NCUA Releases Supervisory Letter on Enterprise Risk Management

The National Credit Union Administration (NCUA) recently released Supervisory Letter No: 13-12 on the subject of Enterprise Risk Management (ERM).  The supervisory letter discusses the NCUA’s views on ERM as one framework for managing risk, and the NCUA’s supervisory expectations with regard to credit unions’ risk-management programs.

Natural person credit unions are not required to implement formal ERM programs, but every credit union should have sound processes sufficient to manage the risks associated with their business model and strategies.

Enterprise risk management is a comprehensive risk-optimization process that integrates risk management across the organization.  ERM is not a process to eliminate risk or enforce risk limits, but rather a way to encourage organizations to take a broad look at all risk factors, understand the interrelationships among those factors, define an acceptable level of risk, and continuously monitor functional areas to ensure that the defined risk threshhold is maintained.

The NCUA recognizes that most credit unions do not possess the size or depth of resources to warrant the significant investment necessary to implement ERM programs.

Instead, examiners will gauge a credit union based on the effectiveness of all risk-management programs against the identified and perceived risk posture of the credit union, the capability and commitment of the management toward a culture of risk management, and the financial strength of the credit union in relation to individual and collective risk exposures.


Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News, NCUA.