Resources Banner

Comprehensive Reviews & Analysis

Credit unions are susceptible to all sorts of risks. Inflation and associated volatility, shifting political environments, unemployment, and many other risks continually surface, making risk management a beast that must be tamed to keep your business out of danger. That's where a strategic partnership with the Risk Management & Compliance Consulting experts at Cornerstone Resources can save you money, fines, time, and headaches.

We are Ready to Help

We can help you stay compliant and manage risk.

Existing client? Contact us for assistance.

Taming the Risk Proposition

Exposure to risk is just part of doing business, but unless you're an expert in risk management, taming the threat of those risks can seem like a full-time job. Cornerstone Resources can take the load off. We help ensure your credit union's safety and soundness, financial stability, continuity, and sustainability - all while giving you peace of mind without adding to your staff.

Why Choose Us?


Largest risk management service nationwide

trusted advisor

Experienced, certified, and trusted advisors


Personalized service, not just automation and reports


Return on your investment through increased productivity

documentation for review

Documentation for your review


Advocacy on your behalf with your examiner, if you choose


Compliance Services

Compliance specialists are hired, trained, and put through certification classes by Cornerstone Resources. Throughout the year, our specialists divide or share their time among assigned credit unions.

While working at a credit union, compliance specialists provide a variety of services, including:

  • Reviewing and developing policies
  • Developing, managing, and maintaining your credit union’s compliance program
  • Serving as your advocate with regulatory authorities
  • Monitoring and analyzing new and revised laws/regulations/regulatory issuances
  • Training staff/management on crucial regulatory issues
  • Preparing for examiners and remediating examination findings.

A complete review includes gathering the necessary background information and compiling and documenting compliance policy elements: intent to comply, responsibilities, defining terms, and framing actions in a logical sequence. Policy writing and review is included in most compliance visits.

Risk Management Services

Complete Risk Management

Our team of experienced and certified professionals assesses most organizational areas of risk, including enterprise risk management (ERM) and offers optional solutions to address identified weaknesses

Specific-scope Risk Management

Credit union management may designate individual areas to be addressed, including:

  • BSA/CIP/OFAC risk assessment (required by regulatory agencies)
  • FACTA red flags identity theft risk assessment (required by regulatory agencies)
  • Concentration risk assessment
  • Fair lending risk assessment
  • Website risk assessment
  • Other risk assessments, as requested

Vendor Due Diligence

Cornerstone Resources provides assembling, review and documentation of information subject to NCUA Regulatory Requirements covered in Supervisory Letter 07-CU-13, Evaluating Third Party Relationships.


  • Benchmark Process: includes planning, risk assessment and financial review
  • Concentration Risk
  • Due Diligence Process: includes background checks, business model, financial information, review of outside audits and financial and operational control review.
  • Contract Issues and Regulator Review
  • Measuring, Monitoring and Controlling Risk

Website Compliance Reviews

Select from a limited scope or expanded scope website review. ADA compliance reviews are also available.

Limited Scope

Comprehensive review of your website’s compliance to consumer regulation. This review is an essential part of your e-commerce strategy.

Expanded Full Scope

Review includes compliance-related requirements as well as web host vendor, third-party vendor due diligence, and a review of your website risk assessment.

ADA Website Review

Experts recommend a combination of automated and manual testing for compliance to the Americans with Disabilities Act (ADA). While many website vendors offer automated testing, we offer a fully manual review of your website.

BSA/CIP/OFAC Risk Assessments

Annual review of procedures and documentation relating to requirements of the Bank Secrecy Act (BSA), Customer Identification Programs (CIP) and Office of Foreign Assets Control (OFAC).

This assessment is required every 12 to 18 months.

SAFE Act Review

This review helps ensure compliance with the Secure and Fair Enforcement for Mortgage Licensing (SAFE) Act, which requires that all credit union employees who act as mortgage loan originators (MLO) be registered with the National Mortgage Licensing System, and that the credit union designate a program administrator to monitor and ensure compliance with the requirements.

This audit is required annually.

Disaster Recovery and Pandemic Planning

Whether in anticipation of the next hurricane or tornado or the next wave of an unforeseen pandemic, be ready. Like other critical contingency plans required of an organization, your members expect you to be prepared. A strategic partnership with our experts can help update your existing plans or develop a detailed master plan that will ensure you're ready for whatever comes next. Count on us to give you peace of mind while saving you money, time, and headaches.

Remote Deposit Capture Risk Assessment 

Remote Deposit Capture is an automated deposit transaction delivery system that enables your members to scan items, such as checks, from remote locations and electronically transmit the captured digital data to your credit union for posting and clearing. Per NCUA guidelines, credit unions must perform regular, comprehensive risk assessments on their Remote Deposit Capture services. These assessments are critical to mitigating and controlling your risk. A Cornerstone Resources risk assessment will:  

  • Identify and assess legal, compliance, and operational risks.
  • Aid you in designing policies to address risk tolerance levels, internal procedures and risk controls, risk transfer mechanisms, and contracts and agreements.
  • Help establish operational performance metrics, benchmarks, and standards.
  • Develop reports to support management and provide oversight of RDC operations.
  • Perform work remotely and deliver your assessment in 3–5 working days.