Pension administration has often been viewed as the ‘poor relation’ in the hierarchy of pension trustee relationships, but pension schemes exist to pay members their benefits in accordance with the scheme rules and a trustee’s key responsibility is to safeguard these benefits. So, perhaps it’s not surprising The Pensions Regulator (TPR) recognises pensions administration is an important area of scheme governance.
TPR’s new general code has no fewer than ten modules under the heading of ‘administration’ and a further eleven under ‘communications and disclosure’ which affect pension scheme administrators, as well as one module under ‘reporting to TPR’.
The first module on scheme administration is very much directed at pension trustees, as they may delegate administration to a third party or an in-house team, but not the responsibility for it. This requires trustees to maintain sufficient knowledge and understanding of administration. To do this, trustees need to have a good line of communication with their administration team. They should make sure the regular stewardship reports they receive contain the information they need to monitor the performance of the administrators. Ideally the scheme administrator should also attend quarterly trustee or sub-committee meetings to present the administration reports, discuss developments and highlight any issues.
As well as the overarching first module, there are a further nine subsidiary administration modules under the sub-headings of ‘information handling’, ‘IT’ and ‘contributions’. These go into detail about TPR’s expectations.
For example, the module on ‘financial transactions’ states that pension trustees should ‘understand procedures and controls the administrator operates to ensure that financial transactions are processed promptly and accurately’. Therefore, pension trustees should be asking their administrator to explain their procedures and controls, confirm their SLA performance relating to the financial transactions and confirm compliance with regard to governance processes and IT systems on an annual basis.
The compliance requirements are likely to be fairly detailed and comprehensive as they must cover all nine subsidiary administration modules, as well as the other twelve (under ‘communications and disclosure’ and ‘reporting to TPR’).
Pension scheme administrators should already have this on their radar and, given the recent publication of the general code, should now be seeing it as a priority.
In addition, there are other key areas where more information is needed from administrators, such as checks on their cyber credentials. What are their cyber security controls? Do they have Cyber Essentials accreditation from the National Cyber Security Centre? What testing do they undertake and how regularly? What issues have been identified and how are they being resolved?
Pension trustees also need to ensure the scheme administrator’s annual internal controls report (AAF01/06) is reviewed and, if it is qualified by the AAF auditor, the matters raised should be investigated further with the administrator.
To sum up, most administrators will already be carrying out most of the tasks laid out in TPR’s modules, and these will be included in their administration contracts. However, many of these tasks form part of the key internal controls which pension trustees will need to review in their triennial ‘own risk assessment’. This assessment will require evidence of compliance – hence the need for administrators to provide this confirmation on a timely basis to trustees.
To help new pension trustees get up to speed, we’ve produced an easy to read pocket guide to pensions administration which covers the key points.
If you have any questions, or want to find out more, please get in touch with the author Gillian Graham.
Please note, this article first appeared on Professional Pensions: The admin requirements of the single code.
