League InfoSight Highlight: Fraud Risk Assessment

By Glory LeDu, CEO, League InfoSight and CU Risk Intelligence

With the constant changes happening in our industry, it seems we are all on edge and wondering how the future will unfold for the regulatory agencies and the corresponding priorities. Despite that uncertainty, there are a few constants that we need to continue to focus on. 

Remember we still have all the existing regulations in effect, and we need to be compliant with those regulations. The good ole’ alphabet soup. Many of our credit unions have struggled with, and continue to struggle with, challenges in managing consumer compliance. We must be diligent in prioritizing the development and maintenance of an effective compliance management system at the credit union. Whether you need technology solutions simply to help keep you on track, organize, and grade compliance - or you need a full-service partner to assist in making sure you are complying with applicable laws and regulations, don’t let this fall by the wayside (CU Risk Intelligence has both resources that can help). Even if the regulatory agencies do not make this a priority, there are definitely litigation attorneys that will.

Another constant – Fraud. If you noticed the most recent report coming out of the FTC on the Top Scams of 2024, it’s an interesting read. As we probably could have predicted, losses keep going up and up, year over year. More than 1 in 3 people who reported a scam also reported losing money, and in 2024, we had 2.6 million fraud reports with $12.5 billion reported lost.  How can we put a dent in this at our credit union? A fraud risk assessment isn’t anything new and is actually the foundation of an effective fraud risk management program.

Recently, I was able to spend an afternoon with a really cool group of credit unions in Maine, collaborating on a brainstorming activity related to creating a fraud risk assessment. We worked in groups to identify various fraud risks across their different credit unions. Lucky for all of us, we had a very diverse group of credit union employees from different departments within the credit union - many wearing multiple hats- so some folks had a better understanding of operational risks, or risks in the collection department, given their day-to-day responsibilities.

At the end of our activity, we all agreed it would probably be easier to complete the risk assessment internally with representatives from each department within their credit union.  However, we were able to walk through some fraud risks, potential likelihood, the significance of the event, relevant people/department, what current controls credit unions typically have in place to mitigate the risk, whether those were effective and left any residual risk, and finally, how we would address that residual risk or our fraud risk response. Although not meant to be comprehensive, our exercise in identifying a few fraud risks and working through the risk assessment was helpful to get a base risk assessment started. This allowed the credit union to get the ball rolling and hopefully have deeper discussions and meetings to develop something more comprehensive and unique to their institutions.

As with any risk assessment, it’s critical to understand the potential risks/threats, and prioritize them based on likelihood or significance. As we see the fraud losses increase and fraud schemes becoming more sophisticated, it’s important to have documentation to understand how your credit union may be the most impacted and where it makes the most sense to deploy human and capital resources. We know we can’t prevent all risk; it’s a part of doing business!  But we can always be more focused and efficient in the resources we are using to most effectively mitigate the impact of fraud risk.

Be on the lookout for a model risk assessment that will be added to InfoSight360 shortly after the launch.

As always, if you have any questions, comments, or concerns, please reach out to us at [email protected].