Compliance at the core
Data Security and Compliance are embedded into all our solutions. Our Compliance & Data Protection Officer works closely with our customers and regulatory bodies through Special Interest Groups, to drive output and delivery of regulatory initiatives, and provide updates regarding legislative developments. This close relationship ensures all our solutions continue to be fully compliant and secure.
SEPA Instant Payments
A game-changer for the Irish banking landscape and the implementation dates are approaching. This EU driven initiative mandates that Irish Payment Service Providers (PSPs) within the existing SEPA Scheme, must offer the ability for consumers to receive and send a credit transfer within x10 seconds. 9th January 2025 (receiving) and 9th October 2025 (sending) is the specific timeline to be working back from.
This is a huge opportunity for the Irish Credit Union sector, and one that we at Wellington IT are proud to be promoting and helping to shape the success of.
Making it a success is built on a strong risk and control framework which will continue to evolve in the second half of 2024, as well as on the foundations of a robust, resilient and routinely stress tested IT infrastructure. Check out the strategy towards continued operational resilience and efficiencies below. Learn more about our approach to SEPA Instant Payments in our blog here.
ISO 27001:2022 via Certification Europe
Certification Europe assesses the Wellington IT Information Security Management System credentials against the ISO 27001 Standard on a semi-annual basis, partnering to help mitigate evolving data security threat types as they relate to the needs and expectations of Credit Unions, against the ISO 27001 pillars of Confidentiality, Integrity and Availability of data.
Operational Resilience & D.O.R.A
The increasing regulatory focus on how firms across the financial and technology space demonstrate that they have sufficient operational capabilities, is one that is not going to subside.
Credit Unions offering an increasingly diverse range of cutting-edge digital services, brings them and IT Service Providers like ourselves at Wellington IT, right into the supervisory lens.
Navigating through and now living by the initial Central Bank of Ireland Guidance on Operational Resilience, in establishing a Framework that meets the CBI’s x3 Pillars of O.R, is what sets standards around how to demonstrate our collective capabilities in managing operational disruptions.
That increasing regulatory focus may, in time, bring in the Digital Operational Resilience Act (D.O.R.A) for Credit Unions, and lift the current exemption.
Gap analyses would suggest that what D.O.R.A proposes can leverage much of what is already contained within the existing O.R Framework.
These are best practices that would demonstrate good governance and an awareness of what an appropriate risk management environment should look like in the face of evolving digital risk types.
For those reasons D.O.R.A will remain on the radar at Wellington IT with consideration for the Central Bank of Ireland’s ‘Thematic Review of IT Risk’, and the wider consumer protection outlook at a supervisory level.
A sample of Scion's built-in Regulatory Reporting
CESOP
Central Electronic System of Payment information is a new 2024 reporting requirement for Credit Unions to record and report transactional data of cross-border payments to the Revenue. The purpose of the EU initiative to centralise the assessment of emerging VAT fraud across the region.
ISBAR
Launched by the Central Bank of Ireland in 2023, the Ireland Safe Deposit Box Bank and Payment Accounts Register was set up to address links between suspicious and criminal transactional activity and consequently the need to identify account ownership and beneficial ownership.
Paystats
The Payment & Fraud Statistics (‘Paystats’) report is generated from Scion on a quarterly/semi-annual basis (depending on the size/scale of the Credit Union), to provide the Central Bank of Ireland with information on innovative payment services and channels, payment schemes, and fraudulent payment transactions.
CCR
The Central Credit Register was enacted in response to the Credit Reporting Act 2013, and is fed detail on consumer (Credit Information Subject – the “CIS”) credit and specifically loans data, on a monthly basis. The source data in Scion is continually updated to reflect the obligations of Credit Information Providers (“CIPs” – the Credit Union).
SEPA Instant Payments Reporting
Coming 2025.
Operational Incident Reporting (D.O.R.A)
A key feature of the regulation should Credit Union exemption be lifted.
Grant Thornton Due Diligence Review
In accordance with the 1997 Credit Union Act and the Central Bank of Ireland’s Credit Union Handbook, the Wellington IT User Group (WUG), via Grant Thornton, performs Due Diligence assessments on key components of the business; IT & Data Security, Governance, Finance, Risk Management, Data Protection and Business Continuity. The thorough assessment is designed to stress test the Wellington IT infrastructure providing Credit Unions with the assurance that there is full compliance with industry standards and best practices.