Central Bank of Ireland Publishes Report on Themed Inspection of Compliance with Fitness & Probity Regime for Credit Unions

The Central Bank has published a report (the ‘2017 Report’) on the outcome of its inspection of the implementation of the Fitness & Probity Regime by credit unions (the ‘F&P Regime’).

The F&P Regime for credit unions came into effect on a phased basis (based on credit union asset size) and is now fully operational for all credit unions. The rationale behind the application of the F&P Regime to credit unions is that there should be improved governance standards at board and management level across credit unions and that those involved in governance within credit unions should be capable, competent and financially sound with the appropriate skills, experience, knowledge and integrity.

To assess the implementation of the F&P Regime for credit unions, the Central Bank conducted a series of themed inspections of compliance with certain requirements of the F&P Regime in a sample of credit unions conducted over the period June to October 2016. The inspections focused on three specific areas of the F&P Regime, namely:

  1. Due diligence;
  2. The role of the Nomination Committee; and
  3. The maintenance of records. 

The 2017 Report included examples of good practices observed by credit unions but also highlighted areas of non-compliance/poor practice. Unsurprisingly it was found that medium and larger asset sized credit unions demonstrated better compliance levels than smaller credit unions.

Deficiencies Identified

Due Diligence

Deficiencies were identified in F&P Regime practices particularly in the area of due diligence. Credit unions were found to have either failed to undertake due diligence or to have undertaken poor or incomplete due diligence on ‘controlled function’ role holders.

Under Section 21 of the Central Bank Reform Act 2010 (the ‘2010 Act’) a regulated financial service provider shall not permit a person to perform a ‘controlled function’ unless: (i) the regulated financial service provider is satisfied on reasonable grounds that the person complies with any standard of fitness and probity issued pursuant to Section 50 of the 2010 Act (the ‘Standards’); and (ii) the person has agreed to abide by those Standards.

The due diligence for ‘controlled function’ role holders should be conducted under the following three headings listed in the Standards: (i) competent and capable; (ii) honest, ethical and to act with integrity; and (iii) financially sound. The requirement to conduct Fitness & Probity due diligence is a continuing one.

The 2017 Report found that superficial due diligence was being undertaken without adequate consideration being given to the matching of candidates’ skills to role profiles.

Under the ‘competent & capable’ category it was found that a significant number of credit unions inspected failed to formally document or maintain records of the ‘controlled function’ role holders in relation to previous experience, references from previous employers, interviews or applications for the role in the credit union. The 2017 Report also noted an over reliance on personal knowledge or local knowledge of ‘controlled function’ role holders without an assessment of such persons being evidenced and documented. A lack of evidence of qualifications and training was also noted as a deficiency in the due diligence requirements under the F&P Regime.

Under the ‘honest, ethical and to act with integrity’ category it was noted that some credit unions failed to conduct checks of publicly available information to assess a person’s probity, such as searches on the Central Bank website or in the Companies Registration Office. Such checks should be conducted as a matter of course and the results documented and recorded even where a ‘controlled function’ role holder or ‘pre-approved controlled function’ role holder is already known to the credit union.

Under the ‘financial soundness’ category, the 2017 Report found that there was a lack of evidence of key checks (e.g. judgment searches) being conducted for ‘controlled function’ role holders.

Role of Nomination Committee

The inspections found a lack of understanding on the role of the Nomination Committee. The Nomination Committee is a committee established by the board of directors of the credit union consisting of not less than three and not more than five members of the board. It is responsible for assisting the credit union in performing any obligations under Section 21 and 23 of the 2010 Act in relation to candidates proposed to perform ‘controlled functions’ or ‘pre-approved controlled functions’ and assisting in carrying out any checks which the credit union undertakes to ensure compliance with its obligations.

The Nomination Committee has the primary responsibility of ensuring the credit union fully implements the F&P Regime. The 2017 Report noted that, in some cases, the Nomination Committee fulfilled its roles but in other instances it found that the Nomination Committee did not fully appreciate the extent of its role in relation to Fitness & Probity. A review of the Nomination Committee board minutes showed that some committees met infrequently and that records of discussions did not show consideration of the F&P Regime requirements.

Maintenance of Records

Credit unions are required to document and record all due diligence undertaken in relation to persons performing controlled functions and to retain documentation provided by those persons (including any responses given and signed by the person in relation to the Standards). The Central Bank may require to see any such records of due diligence either in the context of an investigation of a credit union’s compliance with section 21 of the 2010 Act or an investigation in relation to a person’s fitness and probity to perform a controlled function. Credit unions should have regard to their obligations under data protection law in holding the information (including ensuring that the information is held securely and in an appropriate manner).

The 2017 Report noted that certain Fitness & Probity compliance policies and procedures, while observed, were not documented. It was found that there were instances where there was a lack of due diligence records on file which resulted in a lack of evidence to support compliance with the F&P Regime for credit unions. Where credit unions held due diligence documentation on file the 2017 Report noted instances where the credit union did not record evidence of a proper assessment of the due diligence conducted. Information collected in relation to pre-approved controlled functions (and certain controlled functions) in compliance with Section 21 of the 2010 Central Bank Act should be maintained for a period of 6 years after the person has ceased to perform the controlled or pre-approved controlled function role.

The 2017 Report found that there was a noted variance in the level of understanding by Nomination Committees of the obligations surrounding the maintenance of records. The 2017 Report noted as good practice a system of storing files in a secure location with limited access. For credit unions with multiple branches, a centralised file (paper or digital) with restricted access was considered appropriate to facilitate the need to access these files in numerous locations.

Conclusion

Credit union staff should review the examples of good practice provided in the 2017 Report and consider how these examples can inform the further development of practices and procedures relating to the implementation of the F&P Regime.

For further information please contact Enda Newton (Partner), Andrea de Courcey (Associate) or your usual AMOSS contact.