Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.


This website requires cookies. Your browser currently has cookies disabled.

How to report

General code in force: 28 March 2024

  1. Those responsible for reporting breaches (see Who must report), including the governing body, should establish and operate procedures to ensure they are able to meet their legal duties. Reporters should not rely on waiting for others to report.
  2. The governing body should have:
    1. a process for clarifying the law around the suspected breach where needed
    2. a process for clarifying the facts around the suspected breach where they are unknown
    3. a process to consider the material significance of the breach, taking into account its cause, effect, the reaction to it, and its wider implications, including dialogue within the governing body where appropriate
    4. a clear referral process at the right level of seniority, so decisions can be made about whether to report to us
    5. an established procedure for dealing with difficult cases
    6. a timeframe for the procedure to take place that is appropriate to the breach and allows the report to be made as soon as reasonably practicable
    7. a system to record breaches, even if they are not reported to us (the record of past breaches may be relevant in deciding whether to report future breaches, for example it may reveal an ongoing issue)
    8. a process for reviewing reporting procedures following any important changes to the scheme’s governance arrangements

Making a report

  1. Reporters should make a report using our online web form, email, or by post. We do not usually accept reports by telephone. If a reporter discovers an urgent breach which is likely to have an immediate and damaging effect for scheme members, they should notify us by telephone before submitting their report in writing.
  2. Reporters should also mark urgent reports as such and highlight any matters they believe are particularly serious.
  3. Those looking to report a payment failure for a defined contribution scheme may wish to consider doing so via our maintaining contributions portal (see our Essential guide to reporting the late payment of contributions).
  4. Breach of law reports must be made to us in writing as soon as reasonably practicable1. In most cases, this should be within 10 working days of the breach being identified. However, reporters may use their judgement and apply ‘reasonably practicable’ to their own circumstances. Consider such factors as the seriousness of the potential breach and its consequences. Where reporters decide a longer reporting time is reasonable, they should record the reasons for this and any evidence in case they need to show this in future.
  5. The report should include the:
    1. full name of the scheme
    2. description of the breach or breaches, including any relevant dates
    3. name of the employer (in the case of an occupational scheme) or scheme manager (in the case of public service and personal pension schemes)
    4. name, position, and contact details of the reporter
    5. role of the reporter in the scheme
    6. reason the reporter believes the breach is of material significance to us
    7. address of the scheme
    8. type of scheme – whether occupational (defined benefit, defined contribution, or hybrid), personal or public service
    9. name and contact details of the governing body (if different to the scheme address)
    10. pension scheme registration (PSR) number if known
    11. address of the employer
  6. There are other requirements placed on those running pension schemes to report to other bodies. Where the duty to report to another body coincides with the duty to report to us, the report to us should include details of the other bodies the matter has been reported to.
  7. We will acknowledge all reports within five working days of receipt. If reporters have not received an acknowledgement from us within five days, they should contact us.
  8. Due to legal restrictions2 on the information we can disclose, we will not keep reporters informed of the steps we are taking to deal with the report, but we may contact a reporter to ask for more information.
  9. If a scheme or an individual is at risk, for example where there has been dishonesty, the reporter should not take any actions that may alert those implicated that a report has been made. Similarly, reporters should not delay their report to us, to check whether any proposed solutions will be effective.

Multiple reporters

  1. More than one person may be responsible for reporting the same breach. Those who have a duty to report should be aware this is not automatically discharged by another party reporting the breach.
  2. Reporters should avoid making duplicate reports where possible. Once we become aware of a breach, we do not typically regard that breach as materially significant for the purpose of making a further report. However, an exception to this is when another reporter has additional information or different information about that breach or the circumstances related to it.
  3. Where multiple reporters wish to submit a collective report, the reporting procedure should allow for the evaluation of breaches as described in this code of practice. The report should be made as soon as reasonably practicable.

Glossary and legal references


Any person who has a duty to report a breach of the law.

1Section 70 of the Pensions Act 2004 [Article 65 of the Pensions (Northern Ireland) Order 2005]

2Section 82 Pensions Act 2004 [article 77 Pensions (Northern Ireland Order 2005] and Data Protection Act 2018 and the Retained Regulation (EU) 2016/679) (UK General Data Protection Regulation)