Clearing a Path Forward for Credit Union Innovation
By : Alia Luria
Melissa Koch, the InFront CEO, discusses whether the digital strategy of credit unions are adequately positioned to withstand a longer-term shift to remote operations in this Credit Union Times piece.
Credit unions have long played a vital role in the communities they serve, providing much-needed access to capital for individuals and local businesses alike. This current time of crisis, marked by a global pandemic and shaky economic conditions for many, is no different. Many have stepped up to continue serving their members, and to facilitate access to the Small Business Association’s Paycheck Protection Program (PPP) loans throughout this challenging time. However, rapidly unfolding regulatory obligations and social distancing guidelines have certainly presented a unique confluence of challenges – challenges that credit unions must be equipped to handle in the future.
Moving forward, the banking landscape as a whole will probably look quite different. The emergence of COVID-19, which has upended the way many credit unions do business, has inadvertently strengthened the case for an enhanced focus on digitization and agility across the entire value chain. As we have witnessed many states’ reopenings correspond with an alarming spike in coronavirus cases, it becomes quite possible that there will be a very real need for extended social distancing measures. To that end, we can expect to see more emphasis on e-signatures, real-time payments and remote identification technologies. It’s imperative that credit union leaders consider their digital strategy and whether it is adequately positioned to withstand a longer-term shift to remote operations, as well as nimbly adapt to further emergency financial measures akin to the PPP.
Finding the Right Fintechs
Credit unions are, of course, membership-driven organizations that pride themselves on serving their communities. This deep-rooted commitment to their members is precisely why, in recent years, many have turned to innovative fintech companies to help them streamline and upgrade a variety of processes, from digital account opening to online payment processing and lending. Partnerships with fintechs have become a linchpin for improving technological capabilities, thus expanding geographical reach and augmenting member experience.
However, it’s critical that credit union leaders conduct adequate due diligence before signing on the dotted line, taking the time to ensure they are choosing the right tools. As longtime technology lawyers, my InFront Compliance cofounder and I have had a front-row seat to the issues that can arise when leaders fail to undertake sufficient assessments and unwittingly select a partner that exposes them to legal liability. With that in mind, here are some considerations that should be top of mind when you’re evaluating third-party vendors:
With cyberattacks growing ever more sophisticated, and with broad swaths of the workforce now operating remotely, the need to implement robust data security controls has become more critical than ever. Perhaps unsurprisingly, cynical cybercriminals and state-sponsored hackers have leveraged the ongoing COVID-19 pandemic as an opportunity to launch a fresh wave of malware, ransomware and phishing attacks.
You might be relatively confident that your own house is in order, but it’s also important to ensure that your third-party vendors are taking the necessary precautions to safeguard member data. After all, unscrupulous hackers often attempt to gain access to financial data by exploiting weaknesses in third-party vendors’ networks. Just because you have outsourced a process to a third party, it doesn’t mean that accountability has been outsourced – as far as regulators are concerned, the buck stops with you.
The National Institute of Standards and Technology and International Society of Automation frameworks represent credible springboards for initiating and navigating discussions with vendors about data sharing permissions and other cybersecurity efforts. Additionally, spend time talking with stakeholders within the prospective partner firms to learn more about their commitment to safeguarding data and protecting against cyberattacks. Do they have training programs in place to educate their employees about emerging risks and their role in mitigating them? Have they undergone an SOC 2 certification audit to evaluate their compliance with core trust principles? What insurance does the vendor have in place in the event that a critical data security breach does occur?
Lastly, it’s important to remember that third-party and vendor risk management doesn’t end once the initial due diligence has been completed. On an ongoing basis, credit unions should maintain an up-to-date list of third parties that have access to their networks, and ensure that data access is restricted to only that which is deemed absolutely necessary. It is also prudent to implement internal controls and audits, continually ensuring that third parties are taking the adequate steps to protect member assets. After all, a data breach could not only land you in hot water with regulators, but it could severely impact your reputation and the hard-earned trust of your members – in one survey from the Identity Theft Resource Center, 12% of respondents indicated they had parted ways with their credit union as a result of fraudulent activity on their accounts.
Historically speaking, banks and credit unions haven’t always done the best job of designing products and services with the end user in mind. Legacy systems have often made for a lackluster digital experience that can frustrate or even alienate customers and members.
Fortunately, the tide is shifting. One area in which many fintechs have excelled is in embracing and implementing design thinking – an iterative process that necessitates a deep understanding of the end user, and an empathy for what will resonate most. This understanding of the consumer and their needs, as well as a firm commitment to delivering exceptional user experience, can help a fintech to stand out among the competition. Responsive design, with intuitive and easily navigable interfaces, makes for a digital service that your credit union members will actually want to use.
With much of the workforce continuing to operate remotely, it has become more important than ever to find ways to collaborate effectively and break down internal silos. These silos exist not only across teams, but in the tools they use – and this became all too apparent in the context of COVID-19. Slow delivery of economic stimulus payments and PPP funds has underscored the need for a more reliable infrastructure.
Moving forward, interoperability – the ability for digital products to communicate with and understand each other effectively – will be seen as a must. Stakeholders must be able to securely access, exchange, integrate and use data in a fast, collaborative manner. This necessitates a vast array of third-party APIs, but the payoff will likely be worth it: Streamlined and frictionless functionality can delight credit union members, employees and partners. The right tech stack, if integrated effectively, can also open up new revenue streams for credit unions.
The COVID-19 pandemic has taught credit unions to expect the unexpected. This means having a robust plan in place to ensure business continuity, while simultaneously managing the day-to-operational challenges of managing and overseeing a remote workforce. By embracing innovation in a careful, measured way, credit unions can continue to support and enrich the communities that they serve.
For a link to the Credit Union Times article, please click here.