Prudential Regulation Authority Rulebook

11.1

A credit union must establish, implement and maintain:

1. (1) robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
2. (2) effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and
3. (3) adequate internal control mechanisms designed to secure compliance with decisions and procedures at all levels of the credit union, including sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems.

11.2

A credit union must ensure that the arrangements, processes and mechanisms referred to in 11.1 are comprehensive and proportionate to the nature, scale and complexity of the risks inherent in its business model and activities.

11.3

A credit union must establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question.

11.4

A credit union must establish, implement and maintain a fully documented system of control, including documenting the system of control it is required to establish and maintain under section 75 of the Co-operative and Community Benefit Societies Act 2014 or under article 40 of the Credit Unions (Northern Ireland) Order 1985.

11.5

A credit union must ensure that the governing body defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the credit union, including the segregation of duties in the organisation and the prevention of conflicts of interest. The credit union must ensure that the governing body:

1. (1) has overall responsibility for the credit union;
2. (2) approves and oversees implementation of the credit union’s strategic objectives, risk strategy and internal governance;
3. (3) ensures the integrity of the credit union’s accounting and financial reporting systems, including financial and operational controls and compliance with the regulatory system;
4. (4) oversees the process of disclosure and communications;
5. (5) has responsibility for providing effective oversight of individuals who effectively direct the business of the credit union; and
6. (6) monitors and periodically assesses the effectiveness of the credit union’s governance arrangements and takes appropriate steps to address any deficiencies.

11.6

A credit union must ensure that the chairman of the governing body does not exercise simultaneously the Chief Executive function within the credit union, where there is such a function within the credit union.

11.7

A credit union must establish, implement and maintain an up-to-date business plan approved by the governing body.

11.8

A credit union must establish, implement and maintain an up-to-date and fully documented policies and procedures manual.