While it’s easy to become complacent, you can’t afford to do so.
While the press focuses our attention on the recent large turnover of appointed federal officials for questionable ethics, a similar script plays out daily in state and local government and, unfortunately, at credit unions.
In the last year I’ve worked with two credit unions that removed officials—one a CFO (for embezzlement), the other a board member (for unethical behavior). Social media is now making more of these stories transparent and it should be a wakeup call for credit union boards of directors: No board is immune to unethical behavior or financial crime.
In my career I’ve had the pleasure of working with more than 360 for- and not-for-profit boards of directors and sat on both kinds of boards. In my work leading board seminars with CUES, I get to interact with hundreds of credit union board members and many boards, and my impression is that our boards are getting more complacent rather than more attentive—this, despite the massive focus on risk management promoted in the current governance literature.
The credit union movement is particularly blessed. Most credit unions are financially secure, have a long history of good performance and are adored by their members. Most credit union boards are well intentioned yet greatly inexperienced at governance. It is not unusual for a credit union board to worship its CEO, to consider regulators enemies, and to lack the proper expertise to provide the kind of oversight that can prevent fraud and unethical behavior.
When CEOs lavish money on boards for retreats, gifts (one credit union I fired as a client regularly gave large-screen TVs and other significant gifts to board members) and pay for travel to resorts for board meetings, it’s harder for the board to scrutinize the CEO or executive team. It’s also easy for boards to become complacent when the credit union is performing well financially.
Supervisory committees appear to be losing focus, too, and frequently only conduct routine reviews. The relationship between supervisory committees and boards remains consistently tense or non-existent across the credit union movement. Intense, random audits are rare, review of key authorizations for large expenses are rare, and systems to assure validity of travel and other authorized expenditures is frequently sophomoric. I’ve known many a board member caught filing false travel vouchers for reimbursement only to simply be told to stop rather than being sanctioned or removed from the board. Risk management and internal audit functions have been slow to mature in the credit union industry.
There are grifters at every level of society, including among credit union executives and boards of directors. A recent wakeup call occurred three months ago when a cherished CEO of a highly regarded credit union was arrested for embezzling millions. This only reflects one who was caught.
A recent CEO client was “directed” by her board not to fire the popular CFO despite non-performance concerns and suspicions of unethical behavior. When the CEO was finally able to secure a forensic audit, the CFO resigned and, yes, embezzlement was discovered. There is a reason why good governance practices suggest intensely auditing financial transactions: Criminal intent lurks everywhere, frequently hiding behind quite popular or generous personalities.
I’ve served on five boards of directors of organizations with large, complex financial footprints. These boards were fortunate to attract highly experienced executives who also have governance experience. What I’ve learned from those experiences as well as from paying attention to the current governance literature is that we still have a long way to go in the credit union movement to protect our members from unethical leadership practices.
Today’s governance guidance, even for smaller organizations, is to have a board enterprise risk management committee, a board audit committee separate from the finance committee, and an internal auditor who reports to the board. While external threats from hackers have driven this guidance, the internal risk should not be understated. Auditing and strengthening guidelines for financial expenditures and contracts can confirm what every board wants … that it has a cleanly run organization. It can also scare away the fraudulent employee and more quickly uncover fraudulent events.
External audit contracts should be changed about every three years so that fresh eyes come into your organization on a regular basis and CEOs and CFOs don’t get cozy with the audit firm. Even with greater scrutiny of external auditors, just this year a highly recognized and respected international CPA firm was fined millions of dollars (and made headlines) for not identifying the risky financial behavior of a failed business.
Internal auditors and teams can be dispatched, even part time, to scan high-risk areas and make suggestions for tightening protocols and preventing fraud. Boards should have direct and unencumbered access—if not oversight—of internal audit. Spot and random audits of key financial transactions and contracts should become the norm. These actions are not burdens for a board nor expenses for the organization; they are investments in protecting the members’ interest against unethical behavior.
As more credit union board members start being paid, it’s time to ensure we also have the right mix of experience and governance literacy on our boards. The inexperienced mom-and-pop volunteer board is risky. Financial prowess, complex business executive experience, and risk management knowledge can help credit union boards ensure they are asking the right questions, directing the right oversight and depending less on the CEO for oversight guidance.
Disruption has come to the credit union movement, mostly in the way of technological advances and generational shifts in membership. It is also coming in the way of risk management. Any headline identifying unethical or fraudulent behavior of a leader should be cause for a board to look in the mirror and ask, “Could that happen here?”
Les Wallace, Ph.D., is president of Signature Resources Inc., author of Principles of 21st Century Governance and co-author of A Legacy of 21st Century Leadership. His articles on governance have been published by BoardSource, the World Future Society, and CUES. He is a frequent speaker and consultant on leadership and governance.