Settlement Agreement between the Central Bank of Ireland and St. Canice's Kilkenny Credit Union
22 June 2018
Press Release
St Canice’s Kilkenny Credit Union Limited fined €210,000 by the Central Bank of Ireland in respect of breaches of the Credit Union Act 1997
The Central Bank of Ireland (the “Central Bank”) has fined St Canice’s Kilkenny Credit Union Limited (the “Credit Union” or “St Canice’s”) €210,000 and reprimanded it for eight breaches of the Credit Union Act, 1997, (as amended) (“the 1997 Act”) following an investigation. The breaches have been admitted by the Firm and the enforcement action has been concluded by way of settlement agreement between the parties.
The Central Bank’s investigation found governance and risk management failures in relation to the outsourcing and implementation of the Credit Union’s migration to a new IT system in August 2014. The main consequence of these failures was the Credit Union’s inability to reconcile its main transactional bank account over 15 months, which exposed members’ savings to a risk of loss, although no loss was actually sustained. Upon becoming aware of the bank reconciliation issue, St. Canice’s failed to report it to the Central Bank and during that time knowingly submitted 5 inaccurate quarterly prudential returns to the Central Bank. The Central Bank is satisfied that St Canice’s has addressed all issues of concern identified in the investigation.
The Central Bank of Ireland’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, said:
“A key function of the Central Bank is to administer the system of regulation and supervision of credit unions in order to protect members’ savings and to ensure credit unions are properly operated and managed. Credit union members have an expectation that their funds will be safeguarded to the highest standards. Effective safeguarding of funds is built upon robust governance and systems and controls within a credit union. The board of a credit union retains primary responsibility for these matters and therefore must adequately oversee and manage all activities of a credit union, including those outsourced to a third party.
St Canice’s failed to properly manage the integration of a new IT system which resulted in the Credit Union being unable to reconcile its main transactional bank account correctly. As a result, St Canice’s was unable to ensure the protection of members’ savings, although no loss was actually sustained. A further consequence of the failings was that St Canice’s knowingly submitted incorrect prudential returns to the Central Bank for 15 months. This is unacceptable as the Central Bank relies on these returns to assess the financial position and stability of credit unions. By submitting inaccurate returns, the Credit Union compromised the Central Bank’s ability to effectively and appropriately supervise it.
St Canice’s also failed to report the bank reconciliation issue to the Central Bank. The Central Bank expects the board and officers of all regulated firms to report issues without delay and to engage with the Central Bank in a proactive and meaningful manner.
The level of the fine reflects the potential serious impact on members, the failure to ensure effective oversight and governance; and the lack of engagement with the Central Bank. Regulatory failures of this nature will result in rigorous investigation and appropriate enforcement action.”
Background
St Canice’s is a regulated financial service provider and is registered as a credit union under the 1997 Act. The principal activity of the Credit Union is the provision of financial services to over 57,000 members.
The breaches relate to the planning and implementation of a new IT system and the problems subsequently encountered in relation to the bank reconciliation process. The bank reconciliation issue persisted for 15 months and St Canice’s failed to report the matter to the Central Bank. The problems came to the Central Bank’s attention via a third party report on an unrelated matter. The quarterly prudential returns submitted by the Credit Union from September 2014 to September 2015 were inaccurate.
Prescribed Contraventions
The Central Bank identified eight breaches of the 1997 Act, occurring between August 2014 and January 2016. Details of the provisions breached are set out below.
Section 27A(1) of the 1997 Act requires a credit union to maintain oversight, policies, processes, systems, controls, skills, expertise and reporting arrangements appropriate to the nature, scale and complexity of its business. This is to ensure the protection of members’ savings and comply with requirements imposed under the financial services legislation.
Sections 66A(1)(a) and 66A(2) of the 1997 Act requires a credit union to put in place governance arrangements suitable to the nature, scale and complexity of its business to ensure effective oversight of its activities and compliance with the 1997 Act.
Section 76E(2) of the 1997 Act requires a credit union to identify the operational risks it is exposed to, or likely to be exposed to, and to mitigate those risks.
Section 76G of the 1997 Act requires that a credit union develop, prepare, implement and maintain secure and reliable information systems to enable it to control, direct and manage its affairs.
Sections 76J(3) and 76J(6)(b) of the 1997 Act require that a credit union shall exercise due skill, care and diligence when entering into or managing outsourced activities with service providers and retain the necessary expertise to supervise the outsourced activities effectively, manage the risks associated with the outsourcing and supervise those activities and manage those risks.
Sections 108(2)(b), 108(2)(c) and 108(2)(d) of the 1997 Act requires a credit union to keep proper accounting records on a continuous and consistent basis and to establish and maintain systems of control of its business and records. The accounting records must be able to, amongst other things, disclose, with reasonable accuracy and promptness, the financial position of the credit union to enable officers and the credit union to discharge the duties imposed on them by the 1997 Act.
Sections 76H and 109 require that a credit union ensures its information systems and systems of control produce management information and other reports which are accurate, reliable, consistent and timely so as to enable the board and management team to, amongst other things, direct, control and manage the credit union’s business efficiently and effectively, and provide accurate information to the Central Bank on a timely basis.
Remediation
The Credit Union has undertaken a review of its systems and procedures and has implemented a number of improvements including the introduction of an IT Strategic Plan, a Change Management Policy and the appointment of an IT Officer.
Penalty decision factors
The sanctions imposed in this case reflect the seriousness with which the Central Bank treats the relevant contraventions and the importance the Central Bank places on compliance with the 1997 Act.
In deciding the appropriate penalty to impose, the Central Bank has taken the following into account:
- The submission of inaccurate prudential returns from September 2014 to September 2015;
- the risk of loss to members’ savings, although no loss was actually sustained;
- the Credit Union’s failure to report the breaches to the Central Bank;
- the duration of the breaches for 15 months; and
- the need to impose an effective and dissuasive sanction on regulated entities.
The Central Bank confirms that the matter is now closed.
Notes
- The Credit Union Act 1997 is available on the Central Bank’s website https://centralbank.ie/home or to download here. The Administrative Sanctions Procedure became fully applicable to breaches of the Credit Union Act 1997 on 1 August 2013.
- The Credit Union Handbook, the latest version of which was published by the Central Bank in January 2016, is available on the Central Bank’s website
- The fine reflects the application of the maximum percentage settlement discount of 30% as per the Early Settlement Discount Scheme set out in the Central Bank’s “Outline of the Administrative Sanctions Procedure” which is here (PDF 748.07KB).
- Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts. The penalties are not included in general Central Bank revenue. In 2017 the Central Bank’s Surplus Income amounted to approximately €2.1 billion (2016: approximately €1.8 billion), all of which was paid to the Exchequer.