All Posts By

Michael Fortune

Policy Updates

By | Compliance, Owner Members, Policy Development

CUDA has updated the Outsourcing Policy in light of recent publications including: Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018), and EBA revised Guidelines on Outsourcing ArrangementsOutsourcing will be high on Central Bank’s supervisory agenda during your PRISM engagements. The recent circulation from RCU re outsourcing service risks dated 8th May 2019 is a further indication of this.

Read More

GDPR Update: Stage 1 PIA Assessments

By | Compliance, Owner Members

A PIA (Data Protection Impact Assessment) assesses the impact on privacy with the introduction of a new project, service or product which involves the processing of personal data.  GDPR provides that a PIA is mandatory when an organisation uses new technologies and processes personal data in a way that is likely to result in a high risk to the rights and freedoms of an individual (Art 34).

Read More

Outsourcing Policy

By | Owner Members, Policy Development

CUDA is currently reviewing the Outsourcing Policy in light of the publication of:

  1. Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  2. EBA revised Guidelines on Outsourcing Arrangements

The recommendation on outsourcing to cloud service providers, published in December 2017, has also been integrated into the Guidelines.

The EBA revised Guidelines are applicable to the following

  • Institutions that fall under Directive 2013/36/EU (i.e. CRD)
  • Institutions that fall under Directive 2014/65/EU (i.e. MiFiDII)
  • Institutions that fall under Directive 2015/2366/EU (i.e– PSD2) in so far as that institution is defined as a payment institution

Credit Unions are not subject to the CRD or MiFiDII Directives. Credit Unions are subject to PSD2 in their function as a payment service provider but are not payment institutions under Chapter 2 of EU (Payment Services) Regulations 2018 [SI No. 6, 2018]. Relevant learnings and best practice can be taken from the EBA Guidance document and the Central Bank Discussion Paper of November 2018. The EBA Guidance definition of what is and isn’t outsourcing is very helpful. We will adopt best practices in to the Outsourcing Policy.

Meanwhile on CUSP you can obtain the following:

  • Outsourcing Policy 2017
  • Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018)
  • EBA revised Guidelines on Outsourcing Arrangements

If you have any questions on any of the above please do not hesitate to contact us (elaine.larke@cuda.ie)

Governance Policy

By | Owner Members, Policy Development

The Governance Policy has been reviewed and updated to take account of:

  1. PRISM Supervisory Commentary 2019
  2. Credit Union Act 1997 (Regulatory Requirements) (Amendment) Regulations 2018 (S.I. No. 32 of 2018)

The 2019 PRISM Commentary paper on Governance Risk reflects many of the findings set out in the 2018 PRISM Commentary paper in particular in relation to exercising appropriate oversight of the management team – both the 2018 and 2019 papers highlight the need for effective engagement by the Board with internal audit, risk management and compliance functions. The 2019 provides that the Board will formally respond to issues raised by the risk management, compliance or internal audit functions.

A follow-on email highlighting the changes to the Policy will issue to Compliance Officers. Meanwhile, if you have any queries please do not hesitate to contact us (elaine.larke@cuda.ie)

You will find the following on CUSP:

  • Governance Policy 2019
  • PRISM Supervisory Commentary 2019
  • PRISM Supervisory Commentary 2018
  • Credit Union Act 1997 (Regulatory Requirements) (Amendment) Regulations 2018 (S.I. No. 32 of 2018)

New Products and Services Policy

By | Owner Members, Policy Development

The New Products and Services Policy has been reviewed and updated to take account of

  1. Business Model Strategy: Guidance for Credit Unions, February 2019
  2. EBA Guidelines on internal governance under Directive 2013/36/EU [EBA/GL/2017/11]

The Policy was last reviewed and updated in March 2017. It captured considerable changes at that point, in particular to take account of POG – Product Oversight and Governance Arrangements for Retail Banking Products (March 2016).

The RCU require that the policy is followed when introducing a new product. CUDA is currently completing work on the introduction of a Revolving Credit Product. Introducing a product of this nature, or introducing mortgage lending, would both instigate the application of this Policy.

You will find the following on CUSP:

  • New Products and Services Policy 2019 
  • Business Model Strategy: Guidance for Credit Unions, February 2019
  • EBA Guidelines on internal governance under Directive 2013/36/EU [EBA/GL/2017/11]

A follow-on email highlighting the changes to the Policy will issue to Compliance Officers. Meanwhile, if you have any queries please do not hesitate to contact us (elaine.larke@cuda.ie)