Dear Members:
If you're a fan of classic board games, you might remember one of the most iconic: “Risk.” Once you get the hang of it, “Risk” is a fun and challenging game that combines strategy and luck, letting players experience the thrill of victory without the real-world agony of defeat.
Unfortunately, in the financial industry, it’s usually all challenges and no fun when it comes to managing risk. The rapid evolution of consumer and business expectations, fueled by the widespread use of digital technology, brings both advantages and challenges to traditional business methods. As the financial sector continues to evolve, effective risk management is essential to maintain stability and support the ongoing growth of every financial institution.
To that end, I spoke with Regina Lewie, Corporate One’s EVP, Chief Risk Officer, about key risk management hot topics. I encourage you to read further for insights into emerging risks, regulatory changes, and the future of risk management.
Melissa Ashley: From your perspective, what are the most significant emerging risks in the financial industry today?
Regina Lewie: From my perspective, there are four major categories of emerging risks: market volatility, cybersecurity, technology disruption, and regulatory uncertainty.
First, financial institutions must continually evaluate the issues that could threaten their safety and soundness—particularly severe market disruptions. Monitoring both macro‑economic and micro‑economic indicators is essential. National trends like inflation, unemployment, and political instability do not affect all regions or member bases equally. Institutions need to focus on the specific economic conditions that impact their own communities to anticipate credit stress, liquidity challenges, or changes in member behavior.
Second, cyber risk remains one of the most persistent and rapidly evolving threats. Cybercrime continues to grow in sophistication, and financial institutions must maintain constant vigilance, investing in both preventative controls and robust response capabilities.
Third, rapid innovation in payments—including the Genius Act, stablecoins, new payment rails, and cryptocurrency—creates strategic uncertainty. With so many emerging options, institutions face the challenge of deciding where to invest. Choosing the wrong platforms or overinvesting in technologies that members ultimately do not adopt could lead to wasted resources or operational losses. At the same time, failing to adapt could result in institutions becoming less relevant to future consumers.
Finally, the regulatory environment itself introduces risk. While changes may present opportunities, they can also create imbalances if new rules advantage certain sectors over others. Institutions need to remain adaptable and informed to navigate an environment where compliance expectations and competitive dynamics may shift quickly.
Melissa: Technology is transforming every aspect of business and has been doing so for some time. How are tools like AI and machine learning changing the way we assess and manage risk?
Regina: AI and machine learning enable faster, deeper, and more accurate analysis than traditional methods alone. These technologies allow us to process large volumes of data quickly, identify patterns that might not be visible through manual review, and deliver more meaningful insights to stakeholders.
In practice, AI‑driven tools enhance both the assessment and communication of risk. They streamline data gathering and automate portions of the risk‑assessment process, allowing our department to shift its focus toward higher‑value analysis after the assessment is complete. As a result, we can deliver findings to business owners more quickly, which helps them respond proactively to areas of elevated risk.
We are still in the early stages of integrating AI and machine learning into our risk‑management processes, but even now, these tools are improving the speed, accuracy, and effectiveness of how we evaluate risk.
Melissa: Cybersecurity remains a top concern for almost everyone. What should credit unions be doing to enhance their cybersecurity?
Regina: Pair a strong information‑security program with an enterprise‑wide cyber‑resiliency plan. Nobody wants a data breach, but if it happens, it’s important to remember that such a breach isn’t just an IT event—your response must include clear communication plans for members, staff, regulators, and the media. Cyber insurance providers can be a great resource, and you should regularly test your plan with participants across the organization so everyone understands their role.
It’s also critical to assess third‑party and even fourth‑party risk. Many recent breaches originated outside organizations themselves, so credit unions must actively review SOC reports, understand vendor access to sensitive systems, and monitor their overall security posture.
Melissa: Corporate One has a long history of innovation on behalf of our members. As we continue this track record, how do you ensure we strike the right balance between embracing new technologies and managing associated risks?
Regina: We balance innovation with effective risk management by relying on a clear governance framework and disciplined processes. First, our board‑approved risk appetite sets the boundaries for how much risk we are willing to take on when adopting new technologies. This ensures every decision aligns with Corporate One’s safety and soundness priorities.
Second, risk assessments are built directly into our innovation process—both when ideas are presented to the Enterprise Leadership Team and as concepts move into full project planning. Our goal in risk management is not to slow down innovation, but to ensure new technologies are implemented in a way that protects the organization and our members.
Finally, our enterprise risk management program provides independent oversight, supported by formal reporting through the CEO and the board‑level ERM Committee. This structure ensures risks are thoroughly evaluated, transparently communicated, and appropriately managed as we continue to innovate on behalf of our members.
Melissa: What lessons have we learned from recent market volatility or economic situations that may shape our future approach?
Regina: Recent market volatility has reinforced the importance of truly active balance sheet risk management. It has shown us that relying solely on historical averages or traditional risk metrics is not always sufficient in today’s environment. We need models and monitoring practices that account for a wider range of scenarios, including those we have not frequently seen in the past.
We’ve also recognized that regulatory uncertainty is becoming a more significant source of potential financial risk. As regulatory priorities evolve, the rules that govern our industry could shift quickly, creating unintended impacts on capital, liquidity, or operational processes. Proactively monitoring this emerging area helps us stay prepared rather than reactive.
Throughout these shifts, our commitment to maintaining a safe and sound balance sheet remains the foundation of our approach. However, what is evolving is how broadly we define “safe and sound”—ensuring our strategies remain resilient across a variety of possible future outcomes.
Melissa: What's the best way to ensure risk management is embedded in strategic decision-making across the organization?
Regina: The best way is to ensure Risk has a seat at the table from the very beginning. This way we can provide a balanced perspective on both the opportunities and the potential downsides—adding clarity, not obstacles. Our role is to ask informed, forward-looking questions that help leaders make decisions with a full understanding of the risks and rewards.
Just as important is cultivating a strong, organization-wide, risk-aware culture. At Corporate One, this culture is evident in how frequently business areas proactively seek guidance from the risk team. Those consultative conversations show that risk thinking isn’t siloed—it’s part of how people across the organization approach strategy, innovation, and day-to-day decision making.
Melissa: Looking ahead, are there any upcoming regulations you anticipate that will require attention?
Regina: We are closely monitoring the upcoming regulations associated with the Genius Act and the potential implications for our industry. As details continue to emerge, we’re evaluating possible use cases, how credit unions may be expected to participate, and what specific roles corporate credit unions could play in supporting that ecosystem.
Because Corporate One is a significant payments provider for credit unions, it’s essential that we understand these changes early and prepare to offer meaningful, reliable services that align with the new regulatory framework. Our goal is to help our members navigate these developments while ensuring we continue to operate safely, efficiently, and in full compliance.
Melissa: What advice would you give to financial institutions—and to us—about staying ahead of emerging risks?
Regina: Keep the process simple, consistent, and inclusive. Emerging‑risk identification should be a shared responsibility across the leadership team, with the list reviewed frequently and communicated throughout all levels of management. This builds awareness, encourages open dialogue, and expands the flow of information from across the organization.
Leaders should invite teams to share their observations and perspectives—valuable insights often come from those closest to day‑to‑day operations. Identifying risks is the easy part; the real work lies in determining when and how to act. Evaluating risks requires both qualitative judgment and quantitative analysis, and frequent leadership discussions help determine which risks require immediate attention due to their velocity or potential impact.
Most importantly, stay open‑minded. Listen to the substance of the message rather than focusing on who delivers it. A culture that values diverse perspectives and clear communication stays ahead of emerging risks.
Thanks to Regina for sharing these insights. As you reflect on her thoughts, think about how they might relate to your credit union’s daily operations and long-term strategy. Risk management isn’t a one-time task; it’s an ongoing process that requires attention, teamwork, and dedication. Keep these insights in mind, and you’ll be better prepared to handle uncertainty and protect the trust your members place in you.