IN THIS EDITION

Central Bank PRISM RISK Supervisory commentary March 2018
IT Risks in Credit Unions – Thematic Review by Central Bank
Prize Draws in Credit Unions – Thematic Review by Central Bank
House Loans in Credit Unions – Thematic Review by Central Bank
Draft Data Protection Bil
In March 2018 the Central Bank released its PRISM supervisory commentary 2018. The main objectives of supervisory engagements at present are
1. To drive standards of best practicce while ensuring compliance with regulatory requirements.
2. To ensure early-stage risk detection intervention and risk mitigation.
In addition strong governance culture and identification and mitigation of risks is core to ensuring the protection by each Credit Union of the funds of its members and the maintenance of the financial stability and well-being of the sector.

Governance and Risk Management
Concerning that over 60% of individual risks identified in the course of supervisory engagements considered related to governance or operational risk.
Of significant concern is the high proportion of governance risk issues identified during PRISM engagements. These ranged from 35-38% of all risk issues identified across the three asset classes. The scale of governance related risk issues is concerning in light of the time that has elapsed since the new governance framework was introduced in 2012 and the extensive work undertaken by RCU in developing and supporting the implementation of governance requirements for credit unions.
The Central Bank continues to find differing standards across the Credit Union sector and while some credit unions demonstrated relatively sound governance and risk management practices, in a substantial number of credit unions significant governance and risk management issues were identified. It is notable that issues identified are found in credit unions of all sizes, and not just confined to smaller entities.
Credit unions must embed systems and controls to acceptable levels before considering significant business model development. Systems should identify early-stage risk detection, intervention and risk mitigation.

Strong governance is fundamental to a well-run and strongly performing entity, and together with effective systems and controls contribute to the essential prudential foundations to underpin the sustainability of the credit union. The Central Bank expects credit union boards to have a strong awareness and understanding of the impact of poor governance and unmanaged risk.
However there is a shift in emphasis within RMPs issued with less focus on board and management operational dysfunction and increased focus on weaknesses in risk oversight, reporting and management systems with a particular focus on the quality of engagement between boards and the internal audit and risk management function.
Boards should be able to leverage off compliance, risk and internal audit functions to improve their governance capability. This will only occur where there is greater quality engagement between board members and these key functions, resulting in proactive responses from boards to matters raised by these functions.
An evaluation of the quality and effectiveness of remediation of RMPs issued will be a key focus of our 2018 on-site engagement programme to ensure that all credit unions are moving towards an integrated risk governance culture with a strong awareness and understanding of the impact of unmanaged risk.

A credit union? s foundations are its governance, risk management and operational capabilities. Through our supervisory engagement credit unions are required to manage risks in a systematic and structured fashion, by setting out the mitigating actions to be taken to address them.
Ineffective engagement with the risk management and compliance functions, including failure to adequately monitor the quality of the outputs of these functions. In addition, there was a lack of board awareness of issues highlighted, as well as failure to provide written responses to the reports provided by these functions.

Operational Risk
Failures to document processes and procedures and failures to implement them effectively.
Issues were also identified in relation to inadequate segregation of duties with examples of individuals holding responsibilities for multiple functions in credit unions increasing the risk of error and misappropriation.
Concerned to note the high proportion of operational risk findings, representing up to 27% in one asset class between ?25M to ?100M size Credit Union.

Credit Risk
Credit risk represents a high proportion of all risk issues identified across the credit unions we visited.
S ignificant issues with credit underwriting processes including examples of credit unions failing to assess member capacity to repay before providing loans and failing to document rationales for credit decisions.
Strategy/Business Model Risk
Concerns regarding the quality, effectiveness of implementation and level of review of strategic plans.
Strategic thinking about how to evolve the credit union business to adapt to the challenging operating environment needs to be a fundamental part of the board and management conversation.
Strategic planning must be undertaken within the context of the credit union? s stated risk appetite and be aligned to its operational capabilities, as well as member product and service expectations.
A strategic, forward-looking focus at board level, with quality discussion and challenge of strategic plans and associated targets evident at board meetings. The ongoing monitoring and tracking of metrics to assess the implementation and effectiveness of the strategic plan is key to effective governance and driving the future direction of the credit union.
Capital, Market and Liquidity Risk
It is vital that Credit Unions have a clearly articulated investment risk appetite, reflective of the fact that member? s funds are being invested by the credit union and the statutory obligation to ensure no undue risk to member? s funds.