All Posts By

Michael Fortune

Outsourcing Policy

By | Owner Members, Policy Development

CUDA is currently reviewing the Outsourcing Policy in light of the publication of:

  1. Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  2. EBA revised Guidelines on Outsourcing Arrangements

The recommendation on outsourcing to cloud service providers, published in December 2017, has also been integrated into the Guidelines.

The EBA revised Guidelines are applicable to the following

  • Institutions that fall under Directive 2013/36/EU (i.e. CRD)
  • Institutions that fall under Directive 2014/65/EU (i.e. MiFiDII)
  • Institutions that fall under Directive 2015/2366/EU (i.e– PSD2) in so far as that institution is defined as a payment institution

Credit Unions are not subject to the CRD or MiFiDII Directives. Credit Unions are subject to PSD2 in their function as a payment service provider but are not payment institutions under Chapter 2 of EU (Payment Services) Regulations 2018 [SI No. 6, 2018]. Relevant learnings and best practice can be taken from the EBA Guidance document and the Central Bank Discussion Paper of November 2018. The EBA Guidance definition of what is and isn’t outsourcing is very helpful. We will adopt best practices in to the Outsourcing Policy.

Meanwhile on CUSP you can obtain the following:

  • Outsourcing Policy 2017
  • Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  • EBA revised Guidelines on Outsourcing Arrangements

If you have any questions on any of the above please do not hesitate to contact us (

Governance Policy

By | Owner Members, Policy Development

The Governance Policy has been reviewed and updated to take account of:

  1. PRISM Supervisory Commentary 2019
  2. Credit Union Act 1997 (Regulatory Requirements) (Amendment) Regulations 2018 (S.I. No. 32 of 2018)

The 2019 PRISM Commentary paper on Governance Risk reflects many of the findings set out in the 2018 PRISM Commentary paper in particular in relation to exercising appropriate oversight of the management team – both the 2018 and 2019 papers highlight the need for effective engagement by the Board with internal audit, risk management and compliance functions. The 2019 provides that the Board will formally respond to issues raised by the risk management, compliance or internal audit functions.

A follow-on email highlighting the changes to the Policy will issue to Compliance Officers. Meanwhile, if you have any queries please do not hesitate to contact us (

You will find the following on CUSP:

  • Governance Policy 2019
  • PRISM Supervisory Commentary 2019
  • PRISM Supervisory Commentary 2018
  • Credit Union Act 1997 (Regulatory Requirements) (Amendment) Regulations 2018 (S.I. No. 32 of 2018)

New Products and Services Policy

By | Owner Members, Policy Development

The New Products and Services Policy has been reviewed and updated to take account of

  1. Business Model Strategy: Guidance for Credit Unions, February 2019
  2. EBA Guidelines on internal governance under Directive 2013/36/EU [EBA/GL/2017/11]

The Policy was last reviewed and updated in March 2017. It captured considerable changes at that point, in particular to take account of POG – Product Oversight and Governance Arrangements for Retail Banking Products (March 2016).

The RCU require that the policy is followed when introducing a new product. CUDA is currently completing work on the introduction of a Revolving Credit Product. Introducing a product of this nature, or introducing mortgage lending, would both instigate the application of this Policy.

You will find the following on CUSP:

  • New Products and Services Policy 2019 
  • Business Model Strategy: Guidance for Credit Unions, February 2019
  • EBA Guidelines on internal governance under Directive 2013/36/EU [EBA/GL/2017/11]

A follow-on email highlighting the changes to the Policy will issue to Compliance Officers. Meanwhile, if you have any queries please do not hesitate to contact us (


By | Owner Members, Policy Development

We are coming up to the one year anniversary of the commencement of GDPR. It is likely that we will start to see greater supervisory and enforcement action from the DPC and more guidance in the coming months. In 2018 CUDA organised a GDPR Forum which ran over ten workshops. Along with the involvement of participants, the workshops produced tangible outputs and documents, which are all available on CUSP.

A follow-on workshops will take place in May. These forum sessions will focus on:

  • Summary update on GDPR
  • How to progress with GDPR
  • Office of the Data Protection Commissioners
    • What’s the Current Hot Topics including
      • Complaints handling
      • Breaches
      • Minor Accounts
    • Update on DPC expectations one year on
  • Updates on DPC Audits
  • And any other areas that your Credit Union would like re-visited or covered.

The workshop will take place as follows:

Date: Tuesday 28th May 2019

Start time: 10am (registration from 9.30am)

Finish time: 3.30pm

The workshop with be chaired by Shane Martin of Walkers Global. Further details will issue to participants early next week, meanwhile, if you require any additional information please do not hesitate to contact us on

Fitness and Probity – Dear CEO Letter

By | Owner Members, Policy Development

On 8 April 2019, the Central Bank of Ireland wrote to all regulated financial services firms, including credit unions, reminding them of their legal obligations under the fitness and probity regime.  The letter set out the Central Bank’s view that there is a lack of general awareness regarding the scope of the fitness and probity regime.

The letter provides details of specific issues that all firms, including credit unions, should address to ensure that they comply with the fitness and probity requirements. These include:

  • Credit unions have ongoing obligations to ensure that they do not allow a person to perform a CF role unless they are “satisfied on reasonable grounds” that the person complies with the Central Bank’s fitness and probity requirements.
  • Credit unions must conduct due diligence on an ongoing basis to ensure employees and officers in CF roles continue to comply with the requirements.
  • Credit unions should require those persons performing CF roles to undertake to notify the Central Bank of any changes in circumstance, which might be material to their fitness and probity.
  • Some firms have identified fitness and probity concerns about an individual and have taken steps to address these, including suspension for dismissal, but have failed to report those concerns, or the steps taken by the firm, to the Central Bank.
  • The Central Bank has observed a number of instances where individuals have not provided material information on their applications to the Central Bank for approval to senior roles. On occasion, applicants have failed to disclose material facts in their individual questionnaires which are either known to proposing firms, or would have been known if proper due diligence of their proposed candidates had been conducted.

The Central Bank has taken enforcement action against firms, including credit unions, for failing to put in place, or failing to follow, proper systems and controls to ensure compliance with the fitness and probity regime.

CUDA proposes to host Compliance Forums throughout Q3-4, as was reported in previous Info Briefings. We are proposing that one of the sessions will focus on demonstrating compliance with the fitness and probity regime and addressing the outputs needed to demonstrate compliance and meet the requirements in the Dear CEO letter. We will be in touch with you in relation to the Compliance Forums and proposed agenda.

Central Bank of Ireland – ES2 €100 and €200 banknote launch

By | Owner Members, Representation

Further to email sent to your credit union last week, please note that the new ES2 €100 and €200 banknotes will be launched on 28 May 2019.  In advance of this, we wish to advise you of some of the information currently available on the European Central Bank website.  Please follow the links to learn more about the new banknotes, including their security features.  

ES2 €100 and €200 security features –

ES2 €100 and €200 key fact sheet –

Further information on banknotes –

Please provide these links to front of house staff who are in cash handling roles as an education tool. 

If you have further queries,  please let us know to or otherwise you may contact the CBI directly at

Beneficial Ownership Register – Requirement of 4th EU Money Laundering Directive

By | Owner Members, Representation

CUDA attended the AML Private Sector Consultative Forum (PSCF) last month and provided an update to you by email. The Department of Finance and Central Bank were in attendance. CUDA wish to give you an update in relation to the Beneficial Ownership Register (BOR), requirements under the 4th EU Money Laundering Directive and European Union (Anti-Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2016.    

We previously communicated with you, back in February ’17, and provided guidance in relation to the setting up the BOR at your credit union. There has been significant delays at government level in the setting up of the BOR due to delays in implementing legislative provisions. Ireland has been under significant pressure to finalise this element of the 4thAMLD and EU infringements are imminent if Ireland cannot comply asap. Draft regulations on Beneficial Ownership of Corporate Entities Regulations 2019 have already been circulated to your credit union.  

While credit unions are unlikely to be as significantly impacted as other financial institutions, a number of requirements were set out in the 2017 guidance. The following is a summary of requirements for credit unions:  

1.   Establish the beneficial owners of the credit union 

Establish the beneficial owners of the credit union.  For the purposes of the Regulations, a “beneficial owner” is a person who ultimately owns or controls the relevant entity, in this case the credit union…..   The credit union must, at a minimum, record the information in respect of each director and the chief executive officer/manager of the credit union in the Register as its beneficial owners.   

2.  Obtain the required information and enter it on the Beneficial Ownership Register 

 When the credit union has established its beneficial ownership, the requisite information and supporting documentation for the purposes of the Regulations must be obtained from them and entered on to the Register.  As this is most likely to apply to the senior managing officials of the credit union, the following sets out the matters that should be included in respect of them• Name • Date of Birth• Nationality; • Residential Address;• Statement of the nature and extent of interest held by that beneficial owner (We would suggest that the position held by the person in the credit union could be included here).• Date on which that person was entered in the Register as a beneficial owner; and• Date on which that person ceases to be a beneficial owner (whenever applicable).• PPSN — It is noted in the new draft regulations that a further requirement for PPSN is now also included and hence will need to be captured on the beneficial ownership register.

Companies Registration Office (CRO) will host the BOR. A Registrar of Beneficial Ownership for Companies and Industrial & Provident Societies will be appointed. An office known as the Registrar of Beneficial Owners will be established to oversee the Register. This will be alegally separate office to the CRO. The register will be opened within three months from thesigning of the Statutory Instrument which is expected in the short-term. While companies will be required to file their beneficial ownership information within six months of the opening of the register, there is no indication on what timeframe will apply in relation to credit unions. Also, it is unclear, how often information will be updated to the BOR. As more information emerges in this regard, we will keep you posted.  

The Registrar of Beneficial Owners will launch a media awareness campaign which will coincide with the commencement of the BOR.  

Since the previous circulation to your credit union, a number of concerns have emerged, particularly in relation to the requirement for collection of “residential address information”.CUDA has raised this matter with the AML Private Sector Consultative Forum and also with An Garda Siochana HQ. We will keep you informed of developments on this matter. 

Access to the BOR

Relevant Third Parties will have access to BOR information. This will be provided on a twotier basis.• T1 – FIU and State Competent Authorities will have full unrestricted access;• T2 – Public obligated entities/others.  The level of access is unclear at this time; however, we have been advised that fees/charges will apply

Other Matters  on the BOR• The Department of Finance or the Registrar have no plans to issue guidance on the BOR at this time, however if queries emerge they are prepared to provide answers as required.• There was significant concern from other financial institutions on the requirement to provide PPSN for the BOR. In many cases, shareholder interest may be resident outside Ireland and PPSN would not apply, so consideration that ITIN or other identification could be used.  While this may not be a concern for credit unions, there was also concern that the requirement to collect verification documentation of PINs/ITINs would be problematic. 

CUDA will continue to update you as we get more information. For now, and for the purpose of potential CBI AML inspection, please ensure that you maintain an up to date Credit UnionBOR in the event of being asked to produce same by a CBI AML team. If you require further information on this, please email to or contact the CUDA office.

PRISM Supervisory Commentary 2019

By | Owner Members, Representation

The 2019 PRISM Supervisory Commentary provides an overview of the outcomes of engagements with credit union as a result of PRISM inspections. Risk issues were identified across the following areas: governance, credit, operational capability, strategy/business model. The Paper sets out the key risk identified under each category and is a good checklist for your own processes and procedures. 

CUDA is reviewing the document for the purposes of determining if changes are required at policy level. We have already made some changes to the Governance Policy which is set out below.  In particular it is noted that in some cases procedures were not aligned with policy. 

If there are any questions or concerns you have with the Paper and you would like us to raise it at our next meeting with the RCU please do contact us (;

Do you want Credit Unions to become banks?

By | Owner Members, Representation

Public Consultation on Evaluation of Community Banking and Local Provision of Banking and Financial Services in Ireland

As reported last month Mr. Paschal Donohoe T.D., Minister for Finance and Public Expenditure and Reform, has appointed Indecon International Economic Consultants to undertake an independent evaluation of how the concept and objectives of community banking, and local provision of banking and financial services, may be furthered in Ireland.

The objectives of community banking are set out as including:   • enhancing financial inclusion to ensure individuals can access banking and financial services;• supporting rural and regional economic development;• ensuring access to finance for small businesses. 

Indecon believe it is critical that they obtain the inputs of key stakeholders who have an interest in this area, and they would particularly welcome the inputs of the Credit Union Development Association to this review. We are very concerned that there are people with views that credit unions have run their course and should transform into some form of bank. CUDA does not share that view, we believe credit unions will continue, in fact should continue, to be consumer-owned, co-operative financial service providers whose primary business is to provide a competitive return on the savings of their members – by using those savings to make convenient, affordable member loans. The challenge is how to cope with the success of being trusted by the people of each common bond and become bigger credit unions rather than small banks.

This is a very important matter and if you would like to provide us with your thoughts please email them to  

Central Bank’s CEO Forum taps into Solution Centre

By | Owner Members, Representation


Presentation by Solution Centre to members of CEO Forum 

CUDA and the Solution Centre presented its Revolving Credit project last week to members of the workstream of the Central Bank’s CEO Forum that has identified this product as one of their preferred workstreams. Cathal described to the group the research completed, the product design, the compliance review of the product design, the design validation and testing work with Capital Credit Union, external stakeholder engagement and the remaining steps to completion. As there appears to be a significant appetite from the CBI and the CEO forum to achieve a success, we believe this extension of involvement, and widercollaboration will assist in ensuring a positive outcome for credit unions.