Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.


This website requires cookies. Your browser currently has cookies disabled.

How to report


Early draft of the code of practice

This code is not in force yet. It is an early version for the new code of practice consultation.

To give us feedback on issues such as the design, usability and navigation of this code, email us at

You can also read more information about the consultation.

Published: 17 March 2021

Making a report

Reporters should make a report using our online web form, email or by post. We do not accept reports by telephone, but if a reporter discovers a serious breach, they should notify us by telephone before submitting their report in writing.

Reporters should also mark urgent reports as such and highlight any matters they believe are particularly serious.

Breach of law reports must be made to us in writing as soon as reasonably practicableHO1 and in most cases, this should be within 10 working days of the breach being identified. However, reporters may use their judgement as to the application of ‘reasonably practicable’ in their specific circumstances.

The report should include the:

  • full name of the scheme
  • description of the breach or breaches, including any relevant dates
  • name of the employer (in the case of an occupational scheme) or scheme manager (in the case of public service and personal pension schemes)
  • name, position and contact details of the reporter
  • role of the reporter in relation to the scheme

The report should also include:

  • reason the reporter believes breach is of material significance to us
  • address of the scheme
  • type of scheme – whether occupational (defined benefit, defined contribution or hybrid), personal or public service
  • name and contact details of the governing body (if different to the scheme address)
  • pension scheme registration (PSR) number
  • address of employer

There are other requirements placed on those running pension schemes to report to other bodies. Where the duty to report to another body coincides with the duty to report to us, the report to us should include details of the other bodies the matter has been reported to.

We will acknowledge all reports within five working days of receipt. If reporters have not received an acknowledgement from us within five days, they should contact us.

Due to legal restrictionsHO2 on the information we can disclose, we will not keep reporters informed of the steps we are taking to deal with the report, but we may contact a reporter to ask for more information.

If a scheme or an individual is at risk, for example where there has been dishonesty, they should not take any actions that may alert those implicated that a report has been made. Similarly reporters should not delay their report to us, to check whether any proposed solutions will be effective.

Multiple reporters

More than one person may be responsible for reporting the same breach. Those who have a duty to report should be aware this is not automatically discharged by another party reporting the breach.

Where multiple reporters wish to submit a collective report, the reporting procedure must allow for the evaluation of breaches as described in this code of practice and for a report to be made as soon as reasonably practicable.

Where a report has already been made by another party, but as a reporter you hold additional relevant information about the breach, you must submit a further report.

Reporting procedures

Those responsible for reporting breaches, including the governing body, should establish and operate procedures to ensure they are able to meet their legal obligations. Reporters should not rely on waiting for others to report.

We expect the governing body to have:

  • a process for obtaining clarification of the law around the suspected breach where needed
  • a process for clarifying the facts around the suspected breach where they are not known
  • a process for considering the material significance of the breach to us by taking into account its cause, effect, the reaction to it, and its wider implications, including dialogue within the governing body where appropriate. See also Decision to report.
  • a clear process for referral to a person at the appropriate level of seniority, so decisions can be made about whether to report to us
  • an established procedure for dealing with difficult cases
  • a timeframe for the procedure to take place that is appropriate to the breach and allows the report to be made as soon as reasonably practicable
  • a system to record breaches even if they are not reported to us (the record of past breaches may be relevant in deciding whether to report future breaches, for example it may reveal an ongoing issue)
  • a process for reviewing reporting procedures following any significant changes to the scheme’s governance arrangements

Glossary and legal references


Any person who has a duty to report a breach of law or notifiable event

HO1Section 70 of the Pensions Act 2004
[Article 65 of the Pensions (Northern Ireland) Order 2005]

HO2Section 82 Pensions Act 2004 and Data Protection Act 2018 and the Retained Regulation (EU) 2016/679) (UK General Data Protection Regulation)