Paul McGlone says the challenges of cyber risk and GDPR are leading trustees to ask how they are protected if something goes wrong - but the answers are not always simple
Trustee liability insurance isn't particularly exciting - many pension schemes don't bother with it. But with the twin challenges of cyber risk and General Data Protection Regulations (GDPR) it is attracting a lot more attention.
Schemes hold huge amounts of personal data, have a regular and large flow of financial transactions, and can face reputational issues. So trustees and companies are asking questions about how they are protected if something goes wrong. The answers are not always simple.
What is and isn't covered?
At a high level, trustee liability insurance works on the basis of claims against the trustees. If a member is financially impacted and makes a claim against the trustees, the cover kicks in. If there is no claim, then you have no cover.
For example, if data is compromised by a cyber-attack and the trustees embark on a communication exercise and offer credit checks, this is not normally covered, as there is no claim. Similarly, if cashflows are intercepted by a hacker, then unless there is a claim from someone - which could be the case in a defined contribution (DC) scheme - then there is no insurance cover for the lost assets or the costs of investigating the loss. Both examples can be covered, either by a cyber policy/extension or by a crime policy/extension, but that requires an active decision by the trustees.
With GDPR the position is more positive. Liabilities arising from the new GDPR are generally covered by trustee liability insurance, including civil fines and penalties. However, it is possible that premiums may rise in 2017/18 as the size of potential losses increases. We expect underwriting questions to be more detailed, checking that trustees are taking the relevant steps.
Pricing and policy structure
Trustee liability insurance is competitively priced. Premiums are calculated based on fund assets, number of members and cover limit, but an indicative cost for a typical scheme is around £1,000 per annum per £1m of cover. Schemes need to decide their appropriate cover limit, but typically a scheme might have a cover limit of 5% of assets, which translates into a premium of just £50 per annum per £1m of assets.
Perhaps more complex is how to structure the policy. Integration with other trustee protection can be messy. Trustees may have protection through exoneration under the deed or indemnification by the sponsor. But provisions vary between schemes, and understanding how trustee liability insurance fits with other protections is important.
It is also important to consider whether to use a standalone policy or one linked to the sponsoring employer. It is common for sponsors to add trustee liability insurance onto their own directors and officers insurance policies. But while these policies may be easier to arrange (and the sponsor may pay for them), they may not have the relevant cover if the trustees have not been directly involved. Limits could also be compromised by other claims on that policy, so care is needed.
Finally, cover for professional trustees needs to be considered. Normally they will be covered elsewhere, and most have their own cover under a professional indemnity or errors and omissions policy, but there is a range of approaches.
Time for review
Trustee liability insurance relates to all types of schemes - large and small, defined benefit (DB) and DC. Larger schemes have more financial exposure, smaller schemes may have poorer controls. While DB schemes have greater assets, DC schemes have more transactions. All trustees need to revisit whether they need trustee liability insurance, and - as the risks change - whether the type of cover also needs to change.
Paul McGlone is partner at Aon
Tim Shepherd and Beth Brown look at the legal implications of working from home and how pension professionals can mitigate the risks.
Defined benefit (DB) schemes that provide GMPs must revisit and, where necessary, top-up historic cash equivalent transfer values (CETVs) that have been calculated on an unequal basis, a landmark court judgment said last week.
The Pensions Regulator (TPR) has substantially increased the usage of its powers against trustees – posting a sharp rise in the use of formal information gathering powers and High Court production orders during the three months to the end of September....
The Pension Schemes Bill has completed its third reading, crossing its latest hurdle in the House of Commons.
An amendment to the Pensions Schemes Bill which would have seen people given a pre-booked Pension Wise appointment ahead of accessing their retirement savings has been defeated.