Internal controls: Sackers’ response to consultation
Background
Consultation on the draft revised guidance on internal controls was published by TPR on 1 December 2009.
We note that the aim of the present consultation is to encourage and assist schemes, in particular the trustees of smaller schemes, to comply with the requirement under section 249A of the Pensions Act 2004 to establish and operate internal controls. We support this policy aim.
However, we have a number of both general and specific comments on the proposed approach for achieving this aim. These are set out below.
In this response:
- Level of compliance required
- Structure of Guidance
- Application to smaller schemes
- Key messages
- Risks and control procedures
- The trustees’ role
- Consistency
- Disclosure of governance statements
- Adviser conflicts
- Financial risk management
- The employer’s covenant
Level of compliance required
We had understood the “comply or explain” standard of conduct to be the requirement on trustees and others in relation to TPR’s codes of practice (as section 90(5) of the Pensions Act 2004 provides that a code of practice may be admissible in evidence in legal proceedings). Guidance, by contrast, we understood to be designed “to help improve understanding of work-based pension schemes and to promote good practice” as well as in TPR’s own words from the Regulatory section of the TPR website, Guidance is designed “to help trustees, employers and others understand what the law requires”.
The Guidance suggests that trustees will need to follow the methods set out in the Guidance to achieve proper management of internal controls. For example, we note that TPR is suggesting that trustees should be able to “demonstrate application of good practice as identified in this Guidance or explain divergence if they have sought to comply with the law in an alternative way” (paragraph 36 of the draft Guidance). This Guidance suggests that the level of compliance required is akin to that under a code of practice.
If TPR intends the level of compliance usually associated with codes to apply to this Guidance, an alternative would be to include further detail in the existing code of practice. However, we recognise this could make the code itself unnecessarily complex.
If guidance is in fact TPR’s aim, it may be helpful for the Guidance to contain opening statements reminding trustees of their legal requirement to maintain internal controls, referencing the code of practice, and noting that the examples contained in the Guidance are illustrative of good practice. This would then recognise the fact that not all trustees will need to follow every aspect of the Guidance. For example, trustees may wish to design alternative methods for compliance, which achieve the same overall level of internal controls.
Structure of Guidance
In our view, the way in which the Guidance is currently structured makes it difficult for trustees to filter the information which is relevant to them. While some of the information contained in the Guidance is of general relevance to all trustees, some of it will only apply to either DC or DB schemes. For example, information on the employer covenant is only of very limited application to DC schemes.
To ensure that the Guidance is as user-friendly as possible, it would be helpful for TPR to identify in the Guidance the sections relevant to DB and DC (in the same way as proposed for the updated Myners principles). Alternatively, TPR could provide guidance tailored to the benefit design – as for TKU. Such an approach would ensure that trustees can make quick and easy reference to the information which is relevant to them.
We note that the Guidance imports provisions from other aspects of TPR’s codes and guidance, for example, in relation to conflicts of interest. Whilst we appreciate the efforts made to ensure that the Guidance is stand-alone, we wonder whether it would in fact be appropriate to simply include cross-references as this would simplify the Guidance on internal controls significantly. If would also remove the risk of users never reading the detail of the other guidance, if they consider that they have already become familiar with it, having read TPR’s “short” version in this Guidance.
We note that the Guidance is designed to be used as an on-line tool and that it may therefore be easier, when used in this way, for trustees to focus on only those sections which are relevant to them. In our experience, however, it is still common practice for TPR’s Guidance to be printed out, for use as an easily accessible reference tool which may be annotated.
We consider that the Guidance is too long. Consequently, there is a real risk that the Guidance will not be read by TPR’s target audience.
Application to smaller schemes
We note that the Guidance is expressly directed to smaller schemes. This is helpful, as some smaller schemes may not have capacity to develop their own methods for devising appropriate internal controls mechanisms.
TPR’s objectives in relation to small schemes could be achieved by the use of template risk registers and other example documents, (for example, Table 2: Risks and control procedures). Trustees, particularly those of smaller schemes, would be able to use these as a basis for their own internal controls, but would remain free to choose alternative, appropriate methods to comply with their legal internal controls duty should they prefer to do so. Whilst we recognise and support TPR’s efforts to encourage trustees to move away from “box ticking” exercises when monitoring compliance with their legal obligations, for small schemes whose trustees may have limited resources, such tools would provide an invaluable starting point.
There are also a number of suggestions or assumptions made by the Guidance which may not be suitable for smaller schemes, for example, the assumption that all schemes will have a permanent chairman of trustees, (draft Guidance, paragraph 61). In practice, this is not always the case, particularly for small schemes, and indeed may not be appropriate in all cases.
In addition, given the level of detail (and complexity) described in the draft, the Guidance could potentially lead to a perception that it is necessary to have an independent trustee (which could come at the expense of lay trustees who may have a better working knowledge of the scheme and its members). We do not believe this to be a message TPR wishes to impart.
Key messages
There are a number of “key control objectives” to be found throughout the Guidance. It would be very helpful for trustees if these key objectives were collated in an introduction or executive summary towards the beginning of the Guidance. This would help reinforce the key aspects of their legal duty. As drafted, the key objectives are hidden in the detail of the document and could easily be overlooked.
Examples of these we have identified are:
- the rationale (or “mission statement”) for operating internal controls (paragraph 53);
- list of seven key risk areas (paragraph 45);
- trustee self-assessment (paragraph 61);
- security and safe custody of scheme assets (paragraph 139);
- assessment of the adequacy of a scheme’s retirement processes (paragraph 162); and
- managing a member’s retirement process (paragraph 167).
Risks and control procedures
As noted at 13 above, some of the examples contained in the Guidance could be used as the basis of standard form documents for trustees to adapt, which could be very helpful. Table 2 (on page 16 of the Guidance) is one example which could be adapted for use as a sample risk register.
We have the following comments on Table 2 as currently drafted:
- reading across the boxes, the control procedures do not always match the listed risks;
- the suggested control procedures may help identify some of the risks to a scheme, but they do not generally provide assistance in addressing the risks once identified (some examples to this effect would also be helpful);
- the control procedures are also very detailed and prescriptive (having a sample risk register could remove the high level of prescription for those trustees who simply need high level guidance / principles); and
- finally, on a point of detail, it is suggested in Table 2 that the “Chair manages the trustee appointment and retention process to ensure trustees have or can develop the necessary skills”. In our experience, it tends to be the sponsoring employer who has control over the appointment of company trustees under the rules of the scheme, while MNTs are appointed in accordance with the trustees’ arrangements for appointing MNTs.
The trustees’ role
Paragraph 20 of the Guidance states that the trustee duty is expressed as “to act in the best interests of the scheme’s beneficiaries”. As we noted our response to the TPR consultation on conflicts of interest, this may be an over simplification of the legal requirement. In our view, it would be more appropriate to state that the trustees have a duty to “safeguard the interests of the beneficiaries”.
Consistency
The Guidance makes reference to a number of other TPR publications, for example, its recently revised code of practice on TKU. Where this is the case, it is important that messages are consistent. For example, paragraph 52 of the Guidance refers to the need for trustees to be “familiar” with important scheme documents. Whereas under the revised TKU Code, this is expressed as the need for trustees to read such documents “thoroughly”, (paragraph 69 of the TKU Code).
Disclosure of governance statements
Paragraph 33 of the Guidance advises trustees that “voluntary disclosure of a governance statement will help to demonstrate their accountability to members”. We support openness as a means of encouraging good pension scheme governance – often trustees spend a lot of time getting their governance “right”, which members know little or nothing about. However, the context of such a voluntary statement is important. We would be concerned that simply providing members with information on how trustees manage risk (the governance information), rather than the results of managing risk (for example, a statutory money purchase illustration), could be confusing depending on the demographic and financial sophistication of the scheme members concerned.
Adviser conflicts
Paragraphs 72/73 of the Guidance suggest that the onus is on trustees to check what conflicts their advisers may have. These are legitimate concerns of which trustees should be aware. However, we note that many advisers already operate under strict controls from their governing bodies on conflicts. In our view, trustees can justifiably take the external regulation of their advisers into account when considering conflicts in this area.
Financial risk management
Paragraph 102 suggests that certain transactions ought to be signed-off by at least two trustees. This may be problematic for a number of reasons:
- for larger schemes, this approach is not practical as such functions would normally be delegated to a committee or to personnel who have prior authority for processing certain transactions; and
- for smaller schemes, there may not be sufficient trustees to guarantee the availability of two trustees at all times.
The employer’s covenant
Paragraph 107 mentions the “employer’s ability to meet its legal obligations to fund a scheme”. While trustees need to be aware of the employer’s ability to pay, the employer’s “willingness” to pay is also a critical element of the employer’s covenant. It would be helpful to trustees if this aspect were also reflected in the Guidance.
Paragraph 115 lists a number of questions that trustees will be asking when monitoring an employer’s covenant. This is a good list of pertinent questions. However as the Guidance is very long, it may be more appropriate to include this in an appendix to the Guidance, instead of in the main body of the document.
Paragraph 120 refers to continual analysis and evaluation of the employer covenant for material changes. Materiality is the key point here. Users of the Guidance should not be misled into thinking, for example, that every scheme needs to employ external covenant assessment reviews on a regular basis.