Prudential Regulation Authority Rulebook

8.1

The PRA considers that good governance is fundamental to the safety and soundness of all financial institutions. Accordingly, all directors are expected to fully understand their individual and corporate responsibilities and, in the context of the size and complexity of each individual business, to have the technical competence necessary for them to set, and to oversee, the strategy of their credit union. All directors will be expected to understand the risks inherent in their credit union’s business model and to exercise appropriate oversight of the management of those risks. The PRA recognises that in applying these principles credit unions will take an approach that is proportionate to their size, complexity, and resources.

8.2

The following are indicators of good practice (the PRA considers that some credit unions will be limited in their ability to implement these practices, due to their size and resources, but the PRA would generally expect credit unions with more than £10 million in total assets to meet all or most of the below):

• there is a clear separation between the role and responsibilities of the General Manager/ Chief Executive Officer (CEO)/Senior Management Team (largely operational (although the General Manager/ CEO also plays a key role in developing strategy) keeping the board informed, and bringing recommendations to the board) and that of the board (largely strategic, approving key policies, making key decisions, overseeing performance, and appraising the CEO);
• the board demonstrates a clear understanding and ownership of strategy and associated risks, focusing on this as a key agenda item at board meetings (rather than getting involved in operational detail);
• the board has an appropriate range of skills and experience relevant to the activities carried on by the credit union;
• the credit union carries out an analysis of skills gaps, and prioritises identified gaps when recruiting replacements and buys in external expertise as necessary;
• the board is provided with management information which clearly indicates the credit union’s financial position and whether key financial measures are being met with reference to the board’s risk appetite;
• the CEO/General Manager has formal objectives which they are assessed against, via a formal appraisal process, led by the Chair (this is separate to ongoing obligations under the Senior Managers and Certification regime and should not cause the credit union to duplicate any assessments they are already doing);
• a formal assessment of the board, both individually and collectively, is carried out annually, led by the Chair;
• a formal assessment of the Chair is carried out annually (for example, by another board member such as the Vice-Chair); and
• the board maintains a succession plan that addresses the unexpected loss of key individuals.

8.3

All directors, without exception, are expected to ensure that their credit union fully complies with the requirements of the Financial Services Compensation Scheme (FSCS), and that their credit union’s provisioning policy and practices are prudent and effective. The PRA expects that directors of all credit unions, irrespective of size and complexity, will ensure that the credit union complies with the Fundamental Rules within the PRA Rulebook, by maintaining its single customer view file accurately and in a form agreed by the FSCS at all times.^[5] The PRA expects that directors of all credit unions will ensure that the credit union complies with rules relating to the maintenance of an accurate Single Customer View and Exclusions View as set out in the Depositor Protection Part of the PRA Rulebook. This includes ensuring that credit union software is updated as necessary.

8.4

The PRA expects that directors understand that all outsourcing arrangements are commercial, business decisions, and that sole responsibility for ensuring operational continuity and data security, among other things, rests with the individual credit union.

8.5

The PRA expects that all directors regularly satisfy themselves that their credit union accurately complies with the provisioning requirements in Rules 3.11 and 3.12 of the Credit Unions Part of the PRA Rulebook.

8.6

For a broader overview and more detailed good governance examples, credit unions may wish to review the UK Corporate Governance Code.^[6]

8.7

Credit unions must maintain an up-to-date business plan approved by the board (Rule 11.7 of the Credit Unions Part of the PRA Rulebook). The plan should be fit-for-purpose, and the detail provided commensurate with the size and complexity of the credit union. The PRA expects that the business plan should include (at a minimum):

• clear and measurable objectives for the next three years, which include realistic targets for the year in question (eg in respect of loans, savings, and arrears) to 
  measure performance against;
  • plausible financial forecasts (income and balance sheet) extending to at least two years beyond the current financial year. It is best practice for this to include reasoned and explicitly stated underlying assumptions (eg Bank of England Base Rate) and a coherent strategy for achieving the objectives; and
  • a robust plan for delivering the strategy which contains, among other things, an assessment of the current and emerging risks attached to the credit union’s business and operations and the impact of actual and anticipated external developments.

8.8

The business plan should be regularly updated and reviewed. Progress against business plan targets should be discussed regularly by the board, variances analysed and, where appropriate, pre-emptive or corrective action taken to deliver the business objectives.

8.9

Credit unions are expected to inform their PRA supervisors ahead of undertaking any significant diversification of, or change to, their business model. The PRA expects a credit union to engage with it on the risks and benefits of the proposed diversification, financial projections before and after the diversification, and stress tests of those projections, based on severe, but plausible, scenarios. Examples of what the PRA would consider to be significant changes to a business model include providing new loan products such as corporate loans or issuing interest-bearing shares to raise deposit funding. Examples of what the PRA would not consider to a significant change to a business model include different branding for small unsecured personal loans.