Credit Unions and the GDPR: Part 1
Dear Credit Unions, by now you will know that the GDPR or General Data Protection Regulation will come into effect in May 2018. The GDPR is intended to harmonise existing Data Protection laws across the EU. Firstly it will strengthen the rights of citizens around the use of their personal data. It w…Read more >
Dear Credit Unions, by now you will know that the GDPR or General Data Protection Regulation will come into effect in May 2018. The GDPR is intended to harmonise existing Data Protection laws across the EU. Firstly it will strengthen the rights of citizens around the use of their personal data. It will also increase the responsibility on data processors and controllers when undertaking the lawful processing of personal data of EU citizens. It is important to note that the UK Government has said it will also implement the GDPR even though they are leaving the EU.
Under Article 5 of the GDPR there are Six Principles which set out the responsibilities relating to the processing of personal data. In a series of articles over the coming weeks CUNA Mutual will provide Credit Unions with information and definitions under these Six Principles. The principles outline the approach that Data Controllers must take:
- Process personal data lawfully, fairly and in a transparent manner
- Collect for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security
(Note: It’s important to note there is also the introduction of a new requirement, being, that it is necessary to demonstrate accountability)
Taking the First Principle and seeing how this will affect us in the Credit Union space, we must be able to show adherence to one of the items of this First Principle. The First Principles asks Data Processers, i.e. Credit Unions, to consider the processing of data with the following in mind:
- A Member gives consent for their data to be used for one or more specific purposes, (i.e. the opening of an account or the application for a loan, or both, or the provision of other CU services to the member.)
- A situation might arise where we would need to pass members data to an Third Party we should also mention this to our members, and get their permission i.e. debt collection services etc should that need arise.
- Processing the member’s data is necessary to comply with a legal requirement of the Credit Union,
- Is it necessary to fulfil a contractual obligation,
- processing is necessary to protect the vital interests of a person,
- necessary for the public interest,
- Or for the legitimate interests pursued by the controller.
Clearly we in the Credit Union can tick the first item 1 here, i.e. that we have the member’s permission to use their personal data for a clear and legal reasons, i.e. to enable the credit union to provide our services to the member. We should of course advise the members what these different services are and why we need their data. We should also advise members that we only retain their data for the purpose of providing these services and no other reason.
A Simple Guide to Credit Union Liability Insurance
There are four main types of liability insurance that Credit Unions typically should consider. Each deals with different perils and will protect your business from different, potentially costly, scenarios. If you've ever asked yourself "What is liability insurance?" Then read on….. What's in…Read more >
There are four main types of liability insurance that Credit Unions typically should consider. Each deals with different perils and will protect your business from different, potentially costly, scenarios. If you’ve ever asked yourself “What is liability insurance?” Then read on…..
What’s in this guide?
- What is Employers’ Liability Insurance?
- What is the definition of an employee?
- Do I need Employers’ Liability Insurance?
- What is Public Liability Insurance?
- Do I need Public Liability Insurance?
- What is Directors and Officers Insurance?
- Do I need Directors and Officers Insurance?
- What is Professional Indemnity Insurance?
- Do I need Professional Indemnity Insurance?
What is Employers’ Liability Insurance?
Employers’ Liability Insurance is one of the main types of business insurance. It can cover compensation costs and legal fees if an employee or ex-employee sues for illness or injury caused by their work, on or off site. Even former employees can make a claim against you, if it’s found that their injury or disease/illness resulted from their work whilst working for the Credit Union.
As a small business, you will need Employers’ Liability Insurance if you have one or more employees. You should be insured for at least £5 million – an indication of how financially damaging a claim by an employee has the potential to be to your business, if you don’t have cover in place. CUNA Mutual provides £10 million as standard under its commercial combined policy for Employers’ Liability Insurance.
You are also required by law to post details of the insurance certificate for staff to see. The Health & Safety Executive (HSE) is the body responsible for enforcing the law on Employers’ Liability Insurance and can fine businesses up to £2,500 for every day that they do not have this insurance in place.
What is the definition of an employee?
An employee is defined as someone who:
- Is under a contract of service or apprenticeship with you
The Employers’ Liability Database
It is imperative that you keep a record of your Employers’ Liability Insurance cover in case an employee does make a claim. Remember, even former employees can make claims against you years after they have left.
On 1 April 2010, the Association of British Insurers announced that the Employers’ Liability Tracing Office (ELTO) would be established to help anyone suffering from a disease or injury caused at work, to find their former employer’s employers’ liability insurer. The ELTO would manage an electronic database to help people track down Employers’ Liability Insurance policies.
But from April 2012, it will be compulsory for insurers to update the Employers’ Liability Database with information relating to the Policyholder (you) and all their subsidiaries covered. The database will work by linking each policy with the policyholders (your) Employer Reference Number (ERN). HM Revenue and Customs have been issuing businesses with one or more employees with an ERN, therefore check to find out what your Employer Reference Number is and keep those details in a safe place.
Do I need Employers’ Liability Insurance?
The Employers’ Liability (compulsory insurance) act 1969 states that employers are responsible for the health and safety of their employees whilst they are at work. This is in case your employee becomes injured at work, or through the course of being under your employment in the UK. If they make a claim for compensation and you are found responsible, the employers’ liability (compulsory insurance) act 1969 makes sure that you have enough insurance to cover you against such claims – which could run into hundreds of thousands of pounds.
You’ll only be exempt from having to have Employers’ Liability Insurance if:
- Your business is not a limited company
- You are the only employee
- You only employ close family members
- You are a limited company with one employee and that employee owns 50 per cent or more of the issued share capital in the company
- Your employee can employ a substitute when they are unable to do the work themselves
- Your employee supplies most of the equipment and materials they need to do the job
- Your employee doesn’t work exclusively for you (for example, if they operate as an independent contractor)
What is Public Liability Insurance?
Credit Unions interact with members of the public therefore you’ll want to consider taking out Public Liability Insurance. This type of liability cover is not a legal requirement. However, it is highly advised in order to avoid potentially costly legal action should your Credit Union’s actions have a negative impact on a member of the public.
Do I need Public Liability Insurance?
While not a legal requirement, having public liability (P.L.) insurance is an important consideration for any business that interacts with members of the public or other businesses. Without it, your business may find itself at serious risk of being sued for large amounts of money.
CUNA Mutual’s commercial combined policy (which can include your Contents, Buildings, Employers and Public Liabilities) includes £5m P.L. cover as standard.
What is Directors & Officers Insurance?
D&O liability insurance indemnifies directors and officers of Credit Unions for damages and defence costs arising from lawsuits alleging various “wrongful acts.” Many people are reluctant to serve as directors or officers of Credit Unions if the organisation does not provide this much-needed insurance, since they otherwise could be forced to pay damages out of their personal assets.
The primary role of Credit Union directors and officers is to maintain financial stability and provide the necessary resources and environment to accomplish the goals and purposes of the organisation. The unique nature of not-for-profit organisations presents directors and officers with difficult challenges in performing this role.
Regardless of organizational structure, directors and officers of all Credit unions share certain common responsibilities which, if not properly discharged, may give rise to personal liability.
Further examples where Directors and Officers of the Credit Union can become defendants against an alleged wrongful act include:
• Employment practices & HR issues
– Eg. Discrimination, Sexual Harassment, Wrongful Termination.
• Regulatory / governance breaches
– Eg. Failing to comply with regulations or laws.
• Data Security
– Eg. Customer information is hacked and posted on a public website. You are sued as a board member for not providing adequate safeguards.
• Reporting errors
• Health & safety investigations / Trading Standards / Advertising Standards
• Decisions exceeding the authority granted to a company officer
Lawsuits are brought in response to actions and decisions made by Credit Union management, including but not exclusively the Board of Directors. In short, almost any day-to-day decision or action by anyone in a Credit Union can trigger a lawsuit that could not only hurt the organisation financially, but also threaten the personal assets of those Directors and Officers.
Do I need Directors’ & Officers’ insurance?
The potential for inadvertent misconduct can be heightened by the director’s and officer’s level of involvement in the Credit Union. For many, service as a Credit Union director or officer is a part time activity with little or no compensation.
In addition, the resources of Credit Unions can be insufficient to provide directors and officers with the most desirable support. As a result, decision-making may be hindered by incomplete information, insufficient time and inability to carefully investigate and document relevant factors.
Directors and Officers insurance can provide your decision-makers with the confidence to make decisions and it supports good corporate governance by making the risks of these decisions manageable and transparent.
What is Professional Indemnity Insurance?
Professional indemnity insurance, also sometimes called professional liability insurance, covers any advice you give to a client in your professional capacity and protects you should a client believe you have failed to produce work to a professional standard. For example, if you are an accountant, who gives your client financial advice which leads to them making a loss, then professional indemnity will protect you against professional negligence claims.
If your Credit Union is involved with giving clients advice or knowledge, you’ll want to consider Professional Indemnity Insurance. For Credit Unions providing mortgages or money advice, Professional Indemnity Insurance is a requirement.
Do I need Professional Indemnity insurance?
Professional indemnity insurance is not relevant to all businesses. However, if you are in the business of selling your skills or knowledge then it may be prudent to take out professional indemnity cover. Many professions are required to have professional indemnity as part of their professional authorisation, including solicitors, accountants, architects, mortgage intermediaries, insurance brokers and financial advisers. In addition, if you write articles for trade journals or magazines, then you may want to consider taking out Professional indemnity Insurance to protect you should anyone want to sue you for libel or slander.
Member Death Benefit Insurance
Some of the major challenges facing Credit Unions today are the rising cost of doing business, making Credit Unions more attractive to new members and the ever present problem of growing lending. Coupled with these is the new challenge to Credit Unions, which has come through mergers, of finding a s…Read more >
Credit Unions more attractive to new members and the ever present problem of growing lending. Coupled with these is the new challenge to Credit Unions, which has come through mergers, of finding a solution to the problem of continuing member’s benefits where these benefits were inherited due to a merger and were not part of the previous member benefit structures, particularly Death Benefit Programs.
CUNA Mutual is supporting Credit Unions that have the challenge of continuing members Death Benefit through an optional member pay Death Benefit Program that allows members to get additional end of life cover that they want, which they may have had with their previous Credit Union.
Cuna Mutuals Member Death Benefit Insurance (MDBI) is designed to remove the cost of existing programs from the Credit Union balance sheet and allow the members to pay for the insurance they need in a compliant, reasonably priced and transparent program.
Member Death Benefit Insurance (MDBI) provides the solution for Credit Unions to address the protection needs identified by Members and DBI Programs inherited by the Credit Union as the result of a merger. Many Credit Unions have stopped offering DBI due to the increasing costs of doing so, but need to find the solution to continuing to offer a death benefit program to new and sometimes existing members.
The MDBI program is not limited to Credit Unions who have gone through a merger but also made available to those Credit Unions who wish to put in place a new DBI program or reinstate a DBI program for members.
The MDBI program is arranged by the Credit Union, through the insurance intermediary CUNA Mutual Group Services (Ireland) Limited and underwritten by Covéa Life Limited in the UK, the insurer.
Members are not buying an insurance policy. The Policy holder is actually the Credit Union and by being a member of the Credit Union, eligible members can join the MDBI program.
What is Member Death Benefit Insurance?
Member Death Benefit Insurance program provides life assurance cover, (e.g. €2,500) to each member who opts to join the program and pays the full cost of his or her cover to the Credit Union. This cover can help pay towards funeral expenses, any outstanding debts or to leave as a legacy, following the death of the member while they are enrolled in the program.
Who will receive the death benefit?
Where the insurer admits a death claim on the program, the death benefit will be paid by the insurer to the Credit Union, for payment into the deceased program member’s Share Account.
Significant Features & Benefits
- Guaranteed acceptance without medical – provided they are a member of the Credit Union, joined before their 71st birthday, is or was a member of the Credit Union’s Life Savings Insurance scheme, opted to join the program before the start date of the program and are a resident in the permitted Geographical Area.
- Life cover – the fixed sum is payable on the death of a member covered by the program at the date of his or her death, where the cause of death is not excluded under the conditions stated in policy.
Currently, the MDBI Program is only available to Credit Unions in the Republic of Ireland.
For more detail on the MDBI program please consult the key facts or call CUNA Mutual on 00 353 (1) 5533500 or e-mail: email@example.com
Is your member’s information secure?
To have a better understanding of what information security means let’s firstly compare information security to how we look at security around the Credit Unions cash. We don’t want any person being able to view the Credit Unions accounts and we especially we don’t want unauthorised persons being abl…Read more >
To have a better understanding of what information security means let’s firstly compare information security to how we look at security around the Credit Unions cash. We don’t want any person being able to view the Credit Unions accounts and we especially we don’t want unauthorised persons being able move cash from one account to another.
Firstly, we put in place many secure steps before cash can be moved from the Credit Union and rightly so. Secondly, we want immediate access to the Credit Unions cash as do our members. So with cash, we value keeping it out of the hands of others, we want access to the credit unions cash when necessary. When considering the Credit Union information security we must have a similar culture of security to cash, highly controlled access by certain persons in the Credit Union and no access others.
The Credit Unions information is spread across many areas, i.e. hard drives, cloud storage, desks tops and laptops. We immediately see that having robust information security is vital especially when we view its security as we do cash. It’s vital that Credit Unions take a thorough approach to information security and have in place policies and procedures around where it is held, who has access to it and vitally those whom we don’t want to have access are restricted from doing so. Also importantly when there has been unauthorised access to the credit unions information we need a solid business continuity plan with the next steps to reduce or reduce the damaged caused.