76B.— (1) In this section—

"compliance programme", in relation to a credit union, means the policies, procedures, systems and plans the credit union puts in place to monitor compliance, on an ongoing basis, with its obligations including requirements under all legal and regulatory requirements;

"risk management system", in relation to a credit union, means the sum of those components that provide the basis (including organisational arrangements) for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the credit union;

"systems and controls", in relation to a credit union, means a set of arrangements designed to provide reasonable assurance regarding the achievement of objectives in relation to the effectiveness and efficiency of operations, reliability of financial reporting and compliance with all legal and regulatory requirements.

(2) A credit union shall develop, implement, document and maintain a risk management system with such governance arrangements and systems and controls to allow it to identify, assess, measure, monitor, report and manage the risks which it is, or might reasonably be, exposed to.

(3) The risk management system—

(a) shall be clearly set out and documented, and

(b) shall clearly set out the related tasks and responsibilities within the credit union.

(4) A credit union shall develop, adopt, implement, monitor, document and maintain systems and controls to manage and mitigate the risks identified by the risk management system.

(5) A credit union shall develop, implement, document and maintain a compliance programme that allows it to evaluate compliance with its obligations under this section including compliance with all legal and regulatory requirements.]