We have investigated St Machar Credit Union’s (SMCU) use of personal accounts to facilitate faster payments for members, which has given rise to serious concerns in relation to SMCU’s risk management systems.
SMCU set up personal accounts with six banks in the name of an employee - rather than an account in the name of SMCU - and used them to facilitate faster payments to members between 2009 and December 2014. SMCU failed to consider the risks associated with such an arrangement, which included the loss of control and/or legal rights to monies once the funds had been transferred to the personal accounts.
SMCU’s failure to put in place adequate risk management systems commensurate to the nature of its business exposed its members to the risk of financial crime. When this concern was brought to SMCU’s attention, they failed to immediately cease the practise or consider other options.
Working with us to resolve the issue, SMCU has given a voluntary undertaking not to use personal bank accounts to facilitate credit unions business, and will ensure that all credit union monies are paid through accounts held in the name of St Machar Credit Union.
SMCU has agreed to publish the following statement on their website for a period of six weeks, commencing from 9 March 2015:
“Between 2009 and 2014 St. Machar Credit Union (“St. Machar”) set up personal accounts with six banks in the name of an employee and used them for transacting credit union business. The accounts were used to transfer credit union funds, in excess of £1m per annum, to make faster payments whilst avoiding bank charges. St. Machar failed to recognise the risks associated with this action and failed to disclose the true nature of the accounts to the banks used for this purpose. Whilst the FCA acknowledges that St. Machar’s intention behind using the personal accounts was to enable it to process payments faster for its members, this behaviour still fell below the standards that the FCA expects under the FCA's Principles of Business.”