Embrace a culture of compliance
Supervisory committee members are credit unions’ watchdogs.
Stacie VanDenBerghe likens the board of directors to a GPS that determines the credit union’s destination, while the CEO oversees the route and employees serve as the vehicle to get there.
The supervisory committee makes sure all parties follow the law along the way.
“Trust but verify,” says VanDenBerghe, adding that the role of the supervisory committee is to make sure people follow the rules, and that they’re on the up and up. This includes ensuring that the board is safeguarding assets, and that management complies with its policies and plans.
Doing so requires supervisory committee members to embrace a healthy culture of compliance, says VanDenBerghe, CEO at CU Innovate. That culture includes these elements:
Written fraud policy. Together with legal counsel, develop a fraud policy that includes oversight by management, senior executives, and the board. It should also include employee responsibilities and potentially a fraud policy agreement for staff to sign annually.
Sufficient training at all levels: board, management, and staff. “A credit union can have the best fraud policy in the world, but without proper training it’s unlikely to be effective,” VanDenBerghe says.
Annual independent audit. Contract with a certified public accountant to examine all risk areas, prioritizing greatest areas of risk. “Shake it up” by using different audit firms, she says. “They’ll check for new things.”
Audits aren’t a luxury, VanDenBerghe adds. “They’re a requirement of doing business.”
Annual independent account verification. Contract with a third party to review credit union accounts (e.g., certificates, lines of credit, investments). This will aid in identifying discrepancies between reports and balance sheets credit union management provides and external account records.
Biennial internal controls audit. This can provide assurances that the credit union’s internal controls function properly to safeguard the credit union’s assets, as well as prevent and detect errors and irregularities.
Board oversight. Boards should have oversight of the credit union’s anti-fraud program, and should meet with examination staff and auditors regularly. The board should also ensure appropriate follow-up on examination and audit findings.
Segregation of duties. Break down most transactions into three steps: processing, approval, and funding. One employee should not have complete control over all steps within a transaction.
Rotation of duties. Cross-training aids in staffing when an employee goes on vacation and can unearth irregularities. Rotation of duties also supports contingency and recovery programs and processes.
Appropriate dual controls over vault cash, wire transfers, and other functions. This will provide oversight and deter fraud. Limit access based on job function.
“Supervisory committees are meant to be the watchdogs of the credit union,” VanDenBerghe says.
She offers 15 ways supervisory committee members can increase their effectiveness:
1. Treat the credit union as if it were your business and your money. “Take ownership,” VanDenBerghe says. “You have a fiduciary responsibility.
2. Invest in your safeguards and staff. Safeguards, training, internal controls, and oversight are key to the credit union’s safety, soundness, and success.
3. Know your finances. Train the board in financial reporting, analyze board packets, and understand what you’re reading and why.
4. Engage with board members on the supervisory committee. “They need to be more interested in the soundness of your financial institution than in the free logo wear,” she says.
5. Maintain consistent oversight, and document everything.
6. Understand the importance of diligence. Is the credit union well-run? Are the board and CEO concerned about audit findings and security, and take follow-up seriously?
7. Don’t create a policy or risk-mitigation philosophy and walk away. Follow up and review routinely.
8. Stay out of the weeds, and don’t micromanage. “No one cares what music is playing in the lobby,” VanDenBerghe says.
9. Work with other credit unions to share policies, procedures, and board reports. “Don’t recreate the wheel,” she says. “This is a resource other industries don’t have.”
10. Collaborate with other credit unions to perform audits. Check with your league for available resources.
11. Provide an anonymous hotline through which staff can report suspicious activity.
12. Define roles and expectations for board members, the supervisory committee, and the CEO. Review and evaluate them every year.
13. Focus on the future, not the past. “This means big-picture thinking and operating through the lens of safety and soundness, not historical limitations or excuses,” she says. “Talk about where you’re going, not where you used to be.”
14. Be brave enough to adapt and change.
15. Leverage your resources. Network and collaborate with other credit union leaders. Don’t let the CEO be your only source of information.
“Supervisory committees and internal audit functions are part of a bigger picture,” VanDenBerghe says. “The details matter, and each one comes together to increase the safety and soundness of your credit union.”
VanDenBerghe addressed the 2023 Supervisory Committee & Internal Audit Conference in Las Vegas.