunt of this cost due to the business structure of the businesses, thus reducing service quality and increasing strategic risk for the members.

Governance, Risk, and Compliance, known as GRC for short, is a framework that sets up processes to ensure robust internal controls and procedures to mitigate risk, monitor risk to take action when necessary, and also ensure the organization can track and verify compliance. A robust GRC framework can help your credit union stay compliant, manage risk, and offer the best possible service to the members.


Governance is the process of setting robust controls that aligns with the strategic goal of your credit union. This includes the policies and procedures implemented to monitor and manage internal firm activities effectively.


Risk Management is an obligation to your members. A union must implement a framework to identify potential threats and develop processes and controls to monitor the threats and have a clear plan of action to mitigate consequences. This involves risk identification, measurement, stress testing, mitigation, monitoring, and reporting.


Compliance is abiding by the necessary federal and state regulations, funders, and other board entities who might have special reporting and compliance requirements. A credit union must have a robust set of policies and controls in place, with regular reporting to ensure compliance targets are met.


GRC does not refer to a platform, but an internal framework and capability that helps your organization achieve its objectives cutting across departments and functions. GRC is a collection of best practices and processes that are enforced in your organization. A dedicated product or tool will help enable GRC, though it is not necessary.


Credit Unions and the cost of non-compliance


The cost of compliance is ever increasing. Deutsche Bank is the most visible example of the cost of non-compliance in the Financial Services sector. Increasing credit controls, risk management requirements, and regulations like Basel III, it is imperative for a Credit Union to have a GRC in place.


GRC helps you monitor your compliance processes and controls and lets you have a handle on your credit risk, audit, and analyze if there is a culture of continual improvement in your processes. With the ever-changing regulatory landscape, it is vital to have a process that can absorb changing regulations, map it to departments’ controls and functions, and enforce them to stay compliant.


Credit Unions and the ever increasing cost of compliance


Far too often, GRC is a set of spreadsheets with deadlines and a lot of following up with colleagues. The GRC framework is more than that. Compliance is not a checklist! There needs to be a process of continuous improvement and measuring the performance of the organization. Compliance and risk must be front office work and are the most crucial elements to keep the business running. But this comes at a high cost to Credit Unions.


The numbers speak for themselves, Credit Unions in North America had a cost of compliance of $6.1bn in 2017, an increase of $800mn from 2015, representing a 15% growth year-on-year. This cost only includes personnel and third party costs; the costs of non-compliance vary anywhere between $100k - $1mn+ per Credit Union, by state, a number compliance professionals in most industries would balk at. 39% of the payroll for small Credit Unions ($10-500mn assets) is for compliance departments, and as the unions become more sizeable, it plateaus at 15% of payroll costs ($1bn+ assets). This doesn’t include third-party compliance assistance and cost of non-compliance (Which runs to the millions depending on the state you’re in on average)


When you factor in that even with such a high presence, most compliance departments are understaffed and overworked, a GRC software reduces the department’s burden and streamlines processes. GRC software, especially ones like VComply, provides a real-time dashboard to monitor compliance, risk, and Internal Governance. GRC software automates report generation (Any report on the data you have on the platform) and filings with the various federal and state departments.


Governments issue almost one notice a day for financial services firms on regulations. Compliance and risk owners are hard-pressed to monitor alerts, notifications, and apply it to their compliance program and monitor progress. GRC software helps automate the mundane and repetitive tasks of compliance personnel like reminders and alerts, generating reports based on a different cut of data so that compliance professionals can focus on these value-added steps to monitor changes from the government and applying it to the program. The software does the internal control monitoring and tracking.


A GRC software system offers advantages beyond just productivity and accuracy. A GRC system can be the single source of truth for all compliance-related documents, and also acts as a benchmark each year for the next year’s continuous improvement targets. Compliance and Governance are not static; there is a need to improve continuously and even stay ahead of the regulation on occasion - this is what a GRC platform allows, beyond just streamlining workflow and reducing cost burden.


In an age where small Credit Unions find it hard to market and find visibility for themselves due to regulatory requirements, there seems to be an unlikely savior in GRC software. GRC reduces the cost of compliance, provides a strategic solution in aligning the stakeholders’ interests, and allows Credit Unions to focus on their business than compliance requirements.

Need a GRC solution that can reduce your compliance burden, and takes less than a week to implement? Please reach out to us at Vcomply in the form below, and we'll be glad to help you out!