Developing an Enterprise-Wide Risk Assessment
Transcript of Developing an Enterprise-Wide Risk Assessment
Developing an Enterprise-Wide Risk Assessment
Marci Malzahn, President & Founder
February 2017
Disclaimer
This presentation is designed to provide accurate and authoritative information in regard to the subject matter covered. The handouts, visuals, and verbal information provided are current as of the webinar date. However, due to an evolving regulatory environment, Financial Education & Development, Inc. does not guarantee that this is the most-current information on this subject after that time.
Webinar content is provided with the understanding that the publisher is not rendering legal, accounting, or other professional services. Before relying on the material in any important matter, users should carefully evaluate its accuracy, currency, completeness, and relevance for their purposes, and should obtain any appropriate professional advice. The content does not necessarily reflect the views of the publisher or indicate a commitment to a particular course of action. Links to other websites are inserted for convenience and do not constitute endorsement of material at those sites, or any associated organization, product, or service.
2 Copyright 2017 Malzahn Strategic
Sponsors
• Alabama Bankers Association • Arkansas Community Bankers • California Community Banking Network • Independent Bankers of Colorado • Florida Bankers Association • Community Bankers Association of Georgia • Community Banker Association of Illinois • Indiana Bankers Association • Community Bankers of Iowa • Community Bankers Association of Kansas • Kentucky Bankers Association • Maine Bankers Association • Community Bankers of Michigan • Independent Community Bankers of Minnesota • Missouri Independent Bankers Association • Montana Independent Bankers Association • Nebraska Independent Community Bankers • Independent Comm. Bankers Assoc. of New Mexico
• Independent Bankers Assoc. of New York State • Independent Community Banks of North Dakota • Community Bankers Association of Ohio • Community Bankers Association of Oklahoma • Pennsylvania Association of Comm. Bankers • Independent Banks of South Carolina • Independent Comm. Bankers of South Dakota • Tennessee Bankers Association • Independent Bankers Association of Texas • Vermont Bankers Association • Virginia Association of Community Banks • Community Bankers of Washington • Community Bankers of West Virginia • Wisconsin Bankers Association
Directed by
The Community Bankers Webinar Network
3 Copyright 2017 Malzahn Strategic
Marci Malzahn – Malzahn Strategic • Professional Highlights:
• 23 years in banking: from teller to EVP/CFO/COO and CRO
• Started a bank in 2005 – Bank grew to $325MM in 10 years, now $530MM
• 5 years in nonprofit:
• CFO overseeing Finance, IT and HR
• Managed a $32MM budget, 28 employees
• 2 years with Malzahn Strategic consulting
• Professional Awards: • 25 On The Rise – Hispanic Chamber of Commerce
• Forty Under 40 – Minneapolis/St. Paul Business Journal
• Top Women in Finance – Finance and Commerce Newspaper
• Outstanding Women in Banking – North Western Financial Review magazine
• Education: • B.A. Business Management, Bethel University
• Graduate School of Banking, Madison, Wisconsin
4 Copyright 2017 Malzahn Strategic
Webinar Overview
• The Big Picture (foundational knowledge):
• Strategic Planning
• Enterprise Risk Management
• Integrating your ERM into your Strategic Plan
• The Risk Assessment Process
• Identify Risks Using Risk Assessments
• Develop Assessment Criteria
• Assess Risks
• Assess Risk Interactions
• Prioritize Risks
• Respond to Risks
5 Copyright 2017 Malzahn Strategic
Webinar Overview Cont.
• Risk Assessment System (RAS)
• CAMELS Rating and How They Relate to Risk Assessments
• Top 8 Risks and Other Important Risks to Assess
• ERM Risk Assessment Matrix – How to Complete One
• Annual Risk Assessments Recommended and Areas Assessed
• IT Risk Assessment – How to Complete One
• Ongoing Monitoring and Reporting Tools
• Bringing It All Together
6 Copyright 2017 Malzahn Strategic
Strategic Plan Components
7
Strategic Plan
ERM
Marketing
Business Plan
Financials
Talent
Capital
Copyright 2017 Malzahn Strategic
What is ERM?
8
Identifying and
Assessing Risk
Mitigating or
Eliminating Risk
Monitoring and
Reporting Risk
Copyright 2017 Malzahn Strategic
Identifying and Assessing Risk • Use risk assessments enterprise-wide to identify risks and assess the
types of risks
• Also identify unique and specific risks to your organization
• (i.e., succession planning, relationship concentration, industry concentration)
• Categorizing each risk across the organization by:
• Criticality and confidentiality
• Rate risks by:
• Impact and probability/likelihood
• Vulnerability and speed of onset 9 Copyright 2017 Malzahn Strategic
Mitigating and Eliminating Risk
• Determine the steps your institution will take to mitigate some of the inherent risks
• Determine how your institution can eliminate certain risks
• Ensure your institution is comfortable with the residual risk
• Establish policies, processes, and procedures to mitigate and eliminate risks
10 Copyright 2017 Malzahn Strategic
Monitoring and Reporting Risk
• Ongoing monitoring of risks identified
• Establish accountability across the organization
• Ensure policies, procedures, and systems in place are being followed AND are working (measuring)
• Ongoing reporting of risks and status to board of directors
• Provide results from monitoring efforts
• Directors learn about risks, get updates, understand their liability
• Use tools such as “heat maps”
11 Copyright 2017 Malzahn Strategic
Integrate Enterprise Risk Management into Your Strategic Plan • As you conduct the ERM Risk Assessment – what are your strategies
to mitigate and avoid certain risks?
• Know regulations – know your industry
• Establish policies to comply with regulations
• Establish procedures and processes
• Establish an organizational and operational infrastructure to support current size and scalable for future growth
• Establish key performance indicators (KPI) and key risk indicators (KRI) and reporting
12 Copyright 2017 Malzahn Strategic
Key Performance Indicators (KPI) – Examples • Total Assets
• Total Liabilities
• Net Income
• ROE
• ROA
• Efficiency Ratio
• ALLL
• OREO
• Texas Ratio 13 Copyright 2017 Malzahn Strategic
Key Risk Indicators (KRI) – Examples
Global/general:
• From global economy to your state to your city
• Unemployment rate nationwide and in your state
• GDP
Local/unique to your institution:
• Lack of risk awareness at the board level in your institution
• High employee turnover
• Loosening of credit standards
14 Copyright 2017 Malzahn Strategic
Integrate Other Key Components into ERM • IT Security Program
• Compliance Program (Compliance Management System)
• Internal Audit Program
• Liquidity Contingency Funding Plan (CFP) – Includes Liquidity Stress Testing
• Succession Planning
• Capital Planning DRP
• Credit Stress Testing
15
Disaster Recovery Plan Vendor Management
Business Continuity Plan Social Engineering
Cyber Security Program Controls & Policies
Copyright 2017 Malzahn Strategic
ERM Key Components
ERM
IT Security
Program
Compliance
Succession Planning
Capital
DRP
Liquidity Contingency
Plan
Internal Audit
16 Copyright 2017 Malzahn Strategic
IT Security Program Key Components
IT Security Program
DRP
Cyber Security
Vendor Mgmt.
Security Controls
Social Engineering
BCP
17 Copyright 2017 Malzahn Strategic
The Risk Assessment Process
• Identify Risks First
Risk assessments follow event identification and
precede risk response
• Develop Assessment Criteria
• Assess Risks
• Assess Risk Interactions
• Prioritize Risks
• Respond to Risks
18 Copyright 2017 Malzahn Strategic
Risk Assessments
• Should be practical, sustainable, and easy to understand.
• Process should be done in a structured and disciplined way.
• Should be standardized across the organization.
• Should be customized to your institution’s size, complexity, and geographic area.
• Risk assessments should be a useful tool in the decision-making process and strategic planning of the organization.
19 Copyright 2017 Malzahn Strategic
Identify Risks
• List ALL the potential risks of the organization
• Organize risks by category (financial, operational, strategic, etc.) and sub-category where appropriate
• Prioritize all risks so senior management and board’s attention is on the key risks
• The prioritization is accomplished by performing a risk assessment
20 Copyright 2017 Malzahn Strategic
Develop Assessment Criteria
• Develop a common set of assessment criteria (scale) to be used across all functional areas of the organization (simple yet comprehensive).
• Scales should help in ranking and in prioritizing risks (i.e., 1 = Incidental,
2 = Minor, 3 = Moderate, 4 = Major, 5 = Extreme).
• Risks as well as opportunities are usually assessed in terms of impact (how it will affect the entire enterprise) or likelihood (i.e., 1 = Rare, 2 = Unlikely,
3 = Possible, 4 = Likely, 5 = Frequent)
• Ask the questions of vulnerability (how susceptible?) and speed of onset (how fast could the risk arise? 1 = Very Low, 2 = Low, 3 = Medium, 4 = High, 5 = Very High; How fast could you respond or recover?)
21 Copyright 2017 Malzahn Strategic
Assess Risks
• Consists of assigning values to each risk and opportunity using the defined criteria.
• The values should be the same in all areas across the organization.
• Use qualitative questions/criteria (descriptive assessment scales).
• Perform a quantitative analysis of the most important risks (using numerical values for impact and likelihood).
22 Copyright 2017 Malzahn Strategic
Assess Risk Interactions
• Risks in one area interact with other areas in the organization.
• Need to recognize how risks interact with each other.
• Take the integrated approach and view all risks from the holistic perspective – thus Enterprise Risk Management.
• Group related risks into broad risk areas
• Use risk interaction maps
23 Copyright 2017 Malzahn Strategic
Prioritize Risks
• Determine which risks require immediate attention of senior management and board of directors.
• Prioritize by comparing the level of risk against agreed upon target risk levels and tolerance thresholds.
• Impact and likelihood or impact and vulnerability
• Consider developing the Board’s Risk Appetite and Tolerance Statement after risk assessments are done.
• There is a qualitative piece and a quantitative piece of the statement.
24 Copyright 2017 Malzahn Strategic
Respond to Risks
• After conducting the risk assessments you should have to first input as to how to respond to each risk.
• Decide to either accept, reduce, share, avoid, or eliminate each risk.
• Perform cost-benefit analysis (i.e., is the cost to prevent or reduce a certain risk higher than the risk itself?)
• Formulate a response strategy and develop plans.
25 Copyright 2017 Malzahn Strategic
Risk Assessment System (RAS) • What is “supervision by risk”?
• Evaluating risk
• Identifying existing and emerging problems
• Ensuring that institution’s management takes corrective action before problems compromise the institution’s safety and soundness
• RAS provides framework to measure, document, and communicate:
• Quantity of risk
• Quality of risk management
• Aggregate risk
• Direction of risk for the eight risk categories
• Updated guidance expands the assessment of strategic and reputation risks
26 Copyright 2017 Malzahn Strategic
Risk Assessment System (RAS) Structure • Evaluate separately:
• Quantity of risk – reflects level of risk assumed in the course of doing business (low, moderate, or high)
• Quality of risk management – assesses whether the institution’s risk management systems are capable of identifying, measuring, monitoring and controlling that amount of risk (strong, satisfactory, insufficient, or weak)
• Identify and take action on emerging risks in a timely manner
• Provides both:
• Current (aggregate risk) – combined quantitative and qualitative risks (low, moderate, or high)
• Prospective (direction of risk) view of a institution’s risk profile – assessment of movement of the aggregate risk in 12 months (decreasing, stable, or increasing)
27 Copyright 2017 Malzahn Strategic
What Are CAMELS Rating System?
• Examiners use results from RAS to incorporate in CAMELS rating
• Primary risk categories that examiners consider within each component area
• Quality of risk management practices
• When RAS and CAMELS rating systems are used together:
• Provide a holistic view of the institution’s condition
• Support planned activities and supervisory findings
28 Copyright 2017 Malzahn Strategic
CAMELS Rating System Categories
• Capital
• Assets
• Management
• Earnings
• Liquidity
• Sensitivity to Market Risk
• Technology
29 Copyright 2017 Malzahn Strategic
New Definition of Banking Risk
The potential that events will have an adverse affect on an institution’s current or projected
financial condition and resilience
• Financial Condition: Includes impacts from diminished capital (impact from losses, reduced earnings, and market value of equity) and liquidity
• Resilience: Recognizes the institution’s ability to withstand periods of stress (based on stress testing)
30 Copyright 2017 Malzahn Strategic
Top 8 Risk Categories
1. Credit – Person/entity’s failure to meet the terms of any contract with the institution
2. Interest Rate – Movements in interest rates (repricing, basis, yield curve, and options risk)
3. Liquidity – The institution’s inability to meet obligations when they come due (contingency funding plan)
4. Price – Changes in the value of either trading portfolios or other obligations that are entered into as part of distributing risk
31 Copyright 2017 Malzahn Strategic
Top 8 Risk Categories
5. Operational – Inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events
6. Compliance – Violations of laws or regulations, or nonconforming to prescribed practices, internal policies, and procedures, or ethical standards.
7. Strategic – Adverse business decisions, poor implementation of business decisions, or lack of responsiveness to changes in the banking industry and operating environment.
8. Reputation – Negative public opinion. Inherent to all activities.
32 Copyright 2017 Malzahn Strategic
Plus a Few Other Risks 9. Technology – Risk in all technologies used across the organization
10. Customer – Risk from dealing with fraudulent entities
11. Human Resources Management – Violations to HR laws and
HR-related areas
12. Earnings/Profitability – Losses in investments and earnings other
than credit
13. Legal – Failure to comply with statutory or regulatory obligations
14. Capital – Direct losses to capital due to all risks being interrelated
15. Model – The OCC is now focusing on the Model Risk Management
33 Copyright 2017 Malzahn Strategic
Model Risk Management – Quick Overview
• “Model” – Quantitative method, system, or approach
• Applies – Statistical, economical, financial, or mathematical theories, techniques, and assumptions
• Process – input data into quantitative estimates
• Three components:
• Information input
• Processing
• Reporting
• Model Risk – Potential for adverse consequences from decisions based on incorrect or misused model outputs and reports
34 Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix – Definitions
• Risks: Identify each department
• Inherent Risk: Risk of an activity with no controls in place (low, moderate, high)
• Consequences: If the risk occurs, identify damage
• Risk Mitigating Factors: Activities that can control the risk and consequences of it happening
• Monitoring Tool(s): Tools used to monitor risks
35 Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix – Definitions
• Plans for Improvement: If current mitigating factors are insufficient, describe plan to improve
• Status: Tracking mechanism to track progress on plans for improvement (person accountable for each action)
• Residual Risk: The risk that remains after controls are taken into account
• Trend of Risk: Increasing, stable, decreasing – provides a baseline for future assessments of this risk
36 Copyright 2017 Malzahn Strategic
Types of Risks
37
Technology Transaction/Operational Strategic Reputational
Compliance/Regulatory Liquidity Interest Rate Risk Credit Administration
Legal Human Resources Earnings/Profitability Capital
ERM
Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix
38
Ris
ks
Credit Interest Rate Liquidity Price In
he
ren
t R
isk
Co
nse
qu
en
ces
Ris
k M
itig
ato
rs
Mo
nit
ori
ng
Too
l(s)
Pla
ns
for
Imp
rove
me
nt
Stat
us
Re
sid
ual
R
isk
Tre
nd
o
f R
isk
Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix Cont.
39
Ris
ks Operational/
Transaction Compliance/ Regulatory
Strategic Reputational In
he
ren
t R
isk
Co
nse
qu
en
ces
Ris
k M
itig
ato
rs
Mo
nit
ori
ng
Too
l(s)
Pla
ns
for
Imp
rove
me
nt
Stat
us
Re
sid
ual
R
isk
Tre
nd
o
f R
isk
Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix Cont.
40
Ris
ks
Technology Customers Human Resources
Management Earnings/Profitability
Inh
er
en
t R
isk
Co
nse
qu
en
ces
Ris
k M
itig
ato
rs
Mo
nit
ori
ng
Too
l(s)
Pla
ns
for
Imp
rove
me
nt
Stat
us
Re
sid
ual
R
isk
Tre
nd
o
f R
isk
Copyright 2017 Malzahn Strategic
ERM Risk Assessment Matrix Cont.
41
Ris
ks
Legal Capital Model – NEW Risk Other In
he
ren
t R
isk
Co
nse
qu
en
ces
Ris
k M
itig
ato
rs
Mo
nit
ori
ng
Too
l(s)
Pla
ns
for
Imp
rove
me
nt
Stat
us
Re
sid
ual
R
isk
Tre
nd
o
f R
isk
Copyright 2017 Malzahn Strategic
Annual Risk Assessments Recommended
• ERM
• Information Technology
• Bank Secrecy Act
• Internal Controls
• Bank Policies
• Bank Insurance
• ACH
• Fraud
• Fair Lending
• Mobile Banking
42 Copyright 2017 Malzahn Strategic
IT Areas Assessed • Information Technology Security
• Information Technology: All Systems
• Information Technology: All Hardware and Software Inventory
• Disaster Recovery Plan
• Threat Analysis
• Vendor Management Program
• Asset Inventory
• Internal Physical Bank Security: System, Policies, Training
• Cybersecurity:
• Website: Security, Compliance, Backup
• All Online Banking Products: mobile, remote deposit, wire transfers, ACH
43 Copyright 2017 Malzahn Strategic
BSA Areas Assessed
• Wire Transfer Program: System, Controls, Agreements
• ACH Program: System, Controls, Agreement
• Office of the Foreign Assets Controls (OFAC)
• Anti-Money Laundering (AML)
44 Copyright 2017 Malzahn Strategic
Internal Control Areas Assessed #1
• Accounts Payable
• Allowance for Loans and Lease Losses (ALLL)
• Asset/Liability Management
• Bank Protection
• Branch Capture
• Call Report Preparation
• Capital
• Cash Controls
45 Copyright 2017 Malzahn Strategic
Internal Control Areas Assessed #2 • Collateral Safekeeping
• Correspondent Lending
• Deposit Processing/New Deposit Account Opening Procedures
• Director, Officer, and Employee Accounts
• Dormant Accounts (if applicable)
• Due From Accounts (Correspondent Banks)
• Fixed Assets
• Human Resources: Hiring and Termination Practices, Payroll, Personnel Files, Personnel Files, Performance Evaluations, Retirement Plans
46 Copyright 2017 Malzahn Strategic
Internal Control Areas Assessed #3 • Income and Expense
• Internal DDAs
• Internet Banking
• Investments
• Loan Processing/New Loan Account Opening Procedures
• Mortgage Loans in Transit (MLIT)
• Official Checks
• Online Entries: General Ledger, Loan, and Deposit Processes 47 Copyright 2017 Malzahn Strategic
Internal Control Areas Assessed #4
• Other Real Estate Owned (OREO)
• Other Liabilities
• Overdrafts
• Payroll
• Prepaid Expenses and Other Assets
• Remote Deposit Capture
• Secondary Market
• Wire Transfers
48 Copyright 2017 Malzahn Strategic
Categories Included in IT Risk Assessment #1
• Asset Type: Application/Software, Process, System
• Asset Medium: Paper or Electronic
• Vendor Name
• Controls/Procedures in Place
• Description of Risks Associated with Asset
• Risk Mitigation: Description for Mitigation of Risks
• Risk Rating: Low, Medium, High
• Criticality to Institution: Levels 1 to 5 with 5 being the most critical
49 Copyright 2017 Malzahn Strategic
Categories Included in IT Risk Assessment #2
• Residual Risk: Low, Medium, High
• Information Classification: Public, Non-Public, Confidential
• Threats/Vulnerabilities: Level of Damage, Type of Vulnerability
• Threat/Vulnerability Likelihood: Low, Medium, High
• Vital Resources: Description of Vital Resources to the Institution’s Operations
• Recovery Point Objective: Description of How the Information or Asset Will be Recovered
• Recovery Time Objective: Approximate Time of Recovery 50 Copyright 2017 Malzahn Strategic
IT Risk Assessment Template
IT RISK ASSESSMENT
INSTITUTION NAME
DATE OF ASSESSMENT
ASSET NAME Ass
et
Typ
e: A
pp
licat
ion
/So
ftw
are
, P
roce
ss, o
r Sy
ste
m
Ass
et
Me
diu
m: P
ape
r o
r El
ect
ron
ic
Ve
nd
or
Nam
e
Co
ntr
ols
/Pro
ced
ure
s in
Pla
ce?
Y o
r N
De
scri
pti
on
of
Ris
ks A
sso
ciat
ed
wit
h
Ass
et
Ris
k M
itig
atio
n: D
esc
rip
tio
n o
f M
itig
atio
n o
f R
isks
Ris
k R
atin
g: L
ow
, Me
diu
m, H
igh
Cri
tica
lity
to In
stit
uti
on
: Le
vels
1 =
lo
we
st t
o 5
= h
igh
est
Re
sid
ual
Ris
k: L
ow
, Me
diu
m, H
igh
Info
rmat
ion
Cla
ssif
icat
ion
: P
ub
lic,
No
n-P
ub
lic, C
on
fid
en
tial
Thre
ats/
Vu
lne
rab
iliti
es:
Le
vel o
f D
amag
e, T
ype
of
Vu
lne
rab
ility
Thre
at/V
uln
era
bili
ty L
ike
liho
od
: Lo
w, M
ed
ium
, Hig
h
Vit
al R
eso
urc
es:
De
scri
pti
on
of
Vit
al
Re
sou
rce
s to
th
e In
stit
uti
on
's
Op
era
tio
ns
Re
cove
ry P
oin
t O
bje
ctiv
e (R
PO
):
De
scri
pti
on
of
Ho
w t
he
Info
rmat
ion
o
r A
sse
t w
ill b
e r
eco
vere
d
Re
cove
ry T
ime
Ob
ject
ive
: A
pp
roxi
mat
e Ti
me
of
Re
cove
ry
(ho
urs
, day
s o
r w
ee
ks)
Core System: Fiserv/ITI S E Fiserv Y
Core system is critical to the operations of the institution. We have no inhouse backup. Fiserv has backup sites. H 5 L NP, C
Confidential information, potential fraud M
Client information, daily operation of institution depends on core system
Will use backup site and remote DRP location from Fiserv 2 days
51 Copyright 2017 Malzahn Strategic
Categories Included in Internal Controls Risk Assessment #1
• Growth/New Activities
• Policies and Procedures
• Regulation and Compliance
• MIS/IT System Changes
• Turnover
• Quality of Management
52 Copyright 2017 Malzahn Strategic
Categories Included in Internal Controls Risk Assessment #2
• Training
• Date of Last Audit
• Previous Exceptions
• Risk of Monetary Loss
• Nature of Items
• Nature of Operations
53 Copyright 2017 Malzahn Strategic
Bank Insurance Policies Review
• Property and Casualty
• Liability
• Directors and Officers
• Auto
• Cybersecurity
• Umbrella
• Electronic
54 Copyright 2017 Malzahn Strategic
On-Going Monitoring: Opportunity & Risk Maps
COMBINED RISK AND OPPORTUNITY MAP EXAMPLE
Impact
Opportunities Risks
Extreme Major Moderate Minor Incidental Incidental Minor Moderate Major Extreme
Likelihood
Frequent
Likely
Possible
Unlikely
Rare
55
Source: Risk Assessment in Practice by COSO
Copyright 2017 Malzahn Strategic
On-Going Monitoring: Heat Maps
HEAT MAP SAMPLE
TLik
elih
oo
d
ID Risk
1 Capital
2 Earnings
3 Liquidity
Impact
56
1
2
3
Source: Risk Assessment in Practice by COSO
Copyright 2017 Malzahn Strategic
Bringing It All Together
• Start with your Strategic Plan
• Complete an ERM Program
• Identify and Assess Risks
• Mitigate and Eliminate Risks
• Monitor and Report Risks
• Start with ERM Risk Assessment
• Complete Risk Assessments enterprise-wide
• Be proactive and stay the course
57 Copyright 2017 Malzahn Strategic
Sources
• FDIC Risk-Based Assessment System – Financial Institution Letters (FILs) https://www.fdic.gov/deposit/insurance/risk/FILS.html
• OCC Bulletin 2015-48 Updated Guidance on Risk Assessment System (https://www.occ.gov/news-issuances/bulletins/2015/bulletin-2015-48.html#)
• OCC Comptroller’s Handbook: Community Bank Supervision https://www.occ.gov/publications/publications-by-type/comptrollers-handbook/pub-ch-ep-cbs.pdf
• COSO (The Committee of Sponsoring Organizations of the Treadway Commission) www.coso.org
• Credit Union Act https://www.ncua.gov/Legal/Documents/fcu_act.pdf
• NCUA (National Credit Union Administration) https://www.ncua.gov/regulation-supervision/Pages/default.aspx
• Credit Union National Association www.cuna.org
58 Copyright 2017 Malzahn Strategic
Marci Malzahn, President & Founder
[email protected] Consulting: www.malzahnstrategic.com
https://www.linkedin.com/pub/marcia-marci-malzahn/1/6/729
Speaking & Books: www.marciamalzahn.com @marcimalzahn
612-242-4021
59 Copyright 2017 Malzahn Strategic