Canada’s credit unions are doing a good job of managing their environmental, social and governance (ESG) risks, despite a couple of notable lapses, according to DBRS Morningstar.

In a new report, the rating agency said that credit unions in Canada face a variety of ESG risks, but they they are largely under control.

For example, on the environmental front, DBRS reported that credit unions “have a minimal carbon footprint with little or no direct exposure to the oil and gas industry.”

It also found that the sector’s co-operative structure “incentivizes a low-risk community banking model that has exhibited strong standards related to corporate governance and business ethics.”

Given their model, credit unions generally don’t seek to maximize profitability, DBRS said.

“This results in generally strong product governance standards as credit unions tend not to incentivize employees to upsell products in a bid to generate additional revenues,” it said.

In fact, it noted, several credit unions have dropped sales targets for their frontline staff to discourage upselling.

“For the most part, credit union employees perform an advisory role rather than a sales role, guiding members to suitable products for their individual needs,” the report said, adding that credit unions have sought to help customers by developing alternatives to payday loans with substantially lower interest rates.

The report added that credit unions often have a “positive social impact on local economies,” noting that they provide financial services in underbanked areas and “contribute substantially to social causes.”

However, there have been exceptions.

For example, DBRS noted that PACE Savings and Credit Union Ltd. was placed under administration by regulators in 2018 “because of concerns surrounding board governance and its management processes and controls.”

PACE’s investment subsidiaries are currently being wound down, and a couple of former executives at its investment dealer arm are facing disciplinary allegations.

The report also pointed to data privacy and security as an increasingly important risk for credit unions as their businesses migrate online.

“With the exception of Desjardins Group, credit unions have not reported large-scale incidences of data theft or cybersecurity breaches; however, there have been large-scale thefts of credit and debit card information from third parties (Equifax and Global Payments Systems) that potentially expose credit unions to reputational risk,” the DBRS report said.

In Desjardins’ case, “its strong franchise and unique position as a systemically important financial institution in Québec insulated it from any significant financial or reputational damage,” DBRS said.

“It was also helpful that Desjardins got in front of the problem early and provided necessary compensation and support to its members and clients.”