credit union ai audit risk and compliance

This is the 1st blog in a series about Artificial Intelligence (AI) in the context of credit union risk and compliance. This series is designed to provide auditors and compliance professionals with a clear understanding of how AI can be applied and managed within their operations.

What do you think of when someone suggests using AI at your credit union? What role do you see AI playing?

How each credit union approaches AI will depend on a few things:

    • The credit union’s strategic needs;
    • Who or which department intends to use AI; and
    • The credit union’s appetite for risk.


No matter your credit union’s position on the above, you can simplify its approach into one of 3 distinct categories. Furthermore, there will be 1 clear takeaway.

Using AI for Offense or for Defense

Credit unions can use AI for either offense or for defense. Credit unions may choose one or both as they move into the era of AI.

Here’s how we categorize each:

Using AI for offense is a way of helping your credit union grow. Examples of using AI for offense include automated AI loan decisioning, AI chatbots and assistants that help members with banking, and anything that helps to improve organizational efficiency and effectiveness. (In that vein, AI note-taking apps and even ChatGPT could qualify as using AI for offense.)

Using AI for defense is a way of reducing the credit union’s exposure to risk. Examples of using AI for defense might include some KYC/AML solutions, crime prevention strategies, AI-powered cybersecurity, and fraud prevention technology.


Depending on your credit union’s needs and comfort level with AI, it may choose to explore neither, offense, defense, or a combination of the two.

Being Intentional about Your Credit Union’s Strategy

Offense vs. Defense. It’s important that the credit union be intentional about which strategy it’s pursuing.

But why?

First, because setting intention behind the credit union’s strategy will improve its chances of success. Often, when trying something new, organizations dabble, dip their toes in, and don’t devote appropriate resources. However, using AI should be approached with commitment.

Second, because categorizing your credit union’s AI strategy is a key part of your risk assessment. To identify the risks that an AI solution or strategy poses to the credit union, you’ll need to know what you’re trying to do with it.

  • What is the goal of the AI solution?
  • What are the risks that it poses?
  • What are the risks associated with continuing without a solution or using a traditional (non-AI-powered) solution?


These are questions that you and your leadership team will need to ask and answer as part of you AI Assurance Agenda. (We’ll cover that in another part of this series.)

Next Steps and Takeaways

When working with new AI solutions, it’s important for credit unions to do the following:

    1. Define whether their AI strategy is for offense, defense, or both;
    2. Understand the goals of the AI strategy or solution;
    3. Set intention behind the stated AI strategy or solution; and
    4. Run the AI strategy or solution through an AI Assurance Agenda.



Subscribe now to see further installments of this series on AI and credit union risk and compliance.

If you’d like to see how Redboard can save time and improve visibility and accountability in your audit process, schedule an assessment here.

Posted in: