Module 9 - Administration

Question 1

Why is it important that an administrator has correct plan details and participant information?

Answer 1

• Liability Issues: Complete tax returns/ payroll reports accurately and on time
• Reputational Issues: provide disclosure of directors’ share awards, timely notification to stock market
• Professional Service Levels: deal with queries effectively, track and reconcile shares used

Question 2

What are the crucial tasks/actions/concerns done by/ relating to an administrator?

Answer 2

• Collection and application of data
• Tax, payment and reporting
• Legal filings
• Data privacy
• Fraud
• Reputation

Question 3

Why would a company want to use an external administrator?

Answer 3

• Complexity (look for others expertise)
• Cost savings
• Peaks of activity - esp with certain plan types
• Specialist services

Question 4

What is co-sourcing and what are the advantages and disadvantages?

Answer 4

It is where you don’t have full external admin support/ use a SAAS product

+: Access data everywhere, regular updates, easily scalable
-: Internet connection required, may not be able to restrict data (could have software incompatibility issues), data protection of the software provider is importnat

Question 5

What are some of the different categories of support that an external administrator can provide (along with examples)?

Answer 5

• Internet Services: Portal for both employees and company, online trading and reporting
• Support Services: Company and employee help centres/ maybe some VIP services
• Implementation: Project management, Manuals/ Guides, Can help facilitate data migration
• Communication: E-comms, Design, Dispatch, translations
• Specialist Services: Trustee services, Tax calculators, Corp transactions, wealth management

Question 6

Why would a company want to provide financial education to employees?

Answer 6

To improve take up, increase perceived value of a plan, foster loyalty, help retention and create a better sense of community

Question 7

How do companies provide financial capability?

Answer 7

Seminars, financial health checks, Independent advisor consultation, Telephone helplines

Question 8

Are there any legal issues to think of surrounding financial education?

Answer 8

Yes - important not to breach the duty of mutual trust and confidence to employees - any info cannot mislead and must be accurate
Only a FCA ‘authorised person’ can give financial advice
Need to consider local legal requirements as well

Question 9

What is IVR? ATT?

Answer 9

Interactive Voice Response; Automatic Touch Tone

Question 10

Are there any risks with paperless systems?

Answer 10

Potential legal issues around deductions from salary as some countries require consent “in writing” which is not always clear; Need to consider effectiveness of the paperless systems - will all employees be able to access the systems/ access internet

Question 11

What are the advantages and disadvantages of using paperless systems?

Answer 11

+: Lower running costs, 24 hour access, environmental benefit
-: set-up costs, data security and risk of email being overlooked

Question 12

What do you need to check/ do before implementing a paperless system?

Answer 12

Check plan rules, ancillary documents, board/ committee approvals, T&Cs of internet and phone services, HMRC (where relevant)

Question 13

What is the relationship between the company and the administrator?

Answer 13

Administrator normally acts as agent on behalf of the company, the company is the principal

Anything in the company’s name then the administrator is acting as agent

Question 14

What are the legal obligations as the administrator as an agent of the company?

Answer 14

Obligations under English law include that the agent must obey the principal’s instructions, act within limits of authority, use reasonable care, avoid conflicts, disclose material facts if things go wrong, account to principal for any of their money

Question 15

Does the administrator sometimes also act as principal?

Answer 15

Yes, when they are acting in their own name; often includes broking/ dealing services, cashless exercise facilities, savings accounts

Will specify T&Cs for these services

Question 16

Contract between administrator and company - what needs to be included?

Answer 16

All 4 key elements of contract
Fees 
Termination
Services
Term
Data Protection
Change Provisions
Force Majeure

Question 17

What are the key considerations regarding data protection?

Answer 17

Very important!! Previously you could get consent but this changed with GDPR ; you have to find a balance between individual rights and ability of organisation to use data for business

Question 18

What is the Data Protection Act 2018? Who enforces compliance?

Answer 18

UK data protection regime, sits alongside GDPR as a supplement (does not override it); The Information Commissioner’s Office enforces compliance

Question 19

GDPR MAIN FACTS

Did GDPR have to be voted in by each state?

Answer 19

May 25 2018
Wanted to make laws throughout EU more consistent
Expanded scope of previous legislation, includes non EU companies that are offering goods/ services in the EU

No it is a regulation so was automatically effective (a directive has to be implemented)

Question 20

What information does GDPR and the Data Protection Act 2018 focus on?

Answer 20

only concerned with “personal information” - any information relating to an identifiable person either directly or indirectly

Question 21

GDPR: potential fines and rights of individuals

Answer 21

Up to 4% of annual worldwide turnover of 20m EUR (whichever higher)
Or 2%/10m EUR for less serious offences

Increased rights/ protections for individuals - increased transparency, right to access/rectify/be forgotten

Question 22

What legal basis is there under GDPR for the processing of data?

Answer 22

Consent (although difficult sometimes), performance of a contract, legitimate interests

Consent is more difficult now under GDPR bc the burden is now higher - consent it is freely withdraw-able and there is a feeling that there is an imbalance between employers and employees

Question 23

Under GDPR, what information has to be provided to data subjects?

Answer 23

Includes details of data controller, data processor, details of transfer outside of EEA

Company may choose to have one privacy notice or a share plan specific one - companies take different approaches

Question 24

What does a company need to consider before transferring data outside of the EU/EEA under GDPR?

Answer 24

Under GDPR, you need a legal basis to transfer the data:

• Adequacy Decisions: The European commission has decided that some other countries laws are sufficient (Canada, Switzerland, Japan)
• Binding corporate rules
• Appropriate safeguards

Question 25

What is the US-EU Privacy Shield?

Answer 25

Introduced in 2016; Additional protections and rights for EU data subjects as the EU is suspicious of the US and their data processing; scrutinized in light of GDPR as it is not compliant - may therefore be changes!

Question 26

What is the Data Protection Act 2018?

Answer 26

UK legislation, became law on 23 May 2018; closely mirrors GPDR; Offers extra protection in relation to the processing of certain sensitive personal data - explicit consent is required for certain sensitive data; Administrators are subject to the DPA - service agreements should expressly provide for compliance with the DPA

Question 27

DPA 2018: What are the main principles?

Answer 27

Require that personal data must:

1. Be processed fairly and lawfully
2. Be processed only for one or more specified legal purposes
3. Be adequate, relevant and not excessive for the purposes
4. Be accurate and kept up to date
5. Not be kept longer than necessary
6. Be processed in a way that ensures appropriate security

Question 28

DPA 2018: What are the risks of non-compliance?

Answer 28

Fines (up to 4% of worldwide turnover); employee complains to regulator, subject access request;
Regulator has many powers: serve information or enforcement notice, issue undertakings, conduct audits (with or without agreement); issue ‘stop now’ orders; fines, prosecute individuals for criminal offences

Question 29

Data Privacy: How can a company ensure they are compliant?

Answer 29

• Make sure regulatory notifications are accurate and valid globally
• Provide participants info upfront about processing activities undertaken
• Company has compliant contract with any administrator
• Only process sensitive personal data transfers are compliant
• Make sure all data is accurate, relevant, can be accessed by subjects and deleted when no longer required
• ensure an effective consent provision

Question 30

Who is the Data Regulator in the UK?

Answer 30

ICO: Information Commissioner’s Office

Question 31

What is MiFID II?

Answer 31

Markets in Financial Instruments - EU Directive and Regulation; effective 3 January 2018; impacts nominee, custody and dealing services. Increased investor protection, competition across markets, supervisory powers, reporting requirements

Question 32

How does MiFID II apply to share plans?

Answer 32

Share plan ‘sales’ are caught; administrators need data from their clients to comply and before they can take certain actions, need to put additional processes in place to gather info from participants

Question 33

What happens if a participant dies?

Answer 33

Always check the plan rules! Usually a good leaver, need to check plan rules: allow for vesting or exercise, are performance conditions waived or award pro-rated, who can exercise / receive shares (usually ‘personal representative’)
Would also need to consider foreign rules if they apply
Plan rules might want the PR to give evidence of their role (might ask to see UK Grant of Probate/Will or Letters of Administration if there is no will)

Question 34

If a participant dies are awards taxable?

Answer 34

Normally there is no income tax payable (slight quirk with SIPs - Partnership and Div shares); Usually market value would form part of estate so there might be inheritance tax to pay.