Module 9 - Administration Flashcards
Why is it important that an administrator has correct plan details and participant information?
- Liability Issues: Complete tax returns/ payroll reports accurately and on time
- Reputational Issues: provide disclosure of directors’ share awards, timely notification to stock market
- Professional Service Levels: deal with queries effectively, track and reconcile shares used
What are the crucial tasks/actions/concerns done by/ relating to an administrator?
- Collection and application of data
- Tax, payment and reporting
- Legal filings
- Data privacy
- Fraud
- Reputation
Why would a company want to use an external administrator?
- Complexity (look for others expertise)
- Cost savings
- Peaks of activity - esp with certain plan types
- Specialist services
What is co-sourcing and what are the advantages and disadvantages?
It is where you don’t have full external admin support/ use a SAAS product
+: Access data everywhere, regular updates, easily scalable
-: Internet connection required, may not be able to restrict data (could have software incompatibility issues), data protection of the software provider is importnat
What are some of the different categories of support that an external administrator can provide (along with examples)?
- Internet Services: Portal for both employees and company, online trading and reporting
- Support Services: Company and employee help centres/ maybe some VIP services
- Implementation: Project management, Manuals/ Guides, Can help facilitate data migration
- Communication: E-comms, Design, Dispatch, translations
- Specialist Services: Trustee services, Tax calculators, Corp transactions, wealth management
Why would a company want to provide financial education to employees?
To improve take up, increase perceived value of a plan, foster loyalty, help retention and create a better sense of community
How do companies provide financial capability?
Seminars, financial health checks, Independent advisor consultation, Telephone helplines
Are there any legal issues to think of surrounding financial education?
Yes - important not to breach the duty of mutual trust and confidence to employees - any info cannot mislead and must be accurate
Only a FCA ‘authorised person’ can give financial advice
Need to consider local legal requirements as well
What is IVR? ATT?
Interactive Voice Response; Automatic Touch Tone
Are there any risks with paperless systems?
Potential legal issues around deductions from salary as some countries require consent “in writing” which is not always clear; Need to consider effectiveness of the paperless systems - will all employees be able to access the systems/ access internet
What are the advantages and disadvantages of using paperless systems?
+: Lower running costs, 24 hour access, environmental benefit
-: set-up costs, data security and risk of email being overlooked
What do you need to check/ do before implementing a paperless system?
Check plan rules, ancillary documents, board/ committee approvals, T&Cs of internet and phone services, HMRC (where relevant)
What is the relationship between the company and the administrator?
Administrator normally acts as agent on behalf of the company, the company is the principal
Anything in the company’s name then the administrator is acting as agent
What are the legal obligations as the administrator as an agent of the company?
Obligations under English law include that the agent must obey the principal’s instructions, act within limits of authority, use reasonable care, avoid conflicts, disclose material facts if things go wrong, account to principal for any of their money
Does the administrator sometimes also act as principal?
Yes, when they are acting in their own name; often includes broking/ dealing services, cashless exercise facilities, savings accounts
Will specify T&Cs for these services
Contract between administrator and company - what needs to be included?
All 4 key elements of contract Fees Termination Services Term Data Protection Change Provisions Force Majeure
What are the key considerations regarding data protection?
Very important!! Previously you could get consent but this changed with GDPR ; you have to find a balance between individual rights and ability of organisation to use data for business
What is the Data Protection Act 2018? Who enforces compliance?
UK data protection regime, sits alongside GDPR as a supplement (does not override it); The Information Commissioner’s Office enforces compliance
GDPR MAIN FACTS
Did GDPR have to be voted in by each state?
May 25 2018
Wanted to make laws throughout EU more consistent
Expanded scope of previous legislation, includes non EU companies that are offering goods/ services in the EU
No it is a regulation so was automatically effective (a directive has to be implemented)
What information does GDPR and the Data Protection Act 2018 focus on?
only concerned with “personal information” - any information relating to an identifiable person either directly or indirectly
GDPR: potential fines and rights of individuals
Up to 4% of annual worldwide turnover of 20m EUR (whichever higher)
Or 2%/10m EUR for less serious offences
Increased rights/ protections for individuals - increased transparency, right to access/rectify/be forgotten
What legal basis is there under GDPR for the processing of data?
Consent (although difficult sometimes), performance of a contract, legitimate interests
Consent is more difficult now under GDPR bc the burden is now higher - consent it is freely withdraw-able and there is a feeling that there is an imbalance between employers and employees
Under GDPR, what information has to be provided to data subjects?
Includes details of data controller, data processor, details of transfer outside of EEA
Company may choose to have one privacy notice or a share plan specific one - companies take different approaches
What does a company need to consider before transferring data outside of the EU/EEA under GDPR?
Under GDPR, you need a legal basis to transfer the data:
- Adequacy Decisions: The European commission has decided that some other countries laws are sufficient (Canada, Switzerland, Japan)
- Binding corporate rules
- Appropriate safeguards
What is the US-EU Privacy Shield?
Introduced in 2016; Additional protections and rights for EU data subjects as the EU is suspicious of the US and their data processing; scrutinized in light of GDPR as it is not compliant - may therefore be changes!
What is the Data Protection Act 2018?
UK legislation, became law on 23 May 2018; closely mirrors GPDR; Offers extra protection in relation to the processing of certain sensitive personal data - explicit consent is required for certain sensitive data; Administrators are subject to the DPA - service agreements should expressly provide for compliance with the DPA
DPA 2018: What are the main principles?
Require that personal data must:
- Be processed fairly and lawfully
- Be processed only for one or more specified legal purposes
- Be adequate, relevant and not excessive for the purposes
- Be accurate and kept up to date
- Not be kept longer than necessary
- Be processed in a way that ensures appropriate security
DPA 2018: What are the risks of non-compliance?
Fines (up to 4% of worldwide turnover); employee complains to regulator, subject access request;
Regulator has many powers: serve information or enforcement notice, issue undertakings, conduct audits (with or without agreement); issue ‘stop now’ orders; fines, prosecute individuals for criminal offences
Data Privacy: How can a company ensure they are compliant?
- Make sure regulatory notifications are accurate and valid globally
- Provide participants info upfront about processing activities undertaken
- Company has compliant contract with any administrator
- Only process sensitive personal data transfers are compliant
- Make sure all data is accurate, relevant, can be accessed by subjects and deleted when no longer required
- ensure an effective consent provision
Who is the Data Regulator in the UK?
ICO: Information Commissioner’s Office
What is MiFID II?
Markets in Financial Instruments - EU Directive and Regulation; effective 3 January 2018; impacts nominee, custody and dealing services. Increased investor protection, competition across markets, supervisory powers, reporting requirements
How does MiFID II apply to share plans?
Share plan ‘sales’ are caught; administrators need data from their clients to comply and before they can take certain actions, need to put additional processes in place to gather info from participants
What happens if a participant dies?
Always check the plan rules! Usually a good leaver, need to check plan rules: allow for vesting or exercise, are performance conditions waived or award pro-rated, who can exercise / receive shares (usually ‘personal representative’)
Would also need to consider foreign rules if they apply
Plan rules might want the PR to give evidence of their role (might ask to see UK Grant of Probate/Will or Letters of Administration if there is no will)
If a participant dies are awards taxable?
Normally there is no income tax payable (slight quirk with SIPs - Partnership and Div shares); Usually market value would form part of estate so there might be inheritance tax to pay.