PRA issued two letters to Category 5 credit unions with the findings of the 2019 assessment of credit unions. Each credit union received one of the two letters, depending on the peer group it falls into. One peer group (group 1) is made up of credit unions with total assets above GBP 15 million and/or with more than 10,000 members. The other peer group (group 2) is made up of credit unions with total assets below GBP 15 million and fewer than 10,000 members. Both letters addressed key issues such as governance, operational risk and resilience, and cyber security.
The key findings of the assessment include the following:
- Operational risk and resilience and cyber security—Before undertaking strategic initiatives to expand and develop new activities, especially online activities, it is essential to conduct a comprehensive operational risk assessment, ensuring that appropriate and adequate robust systems and controls are in place. There has been an increase in the number of operational and cyber incidents in credit unions over the last year. Credit unions should think about their business services, how their services could be disrupted, and how they might need to adapt to ensure that critical services can continue to be delivered through disruptions.
- Outsourcing—All credit unions using or considering the use of outsourcing should review their arrangements in light of the requirements listed in Section 14 (Outsourcing) of the Credit Union Rulebook Part. This includes, among other things, demonstrating that the credit union is able to terminate the arrangement, where necessary, without detriment to the continuity and quality of its provision of services to members. There have been instances where this has not been the case and this poses a risk to credit unions and their members.
- Management and monitoring of liquidity—Many credit unions with total assets above GBP 15 million and/or with more than 10,000 members have been successful in increasing lending over the last twelve months. However, PRA has noted instances where either an increase in lending and/or an illiquid investment, deposit, or reinvestment led to a significant reduction in the liquidity of a credit union, with some credit unions falling below the minimum required level. In some cases, credit unions could only rectify their position by taking out short-term loans from other credit unions. All credit unions are expected to maintain an up-to-date liquidity management policy statement approved by the Board.
- Provisioning—All credit unions with total assets below GBP 15 million and fewer than 10,000 members are required to make adequate provision for bad debts. PRA has seen instances where credit unions have treated their bad debt incorrectly and miscalculated their provisions. This has led to instances of financial difficulty and, in some cases, failure. Directors must ensure that they regularly review management information on bad debt and provisions and take steps for the assurance that the information reported to them is being correctly and properly calculated.
Keywords: Europe, UK, Banking, Credit Unions, Operational Risk, Governance, Outsourcing, Provision for Bad Debts, Liquidity Risk, Cyber Risk, PRA
Previous ArticleESRB Assesses Vulnerabilities in Residential Real Estate in EEA
BIS published a paper that provides an overview on the use of big data and machine learning in the central bank community.
APRA finalized the reporting standard ARS 115.0 on capital adequacy with respect to the standardized measurement approach to operational risk for authorized deposit-taking institutions in Australia.
ECB published a guide that outlines the principles and methods for calculating the penalties for regulatory breaches of prudential requirements by banks.
MAS and The Association of Banks in Singapore (ABS) jointly issued a paper that sets out good practices for the management of operational and other risks stemming from new work arrangements adopted by financial institutions amid the COVID-19 pandemic.
ACPR announced that a new data collection application, called DLPP (Datalake for Prudential), for collecting banking and insurance prudential data will go into production on April 12, 2021.
BCB announced that the Financial Stability Committee decided to maintain the countercyclical capital buffer (CCyB) for Brazil at 0%, at least until the end of 2021.
EIOPA has launched a European-wide comparative study on non-life underwriting risk in internal models, also kicking-off of the data collection phase.
SRB published an overview of the resolution tools available in the Banking Union and their impact on a bank’s ability to maintain continuity of access to financial market infrastructure services in resolution.
EBA is consulting on the implementing technical standards for Pillar 3 disclosures on environmental, social, and governance (ESG) risks, as set out in requirements under Article 449a of the Capital Requirements Regulation (CRR).
ESAs Issue Advice on KPIs on Sustainability for Nonfinancial Reporting