Embedding Effective Governance, Registrar of Credit Unions, Patrick Casey

Chairman, members of the Executive, President of ILCU, ladies and gentlemen, I am delighted to speak at the 2019 AGM of the National Supervisors Forum, and provide my perspective on an important topic of interest to everyone in attendance, credit union governance.

I want to begin thanking your outgoing Chair, Liam Kelly and your Executive, for their positive engagement with us over the last year.

Before I address your conference theme, I will briefing mention an issue that is at the forefront of all our minds, Brexit. It continues to dominate the headlines, and in particular the prospect of a no-deal outcome.

The range of risk considerations flowing from Brexit should remain an area for continual assessment by credit unions given the wider economic and financial impacts. Our communications to date with credit unions have therefore emphasised the importance of identifying Brexit-related risks and taking mitigating actions as appropriate.

In addition to sector wide communications, we also recently issued a questionnaire to all credit unions on their Brexit contingency plans. It covered a range of risk considerations across credit, investment and liquidity and IT. We continue to engage with individual credit unions on the responses received.

The theme of your conference is timely. Effective governance is fundamental to maintaining the trust that members place in the directors they appoint to govern their credit union. Members’ expect their credit union has the required governance and oversight in place, to deliver the financial services they require, while protecting their funds. They look to the credit union directors to ensure this. They expect you, as Board Oversight Committees, to validate that boards are delivering on their governance obligations.

In my address today I would like to consider:

1. The key attributes of effective governance;
2. The importance of an effective organisational culture;
3. The role of risk appetite in effective governance;
4. The oversight of outsourcing, which is an emerging risk area; and
5. The current standard of governance in credit unions.

1. Key attributes of effective governance

Effective governance is not just about adherence to codes or rules; it engenders strong and decisive leadership, open communication, robust systems and controls, effective risk management and a healthy organisational culture and behavioural mind-set.This aligns fully with our vision for the sector of “Strong Credit Unions in Safe Hands”[1].

Our vision underpins our statutory mandate[2] to ensure each credit union protects the funds of its members and the maintenance of the financial stability and well-being of credit unions generally.

Effective governance enables credit unions to grow their business confident that their processes, systems and capabilities can manage both existing and new business lines, as well as new commercial relationships.

Effective governance is an essential foundation to underpin development of the credit union sector. Ineffective governance can constrain a credit union from effectively responding to business challenges. It is important therefore that credit unions have robust and fully embedded governance frameworks in place, before considering significant business model development.

Effective governance cannot be delivered through a formulaic or box-ticking approach. It is about appreciating and promoting high standards within the credit union in serving members and protecting their funds.

The nature of that governance focus is not unique to financial institutions. Indeed, to take an example outside of financial services, the Governance Code for Community, Voluntary and Charitable Organisations states:

“Good governance is not all about rules and regulations. It is an attitude of mind. It is about the ethical culture of the organisation and the behaviour of the people on the governing body.”^[3]

Effective boards exhibit certain characteristics, which can include:

• They are well-diversified, reflecting members’ demographics and that of the broader common bond.
• Directors are focussed not only on current performance, but also on where the credit union is going, its business model and strategies.
• Individual directors are clear on their role and responsibilities.
• Effective boards ensure they have the right information to support decision making. Board packs contain appropriate information to support oversight and strategic leadership.
• Boards are not reluctant to take ownership of risk and business model evolution. They have a well-developed appreciation of risk, demonstrated through a clearly defined risk appetite.
• Board decision making is informed by a realistic understanding of the credit union’s operational capability to prudently implement change. They are receptive to credit union collaboration, informed by appropriate due diligence and risk understanding.
• Internal Audit, Risk Management and Compliance functions are fully embedded, providing key supports to enable directors to discharge their responsibilities.
• Due consideration is given to the range of strategic options and directions available, including transfers of engagement.

Importantly, effective boards recognise that strong governance is underpinned a positive culture. They demonstrate good practice in the boardroom and promote good governance throughout the business.

2. Effective organisational culture

You can think of a culture as shared values and norms that shape behaviours and mind-sets within an institution – it is often defined as ‘the unwritten rules or the way things are done around here’[4]. The concept of culture should resonate with anyone who has worked in an organisation of any size.

Leadership is a critical driver of culture. Ideally, board and senior management values and behaviours cascade throughout the organisation and support positive culture. In this way appropriate behaviours are evidenced not only by those at the top of organisations, but they are also exhibited at all levels. As my colleague Derville Rowland, Director General of Financial Conduct, said last year[5]:

 “The Central Bank expects leaders to set the right tone from the top, to ensure it is echoed from the bottom up and is visible throughout the organisation.”

Effective culture in financial services is arguably even more important than in other sectors because of the central role that such firms play in the financial well-being of consumers. It is also essential to the sustainability of firms, with growing evidence that a lack of a consumer-focused culture can erode trust and competitiveness, and damage long-term prospects.

Following an in-depth review of the behaviour and culture, the Central Bank published a detailed report titled: “Behaviour and Culture of the Irish Retail Banks”[6] in July 2018. It provides useful insights for all financial institutions to read and understand in leading and promoting a desired organisational and customer-centric culture.

For credit unions, the trust placed by your members is well recognised[7], but there is no room for complacency. Culture is an area for ongoing focus within every institution, and central to successful organisational change and strategy implementation. I recommend that credit union boards review the Bank’s 2018 report when considering the appropriateness of their own organisation culture.

While I have touched on some of the attributes of effective boards, one of the most important is the capacity to develop and articulate an appropriate risk appetite, and ensure it is reflected and embedded across all business model strategies, processes and activities.

3 The role of risk appetite in effective governance

Board clarity regarding the level of risk an organisation proposes to accept is fundamental to good governance. As is the case with all financial institutions, credit unions are in the business of taking on risk. Well managed credit unions exhibit the capability to deploy and manage that risk, within a developed risk appetite.

Risk appetite should guide business strategy and decision-making. It is an area for continual focus and review. Without clarity on your credit union’s risk appetite, there can be either excessive risk taking, or excessive conservatism. Both can inhibit credit union sustainability.

For many credit unions, risk management remains an area in development. Some credit unions, irrespective of size or complexity, do it much better than others.

In practical terms, the coherence between risk appetite and decision-making can be observed in how credit unions go about developing their business model.

Our supervisory teams seek to assess risk appetite by observing how it is reflected in strategy, business planning and monitoring, and in discussions with boards and management teams.

The lending proposition in particular is in focus today in many business model discussions, given the continued prevalence of low loan to asset ratios in most credit unions. Prudent lending is fundamental to viability.

As we conclude our statutory consultation on the revised lending framework following CP125[8] and move towards enhanced capacity for house and commercial lending, our expectation is that credit unions will critically assess the risks involved in increasing longer term lending.

For housing lending in particular, I refer you to our December 2017 Long Term Lending guidance paper[9] which provides a framework for boards considering mortgage provision, adopting a risk-based approach.

Ultimately, any new business line must be financially viable. We expect credit unions to take a rigorous assessment to identify challenges and quantify risks in equal measure, to counter what may be excessive optimism and/or an unrealistic appraisal of demand or capabilities.

For boards, there are obvious risks in miscalculating readiness to develop new lines of business where there is lack of experience, or indeed to under-estimate the skills required to do so.

The motivation for taking on additional risks is usually evident in strategic and business plans, but the matter of consciously avoiding certain types of risk may not get equivalent attention. Both are critical to sustainable business models.

Successful small firms define themselves more by what they don’t do, and then focus their energy on being exceptional at what they do well. Strong leadership and realistic assessment of where efforts can be most impactful, are fundamental to sustainability.

We published a paper on ‘Business Model Strategy: Guidance for Credit Unions’[10] in February 2019 as a further support. It sets out a structured approach and range of considerations for credit unions to consider in their strategic planning, including risk appetite alignment. Trying to deliver on the full span and scope of consumers’ financial services needs may not be within the credit union’s capacity. It can distract from the core business. Prioritisation is central to purposeful and executable strategic planning.

A strong risk appetite framework is a feature of institutions with a positive governance culture, strong oversight and control and a fully embedded risk management framework. It ensures the credit union not only understands the risks it may be exposed to, it understands the drivers of those risks. This risk culture is reflected throughout the credit union, and in particular in its strategic decision making processes.

Outsourcing of activities is a further important component to be captured by credit union governance.

4. The management and oversight of outsourcing

As the business model evolves, credit unions are increasingly dependent on strategic outsourced partnerships. Today along with core banking systems, business process supports such as Internal Audit, Risk and Compliance are also often being outsourced to third party providers.

In tandem, credit union-owned outsourced service providers (referred to as CUSPs) are being established to provide services such as mortgage loan processing, product intermediation and payment transmission.

Effective management and oversight of outsourced activities is critical, and credit union governance and risk management frameworks must effectively capture the risks associated with the full breadth of such activity.

To support credit unions in this area, we recently sent a letter to the Chairs and CEOs of all credit unions[11]. Our purpose is to define the nature and role of CUSPs, and to address how credit unions invest and oversee such structures. In doing so, we articulate our supervisory expectations.

Indeed, wider Central Bank publications on outsourcing can support credit unions’ risk understanding, including the Central Bank’s paper entitled  ‘Outsourcing – Findings and Issues for Discussion – (November 2018)’[12].

Our recent Business Model guidance paper sets out our business model risk considerations and expectations regarding strategic partners, outsourcing and shared services. It emphasises the need for clarity to how the outsourcing relationship relates to the credit union’s strategic plan, long-term goals and objectives. It highlights the necessity for effective credit union monitoring and oversight of all outsourced activities.

Each credit union has a unique profile as reflected in its risk appetite – the benefits and opportunities possible will differ as a result.  We would expect this to be reflected in how outsourcing opportunities are addressed and evaluated.  

Cost savings may not necessarily arise from outsourced activities. Rather, the driver may be the potential benefits of outsourcing for those looking to access new technologies and expertise. Whilst there may be good reason to explore such opportunities, credit unions should reflect upon their unique characteristics and circumstances in implementing an outsourced business model, and be clear on the value proposition involved.

Turning to my final topic I will address, the current governance standards in the sector.

5. Current governance standards

In my address so far, I have set out the key attributes of effective governance, and how it can support credit union responsiveness to external threats and opportunities.

Each year, we publish our Supervisory Commentary which sets out evidence-based findings and supervisory expectations from our engagement activities. Our Supervisory Commentary is designed to support credit union boards and management teams in reviewing and embedding improved governance, risk management and operational frameworks.

In communicating our supervisory findings and expectations, we seek to drive best practice and raise standards of compliance within credit unions.

This can provide a strong basis from which you as Board Oversight Committee members, can make a determination in relation to the effectiveness of your own board’s functioning.

We published the latest issue of that report in April 2019[13] covering our 2018 supervisory engagement activities. It highlighted standards were not uniform across the sector, with some credit unions demonstrating significantly improved governance standards and understanding, and others having a greater distance to travel.

For all institutions, governance standards need to continuously evolve, given the current rapidly changing environment as internal, competitor, technological and economic challenges evolve. This is particularly the case for credit unions as business models grow in complexity.

Certain business lines, such as mortgages, current accounts and intermediation, to cite recent examples, impact upon the credit union’s risk profile, and introduce additional governance requirements which must be accommodated.

Our 2018 supervisory findings in relation to governance identified a range of positives. However, there is a concern that for many credit unions, the minimum standards set out in the credit union framework have yet to be properly embedded.

By way of example, we evidenced deficiencies related to board procedures and performance management, risk management and compliance and internal audit. We found evidence of a lack of board oversight and poor board engagement with key support functions. This included an inadequate response to findings and recommendations identified in risk, compliance and internal audit reports. We also noted issues with the quality of reports being provided to boards, and a failure to adequately resource the key second and third line support functions.

Technology is central to your future sustainability. It is surprising therefore that IT strategy, as a key enabler of business model change, is not given greater prominence in many strategic plans.

Finally, we found evidence of inconsistencies and contradictions between stated risk appetites and the policies and practices of some credit unions, reflecting a failure to ensure the activities of the credit union align with stated risk appetite.

You, as Board Oversight Committees, must challenge boards on such matters on behalf of members, in fulfilling your obligations, and to support the delivery of effective governance in your credit union. 

Conclusion

These are challenging times for all financial institutions and credit unions are no different. Credit unions have a number of strengths upon which to build – your ethos and the trust of your membership being foremost amongst them.

The strengthening of core foundations in the areas of governance, risk management and operational capability, remain essential to enable prudent business model transition in credit unions. There is significant flexibility within the current regulatory framework to facilitate credit union growth ambitions, and recent proposed changes provide further capacity. The challenge rests with credit union leadership teams to strategically determine the appropriate business model for their credit union, and to demonstrate ownership in delivering on that strategy. This is a fundamental business imperative for credit unions.

Absent proper governance standards, a credit union is poorly placed to successfully transition its business model, or indeed to respond to emerging threats.

Credit unions are based on cooperative foundations. There is no separation of interest between the customer and owner, which supports both transparency and accountability. This is a strength of the cooperative model which relies on credit union boards and managements always placing the members interests’ first. Experience to date would largely suggest the validity of this presumption, but credit unions need to continuously strengthen their governance standards if they are to deliver a sustainable credit union business model for current and future members.

I remain impressed by the dedication of both volunteer directors and Board Oversight Members. As Board Oversight Committee members, you are in a position to evidence the quality of strategic considerations by boards, and to constructively challenge where this is not evident. That is how you best serve your members.

Today’s theme of embedding effective governance mirrors a key message of the Central Bank[14] that the strengthening of core foundations in the areas of governance, risk management and operational capability. It ensures material risk can be managed and mitigated, which is essential to enable prudent business model transition.

Given the theme of your conference, I think it would be remiss if I did not pose some questions for your further reflection:

• Are you - as Board Oversight Committee members - satisfied that your board has an agreed risk appetite of the credit union?
• Does it inform strategic planning?
• Do you evidence challenge at board level?
• Is there adequate board oversight of all outsourcing activities?
• Are key supports of risk management, compliance and internal audit, effectively resourced and leveraged by the board?
• Do behaviours and the culture in your credit union, reflect effective governance?

I invite you to consider these questions in your deliberations. I trust you will have an interesting conference, and thank all of you for your attention.

[1]  We see ‘Strong Credit Unions’ as being financially strong and resilient, enabled by sustainable, member-focussed business models, underpinned by effective governance, risk management and operational frameworks; and we see that credit unions are ‘in Safe Hands’ when they are effectively governed, professionally managed and staffed by competent, capable people who appreciate and prudently manage risks, while successfully meeting members’ product and service expectations.

[2] Section 84 of the Credit Union Act 1997 (As amended)  

[3] The Governance Code for Community, Voluntary and Charitable Organisations

[4] https://www.apra.gov.au/sites/default/files/CBA-Prudential-Inquiry_Final-Report_30042018.pdf