PRA PS5/26: Credit Union Service Organisations - Finalising the Framework for Shared Services in the Credit Union Sector
Credit: Slater & Gordan
A targeted but significant policy statement confirming how credit unions can use shared service organisations to improve operational efficiency within the PRA's prudential framework.
Context:
On 20 February 2026, the PRA published Policy Statement PS5/26, Credit Union Service Organisations providing its final policy following consultation paper CP13/25. The PS confirms amendments to the Credit Unions Part of the PRA Rulebook governing credit union service organisations (CUSOs), entities through which credit unions can share resources and capabilities to deliver services more efficiently.
The policy background is the structural challenge facing the UK credit union sector. Many credit unions are small, with limited operational scale. Access to shared service infrastructure covering areas such as IT, payment processing, compliance, risk management, and back-office functions can make the difference between viability and closure. Without a clear regulatory framework for CUSOs, the risk is that shared service arrangements either fail to develop or develop in ways that create unmonitored third-party dependencies.
The PS follows the broader PRA agenda of supporting the competitiveness and resilience of the mutual and cooperative financial sector, including the Strong and Simple framework for SDDTs and the broader credit union supervisory modernisation programme.
Rules and Guidelines:
PS5/26 makes amendments to the Credit Unions Part of the PRA Rulebook to create a defined regulatory framework for CUSOs. The key changes confirm: (i) what activities a CUSO may carry out on behalf of member credit unions; (ii) the governance and oversight obligations on credit unions that participate in a CUSO; (iii) how PRA prudential requirements interact with CUSO structures including capital, liquidity, and operational resilience obligations; and (iv) the notification and reporting obligations for material third-party dependencies arising from CUSO participation.
The PS also confirms that credit unions participating in CUSOs must maintain adequate oversight of the CUSO's activities, consistent with the PRA's broader operational resilience expectations. This means credit unions cannot treat CUSO participation as a way to outsource regulatory accountability; they remain responsible for ensuring the services provided through the CUSO meet the standards their own customers and the PRA expect.
No new consultation is required following PS5/26; the final rules are in place. The effective date and implementation timeline are set out in the PS.
Businesses Affected:
All PRA-authorised credit unions in the UK, whether or not they currently participate in or plan to form a CUSO.
Existing shared service providers and technology vendors serving the credit union sector will need to understand how their arrangements interact with the CUSO framework.
Credit union trade associations and networks, whose members will need guidance on implementing the new framework.
Any entity considering establishing a CUSO or entering into a shared service agreement with a credit union.
Next Steps:
Review PS5/26 against any existing shared service arrangements. Ensure current contracts and governance structures are consistent with the final CUSO framework.
Assess whether existing or planned shared services would constitute a CUSO under the new definition, and if so, whether the notification and oversight obligations are met.
Review credit union board governance to ensure adequate oversight of CUSO activities is in place; this should be documented in operational resilience and third-party risk frameworks.
For credit unions considering forming a CUSO: take early legal and regulatory advice to structure the entity in a way that is consistent with PS5/26 from the outset.
Source | Prudential Regulation Authority | Credit Union Service Organisations
