Credit union regulator adopts enterprise risk appetite statement

The governing board of the federal agency that regulates credit unions on Thursday adopted a new enterprise risk appetite statement that provides agency management and staff guidance on how much risk the agency is willing to undertake in pursuit of its program goals.

Adopted on a unanimous vote of the three-member National Credit Union Administration (NCUA) Board, the statement was created in keeping with guidance provided by the Office of Management and Budget (OMB). Besides being a requirement under OMB Circular A-123, the statement reads, “effective ERM and a well-articulated risk appetite are good management practices. A thorough risk appetite statement facilitates a robust understanding across management teams that discuss program and resource trade-offs necessary to achieve organizational objectives.”

The statement addresses eight risk categories and breaks down within each category the specific types of risk for which the agency will adopt a tolerant (willing to accept significant risks in pursuit of its strategic objectives), moderate (willing to accept medium risks), or averse (willing to accept no risk) risk appetite. The eight risk categories are:

  1. Technology and information management risk
  2. Supervision risks
  3. Human capital risk
  4. Legal and regulatory compliance risk
  5. Operational risk
  6. Governance and strategic risk
  7. Financial management risk
  8. External risk

NCUA Board Chairman Todd Harper, in a statement, highlighted the enterprise risk appetite statement’s articulation of an averse risk appetite when addressing identified safety and soundness concerns at credit unions.

“This means we will be risk-focused and ready to act expeditiously if needed,” Harper stated. “I also appreciate that through this statement we will remain focused on ensuring compliance with and enforcement of federal consumer financial protection laws and regulations at credit unions.”

NCUA Risk Appetite Statement

Press release