It’s coming home …

Last week saw the publication of not one, but two separate guidance documents for pension schemes on the subject of ‘fraud’ – one from the Pensions Research Accountants Group (PRAG) for trustees – the other from the Pensions Administration Standards Association (PASA), aimed at administrators.

As the publication of these guides may struggle to compete for attention with Euro 2020, and given the serious nature of pension fraud, hopefully the blatantly misleading title of this blog has at least piqued your interest.

The guides are deliberately intended to be aligned and there is overlap between them. One way to distinguish is to think of the former as questions for trustees to ask their administrators and the latter as answers that administrators should be able to provide to trustees.

The PRAG guidance notes the types of fraud that pension schemes may suffer, and how schemes can manage the risks of pension fraud. The guidance is primarily intended for pension scheme trustees to help them consider where the fraud risks may lie in their schemes. Key points include:

• Broadly, fraud can be defined as dishonest conduct, intended to make a gain, or cause a loss or the risk of a loss to another.
• With large sums of money held for beneficiaries, pension schemes are attractive to fraudsters.
• Since 2007 the cost of fraud generally has risen by over 50%, and, since the advent of COVID-19 and related restrictions and changes, the incidence of fraud has risen by a further 21%.
• The PRAG guidance looks across the range of types of fraud and includes case studies covering investment and misappropriation risks; identity fraud; opportunistic pension fraud; fraud affecting administrators; and fraud against beneficiaries (e.g. pension scams).
• The guidance considers what can be done and sets out trustee ‘legal duties’, with guidance on ‘understanding vulnerability to fraud’ and ‘ensuring your organisation is resilient to fraud’.

In the PASA guidance, the point is made that pensions fraud affects people at a time of life when sources of income become more limited and the chances of financial recovery are reduced. The amount of fraud protection per £1 spent by the pensions industry is less than banking. Fraud across all sectors of the economy has been estimated to cost the UK £190 billion a year – the pensions sector specifically is estimated to lose over £6.2 billion a year, and fraud can affect beneficiaries directly and indirectly.

What can be done?

The Pensions Regulator (TPR) has published a consultation on it its new draft combined code of practice, which sets out how it expects trustees to comply with their legal duties of governance and administration. The draft code specifically cites fraud as a risk to consider when operating internal controls and effective systems of governance.

Also, trustees (and others) must report to TPR when they reasonably believe that there has been a breach of the law that affects their scheme.

Trustee also have duties in relation to combatting pension scams, including prospective new powers for trustees to stop some transfer values from going ahead and the risk of maladministration claims being made to the Ombudsman where there is insufficient due diligence before paying a transfer.

Administrators should put good governance in place: assess risks, identify vulnerabilities and tailor defences accordingly; ensure data is secure; be aware of, and adapt to, emerging threats and issues; be ready to respond to incidents of fraud; understand the circumstances in which a relevant regulator may need to be notified; learn from incidents of fraud (both against particular administrator and also across the industry) to ensure vulnerabilities are minimised; and seek specialist legal, regulatory and other (for example, cyber) advice on issues facing their businesses.

Vulnerability and resilience

Both trustees and administrators need to understand how vulnerable they are to fraud and assess their resilience. Helpfully, the guides provide a series of questions they should ask of themselves and their suppliers, including:

• Do we and our suppliers understand the different types of fraud which may take place?
• Do we and our suppliers understand the extent of the risk of fraud and the cost of fraud?
• Do we and our suppliers understand the vulnerabilities of our systems and our beneficiaries in respect of fraud?
• Do we consider fraud and how we can minimise the extent of fraud and its impact?
• Do we have access to the right forensic and legal expertise to achieve this?
• Do we have the right level of resource in place as part of a comprehensive control framework?
• Do we have the right relationships in place with other bodies such as regulators, the police and our insurers?
• What do we do to create the right anti-fraud culture of integrity and to deter dishonest behaviour?
• Do we have strong internal controls in place (e.g. concerning identity verification, segregation of duties, dual authorisation for payments, independent reporting, etc. and other measures) to prevent fraud?
• What do we do to detect fraud?
• Do we and our suppliers have a clear plan of how we will respond if fraud is detected?