At the start of the summer, The Pensions Regulator published a report on the findings of its recent engagement with 10 Local Government Pensions Scheme Funds.

This report followed the Regulator’s Public Service Governance and Administration Survey 2018 which had highlighted concerns around governance, record keeping and member communication, and a general feeling that improvements that had been made across the Local Government Pension Scheme were slowing down.

The engagement report, in line with this survey, found four key areas for improvement:

  • key person risk;
  • pension board management;
  • protecting members from scams; and
  • handling employer-related risks.  

In light of these findings, the report indicated that there may be an increase in regulatory engagement over the coming year. With this in mind, it may be necessary to address whether changes are needed within your scheme and whether resources are being used efficiently to ensure the required actions can be taken. While this report was concerned with the Local Government Pension Scheme, its findings are not necessarily unique to Local Government Pension Scheme funds. The areas of concern and the practical steps suggested below are relevant to ensuring other schemes are run well and serve and protect their members appropriately. 

Taking Action

Key-person risk: The Regulator found that some schemes lacked comprehensive, well-documented policies and procedures and were over-reliant on local authority controls with little interaction between the scheme manager and the local authority. This was noted as being particularly key to cybersecurity, as the Regulator’s initial survey found that around half of participating schemes had experienced a cyber breach or attack in the last 12 months.

Action

  • Does your scheme have well-documented policies and procedures in place to cover all situations the scheme may encounter? For example, do you have clear policies in place around security and fraud, the exercise of discretion, and dealing with member complaints? Are your policies reviewed regularly to take account of legal updates and your own experience?  Do changes need to be implemented to ensure that these steps are taken?
  • Have you addressed cybersecurity and its risks and drawn up a plan, tailored to your scheme to manage the risk? Do you carry out regular, independent penetration testing? Where a local authority maintains cybersecurity, are you aware of the relevant requirements and what you must do to meet them?

Pension boards: The Regulator’s survey found that only 50% of public service schemes have held more than four pension board meetings in the last 12 months and the high turnover of board members raises questions about whether the required level of knowledge and understanding is well-documented. The Regulator’s engagement with funds showed that some boards showed little appetite for reviewing full documents and were reliant on reduced summaries, thereby leading the regulator to address how such boards could effectively fulfil their function.

Action

  • Is the board engaged with the scheme or is more training required? Is the board aware of the member data held by the scheme and is the board having regular input to ensure member data is of good quality? Does the board have good oversight of potential risk areas? Have steps been taken to ensure good working relationships between the Board and scheme managers and administrators?
  • Have you carried out a recent audit of board meetings to ensure the meetings are sufficiently regular and all relevant issues are being discussed thoroughly?
  • Is there work you can do to maintain stability amongst the board – talk to leaving members, request a minimum period of tenure etc? Do you have an established method for appointing pension board members?
  • Do you have a procedure in place to deal with ineffective board members?

Fraud/scams: The Regulator’s report highlighted the fact that pension schemes hold large amounts of personal data and assets, which can make them a target for fraudsters and criminals. The Regulator indicated that more should be done to protect members from scams.

Action

  • Do you have clear procedures in place to protect members from scams? Are these procedures reviewed regularly to take account of the changing nature of fraud risks? Do you have a policy in place to differentiate between a potential fraud and an honest mistake?
  • Are all paper records held securely to prevent the risk of loss or misappropriation?
  • Do members know what to do if they suspect a scam or have become a victim of one?

Employers: There was a sizeable variance when addressing the risks facing employers, i.e. in receiving contributions and employer insolvency. 

Action

  • Do you have a risk register in place to cover all potential risk areas? Is this risk register being regularly reviewed by the board?
  • Are all procedures to identify and mitigate risks documented in writing? Do all staff involved with the scheme know where this information can be found?
  • Are you recording all decisions taken to address risks in a central place?
For more information 

If you would like any further information on these issues, please contact Alice Kinder in our employment and pensions team.