Guest Editorial by Katie Ferrell, Vice President of Compliance Services, ViClarity
Nearly everyone in the modern working world will relate to this scenario: you log into work one day, and—surprise!—a new technology platform has landed on your desktop. The decision to upend your workflow seemingly happened overnight and without any input from you, a designated super user.
Experiences like this represent a major missed opportunity for IT leadership. Generally speaking, employees are enthusiastic about the promises of new technology. A recent EY survey found 89% of US workers believe adopting emerging technologies is beneficial for their organization. When specific platforms miss the mark, it’s not typically due to change resistance. Instead, employees who are not consulted before implementation may struggle with the unintended consequences of the change.
Compliance professionals face this challenge to the same degree as their operational counterparts, and yet they have the added pressure of ensuring new technology meets the organization’s risk tolerance and regulatory requirements. Within the credit union industry, it’s become popular for individual cooperatives to weave together intricate quilts of fintech solutions from various digital banking providers. As integrations accelerate, so does the demand for rigorous due diligence, pushing compliance teams to keep pace with an ever-expanding risk landscape.
IT leaders can ease some of this pressure by collaborating closely with their compliance colleagues, involving them early in the process of shopping for and bringing on new fintech partners. What follows is a set of expectations credit union compliance pros are likely to have for any new solution the credit union is considering adding to its tech stack.
The technology is user-friendly: A Freshworks survey found the biggest challenge IT faces when it comes to enticing teams to use new tools is hard-to-use applications with a high learning curve. Risk-oriented leaders anticipate a series of threats from difficult or unfriendly systems, typically in the form of employees resorting to unapproved workarounds or use of shadow IT.
The technology is up to date: Nearly six in 10 (59%) senior leaders say emerging technologies are typically outdated by the time they are fully adopted. Earlier-generation platforms will give compliance pros heartburn for a couple of reasons: the risk of discontinued use by frustrated employees and the threat of cybersecurity vulnerabilities.
The tech provider has a culture of compliance: Fintech partners should always align with credit unions on values, purpose and vision. Compliance leaders will also expect the credit union’s tech providers to align principles of governance, risk and compliance. That’s because credit union regulators hold the credit union responsible for all violations—even those caused by a vendor partner.
Executable controls are possible: In addition to assessing the criticality of any new tech partner, compliance will want to understand the practical methods for controlling against non-compliance or other threats, such as data breaches or system compromises. The compliance team will no doubt insist on a pre-engagement risk assessment to evaluate potential vulnerabilities and identify mitigation strategies.
Due diligence is manageable: Small credit unions often rely on a single person to handle vendor management, making the addition of even one new tech provider a heavy lift. Even when these responsibilities fall under an IT audit, the compliance lead may still be called on to support ongoing risk assessments and mitigation strategies. By leveraging its expertise in automation, IT can help lighten the load for compliance by integrating vendor management tools that streamline due diligence, centralize documentation and simplify ongoing assessments.
Successful technology integration isn’t only about finding the right solution for the credit union and its members; it’s also about ensuring those solutions work for the people inside the cooperative. By involving key employees—especially super users and compliance leads—in the selection and onboarding of new tech, IT can ensure the full team embraces change with enthusiasm.
Katie Ferrell, CRCM, CAMS is vice president of compliance services for ViClarity, a global provider of governance, risk and compliance technology. She can be reached at katie.ferrell@viclarityus.com.