This article first appeared on Professional Pensions which can be seen at: The admin requirements of the single code (professionalpensions.com)
Administration has long been the ‘poor relation’ in pension trustee relationships, but pension schemes exist to pay member benefits and a trustee’s key responsibility is to safeguard these benefits. So, perhaps it’s not surprising The Pension Regulator (TPR) recognises administration is an important area of scheme governance.
TPR’s new single code has no fewer than ten modules under the heading of ‘administration’ and a further four under ‘communications and disclosure’ which affect pension scheme administrators, as well as one under ‘reporting to TPR’.
The first module on scheme administration is very much directed at pension trustees, as they may delegate administration to a third party or in-house team, but not the responsibility for it. This requires trustees to maintain sufficient knowledge and understanding of administration. To do this, trustees need to have a good line of communication with their administration team. They should make sure the regular stewardship reports they receive contain the information they need to monitor the performance of the administrators. Ideally the scheme administrator should also attend quarterly trustee or sub-committee meetings, which is now easy to arrange with virtual meetings.
Below the overarching first module, there are a further nine subsidiary administration modules under the sub-headings of ‘information handling’, ‘IT’ and ‘contributions’. These go into detail about TPR’s expectations.
For example, the module on ‘financial transactions’ states pension trustees should ‘understand procedures and controls the administrator operates to ensure that financial transactions are processed promptly and accurately’. Therefore, pension trustees should be asking their administrator to explain their procedures and controls, confirm their SLA performance relating to transactions and confirm compliance with regard to governance processes and IT systems on an annual basis.
This confirmation of compliance will need to be fairly detailed and comprehensive as it must cover all nine subsidiary administration modules, as well as the other five (under ‘communications and disclosure’ and ‘reporting to TPR’).
We’ve raised this with some of the larger pension scheme administrators who have confirmed it’s on their radar but, given the challenges of the transfer regulations and impending dashboards, it’s not surprising this doesn’t have high priority yet.
In addition, there are other key areas where more information is needed from administrators, such as checks on their cyber credentials. What are their cyber security controls? Do they have CyberEssentials accreditation from the National Cyber Security Centre?
Pension trustees also need to ensure the scheme administrators’ annual internal controls reports (AAF01/06) are reviewed and, if they are qualified by the auditor, the matters raised should be investigated further with the administrator.
To sum up, most administrators will be doing most of the tasks laid out in TPR’s modules, which will be included in their administration contracts. However, many of these tasks form part of the key internal controls which pension trustees will need to review in their annual ‘own risk assessment’. This assessment will require evidence of compliance – hence the need for administrators to provide this confirmation (no doubt at additional cost!).
To help new pension trustees get up to speed, we’ve produced an easy to read pocket guide to pensions administration which covers the key points.