Chris Brown, Director, Burges Salmon
|
Hello everyone I'm Chris Brown, a director in the Pensions team here at Burges Salmon and welcome to episode four of season two of the Burges Salmon Pensions Pod.
In this episode we will be discussing governance, the upcoming single code of practice, thinking a bit about cyber and also looking at some update on the new transfer regulations including around scams.
|
Helen Cracknell, Solicitor, Burges Salmon
|
Hi everyone my name is Helen Cracknell, and I'm a solicitor in the Pensions team. So in today's episode we're joined by Andy Prater, a senior associate in our team, who's advising both employers and trustees on a full range of pensions issues. Thanks for joining us, Andy.
|
Andy Prater, Senior Associate, Burges Salmon
|
Hi Helen, hi Chris, thanks for inviting me and delighted to be here.
|
Chris
|
Right so, in episode five of the first series of the Burges Salmon Pensions Pod, which you can find on our website and also on streaming platforms where you listen to the pod, we discussed key aspects of the forthcoming single code of practice and what trustees can do to prepare.
So, Andy, initial question, can you give us an update on where things are with the single code of practice?
|
Andy
|
Yes Chris certainly. So at the moment it's still in draft, we're still waiting for it to be finalised and we've heard different rumours as to when that's likely to happen, but it's looking like it's going to be probably towards the end of the summer but possibly even later in autumn, and then it's not likely to come into force until sometime next year I think.
|
Helen
|
So I guess it's difficult because trustees don't know what the outcome is going to be when it finally is enforced.
In our first pod, as Chris mentioned, we discussed the actions that trustees should be looking to undertake to prepare for the single code coming into force. Burges Salmon have a checklist on this if anyone's interested that we can give out to you if you email us.
But Andy what kind of steps are you seeing schemes take in order to prepare for the single code?
|
Andy
|
In my experience so far trustees are still very much at that initial preparation stage. So lots of the larger schemes have started to work through checklists, they've started to collate the policies that they have in place at the moment, they've started to do an initial gap analysis of some of that material, but it is very much, in my experience, trustee still being at that initial assessment stage at the moment and starting to work through this more generally.
I think some of the smaller boards are probably further behind on that and possibly smaller schemes maybe haven't got so far ahead and then perhaps need to start looking at starting a gap analysis and running through checklists.
|
Chris
|
Andy that's interesting that you mention a gap analysis, because I was in a trustee meeting last week and trustees were saying well that's a hugely significant exercise to review all our policies against the code, which is still in draft, so is there an initial gap analysis or a first level of work that can be done? You were talking about some ground work.
|
Andy
|
Absolutely Chris, I think there is that point, trustees should be looking to work out if they've got things that are completely missing and then that will be probably the area that you need to focus on, or trustee boards need to focus on, to start with. There will certainly be many cases where trustees have got policies which are pretty compliant, maybe completely compliant, so to that extent that's a big tick and a green. Some of the policies will be an amber, and then you'll have red where there's nothing in place or it's significantly deficient, if I could use that word, against the provisions of the new code.
So it very will much be a process going through this to try and work out initially where to focus trustees' attention and that's likely to be in the areas where things are completely missing or to the extent they have reviewed their policy, or they've started to review policies, against the code and realise that it's nowhere near what it needs to be, whether they should update that or perhaps even look to just start again, sometimes it might well be easier to start from scratch rather than update a policy that's very much not what the regulator is looking for.
|
Chris
|
Yes and one place where I suppose new policies might be put in place is around cyber.
So in the recent trustee meetings that I've been in trustees have been focusing on governance, getting ready for the single code of practice, and cyber security has been a big area of focus as well, and of course there's going to be a module on cyber in the single code, so it's right that trustee should be looking at that too.
Have you got any tips for trustees thinking about cyber security and what they could do to prepare?
|
Andy
|
Absolutely. I mean there's quite a few things that trustees can do in relation to cyber. Clearly, as you say, it's a key area of focus at the moment given that schemes have lots of assets and are potentially susceptible to cybercrime. I think initially trustees should probably have a risk assessment in place to work out what the risks are and what they might do about them, trustee training to understand the issues, there should be a policy in place, so either you might have a bespoke cyber security policy.
|
Chris
|
You could build it into your, sorry you were probably going on to say, you can build it into your data protection policy.
|
Andy
|
Absolutely, I suppose it's an extension of the data protection policy but actually I've seen both approaches, I think they both have their merits. There's obviously plenty of other things trustees can be doing as well so, they should be checking their contracts with their third-party providers, they should be thinking about insurance cover, checking your insurance contracts and working out if you've got appropriate cyber cover, and taking advice of course on areas of uncertainty.
|
Chris
|
Yes absolutely and there's an interesting legal point around cyber isn't there, which is that the regulator's publications at the moment are in the form of guidance but when they become in that module in the draft single code their force will be strengthened if you like, because even though codes of practice are not law there is that force behind of code of practice that isn't in the regulators general published guidance, so the regulator's comments on cyber security is being strengthened by the single code.
Helen I can see you wanting to come in.
|
Helen
|
Andy I was just going to say, what are some things that trustees can do if there is a breach?
|
Andy
|
Yes that's a good question Helen. So I think I forgot to mention that trustee should have an incident response plan in place, so that effectively does what it says on the tin, it sets out what the trustees would do if they were to suffer a cyber-breach, and it will include things like initial contact details, he'll take responsibility for running with the with the response etc. So yes it's good to just be prepared so that if the worst happens you can pick up really quickly with actioning any response.
|
Helen
|
Definitely good for everyone involved to have clarity on that as well.
So if we now turn to our second topic, so we wanted to cover a few different topics on governance in this podcast, and the second one was going to be the new transfer regime.
So I'm sure all of our listeners will be aware that in November last year the new transfer regulations came in for statutory transfers, and these give trustees and scheme managers the power to prevent or pause a statutory transfer request if they see evidence of so-called red or amber flags, which are used to indicate an increased risk of a scam. So I've actually, on a few of my clients, had a few queries in the last few months where the transfers were related to the old regime rather than this new regime, but I think now moving forward all of the transfers will be under this new regime and it's certainly from my perspective a lot more onerous on trustees and administrators, there's a lot to think about, and Andy have you seen any more recent material on it from industry bodies?
|
Andy
|
Yes, thanks Helen.
So there's no specific material on interpretation of these regulations, as you say trustees have been grappling with them, they were introduced pretty quickly and it's taken some time for trustees to work out exactly how they want to land in terms of assessing schemes, so there's no updates to the regulations and also I don't think there's any indication on when we will have a review of those regulations, but there have been a couple of recent things that have been published by the regulator in relation to pension scams.
So in the middle of June, TPR, the FCA and Action Fraud published a joint guide calling on the industry to report scams and basically to help the authorities investigate and prosecute scammers and to enable policy makers to further understand how scams are evolving and that guide highlighted a number of things that could be reported to Action Fraud, from the very general names and contact details of individuals and related materials like things like websites and brochures, and also any material that the trustees had assessed as leading to a red or amber flag. So where the trustees have done their due diligence under these new regulations and they've assessed that there is a flag, this could be reported to Action Fraud and then they can start to build a picture as to what's going on in terms of if is there any trend, if you like.
So yes, the guide is helpful because it's a reminder that trustees need to be doing this and also interestingly one thing I picked up from it is that it highlights that the trustee should report to the regulator if they felt that they had to refuse a statutory transfer payment even though all of the requirements were met, so basically the requirements are met and the trustees consider it's a valid request but felt that the warning signs of a scam were so strong for them to be comfortable with any other course of action. So that's quite interesting.
|
Chris
|
It could potentially be not necessarily a difficult decision, but certainly an interesting decision for trustees to go through the process and notice that all requirements are met, but still to feel that there are warning signs and that something is reportable to the regulator, not necessarily straightforward to come to that conclusion.
|
Andy
|
Absolutely it's a tricky area, I've not personally seen that in practice yet. I've had a few cases where trustees have assessed that there could be amber flags present, but I've not got to a point where I've seen a trustee board realise that there was a statutory right to transfer but then feel that they have to refuse it.
|
Helen
|
And it's definitely a hot topic at the moment, everyone's talking about pension scams and I've seen in PLC there's been a liberation fraud case, could you tell our listeners more about that?
|
Andy
|
Yes certainly. So the regulator recently announced that two people had been imprisoned after admitting charges of fraud by abuse of their position as pension scheme trustees, and this was the result of a liberation fraud which happened between 2012 and 2014, so there were around 250 members of various occupational pension schemes which transferred about £14 million into scam arrangements and our listeners will be familiar with pensions liberation I'm sure, but in this case, so cash incentives were paid from individual pots which resulted in high tax charges for the individuals and funds were moved offshore or invested inappropriately. And the defendants had benefited from substantial commission payments.
|
Chris
|
Yes Andy, that's interesting, and I understand this case was reported by the regulator back in April but it's led to a more recent blog from the regulator on scams and fraudulent activity and being alive to that.
|
Andy
|
Yes that's right Chris.
So, as you say, the regulator published this other blog also in mid-June and in that blog the regulator noted that the jail terms that were imposed show how both the regulator and the court will take tough action against scammers, but also that tough prison sentences alone aren't enough to dissuade all scammers and secure pension pots. So again, as part of this blog the regulator was calling on the industry and trustees to make use of their new powers to block transfers and also to make sure that they report any suspected scams.
The blog highlighted that the regulator expects trustees to take a risk-based approach in this regard, and also to refer to its guidance on dealing with transfer requests. And then it also went into some analysis on what the regulator's seeing in terms of risks, so it's not necessarily all just about pure liberation now, the blog noted that they are concerned that there could be slightly more sophisticated ways in which scammers can now target members' retirement pots. So that might be through the promise of high investment opportunity, and then there might be a transfer and once the money's handed over the scammer cuts off contact. But there are also issues with high fees and unsuitable advice, so it's not necessarily pure liberation, the regulator's recognising that there are a few limbs to this and the trustees need to be alive in general to lots of different scenarios.
So there was a general encouragement there for the industry as a whole to get together, to get to know the warning signs, to regularly warn members about the possibility of scams.
|
Chris
|
Yes and for trustees to understand what the transfer check requirements are I suppose is absolutely critically important and for any trustees wanting a neat overview summary of what they are, we've got a practical law summary guide on our website summarising the transfer check requirements as of earlier this year, and there's a neat description of the different requirements with tables there which might help trustees needing to think about transfer checks.
|
Helen
|
There's lots of different strands of governance we're trying to bring together today, obviously scams are a massive issue in the industry at the moment, but also just the importance of trustees being alive to the developments that are taking place quite rapidly and hopefully the single code will draw everything together into one place and make it easier for trustees. But there is a lot of work to be done.
Andy could you end on summarising just three top things that trustees should be doing right now?
|
Andy
|
Yes definitely. So I think in relation to the single code, I think I’ts start and continue with preparation with assessing policies, laying the groundwork to work out the next stage. In relation to cyber, again I think it's prepare if you haven't already, so it's making sure that you've got the policies in place that you need and also to carry out the review of contracts and insurance policies. And in relation to scams, it's making sure that you understand the requirements of the regulations and the powers that trustees have and also to make sure that they're communicating regularly with members to help members make the best decisions that they can.
|
Chris
|
And if I could just add one that probably fits into all three of those, Andy, I think from a governance perspective we say this, and this covers a lot of areas particularly in the theme of good governance, but you know you can't really stress enough the importance of trustees having a good audit for their decision making and for having a paper trail of decisions and usually, because there might be circumstances when you don't want to, but usually reasons why you came to them and things like that.
Thanks ever so much for joining us on the pod it's been great having you with us.
|
Andy
|
Thanks for having me.
|
Chris
|
Thank you for listening to the Burges Salmon Pensions Pod.
If you'd like to know more about our pensions team and how our experts can work with you, you can contact me, Andy or Helen or any of our team via our website. And this episode is the fourth of our second season.
All of our episodes are available on Apple, Spotify or wherever you listen to your podcasts. So don't forget to subscribe, and thanks for listening.
|