Regulator launches whistleblowing code
The Pensions Regulator commenced operations in April by issuing its first code of practice. This covers the duty of those involved with pensions to report breaches of the law. It has also published guidance on how to comply with the code, building on the framework developed by OPRA. We examine the main points of the code and the guidance.
|
The Pensions Regulator has commenced operations by publishing its first code of practice, which covers reporting breaches of the law, together with accompanying guidance.
A wide group of people involved in the administration and management of pensions arrangements, or in advising schemes, now have a statutory duty to report breaches of the law and failures to comply with any duties relevant to the administration of the scheme.
The two key factors to be considered when deciding whether make a report to the regulator are whether there is reasonable cause to believe a breach has occurred and if the breach is of material significance.
The code and guidance build on the traffic-light framework for reporting breaches developed by Opra, which groups breach scenarios into red, green and amber situations depending on the degree of seriousness of the breach.
Organisations are responsible for ensuring that those with reporting duties are properly trained so that they are familiar with the law relating to their own areas of work and also that appropriate procedures are in place for reporting breaches.
|
Before the implementation timetable for the Pensions Regulator's codes of practice was disrupted by a general election, it managed to complete all the stages necessary for its first code1 - covering whistleblowing - to be approved. The code adopts the approach taken by the regulator's predecessor, the Occupational Pensions Regulatory Authority (Opra), in recent years, so contains no real surprises.
The duty to report breaches was first imposed by the Pensions Act 1995. This distinguished between statutory whistleblowers (actuaries and auditors, with a duty to report to Opra) and voluntary whistleblowers (other professional advisers and people involved in the management of schemes, who were permitted to whistleblow (OP, September 1995)). This distinction is not retained in the Pensions Act 2004, which imposes a duty to report on a wide group of professionals involved with pensions schemes, as well as on trustees and employers.
Box 1 sets out the statutory requirements concerning who must report breaches and when they should make a report. The code of practice, together with separate guidance, provides the details of how and in what circumstances the obligation to report should be exercised. We highlight its main points below.
Duty to report
Compared with Opra's guidance on reporting breaches contained in its Notes, the Pensions Regulator's code of practice is short. The stated purpose of the code is to "provide practical guidelines on the requirements of the legislation and set standards of conduct and practice expected". The standard required, according to the code, is that of a well-run pension scheme. This is not explained further.
The code stresses that there are no penalties for failing to comply with its provisions (although there are for not complying with the legislation on which it is based). But the code may be used as evidence by a tribunal or court in determining whether legal requirements have been met.
Those with a duty to report (see box 1) are designated "reporters" in the code. Reporters are expected to understand the legal requirements in their own field of activity. The code points out that the requirement to report not only arises when an enactment or rule of law, such as a decision reached in a legal case, has been breached, but also if a duty that is relevant to the administration of the scheme has not been complied with.
The term "administration of the scheme" is wider than just the normal tasks involved in running the scheme. It includes funding, investment policy and indeed "anything which could potentially affect the members' benefits or the ability of members and others to access the information to which they are entitled".
To report or not to report
When making the decision whether to report to the regulator, the code states the reporter should consider whether there is reasonable cause, rather than just a suspicion, to believe that a breach has occurred, and whether the breach is likely to be of material significance to the regulator.
Four things are likely to affect the significance of the breach according to the code:
the cause of the breach - for example, whether it arises from dishonesty or poor governance, or is just an isolated incident;
the effect of the breach - that is, whether it contravenes the Pensions Regulator's objectives, namely to protect the benefits of scheme members, reduce the risk of calls on the Pension Protection Fund and to promote the good administration of schemes;
the reaction of scheme trustees or other relevant parties to the breach - for example, whether the trustees are taking prompt and efficient action to remedy the breach; and
the wider implications of the breach.
Those with reporting duties are expected to have procedures in place that will enable them to identify breaches and make judgments on whether, if breaches have occurred, they need to be reported. Although the code does not prescribe a procedure, it sets out details of the features the Pensions Regulator would expect a satisfactory procedure to contain. There is a standard form available on the regulator's website2 that the code states should be used wherever possible for reporting breaches. Reports may also be made electronically.
To help reporters, the guidance on complying with the duty to report breaches contains a decision tree, which is reproduced in box 2. This clearly sets out the steps to be followed when deciding whether to make a report. The only matter it does not cover is timing. Reports should be made as soon as is practicable. It suggests that the more serious the suspected breach the sooner the regulator should be informed of the problem.
Organisations are responsible for ensuring that staff receive adequate training to recognise breaches of the law. The code also points out that, although the duty to report overrides any other duties, such as confidentiality, it does not affect the "legal privilege" rule. The code explains that this means that written and oral communications between a professional legal adviser and a client, or a person representing that client while obtaining legal advice, do not have to be disclosed.
Traffic-light framework adopted
The Pensions Regulator has decided to continue with the traffic-light framework first developed by Opra. This groups possible breaches into three categories:
"red" breach situations are always of material significance to the regulator and must be reported - these include breaches caused by dishonesty, those with significant impact and those where inadequate steps are being taken to put things right;
"green" breach situations are of no material significance. They are not the result of dishonesty or have little impact and steps are being taken to rectify matters - these do not have to be reported, but they must be recorded; and
"amber" breach situations are where the reporter has to make a judgment, considering the context of the breach, and decide whether it is significant enough to have to be reported.
The guidance provides examples of breaches that may fall into each category, together with reasons for its categorisation. The red and green examples are straightforward. As well as obvious cases of dishonesty, red breaches can include a failure of the trustees of defined-benefit schemes to review investment policy following major scheme changes and a persistent failure to obtain accounts by the appropriate deadline.
Green breaches include occasional lapses in otherwise well-run schemes, such as producing audited accounts just outside the seven-month deadline. Examples of amber breaches are set out in a table in the guidance with lists of factors that would influence whether a report is necessary. To illustrate the considerations taken into account, box 3 reproduces the section of the table regarding failures to observe the requirements of scheme provisions.
Reporter's responsibility
The code places the onus on reporters to decide whether a reportable breach has occurred. If the reporter is uncertain, legal advice must be sought, as shown in the decision tree in box 2. The regulator will not consider the matter until the report is made. Once the regulator receives a report of a breach, it has discretion over whether to take action and on the action to be taken.
Failure to comply with the obligation to report breaches of the law without "reasonable excuse" is a civil offence. The regulator has the power to decide whether a reporter has "reasonable excuse" and will look at factors including training of reporters and any legal advice received in reaching a decision.
Overall, the code is written in a straightforward manner. The guidance is available on the internet as a set of separate sections referring specifically to certain paragraphs in the code, and also as a pdf. It is relatively easy to cross-refer between the two documents. Over time the regulator may need to extend the lists of situations under each of the traffic light colours because the present examples are limited. Reporters would probably prefer this so that they do not have to keep seeking legal advice in every case where there is an element of uncertainty.
An important aspect of scheme administration not dealt with by the code or the guidance is late payment of contributions. A separate code is being produced to cover this, on which the consultation process has started (See Regulator tackles late payment of pension scheme contributions ).
1 "Code of practice no.1: Reporting breaches of the law" and "Guidance: Complying with the duty to report breaches of the law", available from the Pensions Regulator's website (www.thepensionsregulator.gov.uk ) via "Codes and guidance" (for the code go via "Codes in force").
2 At www.thepensionsregulator.gov.uk via "online services".
Box 3: Example of an amber breach situation
A failure to observe the requirements of the scheme's provisions.
|
Aspect |
Factors tending to make a report unnecessary (green factors) |
Factors tending to make a report necessary (red factors) |
|
Cause |
An inadvertent error. Acting on advice which later turns out to have been wrong.
|
Acting (or failing to act) in the full knowledge that doing so contravenes the scheme's provisions. Failing to take advice when it would have been reasonable to have done so, such as when granting augmentations or discretionary benefits. |
|
Effect |
No significant effect on members' benefits or their security. |
A significant worsening of security for some classes of members. |
|
Reaction |
Trustees taking corrective action. |
Trustees not taking action to correct, even where new advice indicates such action is needed. |
|
Implications |
|
One or more of the trustees may not be a fit and proper person to take on that responsibility. |
Source: "Guidance: complying with the duty to report breaches of the law", the Pensions Regulator.
|
This feature is based on Code of practice
no.1: Reporting breaches of the law and Guidance: Complying with
the duty to report breaches of the law, and on archived Opra Notes available on the Pensions
Regulator's
website. |
