Document libraryIn this
section

Internal controls

On this page...

1 Internal control and risk management - at a glance

  1. Adequate internal controls are a key characteristic of a well run scheme and a key component of the trustee’s role in securing member benefits. An adequate system of internal controls contributes significantly to the safe custody of scheme assets and protects the scheme from adverse risks.
  2. This guidance[1] provides educational support for trustees, including how practically to meet the standard described in the regulator's code of practice on internal controls (‘the code’), with a view to raising standards in governance.
  3. We include a number of important messages throughout, including activities we would expect all trustee boards to undertake. We also identify control procedures we would expect trustees to operate, illustrating their importance using a variety of examples.
  4. The guidance is designed to provide practical help to manage compliance with the obligation to establish and operate internal controls which are adequate for the purpose of securing that the scheme is administered and managed in accordance with:
    • the scheme rules
    • the requirements of the law and
    • the standard as expressed in the code
  5. The guidance is structured to help users navigate through to material on controls for specific risks (sections 8–14). Sections 2–7 explore the risk management process and roles and responsibilities of trustees.
  6. We strongly recommend the use of risk management as a tool to identify risk and develop internal controls. As part of this exercise, we would expect trustees to formally document risks in a risk register.
  7. The guidance provides specific help on the following risks:
    People
    1. A lack of knowledge and understanding
    Processes
    1. Conflicts of interest
    2. Ineffective relations with advisers[2]
    3. Poor record-keeping
    4. Deterioration in the employer(s) covenant
    5. Investment risk
    6. Ineffective retirement processes
  8. Whilst not exhaustive, these risks represent priority areas that challenge most trustee boards. Our research indicates that these are particular areas where improvement in trustee governance is required. Trustees should consider which of these (or other) risks pose a greater or immediate threat to their scheme and should rank each risk area and address in order of priority.
  9. We would expect all these risk areas to have been addressed over a reasonable period time. However, trustees need to be alert to all other risks which could affect the running of their scheme. We will update this guidance when further support is needed.
  10. The content is applicable to trustees of all schemes. It provides practical assistance in risk management and internal controls, and should be read in conjunction with the Code. Material has, however, been developed particularly with smaller trust-based schemes in mind as these trustees may require additional support although we expect the level of protection for members of all schemes to be of a good standard.
  11. Instituting a robust controls framework provides reasonable assurance that procedures are undertaken properly. For example they provide comfort that benefits are paid in accordance with scheme rules, investment risk is managed and the likelihood that funds could be misappropriated is reduced.
  12. A failure to comply with the legal obligation to establish and operate adequate internal controls is a breach of law and could result in regulatory intervention. Where appropriate we will use our statutory powers.

Footnotes for this section

  • [1] This guidance supersedes the previous Internal controls guidance published February 2007
  • [2] 'Advisers' also includes those who provide services to the scheme and agents

2 About this guidance

  1. This guidance and associated principles has been produced for trustees and managers of all occupational pension schemes and is especially constructed to assist trustees of smaller schemes. However, the principles, procedures and underlying benefits of establishing and operating adequate internal controls outlined in this guidance will be equally important to all schemes.
  2. This guidance supplements information provided in our e-learning toolkit and the Trustee Knowledge and Understanding (TKU) framework (Code of practice No 7), and the scope of knowledge and understanding documents.
  3. Our guidance has been developed on the basis that trustees adopt a risk management approach to implementing adequate internal controls, as recommended in the code.
  4. Firstly, sections 3 to 7of the guidance outline the process trustees should follow when seeking to identify and manage risks, including their roles and responsibilities. It’s important that trustees familiarise themselves with these sections. Sections 8 onwards consider key risks which trustees should address in order of priority, over a reasonable period of time.
  5. Reference to scheme operations in this guidance includes outsourced activities, for example record-keeping and administration. Trustees need to demonstrate that outsourced functions are adequately controlled and managed, noting crucially that they are still legally responsible for these.
  6. This guidance doesn’t address every risk. It does however explore significant risks common in most trust-based defined contribution (DC) and defined benefit (DB) arrangements, risks we expect trustees to address.

Smaller schemes

  1. Although the guidance has been especially constructed to assist smaller schemes, it will enable all schemes to identify and prioritise risks and then navigate to detailed guidance on systems and controls. Larger schemes will generally be guided by their scheme secretary and/or pensions manager about technical and governance issues. We recognise that there may be some inherent limitations for smaller schemes due to resource and financial constraints, particularly for very small schemes.
  2. It is nevertheless important that standards in smaller schemes are acceptable and members are not exposed to greater risk. Trustees will need to use their judgement when assessing which risks should be addressed first. Sections 3 to 7 will help trustees manage this process. If trustees of these schemes cannot reach these standards under their current configuration, they should look at alternative solutions such as sourcing or supply arrangements.
  3. Smaller schemes may need to tailor their approach to developing controls, particularly where many or most functions have been outsourced. We would expect smaller schemes to have formal procedures for managing risk.
  4. This guidance is accompanied by an e-learning module to make the material more accessible, and provide a path through the process.

Contract-based arrangements

  1. This guidance and the code, do not apply to contract-based workplace DC arrangements. Contract-based pension providers are required to establish and maintain systems and controls under the Financial Services Authority's regulatory framework (the FSA was succeeded by the the Prudential Regulation Authority and the Financial Conduct Authority on 1 April 2013). However, employers who offer contract-based pensions to their employees may find this guidance a useful partner to monitoring your pension scheme - management committees for employers (PDF, 57kb, 13 pages).
  2. This guidance will also be of interest to scheme advisers and those providing services to occupational pension schemes.

3 The role of risk management

  1. Trustees should regularly (eg annually) undertake risk assessment exercises to identify whether their existing system of internal controls is still fit for purpose – do they prevent and detect errors in existing scheme operations, and will they help mitigate new risks?
  2. Risk management is an ongoing process. Trustees should continually review exposure to new and emerging risks, including significant changes in or affecting the scheme.
  3. The code and our previous guidance considered the various stages of a typical risk management cycle (illustrated below), together with the likely outcomes for each stage.

The scheme risk management cycle

Scheme risk management cycle - a continuous circular diagram of: Set objectives, Identify risks, Define success criteria, Assess risk, Produce action plan, Implement action plan and Monitor and review.

  1. The stages of this process are summarised in appendix A, but broadly, when addressing risk, this should be done in four stages:
    1. identification
    2. evaluation
    3. managing
    4. monitoring
  2. These stages have been adapted into principles (see Table 1 below) which will result in a number of benefits to the scheme as well as helping to meet legal requirements. Trustees should continually gauge the extent to which they have addressed these principles when establishing adequate internal controls, noting that compliance should result in meaningful outcomes for the scheme and its beneficiaries.
  3. The summary of principles represents key aspects of an effective system of internal control. These principles have been developed in a manner consistent with guidance issued by other financial regulators, including guidance for company directors[3].

Table 1: Principles for developing an adequate internal controls framework

Principle 1: Understanding the importance of adequate internal controls

Trustees should:
1.1 be aware of their fiduciary obligations to beneficiaries and ensure that they are satisfying the legal requirements to establish and operate adequate internal controls;
1.2 recognise that adequate internal controls contribute to raising standards of governance;
1.3 establish an effective system of adequate internal controls including formal procedures, eg documented controls, risk register and policies; and
1.4 consider disclosing to members a statement on their assessment of key risks and internal control procedures, eg in their annual report and accounts.

Principle 2: Identifying risk

Trustees should have a clear understanding of scheme operations and:
2.1 regularly consider the nature and extent of internal risks; and
2.2 regularly consider the nature and extent of external risks.

Principle 3: Evaluation of risk – assessing impact

Trustees should:
3.1 develop a process for evaluating risks;
3.2 consider the impact that risks may or will have on scheme operations; and
3.3 assess the probability of a risk materialising.

Principle 4: Managing risk

Trustees should:
4.1 ensure internal controls are sufficient to prevent and detect errors; but
4.2 understand that internal controls reduce, but do not eliminate, risk.

Principle 5: Effective monitoring of controls

Trustees should understand that establishing effective internal controls is not a one-off exercise and therefore:
5.1 have procedures in place to regularly monitor the effectiveness of their internal control system; and
5.2 ensure controls are kept up to date and capable of mitigating new and emerging risks.
  1. For schemes that already have processes in place, this guidance will be a useful tool to assess the adequacy of existing arrangements. It will prompt trustees to:
    • consider exposure to new and emerging risks
    • assess exposure to specific risks
    • evaluate the adequacy of existing controls
    • understand what the regulator’s expectations are in respect of developing an adequate internal controls framework
  2. An early stage of a formal risk management review (identify risks) provides an opportunity for trustees to record all those risks to which their scheme is exposed. Table 2 summarises underlying risks, relevant to areas addressed in this guidance, which the regulator would expect all schemes to manage efficiently and effectively, with example control procedures. However, trustees must bear in mind that this list is not exhaustive.

Table 2: Risks and control procedures

Risks Control procedures
Function: General

Existing controls not operating effectively.

Trustees fail to demonstrate ability to manage risk; poor information on scheme stewardship disclosed to members.

Non-compliance with scheme rules and legislation.

Computerised systems failure or corruption.

Interruption to computerised data processing and handling.

Adequate internal controls developed to mitigate identified risks.

Controls framework regularly evaluated; changes made promptly.

Risk register used to record risks and document controls.

Disclosure of risk management activities in the trustees’ annual report.

Compliance review/audits and seek advice where needed.

Appointment of a scheme secretary to help coordinate the running of the scheme.

Controls over information technology including:

  • Disaster recovery plans
  • Access restrictions including password protection
  • Maintenance of hardware and software
  • Regular back up or data and systems
  • Testing of information technology (IT) recovery plans
Function: Trustee knowledge and understanding

Poor scheme management (ineffective stewardship by those with delegated responsibility).

Trustee board has inadequate skills and competencies.

New trustees not suitably trained within six months following appointment.

Trustees do not refresh or maintain levels of knowledge and understanding.

The trustee board does not have necessary skills to manage a particular event.

Reliance on skills and knowledge of one trustee.

Chair or other designated trustee engages with the employer to manage the trustee appointment process.

Chair or other designated trustee manages the retention process ensuring all trustees have or can develop necessary skills.

Regular review of trustee skills and competencies to identify knowledge gaps (including, where possible, trustee rotation), including annual self assessment of trustee effectiveness.

Training policy with regular training provided to develop skills. Tasks delegated to sub-committees with specific competencies.

Regular trustee meetings; decisions and actions agreed within the formal structure of trustee meetings; minutes maintained and approved for all meetings.

Function: Conflicts of interest

Decisions coloured by actual, potential or perceived conflicts.

Biased funding negotiations.

Lack of independence from scheme advisers.

Advisers’ own internal conflicts

Conflicts management procedures documented in a policy.

Conflicts included as an opening agenda item for trustee meetings and minuted accordingly.

Register of interests; reviewed at least annually.

Processes to manage advisers (eg formal appointment procedures).

Appointment of an independent trustee where necessary.

Ensure advisers disclose how conflicts are identified and managed out.

Function: Relations with advisers

Sole reliance on key personnel.

Poor quality advice – lack of adequate expertise.

Trustees unclear of roles and responsibilities.

Advisers inappropriately influence decisions.

Failure to seek advice when required.

Failure to identify when advice is needed.

Documented appointment procedures.

Regular appraisal of performance.

Assessment of performance against service level agreements.

Identify situations when advice is needed; sufficient trustee knowledge and understanding to know when to seek advice and when to challenge advice.

Function: Record-keeping

Non-compliance or maladministration by in-house or third party administrators, eg:

  • Computer system or database failures
  • Member salary records are inaccurate
  • Service records incomplete
  • Employment details not recorded (important if members employed by different employers within a group scheme)
  • Errors in investment holdings and custodian reports
  • Manual benefit calculations
  • Unclear benefit structures (inaccurate benefits)
  • Benefits not paid in accordance with scheme rules
  • Payments to non-beneficiaries, fraudulent claims
  • Monthly contribution records not reconciled
  • Ad-hoc reconciliation of member units to investment records
  • Errors in member switches and delays in lifestyling arrangements
  • Late investment of contributions
  • Misappropriation of assets

Peer review of key controls by trustees (or scheme secretary), pensions manager and/or senior administrators.

Presentation of administration reports to the trustees.

Review of service level agreements.

Appraisal of independent assurance reports on internal controls (AAF01/06 reports etc) obtained by administrators.

Appraisal of service providers.

Assessment of quality control review procedures adopted by third party administrators (eg independent assurance reports).

Quality assurance procedures – management review and sign off of manual procedures (eg complex benefit calculations).

DC: frequent reconciliation of member units to investment manager totals of investment units.

Weekly/monthly reconciliation of contributions received to payroll details; regular dialogue with payroll providers.

Member data review exercises - test existence of common and conditional data fields.

Daily or weekly bank reconciliations.

Segregation of duties.

Function: Employer covenant

Deterioration in employer covenant.

Longer-term risk to members’ benefits.

Cash flow risk to funding.

Corporate transactions.

Late/non-payment of contributions.

Employee contributions used to alleviate cash flow.

Employer unable to meet scheme cost.

Regular dialogue with employer(s).

Monitor financial performance of employer/associated businesses.

Procedures to alert trustees to corporate transactions etc – employer agreements, credit rating agencies.

Review scheme funding risk and assumptions.

Statutory ‘whistle-blowing’ of late contributions.

Function: Investment

Inactive to poor investment performance and returns.

Inappropriate investment strategy.

Ineffective advice received from investment managers.

Independent advice not obtained (see conflicts above).

Regular review of investment funds.

DC: review of investment choices for members.

Regular review of performance of investment funds.

Regular review of suitability of investment strategy.

Reconciliation of investment transactions to investment reports.

Monitoring performance of investment managers.

Function: Retirement

Schemes do not offer OMO clearly and simply for DC benefits.

Delays in paying member benefits.

Over/under payment of member benefits.

No member communications in lead-up to retirement.

Members not aware of impaired annuities due to ill health.

Inaccurate member contact details.

Members approaching retirement are contacted and informed of various retirement options.

Scrutiny and oversight of benefit calculations/payment processing.

Staged communications in lead-up to retirement.

Include key information clearly in member communications.

Assessment of adequacy of retirement process including OMO take up.

Reminders to members to notify changes in addresses.

  1. Trustees should have a clear understanding of key controls in place. We recommend that these are documented.

    Have key controls been documented?

Footnotes for this section

  • [3] Internal control: Revised guidance for Directors on the Combined Code, published by the Financial Reporting Council

4 The trustees’ role

  1. It’s vital that members’ benefits and scheme assets are not put at risk as a result of poor controls. Trustees have a legal obligation to act in the best interests of the scheme’s beneficiaries. It’s essential that trustees understand their scheme rules and all relevant legal requirements to ensure that controls aim to secure that the scheme is administered and managed in accordance with these. If trustees are in any doubt about scheme rules or applicable law they should seek independent legal advice.
  2. As part of the development of an adequate internal controls framework, trustees must ensure that they have identified, documented and mitigated key risks. We would expect trustees to use a risk register for this exercise.

    Do you record risk in a formal risk register?

  3. This should include an assessment of the implications of risks identified and solutions for managing risk. Where the crystallisation of a risk has adverse financial consequences for a scheme, this will be detrimental to scheme members and potentially also to sponsoring employers. For example, inaccurate data and scheme records may result in under or over payment of benefits. Over time, this will impact on the funding of a scheme.
  4. Recording risks in this manner helps to formalise risk management procedures and provides trustees with a central reference point for future trustee meetings.
  5. Risks inherent in smaller schemes may be quite different to those of larger schemes; smaller schemes tend to outsource key functions and often rely on key external advisers.
  6. It’s not uncommon for a series of services to a scheme, including the maintenance of books and records, calculation of benefits, reconciliation of investment holdings and bank accounts, and the provision of reports for trustee meetings to be provided from one source. Where this is the case, trustees need assurance that risks associated with a lack of segregation of duties are adequately controlled and managed.
  7. Key controls operated by the service provider should include peer review of calculations and reconciliations, as well as clear mandates for banking and investment, eg authorisation procedures.
  8. Trustees need to verify both the existence and the effectiveness of a control or combination of controls. These should be suitably designed to prevent and detect errors which could result in the failure of achieving specified control objectives. The evaluation process will reflect on the effectiveness of controls against suitable success criteria. It should consider the impact and likelihood of occurrence of a risk. Many schemes use relatively simple approaches to scoring risk, including the two-dimensional scoring model illustrated below.

Table 3: Risk scoring model

Table 3 - Risk scoring model. A chart showing the classification of risk eg red, amber or green. X axis of Level impact on the scheme (eg financial) and Y axis of Likelihood of occurrence. Green - Low likelihood and low level of impact. Amber - Low likelihood and high level of impact or High likelihood and low level of impact. Red - High likelihood and high level of impact.

  1. The classification of risk, eg red, amber or green, will dictate the extent to which mitigating action needs to be taken. It will be dependent upon a number of factors, including judgement. A risk categorised as red will require immediate attention as it represents a significant threat to the scheme. It would therefore be preferable to avoid these risks altogether, where possible. A practical approach for formally recording, assessing and scoring risk is considered further in appendix B.
  2. However, simply recording and evaluating risk doesn’t result in risks being managed. As part of the management process, trustees need to ensure that controls are suitably designed and implemented. Trustees will need to consider a number of issues including:
    • How the control is performed and the skills of the person performing the control.
    • What level of reliance can be placed on IT solutions if processes are automated?
    • Whether or not a control is preventative or detective, ie whether it would stop something from happening or merely detect something that has already happened.
    • The frequency and timeliness of a control process, eg daily/weekly reconciliations.
    • The process (or reporting mechanism) for flagging errors or control failures.
  3. Once trustees are confident that controls have been effectively designed and implemented, they should ensure that they continue to operate effectively. This ongoing monitoring and review process will ensure that control procedures continue to be effective. Trustees should consider information drawn from a number of sources including internal audit reports, complaints, administration reports and external audit reporting.

    Do you regularly review risk and monitor effectiveness of controls?

  4. Legislation requires trustees to establish and operate controls which are ‘adequate’. This guidance sets out processes and controls that the regulator considers to be adequate for the purposes of satisfying the legal requirement. It’s intended to give practical guidance on meeting the standard described in the code. As noted in the code (para 28), trustees will need to exercise a degree of judgement when seeking to mitigate risk, for example where longer-term benefits of implementing a control exceed related costs (particularly likely for higher risk areas such as employer covenant for DB schemes). Any framework should give trustees reasonable assurance that operations are performing properly.
  5. Whilst this guidance seeks to provide further support to trustees, it’s recognised that good governance generally depends very much on the behaviours and culture of the trustee board and the employer.
  6. Reliance is placed on the capabilities of trustees: the chair of the trustee board needs to ensure that the scheme embraces the standards of practice identified in this guidance. The chair needs to help ensure that the trustee board has the correct mix of people, skills and experience and that conflicts are identified and managed, noting that good governance leads to effective decision making.

Other guidance to consider

The Institute of Chartered Accountants of Scotland has produced guidance for pension trustees[4] on assessing and managing risks.

Pensions Administration Standards Association (PASA) have developed a free risk matrix tool that will help trustees review the operation of scheme administration and carry out a high-level assessment of current risk. This tool is available on the Raising Standards of Pensions Administration website.

References and links to materials from other bodies are provided for convenience only. The regulator is not responsible for, has not verified and does not endorse the content, viewpoints, products or services described in these materials. The fact that a reference or link is included here should not be used for advertising or promotional purposes.

  1. Internal controls provide a mechanism for managing and measuring a scheme’s exposure to risk. Internal controls are an essential component of the trustee governance model and invariably assist in the protection of member benefits.
  2. Trustees’ ability to mitigate key risks will provide good levels of assurance, and voluntary disclosure of a governance statement will help to demonstrate their accountability to members. Whilst trustees should seek to avoid ‘boiler plate’ statements, their commentary could include matters relevant to risk management and controls related activities. This includes reference to successful outcomes and mitigations, akin to the disclosure requirements for charities. Our research has identified that there is good support for such reports from both trustees and scheme advisers.

    Do you disclose to members matters relating to risk management?

  3. The statement could help to identify the key risks that the scheme is exposed to and the actions trustees have undertaken to address them, including evaluation and management techniques. Whilst it’s probable that the natural home for such a report would be the trustees’ annual report and accounts, information could be included in other member communications.

5 Compliance with the regulatory framework

  1. The legal obligation[5] to implement adequate internal controls is wide reaching. It covers a broad range of governance functions including operational, financial, funding, regulatory and compliance processes and risk. The need to establish adequate internal controls therefore relates to the totality of a scheme’s operations.
  2. Trustees need to be familiar with our code and guidance. Where we engage with trustees we may make enquiries about their scheme’s internal controls framework. Our starting point will be to expect trustees to be able to demonstrate application of the practices identified in this guidance and explain divergence if they have sought to comply with the law in an alternative way.
  3. A failure to implement adequate internal controls is a breach of law. Where the failure to operate adequate internal controls is deemed to be materially significant, for example where the design or absence of a control could result in a persistent underpayment of benefits, we expect to be notified under the ‘whistleblowing’ framework.
  4. In some circumstances we may consider using statutory powers to rectify failures that result in risks to beneficiaries. This could include the use of Improvement Notices, the appointment of an independent trustee or any other of our powers that may be appropriate.
  5. Furthermore, certain events (notifiable events) are notifiable to the regulator as soon as they occur. Trustees should have controls in place which identify these and other reportable events so they can make a report to the regulator in a timely manner.

Footnotes for this section

  • [5] Section 249A of the Pensions Act 2004 as inserted by the Occupational Pension Schemes (Internal Controls) Regulations 2005 SI 2005/3379

6 Focusing on key risks

  1. The trustees’ primary focus in implementing an internal controls framework should be on the key risks to their scheme. These are the risks that are critical to the scheme and are likely to have a material impact on the scheme’s ability to provide member benefits if not managed effectively.

    Do you have a clear understanding of the key risks to your scheme?

  2. When considering exposure to risk, trustees should evaluate which risks may fall within this category and implement controls that are both proportionate and pragmatic.
  3. The evaluation process will help trustees direct limited resources to priority areas: more detail on this is provided in section 4, The trustees’ role. The important point to note is that all risks should be addressed in a sensible order of priority, starting with those which will have the greatest potential impact.
  4. Whilst a scheme’s risks will vary according to its nature (eg DB or DC), status (eg open or closed to new members, in wind-up), funding position and size, the need to implement control procedures remains.

7 Key risk areas covered in this guidance

  1. Trustees should address, in order of priority, all risks to their scheme. It is, however, important to draw a distinction between routine risk (matters relating to daily operations of the scheme which trustees should be familiar with), and event specific risk (risk inherent in a non-routine event, eg switching administrators, corporate activity, which trustees will need to plan and prepare for).

Table 4: Internal controls linked to priority risks

Internal controls linked to priority risks - a transcript of the table is available as a PDF below.

Transcript of Table 4: Internal controls linked to priority risks (PDF)

  1. Key risk areas addressed in this guidance are not exhaustive. Our research highlights the following as particular areas where improvements in standards of governance are required, so we would expect the assessment of risk to include these areas:

    A lack of knowledge and understanding

    the processes for developing trustees’ knowledge, so that they are sufficiently equipped to run the scheme, are control functions and should be designed to identify and manage skill gaps and maintain competencies.

    Conflicts of interest

    whilst we’ve published guidance specifically in relation to managing conflicts of interest, a number of important messages are included in this guidance that are attributable to risk management of conflicts.

    Ineffective relations with advisers

    scheme advisers play a key role in the trustees’ ability to manage their scheme effectively. Trustees need to ensure that controls are in place to manage the appointment of advisers and delivery of information, advice and services provided by advisers.

    Poor record-keeping (including financial risk)

    failure to maintain accurate and complete member data and records will result in a risk to members’ benefits and financial risk. Effective financial controls, including the maintenance of proper accounting records, are an important element of internal control[6].

    Deterioration in the employer(s) covenant

    trustees need to understand the strength of the employer covenant and be alert to material changes to it (either to the employer’s legal obligation to fund the scheme or to the employer’s financial strength) and should introduce control procedures to help facilitate this.

    Investment risk (including financial risk)

    controls over investment-related activities are a vital function for all trustee boards. However, it’s also important to differentiate risks and controls associated with DC and DB schemes. The underlying approach to investment management will be fundamentally different and, as such, so too will be the nature of risks. Many DB schemes also include a DC element (AVC (additional voluntary contributions) arrangements for example). It’s important that trustees establish adequate controls for these arrangements similar to those for a pure DC arrangement.

    Ineffective retirement processes

    leading up to a member’s retirement trustees need to ensure suitable controls are in place that may result in better pension outcomes for members. This would include the communication of clear and timely information and support for members of DC schemes exercising the open market option (the legal requirement for members of a DC scheme to purchase an annuity from a provider of their choice).

Footnotes for this section

  • [6] Source: Internal controls - Revised guidance for Directors on the Combined Code (October 2005)

8 A lack of knowledge and understanding

  1. Our TKU code of practice, together with associated scope guidance, addresses the need for robust systems and controls in a number of different areas. In addition, we’ve produced a number of free learning resources which will help trustees satisfy their legal duty to have the necessary knowledge and understanding, principally our e-learning Trustee toolkit and bite-size learning modules.

Why is this important?

  1. To undertake their role effectively and achieve the best outcomes for scheme beneficiaries, legislation requires trustees to have sufficient knowledge and understanding of their legal duties, their scheme and the legislative and regulatory framework. Failure to manage and develop skills will result in adverse outcomes[7].

What behaviours do we expect to see?

  1. Training is an important feature of a well-run scheme. The extent and nature of tailored trustee training should be planned and managed by doing a ‘training needs’ analysis (or training plan) and keeping a log of all training undertaken.
  2. Trustees should, with assistance from professional advisers if necessary, or using the Trustee toolkit and other educational and guidance materials, assess the capabilities and learning requirements of the trustee board. Trustees need to be confident that they are sufficiently equipped to deal with new and emerging issues. The scheme secretary or pensions manager can play an important role in supporting this process and often guide trustees on developing and ensuring good governance.
  3. Trustees should take advantage of the regulator’s free online e-learning Trustee toolkit if they haven’t already done so and work their way through the whole syllabus.

    Have you completed the regulator’s free online training?

  4. A number of modules refer specifically to the application of internal controls and illustrate how these may be applied.
  5. The trustees of a well-run scheme will have a clear understanding of how their scheme should operate. This would include a sound knowledge of important documents such as the trust deed and rules, member booklets, any statement of investment principles, statement of funding principles, and any other policy documents relating to the administration of the scheme. It’s important that documents are up to date, filed safely and securely and are readily accessible to all trustees.

What control procedures do we expect to see and what are the benefits?

  1. A key control for any scheme is the ability to identify knowledge gaps or skills required for event specific risks/activities (see table 4). Whilst the law requires a minimum threshold for knowledge and understanding in general, trustees also need to be equipped with the necessary skills to deal with some complex issues that may arise infrequently.

    How do you control the learning needs of trustees?

  2. As noted in our TKU code of practice (para 48), trustees should annually review their own knowledge and understanding and undertake training as required. This could include revisiting e-learning modules.
  3. Alternatively, schemes may wish to take a more collective approach to training. This could include commencing each trustee meeting with a training session. Different formats could be used including discussion on particular TKU modules or input from scheme advisers (many of whom are willing to provide training free of charge).
  4. Smaller schemes place considerable reliance on key external advisers, for example, the scheme lawyer, administrator or consultant. They will often provide a general steer on technical matters or help provide direction to complex discussions; they may assist in identifying where legal advice is needed. Technical training could therefore be provided prior to their input, during formal meetings.
  5. Many schemes assess the skill base of their trustee board and compare this to skills required over, say, the next 12 to 18 months, identifying those critical events which may be taking place over the same period. Where gaps are identified, suitable training can be planned in advance, enabling the trustee board to tackle issues more effectively.
  6. To help map skills and training requirements against scheme activities, trustees may wish to develop a training log to record continuing professional development and help plan future training. This would also help to designate activities to trustees with particular skills. The example below illustrates how a training record can be developed. It provides a useful tool to record and identify training requirements.

example training log

  1. Taking this a stage further trustees may wish to develop a training policy. It’s probable that some trustees are appointed because they have particular competencies which may be of significant benefit to the trustee board. This information can provide the building blocks for developing a suitable training policy which, in turn, should be used to assess the skills and training needs of all trustees on a regular basis.

Trustee self-assessment and appraisal: Myners Principles

  1. As part of an ongoing process to improve investment governance and decision making, the Government commissioned a further review of the Myners Principles for institutional investment and, with industry, developed a refreshed set of principles. This framework recognises constraints for smaller schemes who may find compliance more challenging. However, all trustees should be conversant with the nature and importance of control-related activities which underpin good scheme governance generally.
  2. Principle 4 included below pays particular attention to trustee self-assessment, which will include collective and individual performance of trustees. Having an appropriate level of knowledge is critical to the trustee model, and self-assessment is a key control.
Performance assessment Activities Tools

Trustees should arrange for the formal measurement of the performance of the investments, investment managers and advisers.

Trustees should also periodically make a formal policy assessment of their own effectiveness as a decision-making body and report on this to scheme members.

There is a formal policy and process for assessing individual performance of trustees and managers.

Trustees can demonstrate an effective contribution and commitment to the role (for example measured by participation at meetings).

The chairman addresses the results of the performance evaluation.

State how performance evaluations have been conducted.

When selecting external advisers take into account relevant factors, including past performance and price.

Trustee ‘Key performance indicators’.

Trustee toolkit.

Assessing consultants’ performance ‘toolkit’ eg model balanced scorecard etc.

  1. Whilst this principal may develop over time, it’s important that schemes undertake an assessment of the performance of trustees and consider their effectiveness as a team.
  2. Trustees could consider their own responses to a series of appraisal-type questions and document any remedial action to be taken where appropriate. Questions could include (but are not restricted to):
    • Do we have access to up to date scheme documents?
    • Are we conversant with them?
    • Are we encouraged and able to obtain identified training needs?
    • Do we give ourselves sufficient time to prepare for meetings?
    • Do all trustees attend all meetings?
    • Is sufficient time given to important issues?
    • Does the chair act in an impartial manner, seeking consensus without compromising integrity of decision-making?
    • At the end of discussions do we sum up for the benefit of participants and the minutes what has been agreed, and what still needs to be done to carry an issue forward?
    • Do we review draft minutes and action points from meetings?
    • Is independent advice taken? Do trustees understand and debate advice received?
    • Is the composition of the trustee board satisfactory?
    • Does the chair assess the skills and capabilities of trustees prior to their appointment and thereafter?
    • Are conflicts actively identified, monitored and managed?

      How do you assess the effectiveness of the trustee board?

  3. For such a review exercise to be meaningful there needs to be clear outcomes and action points. For example relevant training can be undertaken where skill gaps have been identified or where complex issues have or will challenge the skills of the board.
  4. The scope of such a review should also include matters relating to the selection, appointment and retention of both lay and independent trustees.

Section summary

  1. In this section we have highlighted the importance of managing trustee knowledge and understanding and have identified the behaviours we would expect to see. Not withstanding controls included in Table 2, key controls procedures should include:
    • TKU skills gap analysis
    • Completion of a trustee’s training log
    • A training policy, accessible by all trustees
    • Trustee performance assessment
    • Trustee board effectiveness reviews

Footnotes for this section

  • [7] See sections 247 to 249 of the Pensions Act 2004

9 Conflicts of interest

  1. Trustees should have processes for managing conflicts of interest. In October 2008 we published material on this subject. Our summary guidance (PDF) includes key messages for managing and controlling risk. Some of these are considered below and in more detail in the full conflicts guidance. This section is therefore designed to complement our full guidance and should be read in conjunction with it.

Why is this important?

  1. Conflicts of interest can inhibit open discussions or result in decisions, actions or inactions that are not, or could be perceived as not being in the best interest of beneficiaries. This can result in trustees acting improperly and may invalidate a decision or transaction.

What behaviours do we expect to see?

  1. All conflicts of interest need to be identified and resolved sensibly. We expect all trustees to have a clear understanding of the risks associated with the poor management of conflicts. As part of this process the chair of trustees should ensure that there is a culture of openness around disclosure of conflicts by existing and newly appointed trustees and advisers.
  2. When seeking to manage non-trivial conflicts of interest and where the conflict could have the potential to be detrimental to the conduct or decisions of the trustees, the regulator would expect the trustees to seriously consider obtaining independent legal advice.
  3. If trustees are unsure how to identify conflicts, they should also seriously consider seeking independent legal advice.

What control procedures do we expect to see and what are the benefits?

  1. The three key stages of conflicts management (identify, monitor, manage) fall within the scope of internal control procedures. Controls trustees adopt will be dependent on the nature of the conflict and specific circumstances of the scheme. There are a number of tools trustees should use to help identify and monitor conflicts of interest or duty including:
    • Conflicts policy – this doesn’t have to be complicated; it does need to be a practical working document which clearly sets out a scheme’s approach to dealing with matters related to conflicts. It should be a document trustees can easily refer to and should be developed to raise particular awareness of the implications and serious nature of conflicts.

      All schemes should have a conflicts policy and a mechanism for recording and monitoring conflicts.

    • Maintaining a register of conflicts (including adviser conflicts) – a register of conflicts is a simple and effective approach for recording and monitoring all conflicts.
    • Trustee declaration – upon appointment all trustees should confirm whether they are aware of any potential conflicts which may adversely affect their suitability as a trustee or affect their decision making and provide a declaration of interests, eg shareholding in the employer.
    • Include conflicts of interest as an opening agenda item – provides an opportunity for trustees to declare potential interests and discussions about conflicts can be minuted.
    • Advance planning – trustees should take time to consider what key decisions may be made during, for example, the year ahead, and determine whether there are any conflicts likely to arise.

Example 1[8]

Trustees of this DB scheme, with assets of £25m, agreed to undertake a review of conflicts of interest. Whilst this was the first time a formal review had been undertaken, they had always included conflicts as an opening agenda item, had included declarations in the minutes but had not recorded the precise nature of the conflict. This proved problematic particularly for newer trustees as the format for recording conflicts was not readily accessible. There was a significant risk that conflicts declared previously could be overlooked particularly as these were not recorded centrally, as this limited the trustees’ ability to monitor conflicts.

All the trustees were asked to provide a list of any interests they had which could (or could perceivably) colour board decisions. Conflicts identified as part of the disclosure process were recorded in a risk register together with the date identified, the nature of the conflict and management process. An extract is provided below:

Nature of conflict Trustee Declared Management process

Relationship with beneficiary being considered for discretionary early retirement.

Mrs X is being considered for ill health retirement.

Jim

4/7/09

Jim, who is directly related, will be excluded from any discussions associated with the assessment of medical information as well as overall decision on whether or not to grant this benefit. He will be entitled to review all documentation subsequently to ensure the process was handled fairly and in accordance with scheme rule requirements.

Directorship in an associated company - review of employer affordability during a scheme funding exercise.

Jane

Minuted 14/11/06

The sponsoring employer owns 40% of the issued share capital of another business in which Jane is currently a director. Whilst business connections are limited it has been agreed that Jane withdraw from any discussions which may seek to consider funding obligations.

Employer engages the services of a firm used by the scheme.

Notified by adviser

14/2/10

Trustee board to consider quarterly whether this arrangement is acceptable (noting that in certain situations it may not). Assess procedures (eg ‘Chinese walls’) in place to prevent confidential information being disclosed to the employer and ensure that separate teams are used for each engagement.

It was agreed that the new register should be updated at least annually. The trustees agreed that this approach would enable conflicts to be recorded and monitored centrally, and therefore be more accessible.

  1. Adopting control procedures similar to those above helps to demonstrate first that conflicts of interest are being treated seriously and secondly that management procedures mitigate the risk of tainted decision making.

Adviser conflicts

  1. Whilst it’s vitally important that trustees have control over the risk of conflicts from within the trustee board, they must also be mindful of potential adviser conflicts. Whilst primarily addressed in principle 5 of the conflicts of interest guidance – managing adviser conflicts, trustees need to be certain that advice is independent and free from any bias.
  2. Professional advisers (auditor, actuary, legal advisers, fund managers and custodian) must all be directly appointed by the trustees if the trustees want their advice. They are bound by law and professional ethics to declare conflicts.
  3. There are a number of control procedures trustees can use to help identify circumstances when an adviser may become conflicted. These should be applied from the point of engagement and thereafter, and include:
    • Prior to appointing an adviser assess whether they have any associations with the employer.
    • Request the adviser to provide details of its own conflicts management arrangements – how do they monitor and manage conflicts?
    • Is the adviser ethically bound to disclose conflicts of interest?
    • Require all terms of engagement (eg appointment letter) to include a clause fordisclosing all conflicts as they arise.

The following is an extract of a clause in an auditor’s letter of engagement which could be adapted for most appointments where not already included.

We confirm that we are registered auditors, eligible to conduct audits under the scheme administration regulations. We confirm that we will notify you immediately we become aware of the existence of any conflict of interest to which we are subject in relation to the scheme.

Source – Practice Note 15 – The audit of occupational pension schemes in the UK

Section summary

  1. In this section we’ve highlighted the importance of managing conflicts of interest and have identified the behaviours we’d expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    • a conflicts policy, accessible by all trustees
    • maintain a register of conflicts (for trustee and adviser conflicts)
    • trustee declaration of interests
    • conflicts included as an opening agenda item at each meeting
    • advance planning to manage potential conflicts
    • robust assessment of adviser conflicts procedures and disclosure

Footnotes for this section

  • [8] Examples in this guidance are for illustrative purposes only and are based on fact-dependent information

10 Ineffective relations with advisers

  1. The importance of controlling adviser[9] conflicts is addressed in section 9 - conflicts of interest of this guidance. Trustees also need to manage and control other aspects of the adviser relationship.

Why is this important?

  1. Trustees place considerable reliance on services and advice received from their advisers. It’s essential that trustees manage and control relationships with all advisers efficiently and effectively.

    Do you have suitable processes for appointing scheme advisers?

What behaviours do we expect to see?

  1. There will be a number of questions that trustees should consider both during and after the appointment process to ensure that the scheme is getting the most from its advisers. These have been explored in more detail in our Relations with advisers guidance.

What control procedures do we expect to see and what are the benefits?

  1. There are a number of important controls a scheme should introduce to maintain robust professional relationships. Trustees should ensure that:
    • they understand the basis for charging fees and this has been documented
    • they understand the terms and scope of services provided
    • they understand the adviser’s information requirements to fulfil their role
    • they receive information from advisers in an understandable format
    • they understand information or advice provided and have an opportunity to question this advice
    • they have access to key personnel, with clear lines of communication
    • advisers are suitably qualified and experienced to undertake the work
    • advisers are aware that they are accountable to the trustees for advice given.
  2. These questions may form the basis of an ongoing assessment or appraisal of advisers’ performance and service. Many of these questions are also likely to appear in the scheme’s risk register together with suitable controls.

    Do you evaluate the quality of advice and service provided by your advisers?

Example 2

Trustees of the LJS Pension Scheme review the terms of engagement of their advisers every 3 years. As part of this process they use the list of questions included in the regulator’s relations with advisers guidance to help assess the level and quality of service provided. This includes the role of their scheme’s investment consultant and IFA and considers questions such as:

  • Ability to address complicated and contentious issues, on a timely basis
  • Value for money – quality of information or advice
  • Ability to communicate clearly

When they identify potential weaknesses or concerns they discuss these with specific advisers. This has led to some re-tendering exercises and the appointment of new advisers, particularly where the trustees identify an element of complacency with long-standing engagements.

  1. Some advisers proactively seek their clients’ opinion on quality of their staff and service with a view to enhancing performance. Trustees should use this opportunity to feed back on areas where the delivery of service can be improved.
  2. Whilst all scheme advisers play an important role, The Institute of Chartered Accountants of Scotland has produced guidance for scheme trustees specifically in relation to evaluating the scheme’s auditor, Pension trustees – evaluating your scheme auditor[10]. Trustees should take time to consider not only the quality of audit service provided, but also have a clear understanding of the role and scope of the statutory audit process.

Section summary

  1. In this section we've highlighted the importance of managing relations with advisers and have identified the behaviours we would expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    • robust appointment procedures for all advisers
    • ongoing monitoring and review of adviser performance
    • review and understand terms of engagement

Footnotes for this section

11 Poor record-keeping

  1. We have undertaken an extensive review of record-keeping, with emphasis on common and conditional member data requirements. Our findings have identified conclusive evidence that standards in both in-house and outsourced administration should be subject to improvement and data cleansing.

Why is this important?

  1. Record-keeping is a fundamental daily activity of any scheme and is relevant throughout a scheme’s lifecycle. Incomplete and inaccurate records and poor financial management controls can place significant risk on the security of scheme assets. For example, it could result in the over payment of benefits or misappropriation of funds. Poor records can also lead to increased costs at key events, for example scheme buy outs,and these extra costs will fall either on employers or reduce member benefits.
  2. The risks associated with inaccurate data, for example incorrect benefit calculations, can have short and long-term implications for schemes and beneficiaries.

What behaviours do we expect to see?

  1. Throughout a scheme’s lifecycle, trustees need to ensure that accurate and complete membership data and records are maintained. This includes basic information such as a member’s date of birth, date of retirement, National Insurance number etc. Trustees must be confident that controls ensure data is accurately recorded, regularly reviewed and all data fields are complete.
  2. Trustees should measure the presence of important data items, as outlined in the Record-keeping guidance, and take concrete steps to improve the quality of this data.

What control procedures do we expect to see and what are the benefits?

  1. A framework to evaluate data should be designed to provide an indication of whether record-keeping needs further consideration in the context of risks; measurement of data accuracy is not an end in itself.
  2. Where trustees are aware of or have identified data deficiencies they should develop a continuous improvement strategy in relation to scheme records. Trustees should also produce a data improvement plan, covering a reasonable time frame, with specific data improvement deliverables which can be monitored and tracked.

    Does your scheme administrator assess the quality of core and conditional member data records?

  3. A lack of control over scheme records can have member implications for both DB and DC schemes. The costs and time needed to rectify apparently simple errors can be considerable, and can be easily avoided.

Example 3

The trustees of this earmarked DC arrangement have had relatively little involvement in the running of this scheme since its inception. Administrative functions have always been undertaken by the insurance company and contributions have always been paid directly by the employer.

Following a number of queries from members alleging errors in contributions, the trustees decided to undertake a review. It became apparent that neither the employer nor the insurance provider, nor indeed the trustees had undertaken any form of reconciliation exercise to determine whether contributions had been accurately calculated and summarised in monthly contribution schedules. The insurance company relied on information provided, the employer relied on payroll data and the trustees assumed the process was working.

Their investigation identified that contribution rates recorded in the payroll software and the basis for calculating members’ pensionable pay had not been updated, resulting in incorrect employee and employer contributions.

The implications of these errors were far-reaching, as noted by the scheme’s auditors - contributions had been underpaid, the members’ individual holdings of investment units were understated which, in turn, resulted in understated fund values in benefit statements.

As a result of these errors, the employer agreed to make good the shortfall whilst the provider agreed to retrace and allocate contributions according to the correct unit pricing at the date contributions should have been applied to each fund. The overall process took 18 months to correct, at a substantial cost paid by the employer.

This administrative burden could have been avoided if the employer and trustees had undertaken monthly reconciliation procedures. For this particular arrangement, the insurance provider was at liberty to rely on contribution data provided.

  1. This example illustrates the risks and consequences of not undertaking even the most basic of control procedures. Both the employer and the trustees need to make sure that contributions are accurately calculated and paid over to a scheme promptly. Clearly one of the key benefits of introducing controls will be the avoidance of unnecessary costs.
  2. Where payments are made directly to the provider, this does not negate the need to monitor this process.

Example 4

The trustees of this DC scheme wanted to in-source their investment administration. When they began exploring how individual records held by the investment manager were going to be reconciled, they found the manager could not provide an accurate breakdown of unit totals at a member level. The contract was unclear as to who was actually responsible for this. The trustees had to commission an exercise to reconstruct records costing in excess of £100,000.

  1. The responsibility to assess the quality of scheme data is not reduced when administrative functions are outsourced to employee benefit consultants, third party administrators or insurers.
  2. Trustees need to have a clear understanding of the nature of services outsourced, agreed responsibilities of the service provider and assess whether service levels are fulfilled. However, they should be mindful that meeting a service level is not an indication in itself that scheme data is good.
  3. Clearly the management and control over accuracy and quality of all scheme membership data, records and documents is critical. However, trustees also need to be mindful of the system(s) used to store this information, ensuring that suitable controls are in place. Most data handling processes are now computerised. Trustees need to be confident that control systems are in place to manage the integrity and security of data.

Independent assurance reports

  1. An increasing number of service providers, particularly administrators, are obtaining independent assurance reports to help demonstrate their ability to deliver quality administration services. Whilst the assurance framework is subject to much debate, many of these reports are currently produced in accordance with explicit guidance issued by the Audit and Assurance Faculty of the Institute of Chartered Accountants in England & Wales[11] (commonly referred to as AAF reports).

    Does your administrator obtain an assurance report on internal controls?

  2. Whilst assurance reporting provides trustees with a degree of comfort, there are limitations. The reporting accountant’s understanding of the control objectives, evaluation of key assertions and tests of control are tested at an organisational level, not a scheme level. Trustees should ask their service providers whether they operate ‘adequate internal controls’ for the services provided. This would include evidence of how they comply with the code or provide equivalent alternative assurance. Administrators should be prepared to demonstrate how they comply with the legal standard.
  3. Trustees should take time to consider the scope of these independent reviews and investigate whether limitations have been identified by the reporting accountant in their report, including action taken by the service provider to rectify material control failures.

    Are you aware of many fundamental weaknesses?

  4. Whilst these reports, and those which are or will be prepared under similar frameworks, give trustees a view on how disciplined their third party administrator’s processes are, they are no guarantee that their particular scheme’s records are accurate and complete. This can only be achieved through evaluation of the records.

Example 5

An employer with a medium sized DB scheme was struggling to pay an annual administration fee of £110,000. The administrator had recently commissioned an independent review of its internal controls. When the trustees investigated why fees were so expensive, the administrator admitted that scheme data was unsatisfactory, to the extent that member records were not on the admin system. All calculations were being performed manually including the benefit statement run which was extremely labour intensive.

As a result of the poor level of service the trustees put out to tender the administration of their scheme including a separate fixed cost data cleansing exercise. The successful administrator completed the data cleanse in six months for a fee of £60,000 and then moved to a fixed annual administration fee of £30,000. The employer was happy to meet this one-off cost because it delivered a significant overall saving. The trustees were reassured because they had a clearer understanding of the state of member data and complaints had reduced.

  1. Trustees should ask their administrator to confirm which calculations are automated and which are prepared manually as this is a good indicator of the completeness of their data.

Example 6

A DB scheme had historically been administered in-house, but outsourced in 2000. Over a period of time it became apparent there was a problem with the records. Members regularly came forward to claim pension benefits but there was no corresponding membership record. The problem was eventually tracked down to the loss of a box of member files. No one could be specifically identified as responsible for the loss. The trustees had to accept any claim for benefits which could be supported by proof of contributions.

  1. Trustees are responsible for all member records, both paper and electronic. We recommend trustees evaluate the completeness of data on a change of administrator and use an independent check to ensure all data is passed across in whichever form it’s held.
  2. For DB schemes, the quality of certain core data fields, eg dates of birth, date of joining the scheme, plays a pivotal role in the scheme actuary’s calculation of liabilities. Technical Actuarial Standard D: Data[12] (TAS D – effective from 1 July 2010) produced by the Board for Actuarial Standards requires the actuary to perform certain validation checks. TAS D states:

Validation

C.5.6 A set of checks shall be constructed and performed in order to determine the extent to which, taken overall, the data is sufficiently accurate, relevant and complete for users to rely on the resulting actuarial information.

C.5.7 The checks that have been performed shall be documented.

  1. Where there is material uncertainty over the accuracy of data TAS R[13] (Reporting Actuarial Information) requires this to be reported. TAS R states:

Transparency

C.4.3 If there is any material uncertainty over the accuracy of the data, an aggregate report shall:

  1. describe the uncertainty; and
  2. explain any approach taken to the uncertainty in the calculations or in the results.
  1. Trustees should understand and question the extent to which the quality and suitability of data has been verified by the scheme actuary.

    Trustees should ensure that a data review is undertaken.

  2. For many schemes, the full extent of poor member records only crystallises at the point a scheme commences wind-up. In order to achieve the wind-up of a scheme within a 2-year target, record-keeping concerns need to be addressed before wind-up is triggered. This is crucial to ensure that winding up proceeds in a orderly manner, the correct benefits are secured for members and that, particularly for DB schemes, the employer’s obligations to fund the scheme (including the employer debt) are properly assessed and demanded[14].
  3. There are tools available to help trustees and administrators reconcile members’ contracting-out benefits before wind-up is triggered[15]. After this event, administrators can access a shared work space where they can reconcile benefits at a scheme level[16].
  4. Trustees need to be mindful of their responsibilities during periods of corporate activity, such as mergers and acquisitions, ensuring member interests are best protected. To be clear about what benefits they are protecting, they need to know the records are up to date, complete and accurate. In some circumstances these records may need to be reconstructed where data is very poor.

Example 7

During an acquisition a company may assume responsibility for accrued benefits of a group of employees. Where records are incomplete and there is uncertainty over membership and scheme liabilities, financial records can be used to help reconstruct missing information. Payroll records, NISPI (National Insurance Services to the Pensions Industry) tools, AGLS (accrued GMP liability service) and COCIS (Contracting out Contributions/Earnings Information Service), showing who has contributed to the scheme together with pensionable salary details, will help trustees reconstruct member records.

  1. Whilst poor record-keeping may lend itself to inadvertent errors in member benefits, a poor system of internal control will also result in an increased risk of fraud.

Section summary

  1. In this section we’ve highlighted the importance of managing scheme member records and have identified the behaviours we would expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    • data review exercise completed
    • assessment of the quality of core and conditional member data
    • data improvement plan produced for addressing poor quality data
    • assess the reliability of systems (manual or computerised) used to maintain scheme records
    • reconciliation of member records
    • assessment of independent assurance reports and consideration of scheme implications where weaknesses are highlighted
    • ongoing monitoring of accuracy and completeness of data.

Footnotes for this section

12 Deterioration in the employer(s) covenant

  1. The regulator’s Code of practice No 3 – Funding defined benefits notes the importance of trustees forming an objective assessment of the employer’s financial position for the purpose of scheme funding. This has been supplemented by further detailed guidance about assessing employer covenant in our regulatory guidance on monitoring employer support.
  2. The employer covenant consists of both:
    • the employer’s legal obligations to fund the scheme (both current and in the event of discontinuance); and
    • its financial position (both current and prospective), ie the employer’s ability to meet its legal obligations to fund a scheme.
  3. Whist particularly relevant for DB schemes (where the employer covenant supports ongoing deficit repair and discontinuance funding) there are also risks for DC schemes.

Why is this important?

  1. Trustees need to be able to adapt to situations where the employer is unable to stand behind adverse events and must take action to ensure that the scheme is not vulnerable.
  2. Deterioration in the financial health of a sponsoring employer will weaken its ability to stand behind scheme risks, maintain prudent funding levels and may result in the non-payment of contributions. It may also result in insolvency and scheme wind-up, in which case the employer debt would become payable to the DB scheme. In any of these cases members may not receive all their benefits.
  3. The health of the sponsoring employer(s) is vitally important for a scheme’s future.

What behaviours do we expect to see?

  1. Trustees need to understand what support is available for their scheme and how it could be crystallised if needed. This requires the trustees to identify the employers and the extent of their legal and financial obligations.
  2. The employer’s main legal obligations are likely to arise from funding requirements in the deed and rules and in statute (including any schedule of contributions); from employer debt on scheme wind-up or employer insolvency; or, in certain circumstances, from the withdrawal of an employer from a multi-employer scheme. In some cases former employers may still have obligations to the scheme. In a multi-employer scheme trustees may also need to understand the proportion of scheme liabilities that each employer may be responsible for.
  3. Employers may also have payment obligations under the deed and rules or in associated deeds or agreements, for example to meet scheme expenses including the PPF levy. Trustees should also consider any contingent assets or security, and whether any non-employer parties, such as parent companies, have entered into agreements or guarantees in favour of the scheme. More information is available in our regulatory guidance on monitoring employer support, and trustees are likely to require legal advice to fully understand the nature and extent of the legal covenant.
  4. Once trustees have identified those parties with legal obligations to fund the scheme, they need to consider the financial position of those parties so that they can consider the likelihood that those legal obligations will be met, either in an ongoing or discontinuance situation (ie scheme wind-up or employer insolvency or withdrawal). Both the current and prospective financial position will be relevant. The financial assessment will need to consider a range of information including:
    • the position of the employer, including its financial strength
    • intra-group relationships and policies, eg management charges
    • management reports and future business
    • the nature of the sector in which the employer operates
    • the employer’s position within the industry.
  5. Specific questions trustees should be seeking answers to include:
    • What is the ability of the employer to generate cash?
    • What are the longer term trading prospects?
    • Are there any significant capital expenditure programmes planned?
    • Are there planned sales or transfers of substantial assets?
    • What are the employer’s legal obligations to fund the scheme?
    • What is the effect of the employer’s corporate group structure?
    • What is the employer’s ability to meet ongoing demands as they fall due?
    • What is the employer’s ability to stand behind any adverse experience in an ongoing situation, including investment risk taken by the scheme?
    • What would be the scheme’s position on insolvency of the sponsor?
    • Are there options to obtain security for the scheme?
  6. As well as estimating what value might flow to the scheme on insolvency of the employer, the assessment should examine the likely future performance of the employer (which may be based on past and current information and trends).
  7. While trustees may also consider the employer’s willingness to fund the scheme as part of their covenant assessment, they should be aware that assurances from the employer (or other parties) that are not legally binding may not offer any protection for the scheme.

What control procedures do we expect to see and what are the benefits?

  1. Once trustees have assessed the current employer covenant, they need to continually analyse and evaluate the strength of the employer covenant for material changes. They need to be alert to potential risks associated with any corporate transaction, particularly where this may be materially detrimental[17].
  2. It is therefore extremely important that trustees have an up to date understanding of the employer covenant and business activities. An ongoing covenant assessment framework will include regular monitoring based on the following:
    • Regular updates from employer/other information sources.
    • Management information requirements.
    • Detailed covenant assessment at least triennially for scheme valuations and for any potentially detrimental events. Where independent professional advice is required to undertake this exercise, additional costs will be incurred - we expect trustees to consider the relevance of employer covenant assessments to their decision making process and act proportionately.
    • Indication of particular risk areas associated with the employer, its market sector, trading history etc, which should be monitored as part of the ongoing covenant review.
    • Agreements for information or negative pledges before the employer undertakes specific events.
  3. Assessing changes in the employer covenant can be complex. Our regulatory guidance on monitoring employer support provides an overview of how to go about this. For more complex situations, and those which are event specific, the non-conflicted trustees may determine that they have insufficient skills to quantify the potential risks to their scheme. Where this is the case we would expect trustees to obtain independent professional advice, which could include the preparation of a legal and financial covenant assessment.
  4. Often, changes to the legal obligation itself may not be possible without the agreement of the trustees, in which case trustees need to fully understand the immediate and long-term implications of consenting. These events are likely to be scheme-related rather than employer-related, and examples are provided in our clearance guidance (paras 63-79). Where consent is not required these events may still be materially detrimental and trustees should discuss their impact and any possible mitigating steps with the employer. Trustees may raise any remaining concerns with the regulator.
  5. Trustees should also be aware of the types of decisions or events which could substantially alter the covenant of the employer. As part of their controls framework trustees may want to seek agreement with employers to discuss these activities before undertaking them, or report to the trustees as soon as they happen. This could include events such as:
    • taking on new borrowing
    • acquiring or selling major assets
    • substantial bad debts
    • loss of key contracts
    • substantial legal claims.
  6. Trustees should seek regular updates from their employer about covenant issues and should maintain robust dialogue with them about the events above and other issues that may affect the ability of the employer to support the scheme now or in the future.

    Do you maintain regular dialogue with your employer?

  7. To aid this process, trustees and sponsoring employers may decide to draw up a confidentiality agreement. This may help to enable the flow of confidential and sensitive financial information to assess and monitor covenant issues.
  8. For many small schemes the finance director will be a member of the trustee board, providing a valuable source of information and expertise. However in certain circumstances their role in the sponsoring employer will create conflicting duties with their role as a trustee. Consideration of matters relevant to covenant assessment is a good example of this, and inherent conflicts will need to be carefully managed.
  9. Where the employer covenant (legal or financial) is weakened, trustees should take action to mitigate this and ensure the security of members’ benefits is not prejudiced. It may also be necessary to reconsider the terms agreed in, for example, the schedule of contributions and recovery plan. The trustees’ response to employer liquidity risk will depend upon the magnitude of the problem at hand.
  10. Trustees will need to develop a clear plan of action for managing risks to scheme funding and any recovery plan and firmly negotiate their position with the employer.

Example 8

The trustees of this small engineering company’s DB arrangement were starting to plan for the forthcoming scheme valuation. During the 12 months it was apparent that the employer had been adversely affected by market conditions which had resulted in reduced trading and staff redundancies. Despite this the trustees failed to regularly engage with the directors and discuss potential implications for the scheme.

Only after calculating the scheme’s technical provisions did the trustees decide to meet with company officials to agree a suitable timeframe for paying the deficit. Whilst one of the trustees had market sector experience, collectively they had limited knowledge of the company’s financial health.

During funding negotiations, discussions were primarily led by the employer, trustees having limited information to challenge the robustness of statements made by the managing director. The trustees were informed that whilst the company had suffered a poor period of trading, business projections indicated that this was soon to change, although management information was strictly private and confidential and could not be shared. The trustees decided to rely on these unsubstantiated remarks and agreed to a back-end loaded schedule with nominal contributions payable in the first 4years.

Following submission of the recovery plan to the regulator, the trustees were asked to justify the basis for adopting the proposed funding strategy, without having undertaken any due diligence. The trustees were unable to justify their position and were advised to obtain an independent business review (IBR) and recommence discussions with the employer. The trustees approached their scheme auditors (a local firm) who introduced them to the business finance partner for financial covenant advice. As a result of subsequent discussions the trustees were able to renegotiate a sensible schedule of contributions, balancing both employer affordability and member protection.

  1. This example illustrates a number of features of a poor financial covenant review. First, whilst the trustees were aware of potential constraints of the employer, they decided to defer the problem until much later. Trustees should engage with their employer as soon as they become aware of potential problems. Although informal controls were in place to highlight liquidity risk, the trustees failed to respond to these warnings. Secondly, the outcome of the funding process was influenced by the employer; the trustees, not having undertaken any due diligence, were unable to challenge statements made by the company. And whilst management information was considered confidential, no attempt was made by the trustees to acquire this information[18] , which could have been provided under a confidentiality agreement.
  2. Where not forthcoming from the employer, we would expect trustees to obtain publicly available information including statutory accounts and reports from credit rating agencies. Although this information will be historic, it will help provide an understanding of financial performance and trends.
  3. In the next example we look at the actions of another trustee board following a period of late paid contributions to their DC scheme.

Example 9

This unitised DC arrangement has 14 active members paying contributions ranging from 4% to 10% of basic pay. The employer, a small research company, pays matching contributions. The employer had always paid contributions within legal due dates, but recently there has been a continual trend of late payments. The trustees raised this with the employer and have noted changes in staff and payroll services which could have resulted in administrative problems.

The trustees decided to look closely at possible financial difficulties the employer might be experiencing. Their concern was not limited to the late contributions, but included the employer’s ability to fund administration costs outsourced to their third-party administrator. Upon further investigation, which included a review of management information and dialogue with the employer’s finance team, the trustees identified short-term cash flow difficulties, although the employer had clear business plans in place to contain operational costs.

The trustees were given assurance that whilst contributions had been a little late over a 6-month period, the employer was committed to meeting ongoing costs of the scheme and paying contributions at agreed levels on time. The employer agreed to meet regularly with the trustees and provide regular financial updates.

Section summary

  1. In this section we've highlighted the importance of managing the employer covenant and have identified the behaviours we would expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    • ongoing assessment of the employer(s) financial health, including the review and appraisal of financial information
    • monitoring of employers business plan and actual progress against forecasts
    • monitoring payment of contributions and scheme expenses (where borne by the employer) to highlight potential/actual liquidity risk
    • regular and ongoing dialogue with key employer representatives, eg regular attendance at trustee meetings
    • use of confidentiality agreements
    • developing a plan to crystallise financial support if needed.

Footnotes for this section

  • [17] Materially detrimental - as described in the clearance guidance (paras 25-30 for scheme-related events and employer-related events)
  • [18] Code of practice No 3 - Funding defined benefits, para 59 states that the employer is obliged, on request, to provide trustees with such information reasonably required for the performance of their duties

13 Investment risk

  1. The nature of risks and internal controls associated with investment strategies for DC and DB schemes may vary considerably. Whilst this may be the case, there will be a number of areas of investment governance where there are similarities and where objectives will be the same.
  2. Most investment strategies involve taking a degree of risk. However, this guidance seeks to address those risks which underpin the management of a particular strategy and does not seek to identify the most suitable investment strategy for a scheme.

Why is this important?

  1. In order to achieve better returns for members and meet scheme funding obligations it's important that consideration is given to the appropriateness of a fund’s strategic asset allocation.
  2. Poor investment decision making and controls can have significant and irreversible financial consequences in terms of both funding and investment performance.

What behaviours do we expect to see?

  1. Trustees need to be confident that, having agreed a suitable investment strategy, they:
    • regularly consider the appropriateness of their investment strategy
    • understand the nature and characteristics of their scheme’s investments
    • understand risks inherent in both the investment strategy and underlying investments
    • are confident that controls are in place to alert trustees to potential risks
    • are confident that the controls in place to mitigate risk to an appropriate level include those related to the security and safe custody of scheme assets.
  2. Trustees should approve and periodically review the adequacy of procedures and controls for undertaking investment decisions to ensure these are consistent with their longer-term investment strategy.

What control procedures do we expect to see and what are the benefits?

Controls common for all schemes

  1. Institutional investment introduces a number of challenges for trustee boards. It's important that all trustees have a suitable level of knowledge upon which to make informed investment decisions. Basic investment knowledge can be accessed through our e-learning toolkit, and this may need to be supplemented by further training.
  2. More detailed aspects of institutional investment and decision making are embedded in the refreshed Myners Principles.
  3. A key control for trustees will be the ability to adapt to new and emerging risk. This could include processes to identify and react to market trends and to the risk of market failures. Trustees need to understand what asset classes the fund has invested in, the volatility of these asset classes and the characteristics of underlying investments, for example does it include exposure to credit risk or private equity?
  4. Trustees should also establish whether or not their scheme’s custodian or asset manager participates in stock lending activities and should be clear on whether terms of engagement permit such activities. Trustees need to be aware of whether scheme assets are being used in this way and whether their scheme is receiving financial benefit.

Example 10

Following a further review of terms with their asset manager, the trustees of this scheme became aware that scheme assets were used for stock lending purposes. They then considered whether this was appropriate for their scheme. They identified who was responsible for the management oversight of this process (eg the custodian or asset manager) and made sure that they understood the risks associated with stock lending, how this could affect their scheme (eg counterparty default), the processes in place to mitigate such risks (eg appropriate collateralisation) and whether stock lending was considered value for money[19].

Controls should be established which allow trustees to monitor the appropriateness of such arrangements in the context of the overall investment strategy.

  1. Trustees need to consider a number of important matters when managing their investment strategy. This will include pertinent questions such as the following:
    • What is the membership profile of the scheme?
    • What should the scheme invest in?
    • Do we understand the nature of our investment choices?
    • How do we make investment decisions?
    • How should we make investment decisions?
    • Do we understand how total investment charges levied on the assets each year are calculated?
    • Does the level of fees offer value for money, eg in terms of returns after charges for example when comparing different providers or active versus passive management?
  2. Most trustees have a modest knowledge of investment governance and place considerable reliance on investment managers and consultants. When considering matters relating to investment, trustees should seek expert advice from their investment advisers. Trustees should be able to understand and question any advice and should be clear about who is responsible and accountable for different levels of investment decision making. Trustees need to be confident that their advisers are suitably qualified and capable of delivering clear advice. They need to be clear on what information is provided and in what format, ensuring that the format is acceptable to the trustees.
  3. Trustees should regularly review and assess investment performance. For many schemes the investment consultant will present investment information included in the latest investment reports. As part of their review, trustees should compare investment returns to industry benchmarks to gauge overall performance of both the funds and the investment manager(s).

Example 11

The trustees of this pooled DC scheme regularly review information presented by their investment consultant at quarterly trustee meetings. Discussions always include a detailed assessment of investment performance over the period including a review of the suitability of asset allocation and investment fund/manager choices and compliance with the statement of investment principles.

The trustees understand the volatility of certain asset classes and consider the scheme’s performance in those asset classes against industry benchmarks spanning various periods of time. The trustees are provided with clear information and independent expert advice to help make well-informed important investment decisions that are in the best interests of their members. An extract of the investment report is included in Appendix C.

Controls specific to DB

  1. Some smaller DB arrangements separately employ the services of a global custodian, or use services provided by the investment management company, to provide an extra layer of control over the trustees’ ownership and security of scheme assets.
  2. The custodian will keep a record of a client’s investments, settle its market transactions and may also collect income. For example the custodian may safely hold share certificates and collect dividend income.
  3. When reviewing investment holdings detailed in investment reports (for example the number of shares held in a particular company), trustees should ensure that there is a reconciliation of these holdings to holdings stated in the custodian report.
  4. Trustees need to ensure that controls are in place to avoid the risk of employer-related investments (ERI). There are legal restrictions on the extent to which the trustees of a scheme may make investments that are related to the employers that participate in the scheme. Although a few small schemes[20] may be exempt from these restrictions, generally trustees must not:
    • invest more than 5% of the value of the scheme's assets in employer-related investments, which includes shares or securities issued by the employer, land occupied, leased to or used by the employer, other property used for the purpose of the business of the employer and certain insurance policies;
    • make any loans to the employer (including debt securities, loan arrangements that are contingent on the employer, guarantees, security for loans to the employer and unpaid debts owed by the employer to the scheme); or
    • make any ERI at less than their market value.
  5. These restrictions also apply to investments made in respect of anyone connected or associated with the employer.
  6. A breach of the ERI restrictions is a criminal offence and may lead to the imposition of a fine or imprisonment or both. The regulator will therefore look very closely at cases where possible ERI has been identified. Accordingly, it is very important that trustees ensure that controls are in place to limit, for example, the investment in shares of an employer or its associates to permissible levels, and to prohibit transactions at undervalue and loans to an employer or its associates. The information above is only a summary. The ERI restrictions can be complex and trustees may need to seek legal advice if they are unsure whether an investment contravenes them.
  7. Even if ERI restrictions are respected, the trustees must ensure that any investment in the employer or its associates is nevertheless a sound investment and complies with their scheme's statement of investment principles.

Controls specific to DC

  1. Investment reports should include sufficient management information to provide an understanding of how an investment strategy is developing and whether it remains fit for purpose.
  2. A significant number of DC members invest in their scheme’s default fund. Trustees should give regard to the importance of reviewing the suitability of the default fund (including features such as life-styling) for their scheme’s membership profile.
  3. Investment analysis should help to identify other potential risks, for example significant exposure to investment risk for members approaching retirement.

Table 5: Investment fund distribution by age – self select funds

Investment fund distribution by age chart - a transcript of the bar chart is available as PDF below.

Transcript of Table 5: Investment fund distribution by age - self select funds (PDF)

  1. The above report is one of a number included in an investment governance report provided to trustees by one particular investment consultant. This and other demographic reports help trustees analyse the investment profile of their scheme and provides a powerful tool to help control a number of investment functions.
  2. This particular report indicates the categories of investment, by age range, of all members of a self select DC fund and helps to highlight the shift from more volatile investments as members progress to retirement. This scheme regularly communicates the importance of reviewing investment choices and the potential risks a volatile investment strategy may have on an investment fund at retirement.

    Are members regularly advised to review and consider their investment choices?

Financial risk management – cash flow and misappropriation of assets

  1. Trustees need to ensure that controls are in place to manage processes related to the financial management and administration of investments. Trustees should maintain accounting procedures that reconcile movements in investment holdings and trading activities, for example sales and purchases. This should include regular reconciliations of investment cash accounts and transfers of cash to trading accounts.
  2. For DC schemes trustees need to ensure that suitable controls are in place to monitor and manage the timeliness and accuracy of contributions invested.
  3. The report below illustrates the information trustees should expect to receive to provide comfort that controls associated with the deduction and investment of contributions are working effectively.
DC contributions
Period 1 January to 30 June 2009 Employees’ contributions £ Employer’s contributions £ Date interface received Date contributions received Date client queries resolved Date investment instruction issued
January 19,430.03 100,134.21 30/01/08 05/02/08 06/02/08 08/02/08
February 20,482.92 104,371.39 28/02/08 10/03/08 10/03/08 12/03/08
March 24,986.23 103,647.85 28/03/08 14/04/08 14/04/08 15/04/08
April 19,736.81 115,377.14 29/04/08 13/05/08 13/05/08 15/05/08
May 20,720.09 114,020.84 29/05/08 10/06/08 10/06/08 16/06/08
June 21,164.94 116,453.53 30/06/08 04/07/08 04/07/08 09/07/08
  1. Trustees must be mindful of the need to physically receive contributions within legal due deadlines. All trust-based DC schemes are required by law to produce a payment schedule[21] which must clearly state the rates of contributions for all employees and the employer(s), as well as indicating the legal due deadline for monthly/weekly contributions.
  2. This document provides an important control for trustees who should expect and ensure that those responsible for payroll ensure contributions are calculated, deducted and paid over accordingly – see case example 12 below.

Example 12

Trustees of this hybrid scheme receive quarterly administration reports showing a cumulative summary of contributions for both the DB and DC sections. They are particularly conscious of the need to invest DC contributions on a timely basis. With their investment consultant they developed a number of controls to ensure this process is operated effectively.

The employer’s payroll team are provided with clear instructions outlining how member and employer contributions should be reported, and this has been agreed with the investment manager’s contribution collection team. Monthly exception reports are generated when either the receipt or investment of contributions exceeds pre-agreed deadlines. Until March the process worked well. During the next 3 months the exception reporting mechanism highlighted a number of delays in investing contributions and an increase in client queries. A meeting was arranged with the trustees, the employer’s payroll manager and a representative from the investment manager. The representative noted concerns that reports were no longer in the format agreed, and often contributions summarised in the reports differed from amounts received. This resulted in significantly more queries. The payroll manager noted that there had been a change in the payroll software. The pension report was still being developed but should be completed in time for the June payroll. This commitment was fulfilled and timeframes for investing contributions were improved.

  1. Trustees must ensure that the ability of individuals to misappropriate funds from a scheme is mitigated. Areas where the potential risks are greater may be those relating to the payment of benefits or transfer of monies. Trustees must ensure that persons responsible for granting or authorising benefits are separate to those issuing payment (segregation of duties). Transactions should be approved prior to payment and should be signed off by at least 2 authorised persons who may be trustees. Further controls could be adopted when payments relate to larger sums of money, for example the payment of lump sums on retirement or death in service payment.
  2. Other types of controls help to mitigate the risk of fraudulent activity. These include regular reconciliations of bank accounts, investment transactions and holdings, membership records etc (including pensioner existence checks) and peer reviews.
  3. Peer reviews and sign-offs have a dual purpose. First, by their very nature they will help identify potential errors in complex calculations, and secondly they act as a deterrent to making fraudulent payments. This could include payments to fictitious members.

Section summary

  1. In this section we've highlighted the importance of managing investment risk and have identified the behaviours we would expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    Common to all schemes:
    • suitable knowledge and understanding of the investment strategy
    • regular assessment of the investment strategy
    • regular assessment of investment performance
    • monitoring performance of investment managers
    • knowledge of and assessment of stock lending activities
    • regular dialogue with investment manager(s)/consultant
    • segregation of financial investment management responsibilities
    • monitoring and managing the level of investment fees and charges associated with different investment strategies.
    Specific to DB
    • appointment of a custodian
    • regular reconciliation of investment manger transaction reports to scheme records, eg reconciliation of cash movements
    • reconciliation of investment manager holdings to custodian reports
    • up-to-date investment manager mandates including authorisation procedures for cash transfers and investment transactions.
    Specific to DC
    • reviewing of appropriateness of investment choices
    • regular reconciliation of member units to investment manager holdings
    • reconciliation of the allocation of contributions invested to investment reports.

Footnotes for this section

  • [19] For example in relation to financial rewards, maintaining share voting rights and responsible ownership of investment
  • [20] See regulation 1(2) of The Occupational Pension Schemes (Investment) Regulations 2005 (SI2005/3378), which defines 'small scheme'
  • [21] See section 87 of The Pensions Act 1995

14 Ineffective retirement processes

  1. Trustees should assess the adequacy of their scheme’s retirement process.

Why is this important?

  1. In the lead-up to retirement, members will make some potentially life-changing financial decisions on matters that will affect the quality of their life after retirement: most of these decisions are irreversible.

What behaviours do we expect to see?

  1. A member’s decision-making process should be supported by the trustees’ ability to send 'the right information at the right time'. Trustees must ensure, as far as possible, that members receive their entitlements without unnecessary delay.
  2. Trustees must make retiring members of DC schemes aware of their legal right to exercise an open-market option (OMO[22]), where appropriate. This area is highlighted in more detail in our report, A review of retirement information for DC members (PDF), published October 2009, which illustrates that, in general, practices in this area are not good enough and this can lead to detrimental member outcomes.

What control procedures do we expect to see and what are the benefits?

  1. A key control in managing a member’s retirement process will be the quality of communications in the period leading up to retirement. A fundamental decision will be when communication of this process should begin.

Key control points - Stage 1: Raise awareness of impending retirement, Stage 2: Provision of detailed information and support, Stage 3: Retirement choices.

  1. The chart above illustrates the key control points at which communication should commence and develop, crystallising at stage 3 when a member must make a decision.

    Do you communicate with members about retirement options as they approach retirement?

  2. As members approach retirement it's important that trustees have sufficient controls in place to manage their disclosure responsibilities. Failure to adequately control the communication process can result in members receiving a lower retirement income than they could otherwise achieve. This can occur when members make inappropriate choices due to unclear information and are unaware of retirement options available to them.
  3. Whilst a member’s final decision will be ultimately beyond the trustees’ control, they should implement controls that result in providing information which helps inform a member’s decision-making process. Invariably this would include a clear statement in literature on the availability and exercise of an open-market option for annuities.

    Are members aware of the ability to exercise an open-market option?

  4. Scheme insurers and advisers play an important role in the DC retirement process. Often they provide material for trustees to issue to members. Trustees must ensure that when delegating aspects of the retirement process, roles and responsibilities are clearly defined. The key control objective must be the best outcome for members.
  5. Specific internal controls related to the retirement process may include the following:
    • Provision of independent support, eg access to an IFA.
    • Data integrity – ensuring administrators have accurate data to identify and contact both active and deferred members approaching retirement.
    • Robust controls in place to calculate benefit entitlements accurately, particularly for schemes with multiple benefit structures.
    • Controls to trigger alerts for issuing retirement letters and information.
    • Periodic quality review of retirement literature sent to members.
    • Processes for monitoring take-up of open-market options.
    • Assessment of service standards for processing member retirement choices.
    • Control over the payment of annuities, eg promptness of first payment after retirement.

Example 13

This example looks at controls used by a small DC scheme to manage decumulation pre- and post-retirement.

At the beginning of each scheme year the insurer reports retirements due in the coming year, including deferred pensions. The trustees reconcile this list of retirees to employer records and investigate any differences. The insurer has agreed to contact all retirees 6 months before their normal retirement age with an illustration of their estimated benefit and retirement options available. Any pre-retirement communication returned ‘gone away’ triggers a trace. Progress to collect missing data is monitored by the trustees.

The fund value is calculated on the last dealing day prior to retirement for the annuity purchase and any cash lump sum is authorised for payment. Annuities are processed by the insurer and the trustees check that the first payment date has been set up within a reasonable timescale after retirement.

The trustees encourage retirees to consider open-market options and monitor the take-up rate to consider the effectiveness of illustrations at retirement.

Section summary

  1. In this section we've highlighted the importance of managing the retirement process and have identified the behaviours we would expect to see. Notwithstanding controls included in table 2, key controls procedures should include:
    • robust disclosure – staged communication process in lead up to retirement[23]
    • informing members of retirement options (including OMO for DC benefits)
    • reconciliation of members approaching retirement to provider/employer records
    • ensuring accurate member records are maintained, eg current addresses
    • scrutinising process for setting up and paying first pension payment including the pension commencement lump sum (particularly for annuitised pensions)
    • ongoing monitoring of pensioner payments (check the timing, accuracy and validity of payments).

Footnotes for this section

  • [22] Members must be aware of their legal right to purchase an annuity from a provider of their choice
  • [23] Para 5 (6A) of the Occupational Pension Schemes (Disclosure of Information) Regulations 1996 requires disclosure to members with DC benefits of retirement options at least 6 months before retirement age

Appendix A: Typical stages in a risk management review

Set objectives

When undertaking a risk management review, trustees should have a clear understanding of what the process is aiming to achieve.

Identify risks

Trustees will need to consider all the key operations of their scheme and identify actual or potential risks which could be detrimental to their performance. We would expect trustees to use a formal risk register.

Define success criteria

Trustees need to take a proportionate approach to managing risk and recognise that risk cannot be completely eliminated. Trustees need to consider to what extent risks can be absorbed by the scheme and which risks they must manage.

Assess risk

Trustees need to evaluate each risk identified and categorise it depending on its impact (eg financial) and likelihood of occurrence: see appendix B.

Produce action plan

After evaluating the different classes and categories of risk, trustees need to decide on the best approach for managing (or controlling) these. This will include identifying responsibilities and timescales for delivering internal controls. Whilst this could be recorded in an action plan, the risk register could also capture this information.

Implement action plan

Trustees need to ensure that performance against the action plan is monitored and those responsible for certain activities deliver within agreed timescales.

Monitor and review

The design and implementation of an internal controls framework is not a one-off exercise. Trustees need to continually monitor the effectiveness of controls to ensure they are still adequate, and periodically review their scheme’s exposure to new and emerging risks.

Appendix B: Developing a formal risk register

Risk matrix

Internal controls risk matrix - X axis is Likelihood and Y axis is Impact. Accept risk - Low Likelihood and low level of Impact. Control risk - Low Likelihod and high level of Impact. Manage or transfer risk - High Likelihood and low level of Impact. Avoid risk - High Likelihood and high level of Impact. Tolerance point equals 25 eg Likelihood 5 and Impact 5. In this example , Likelihood and Impact are recorded on differenct axis from the Risk scoring model in table 3- this makes no difference to approach.

Key: Green - Developed controls, Blue – Existing Controls, Red – Controls to be agreed

Scheme risk register
Risk area 1 - Operations L I Score Control Owner Test Time
1.Contributions incorrectly deducted 7 7 49 Mechanism to ensure contributions correctly reflect salary increases. Agreement with company for a sample of weekly/monthly reconciliation of deductions checked annually by auditor. PS/LS 1/4ly Q1 10
2.TPA Process failure/ maladministration 6 8 48 Formal agreement in place with TPA. Ensure authority levels are clearly agreed and kept up to date and regularly reviewed. VS - input from DC Annual Q2 10
Develop and manage relationship with TPA, carry out due diligence checks. PS Biannual Q2 12
3. Admin problems at AVC provider lead to incorrect or lower benefits than expected 6 5 30 Monitor administration and investment performance of AVC provider and any subsequent replacement(s) using investment valuation and performance reports. All Half yearly Q2 10
4. IT Failure 2 8 16 Proof of up to date TPA disaster recovery and business continuity plan, certified and tested. MH/SS Annual Q4 09

Key: Green - Developed controls, Blue – Existing Controls, Red – Controls to be agreed

Scheme risk register

Risk area 2 - Financial L I Score Control Owner Test Time
5. Delays in investment 5 5 25 Monitor time taken by inv manger from fund receipt to investment – dealing times/days etc. ALL 1/4ly Q2 09
Monitor instruction protocols (email/mail) for delays in investing funds. ALL Annual Q2 09
6. Incorrect monies sent to/received from managers for investment/disinvestment 4 6 24 Review 1/4ly Admin Report showing contributions made and dates paid - paid on time? MH/AW 1/4ly Q1 10
Reconcile cash flows to/from investment managers. Evaluate Custodial procedures – reconcile inv manger holdings to custodian reports. ALL 1/4ly Q1 10
Reconciliation of contributions to amounts invested and units ALL 1/4ly Q1 10
7. Payment of incorrect invoices to suppliers. 4 6 24 Formal arrangements with the company for checking / authorising invoice payments. Review expenses against budget. MH/VS 1/4ly Q2 10
8. Loss of independent statutory audit. 4 4 16 Maintain separation of company and scheme auditor. Chair Annual Q4 09
9. Risk of fraud by paying pensions to ineligible individuals 6 2 12 Pensioner eligibility and existence checks (eg aged 85 plus). JS 3 yearly Q2 10
3 2 6 Verification tests on deferred records for transfers to pensioner status – ensure legitimate employment. VS 3 yearly Q3 10

Key: Green - Developed controls, Blue – Existing Controls, Red – Controls to be agreed

Scheme risk register
Risk area 3 – Funding L I Score Control Owner Test Time
10. Weak employer covenant 6 10 60 Confidentiality agreements renewable triennially. PS to present to trustees on company strength annually. Half yearly review of business performance – input from PS. ALL Annual Q1 10
11. Inappropriate investment or actuarial advice 2 6 12 Check 1/4ly Investment Reports. Review service level agreements All 3 yearly Q2 09
Check public indemnity levels of appointed advisers. ALL 3 yearly Q4 10
Review investment strategies regularly. ALL 3 yearly Q2 09

Key: Green - Developed controls, Blue – Existing Controls, Red – Controls to be agreed

Scheme risk register
Risk area 4 – Regulatory and Compliance L I Score Control Owner Test Time
12. No procedures for appointing new trustees. 4 8 36 Develop criteria for appointing new trustees including a list of key requirements to be met for successful candidates. Chair Once Q1 10
13. Company bias in trustee decision making 4 7 28 Balanced approach to trustee appointment concentrating on specific requirements of the schemes. All Once Complete
14. Failure to interpret Rules or legislation correctly 2 7 14 Up-to-date and documented trustee training log, complete the regulator’s Trustee toolkit, Challenge advice. Complete training needs analyses. All Annual Q3 09
Independent trustees – expect a higher level of proven knowledge. All/Co Annual Q4 09
15. Conflicts arising in decision making 2 5 10

Comply with the regulator’s conflicts guidance.

All trustees to complete a declaration of interest (review every 2 yrs).

Conflicts of interest recorded in a conflicts register (review annually).

All to Monitor /declare conflicts Annual Q1 10

The example above is for illustrative purposes only. Trustees should assess and evaluate risks specifically in relation to their own scheme and should not use the risk scoring and frequency of testing as a benchmark for all schemes.

Risk matrix

Risk matrix - a scatter chart showing the risks using the data from the Scheme risk register tables above.

Appendix C: Example extract of an investment performance report

Investment performance

The following table gives a summary of the investment performance of the scheme's funds. The figures are presented against the relevant benchmarks.

  Returns as at 30 September 2008
Fund name 1 year % 3 years % pa 5 years % pa
Winterthur BGI Over 15yr Gilt 3 Pen 6.26 2.01 4.15
FTSE Gilts Over 15 Yr TR GBP 5.43 2.38 4.37
ABI UK Gilt 5.34 2.17 3.46
Winterthur Aberdeen Gl (ex UK) 3 Pen -10.81 2.70 8.88
Aberdeen Overseas Composite Index -14.78 2.63 8.45
ABI Global Equities -18.64 0.18 6.31
Winterthur BGI All Share Tracker Pen -24.58 -1.03 6.63
FTSE AllSh TR GBP -22.25 0.01 7.65
ABI UK All Companies -24.05 -1.02 6.38
Winterthur Schroder Equity Pen -22.52 -0.75 6.75
FTSE AllSh TR GBP -22.25 0.01 7.65
ABI UK All Companies -24.05 -1.02 6.38

Notes

  1. Performance figures are net of additional fund management charges.
  2. The value of unit-linked investments can fall as well as rise.
  3. Past performance is no guarantee of future returns

Source: Morningstar

© The Pensions Regulator