Oct 22, 2024
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.
In this episode, Justin interviews Chris Willey of
American Eagle FCU. Justin asks Chris how banking and financial
risk management has evolved since Chris entered the profession, in
the past 15 years after the housing crisis, and in the past two
years after the SVB collapse. They talk about Chris’s 2023 RIMS ERM
Global Award of Distinction, how leadership has reacted to the ERM
program, and how the program has changed since last year. Chris
explains American Eagle FCU’s ERM philosophy, including its nine
risk categories. Chris shares her thoughts about what it takes to
activate an effective ERM Program today, and how ERM can help
improve the banking sector and the risk industry overall.
October is Cybersecurity Awareness Month. Chris tells what that
means to her.
Key Takeaways:
[:01] About RIMS.
[:15] About this episode. From RIMS headquarters in New York, our guest is Chris Willey, the VP of ERM at American Eagle Financial Credit Union. She is also a recipient of the 2023 RIMS ERM Global Award of Distinction.
[:43] The RIMS ERM Conference 2024 will be held on November 18th and 19th in Boston. Opening keynote speaker John Hagel recently appeared here on RIMScast. Register at RIMS.org/ERM2024.
[:58] We will talk about everything from RMIS and AI to D&O, ESG, the SEC, and various other acronyms, in addition to future casting and risk quantification.
[1:10] RIMS-CRMP holders can earn recertification points by attending the RIMS ERM Conference 2024! For those interested in studying for the exam, a pre-conference workshop will be held on-site on November 16th and 17th. Register now; a link is on this page!
[1:34] The next RIMS-CRMP Exam Prep will be held with Purima virtually on November 14th and 15th. The next RIMS-CRMP-FED Exam Course will be hosted along with George Mason University from December 3rd through the 5th.
[1:50] Links to these courses can be found on the Certifications page of RIMS.org and through this episode’s show notes.
[1:57] RIMS Virtual Workshops! Elise Farnham of Illumine Consulting recently joined us here on RIMScast. On December 4th and 5th, she will host Applying and Integrating ERM. On December 17th and 18th, she will host Captives as an Alternate Risk Financing Technique.
[2:20] Other dates for the Fall and Winter are available on the Virtual Workshops calendar, RIMS.org/virtualworkshops.
[2:28] Interview! My guest today, Chris Willey, is the Vice President of Enterprise Risk Management at American Eagle Financial Credit Union. In 2023, her ERM program received a RIMS ERM Global Award of Distinction. We didn’t get to connect last year to discuss it.
[2:49] We’re here now, and we will learn all about Chris Willey’s ERM philosophies, how American Eagle FCU handles certain risks, and what their risk register looks like. We will also get some tips for staying cyber secure, as October is International Cybersecurity Awareness Month.
[3:06] Chris Willey, welcome to RIMScast! Congratulations again for your ERM program being one of the honorees of the 2023 RIMS ERM Global Award of Distinction!
[3:51] Chris started at the credit union 34 years ago in Internal Audits where she got to see and understand the entire organization. In 1998, the board of directors started a risk management department. Chris applied and got the job.
[4:25] At first, they worked on traditional risk management, including insurance and fraud. Over the years, they added responsibilities. ERM was the last piece they added to their risk management repertoire, 14 years ago.
[4:56] Around the time of the housing crisis, one of the credit union’s high-risk areas, the board asked Chris to create an ERM program. Credit union regulators were also instrumental in starting ERM. While not required, having an ERM program is necessary to understand your risks.
[6:26] Chris has one staff member, Theresa, the Assistant Vice President, who helps with all facets of risk management. Chris and Theresa do a lot. Chris says it would be nice to have another person helping them.
[7:28] After the Silicon Valley Bank collapsed in March 2023, the interest rate risk and liquidity risk got a lot of attention. American Eagle FCU was on top of it. Their interest rate risk was increasing and the ERM program had already begun taking measures to thwart risk.
[8:10] American Eagle had scaled back some of their lending and beefed up their liquidity because of what happened on the West Coast. That helped put them in a great spot.
[8:44] The regulators had come down hard on them and American Eagle did a lot of things to prove that they were going to be OK. The regulators are the insurers so wanted to make sure American Eagle had enough liquidity in case something happened like that at the credit union.
[9:04] It was a lot of work. The CFO and others in the organization put in additional monitoring tools. That’s what the ERM program does. It says, “Hey, we’ve got a potential issue or higher risk.” It’s a call to action to ask, "What are we going to do differently to mitigate the risk?"
[9:37] American Eagle’s interest rate risk is still trending a little bit higher but it’s under control and being monitored. The regulators gave them a great pass last year and are working on this year’s audit.
[10:12] When the American Eagle FCU ERM program was awarded the 2023 RIMS ERM Award of Distinction, regulators were thrilled. The board of directors was very happy to hear of it at a board meeting. The Risk Council Team was also thrilled and felt they were on the right track.
[11:11] The award came at a good time for the ERM program. Since then, American Eagle has had a few new executive leaders. The ERM program team is educating the risk council on what ERM is and the nine risk categories, definitions, KRIs, and what they should keep or change.
[12:43] American Eagle is getting to the point of putting new KRIs in place to see where they land with the risk ratings. They are asking if their risk tolerance or appetite should be increased. American Eagle FCU has been risk-averse. You can take calculated risks with an ERM program.
[13:41] If the risk gets to be above your expectations, you can try to reel it back to a more manageable level.
[14:04] American Eagle FCU is growing in its assets and also in its team members. The ERM program is adding a People Risk category to help create a culture that’s engaging. The board of directors is excited to see what that will look like.
[14:39] Plug Time! RIMS Webinars! On October 24th, Hub International returns for the fourth installment of their Ready for Tomorrow series, “From AI to the SEC: The Future of D&O Litigation and Regulatory Exposures”.
[14:56] On October 31st, TÜV SÜD GRC discusses “Mastering Property Renewals: Strategies for Success in 2025 with Risk Engineering”. On November 4th, I will be hosting a special RIMS Webinar presentation, “Lessons from Veterans on Strategic Risk Leadership”.
[15:17] On November 14th, Marsh will present “Risk Perception and Management: Insights for a Changing Landscape”. On Thursday, December 12th, OneTrust returns to deliver “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring”
[15:43] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members.
[15:55] There is another webinar you should know about. On October 22, 2024 at 1:00 p.m. ET. I will be moderating for my friends at ex judicata “If I Leave the Law — A Webcast Series: Landing a Nonlegal Job in Insurance Industry: Risk Management, Brokerage, Claims, & Advisory”.
[16:20] Other panelists include leaders from Lockton,
Berkshire Hathaway Specialty Insurance, and our friend from the
RIMS Public Policy Committee and the RIMS Detroit Chapter, Lynn
Haley Pilarski, who works at GM. The link is in this episode’s show
notes.
[16:41] This is a complimentary webinar and it is a chance for you
to invite your friends who are in the legal profession, looking to
transition to another role, to check out risk management and see
what it’s all about. The link is in this episode’s notes.
[16:58] Back to My Interview with Chris Willey of American Eagle FCU! The nine risk categories of American Eagle’s ERM program are credit risk, interest rate risk, liquidity risk, transaction risk, compliance risk, concentration risk, strategic risk, reputation risk, and cyber risk.
[17:44] American Eagle FCU started with the seven NCUA risks, and as cybercrime became prevalent, they added a category for cyber risk. When NCUA sent a letter on concentration risk, American Eagle FCU added a category for concentration risk. The people risk is upcoming.
[18:32] Now all risks are counted equally, but they may start looking at weighted averages. That is still TBD.
[19:25] American Eagle FCU has from 335 to 350 team members. The credit union is state-charted in Connecticut. They have members in Massachusetts but no branches in that state. They have no plans to charter in other states.
[20:35] American Eagle FCU is trying to manage everything with a balanced approach, taking on more risk than before, and moving toward the center of the risk spectrum. The initiatives of their strategic plan involve a certain amount of risk and it will be OK.
[21:34] To start an ERM program from scratch in 2024 you need executive buy-in. The tone from the top is important. American Eagle FCU started at the management level and once it was running well, they brought the board of directors into it.
[22:01] Chris explains how strategic initiatives, projects, budgets, finances, and reputation were KRI measures that were reported to the board twice a year.
[22:52] Two of the three 2023 honorees of distinction, American Eagle FCU and Sterling Bank and Trust, are in the banking sector, which speaks to what ERM can do for banking.
[23:21] With interest rates as they are, it’s a good idea for a bank to have an ERM program to help navigate these times, whether interest rates are going up or down. Risk management is very basic to every financial institution, whether or not it is ERM.
[24:36] Justin remembers that there was no risk manager at Silicon Valley Bank. RIMS believes that every organization, regardless of its size, should have a dedicated risk professional. Chris thought at the time there were going to be a lot of risk management positions opening up.
[25:36] It is prudent to have a risk professional. They bring insight to your thinking that you may never have considered. The American Eagle FCU ERM program uses Key Risk Indicators. You want leading KRIs to pinpoint problems that are up and coming. Look forward, not back.
[26:29] ERM can help the risk profession greatly. In the cyber area, everyone has data they need to protect. If you have an ERM program looking at some of the risks in the cyber area, you might be able to create a better environment and protect against all the threats out there.
[27:08] Threats are not going to stop. They will continue to get worse. American Eagle ERM makes decisions based on its ERM program. They do business-level risk assessments to help business owners understand how to stay within their risk tolerance level.
[27:51] ERM is language and knowledge from which every organization can benefit.
[27:57] October is Cybersecurity Awareness Month. American Eagle FCU has participated in Cybersecurity Awareness Month for over a decade to educate team members on all kinds of cybersecurity issues and threats.
[28:38] This year, the theme is Willy Wonka, with cyber security videos and activities for interactive learning. They issue their security training for the year for all team members. They also educate members with tips on social media, their newsletter, and their website.
[29:45] American Eagle FCU is holding a fraud symposium for members. October at American Eagle FCU is a fun time. The CFO dresses as WIlly Wonka and the ERM team members are Oompa Loompas. They do short videos throughout the month about what’s coming up.
[31:41] Chris, it is wonderful to see you. I appreciate all your time and your wonderful insight. It speaks to the banking sector and the broader risk community. There’s a lot that our listeners can learn from this episode. Congratulations again on the 2023 RIMS ERM Award of Distinction!
[32:09] Special thanks again to Chris Willey of American Eagle FCU for joining us here on RIMScast! Check out the episode’s show notes for more resources about cybersecurity and the 10 risks we discussed during the interview.
[32:24] More RIMS Plugs! The RIMS ERM Conference 2024 will be held in Boston, Massachusetts on November 18th and 19th. Register today at RIMS.org/ERM2024!
[32:40] The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It’s different from the RIMS Events App. Everyone loves the RIMS App!
[33:13] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information.
[33:58] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information.
[34:15] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.
[34:32] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management.
[34:46] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org.
[34:54] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!
Mentioned in this Episode:
RIMS ERM Conference 2024 will be in Boston, MA Nov. 18‒19 | Register Now
RIMS-Certified Risk Management Professional (RIMS-CRMP)
RIMS Strategic & Enterprise Risk Center
NEW FOR MEMBERS! RIMS Mobile App
The Strategic and Enterprise Risk Center
RIMS-CRMP Stories — New interview featuring Dan Elliott!
Submit Your Nomination for 2025 Risk Manager of the Year — Part I is due on Oct. 31!
International Cybersecurity Awareness Month
RIMS Webinars:
“If I Leave the Law — A Webcast Series: Landing a Nonlegal Job in Insurance Industry: Risk Management, Brokerage, Claims, & Advisory” | Presented by ex judicata | Oct. 22, 2024
“From AI to the SEC: The Future of D&O Litigation and Regulatory Exposures” | Sponsored by Hub International | Oct. 24, 2024
“Mastering Property Renewals: Strategies for Success in 2025 with Risk Engineering” | Sponsored by Global Risk Consultants, a TÜV SÜD Company | Oct. 31, 2024
“Lessons from Veterans on Strategic Risk Leadership” | Presented by RIMS | Nov. 4, 2024
“Risk Perception and Management: Insights for a Changing Landscape” | Sponsored by Marsh | Nov. 14, 2024
“Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring” | Sponsored by OneTrust | Dec. 12, 2024
Upcoming Virtual Workshops:
RIMS-CRMP Exam Prep with PARIMA (Virtual) November 14‒15, 2024 | 9:00 am‒4:00 pm SGT — Register by Nov. 7.
Applying and Integrating ERM | Dec 4‒5
Captives as an Alternate Risk Financing Technique | Dec. 17‒18
See the full calendar of RIMS Virtual Workshops
Related RIMScast Episodes:
“Big Shifts with John Hagel, ERM Conference Keynote”
“Applying ERM Theory with Elise Farnham”
“Maintaining an Award-Winning ERM Program with Michael Zuraw”
Sponsored RIMScast Episodes:
“RMIS Innovation with Archer” | Sponsored by Archer (New!)
“Navigating Commercial Property Risks with Captives” | Sponsored by Zurich (New!)
“Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL
“Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL
“Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company
“Partnering Against Cyberrisk” | Sponsored by AXA XL
“Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh
“Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos
“Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL
“Elevating RMIS — The Archer Way” | Sponsored by Archer
“Alliant’s P&C Outlook For 2024” | Sponsored by Alliant
“Why Subrogation is the New Arbitration” | Sponsored by Fleet Response
“Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd.
“Subrogation and the Competitive Advantage” | Sponsored by Fleet Response
“Cyberrisk Outlook 2023” | Sponsored by Alliant
“Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD
“Insuring the Future of the Environment” | Sponsored by AXA XL
“Insights into the Gig Economy and its Contractors” | Sponsored by Zurich
“The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster
RIMS Publications, Content, and Links:
RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community!
RIMS-Certified Risk Management Professional (RIMS-CRMP)
RIMS Events, Education, and Services:
RIMS Events App Apple | Google Play
Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.
Want to Learn More?
Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.
Have a question or suggestion? Email: Content@rims.org.
Join the Conversation!
Follow @RIMSorg on Facebook, Twitter, and LinkedIn.
About our guest:
Chris
Willey, VP of Enterprise Risk Management at American Eagle Financial Credit
Union
The American Eagle FCU ERM top risk categories:
Credit Risk
Interest Rate Risk
Liquidity Risk
Transaction Risk
Compliance Risk
Concentration Risk
Strategic Risk
Reputation Risk
Cyber Risk
Coming soon: People Risk
Social Shareables (Edited For Social Media Use):
Our CFO and others in our organization put in additional monitoring tools. That’s what the ERM Program does. It says, “Hey, we’ve got a potential issue or higher risk.” It’s a call to action to ask, "What are we going to do differently to mitigate the risk?" — Chris Willey
It’s hard to benchmark one ERM Program to the next. It’s different, based on your risk tolerances and the way you run your business. — Chris Willey
If we want to grow, give back to the community, and do all the initiatives we would like to with our strategic plan, we are going to have to take more risk, and it’s going to be OK. — Chris Willey
Threats are not going to stop. They are going to continue and get worse. We make decisions based on our ERM program. We do business-level risk assessments and get the business owners involved so they understand what their tolerance levels are. — Chris Willey