Trustees' management of service providers: Do you meet the Pensions Regulator's expectations?
The Pensions Regulator has recently published a statement setting out its expectations of trustees with regard to managing their service providers, particularly for services such as scheme administration where a service provider's failure could have major consequences for the scheme. The statement follows recent high profile concerns about companies providing outsourcing services, including pensions administration services. Regulator statements do not have the force of law, but do indicate the standards the Regulator will expect when considering whether trustees have complied with their broader legal duties.
Trustees are legally responsible for the running of their scheme even though services such as administration may have been delegated to someone else. Sponsoring employers, as ultimate funders of their schemes, also have an interest in the risk of claims against the scheme arising from an administrator's failure.
Key points for managing commercial relationships
Some of the Regulator's key expectations are that trustees should:
- review the suitability of service providers before appointing them, considering multiple providers;
- be confident that service providers are operating in accordance with their legal obligations, use service level agreements and regularly monitor the performance of providers;
- take steps to address areas of poor performance;
- have procedures in place, and a clearly documented procedures manual, to enable a continuous service in the event of a change of provider, or provider failure.
Trustees should understand the contract terms
The Regulator expects trustees to be familiar with, and understand the effects of, the terms and conditions of contracts with service providers, including:
- the scope of services;
- the cost;
- the arrangements and procedures if the service provider is changed; and
- any limits on liability.
One of the practical things that trustees can do to plan for and mitigate the risk of service provider failure is to pay attention to the contractual provisions that deal with what happens in this scenario. Trustees should consider whether the provisions around notice periods to terminate are sensible, what happens on a termination, whether the provisions should be modified in the event of a "distressed" termination and what the contract says about handover of relevant data and information for any replacement provider.
Risk management and business continuity planning
The Regulator expects trustees to have a business continuity plan (BCP) in place which sets out what actions should be taken if certain events occur that would affect the running of the scheme. The Regulator expects the failure of a third party provider to be covered in the BCP.
The Regulator also expects trustees to understand their service providers' business continuity arrangements and be confident that they "ease any risks" to member data and benefits. The Regulator suggests trustees may wish to understand who is liable if processes are interrupted by a BCP event or the BCP fails in practice.
The Regulator expects trustees to work with their service providers to address any areas of concern, and to be aware of risks before making a decision to terminate a contract.
The Regulator's statement contains action points both for ongoing relationships with service providers and the appointment of new service providers. Service level provisions need to be drafted in meaningful terms so that trustees have legal recourse against an administrator whose service levels are not up to scratch. Termination provisions are also key. Firstly, it's important that trustees have a clear right to terminate when they need it. Secondly, it's important to have robust provisions dealing with an outgoing administrator's obligation to cooperate with the handover to the new administrator. If an administrator has just been sacked, achieving an orderly handover to its competitor is not necessarily going to be its top priority. Liability caps are also key, as liability caps in standard form contracts can be very low relative to the value of benefits being administered.
Standard T&Cs produced by an administrator are inevitably going to be weighted in the administrator's favour, but trustees should recognise their own bargaining power and negotiate accordingly.
Where there is an ongoing administrator relationship in place, the Regulator's statement is clear that trustees are expected to plan ahead for possible problems, not simply react to problems when they occur. If trustees are currently in the process of reviewing provider contracts from a data protection perspective to ensure they meet the requirements of the GDPR, it may be cost efficient to broaden the scope of the review to also cover the points in the Regulator's statement. Trustees should ensure that an explanation by the scheme administrator of its business continuity plan is put on the agenda for discussion at a trustee meeting.
Scheme administrator failure should already feature on a scheme's risk register as a material risk. Trustees should consider what their risk register currently says on this point and how that compares with the expectations set out in the Regulator's statement.
As a practical point, trustees should make sure that they can quickly access their contracts with all service providers, not just administrators but also actuaries, lawyers, investment advisers, auditors etc. Our recent experience is that our clients increasingly look to us not just for legal advice on specific issues, but also for services that enable them to gain easy access to their documents electronically and to identify key terms quickly.