aaf 02/07 assurance report · aaf 02/07 assurance report 2018/19 | 2 1. introduction (continued)...

For people, not profit

AAF 02/07 Assurance Report

18 19

Governance controls for master trusts report for the period 1 May 2018 to 31 March 2019

Pension scheme registry number: 12005993

Contents

1 1. Introduction

7 2. Report of the Trustee of The People’s Pension

8 3. Report by reporting accountants

11 4. Summary of control objectives

13 5. Control objectives and procedures

43 Appendix - Letter of engagement

AAF 02/07 Assurance report 2018/19 | 1

1. Introduction

The People’s Pension Trustee Limited (‘the Trustee’) is pleased to present its fourth annual report detailing the governance control procedures relating to The People’s Pension Scheme (‘The People’s Pension’ or ‘the Scheme’) established by the Trustee of the Scheme, that were in place and were operating during the period 1 May 2018 to 31 March 2019.

The People’s Pension is a master trust – a multi-employer workplace pension scheme – founded by B&CE. It has more than 4.4 million members and assets under management of £6bn making it one of the largest master trusts in the UK. It is a flexible and portable workplace pension, open to businesses of all sizes from all sectors.

The Scheme was established on 28 June 2012 by B&CE Holdings Limited (‘the previous Founder’). In December 2018, People’s Financial Services Limited, a wholly-owned subsidiary of the previous Founder, replaced the previous Founder and became the new Founder of the Scheme.

The People’s Pension is governed by the Trustee, who is responsible for running the Scheme and for looking after all the pots of money held within it.

The Trustee has appointed B&CE Financial Services Limited, another subsidiary of the previous Founder, as administrator of the Scheme. B&CE Financial Services Limited is authorised and regulated by the Financial Conduct Authority.

The previous Founder and two of its subsidiaries, B&CE Insurance Limited and B&CE Financial Services Limited, are collectively referred to throughout this document as B&CE.

B&CE is a not-for-profit organisation operating for the benefit of its members, with over 75 years’ experience of providing financial benefits. As at 31 March 2019, B&CE had over 5.8 million members across all its schemes (including The People’s Pension) and managed over £7bn for them.

In August 2019, we were granted master trust authorisation from The Pensions Regulator. As one of the UK’s largest master trusts, authorisation offers peace of mind for our members and employers. But at The People’s Pension we know that this is just the beginning of much closer ongoing regulation of master trust provision – and rightly so. Authorisation and regulation, will leave stronger, well-governed master trusts – like us – in the market to offer better financial stability and protection to pension savers.

The Trustee board was incorporated on 30 May 2012. It is entirely independent of B&CE and its subsidiary companies, including the new Founder.


1. Introduction (continued)

Steve Delo

Chair of the Trustee

Steve Delo is the Managing Director of PAN Governance LLP, an award-winning independent trustee firm, and is a former President of the Pensions Management Institute. Steve has twice been named ‘Independent Trustee of the Year’ by Engaged Investor and been listed as one of the Top 50 people in pensions by Pensions Insight.

His 30 year career has included senior roles in scheme management, consulting, asset management and trusteeship. He now specialises in the governance of large scale pension arrangements. He is a leading independent trustee who has been sitting on major pension scheme trustee boards for the last 11 years. He currently works with a wide range of occupational defined benefit and defined contribution schemes, in most cases acting as chair of trustees, with total assets in excess of £20bn. He sits on three master trust boards – two defined contribution, one defined benefit. He is a Fellow of the Pensions Management Institute.

Chris Fagan

Trustee Director (appointed 1 July 2018)

Chris is an independent trustee and investment specialist with almost 30 years of pensions industry experience. In addition to his role at The People’s Pension, he is Chairman of Trustees at a final salary pension scheme and an Associate Director with Muse Advisory, an independent consultancy, where he advises pension schemes on investment governance.

Prior to his appointment by The People’s Pension, he was a Trustee of the Towers Watson Pension Scheme and worked in Willis Towers Watson’s Investment Advisory and Fiduciary Management teams. He has also led the internal investment team at a major UK pension fund.

Trustee

The People’s Pension Trustee Limited acts as corporate trustee of the Scheme.

Directors of The People’s Pension Trustee Limited

The Directors of the Trustee who served during the period and up to the date of signing are listed below.


Sue Lewis

Trustee Director

Sue is an experienced financial services consumer expert. She chaired the Financial Services Consumer Panel from 2013 to 2018 and is currently a Trustee of a number of charities, including StepChange, Surviving Economic Abuse, and the FairBanking Foundation.

Sue is a member representative on the EIOPA Occupational Pensions Stakeholder Group. She also works with international bodies on financial education, financial inclusion and consumer protection regulation. She was previously a senior civil servant, most recently responsible for savings and investments policy in HM Treasury.

David Maddison

Trustee Director (appointed 31 May 2018)

David has 33 years’ pension industry experience across multiple functions and has been with RPMI Ltd since 1989. He’s a Chartered Director with the Institute of Directors and a fellow of the Pensions Management Institute with a degree in Law.

He has recently retired from RPMI Ltd, the executive arm of the Railways Pension Trustee Company Limited, where he fulfilled a number of senior roles within the business.

David’s also Chairman of Health Shield Friendly Society Ltd, having previously served as non-executive director, which included chairing its business development and investment committee.

Trustee






Alan Pickering CBE

Trustee Director

Alan is Chairman of BESTrustees and is a Trustee of a number of pension schemes, including The Plumbing Industry Pension Scheme.

He has over 40 years’ experience across a wide variety of roles in the pensions industry. He has sat on the board of a number of important industry bodies, including serving as Chair of the former National Association of Pension Funds (now the Pensions and Lifetime Savings Association).

Ruston Smith

Trustee Director (resigned 31 May 2018)

Ruston is the former Group Director – People, Pensions and Insurable Risk at Tesco PLC and now chairs the Tesco Trustee Board. He is also currently the Chairman of GroceryAid. Ruston has won a number of awards, including Trustee of the Year and two for industry achievements.

Trustee







Strong governance is a key feature of The People’s Pension. The Trustee operates a detailed governance schedule. It is committed to exceptional customer service and support and to providing good value for members.

The Trustee has continued to develop its governance model to ensure that Trustee meetings remain effective and focused on key governance matters. The Scheme’s current governance model is shown below:

Duties include:

• Implement Scheme’s investment strategies subject to appropriate advice

• Review investment performance

• Agree asset allocation and maintain the Statement of Investment Principles

The quality of the Scheme has been recognised by the awards won by The People’s Pension and B&CE, as the provider of the Scheme.

• Maintain Trustee’s risk register and mitigate risks

• Monitor the administrator’s performance and service standards

• Review member communications and key Scheme documentation

Trustee

Investment committee

Risk, administration & communications

committee



Exceptions

During the reporting period from 1 May 2018 to 31 March 2019, the following exceptions were identified (see table below). Management responses to each have been included to demonstrate actions to be taken to address these.

Control procedure and nature of exception Management response

Control Objective 6

In accordance with the Trustee Governance Schedule, the Trustee reviews the Fitness and Propriety Policy. This review is recorded in the Trustee meeting agendas and minutes.

Exception - The review of the Fitness and Propriety Policy was not considered by the Trustee at a scheduled Trustee meeting and was therefore not included on a Trustee meeting agenda, in accordance with the Governance Schedule, or within meeting minutes.

Whilst the Fitness and Propriety Policy was not reviewed at a scheduled Trustee meeting, it was circulated for review and Trustee approval in January 2019, outside of a formal Trustee meeting.

Control Objective 24

In accordance with the Trustee Governance Schedule, B&CE’s Director of IT shall provide the Trustee with a report each year which includes B&CE’s IT procedures and processes, including matters related to the maintenance of IT equipment and systems development.

Exception - The Director of IT’s report does not include matters related to the maintenance of IT equipment and systems development.

Whilst the Director’s IT report did not address systems development and change management within the body of the report, development and maintenance related matters formed part of the Trustee discussion and has been minuted. However, we acknowledge that the actual documented report excluded this detail, and this will be included in future reports.

This report provides information and assurance on the design, description and operation of the governance control procedures, in relation to the business operations of the Scheme for providing pensions trustee services.

The Trustee has adopted the framework provided by the Audit and Assurance Faculty of the Institute of Chartered Accountants in England and Wales, entitled Assurance Reporting On Master Trusts (Master Trust Supplement to ICAEW AAF 02/07), referred to as ‘The Master Trust Supplement to AAF 02/07’.

This report relates to the period 1 May 2018 to 31 March 2019 and has been prepared in accordance with the Master Trust Supplement to AAF 02/07.


2. Report of the Trustee of The People’s Pension

As the Trustee of The People’s Pension, we are responsible for the identification of control objectives relating to the governance of the master trust and for establishing governance control procedures that provide reasonable assurance that the control objectives are achieved. Those control objectives are derived from standards of governance set out in The Pensions Regulator’s DC code of practice and DC guides.

In carrying out those responsibilities, we have regard not only to the interest of employers (who have entrusted their employees’ DC contributions to the master trust, or are considering doing so) and members of the master trust but also to the needs of the trust business and the general effectiveness and efficiency of the relevant operations.

We have evaluated the effectiveness of The People’s Pension’s governance control procedures having regard to ICAEW’s Technical Release AAF 02/07 including its Master Trusts Supplement and the control objectives set out therein.

We set out in this report a description of the relevant governance control procedures established by the Trustee of The People’s Pension together with the related control objectives which operated during the period 1 May 2018 to 31 March 2019 and confirm that:

• section 5 of the Trustee’s report describes fairly the governance control procedures established by the Trustee that relate to the control objectives referred to above which were in place throughout the period 1 May 2018 to 31 March 2019;

• the governance control procedures described in section 5 of the Trustee’s report were suitably designed throughout the period 1 May 2018 to 31 March 2019 such that there is reasonable assurance that the specified control objectives would be achieved if the described governance control procedures were complied with satisfactorily; and

• the governance control procedures described were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives were achieved throughout the period 1 May 2018 to 31 March 2019.

Signed on behalf of the Trustee:

Steve Delo Chair of The People’s Pension Trustee Limited

4 September 2019


3. Report by reporting accountants


Independent reporting accountant’s assurance report on governance control procedures established by the trustees of Master Trusts To the Trustee of The People’s Pension Use of report Our report, subject to the permitted disclosures set out below, is made solely for the use of the Trustee of The People’s Pension (“the Trustee”) and solely for the purpose of reporting on the governance control procedures established by the Trustee, in accordance with the terms of our engagement letter dated 1 March 2019 attached in the Appendix. Our work has been undertaken so that we might report to the Trustee those matters that we have agreed to state to it in our report and for no other purpose. We permit the disclosure of our report, in full only, to verify to the recipient that a report by reporting accountants has been commissioned by the Trustee and issued in connection with the governance control procedures established by the Trustee without assuming or accepting any responsibility or liability to the recipient on our part. To the fullest extent permitted by law, we do not and will not accept or assume responsibility to anyone other than the Trustee as a body for our work, for our report or the opinions we have formed. Scope We have been engaged to report on the description of governance control procedures established by the Trustee throughout the period from 1 May 2018 to 31 March 2019 and on the suitability of the design and operating effectiveness of those governance control procedures stated in the description. Trustee’s responsibilities The Trustee’s responsibilities and statement are set out in section 2 of the Trustee’s report. The control objectives stated in the description include those control objectives set out in the Master Trusts Supplement to AAF 02/07 that are considered relevant by the Trustee. Our responsibilities Our responsibility is to form an independent opinion, based on the work carried out in relation to the governance control procedures established by the Trustee as described in section 5 of the Trustee’s report and report this to the Trustee. We conducted our engagement in accordance with International Standard on Assurance Engagements (ISAE) 3000 and with ICAEW Technical Release AAF 02/07 including its Master Trusts Supplement. ISAE 3000 and AAF 02/07 require, among other things, that we comply with ethical and other professional requirements. We planned and performed our procedures to obtain reasonable assurance about whether, in all material respects, the description is fairly presented and the governance control procedures were suitably designed and operating effectively. The criteria against which the governance control procedures were evaluated are the control objectives


3. Report by reporting accountants (continued)


developed for Master Trusts as set out within the Master Trusts Supplement to AAF 02/07 and identified by the Trustee as control objectives to be applied for the purpose of governance. Our work involved performing procedures to obtain evidence about the presentation of the Trustee’s description of the governance control procedures and the design and operating effectiveness of those governance control procedures. Our procedures included assessing the risks that the description is not fairly presented, and that the governance control procedures were not suitably designed or operating effectively. Our procedures also included testing the operating effectiveness of those governance control procedures that we considered necessary to obtain reasonable assurance that the control objectives stated in sections 4 and 5 of the Trustee’s report were achieved. An assurance engagement of this type also included evaluating the overall presentation of the description and the suitability of the control objectives stated therein. Our independence and quality control We have complied with the independence and other ethical requirements of the ‘Code of Ethics for Professional Accountants’ issued by the International Ethics Standards Board for Accountants which is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour. The firm applies International Standard on Quality Control 1 and accordingly maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements. Inherent limitations The Trustee’s description of governance control procedures was prepared to meet the common needs of a broad range of users and may not, therefore, include every aspect of the governance control procedures that may be relevant to each participating employer company or member of The People’s Pension. Also, because of their nature, governance control procedures may not prevent or detect and correct all errors or omissions in performing governance or administration activities. Our opinion is based on historical information. The projection of any evaluation of the fairness of the presentation of the description, or opinion about the suitability of the design or operating effectiveness of the control procedures to future periods would be inappropriate.


3. Report by reporting accountants (continued)


Opinion In our opinion, in all material respects:

(i) section 5 of the Trustee’s report fairly presents the governance control procedures established by the Trustee that relate to the control objectives referred to above which were in place throughout the period from 1 May 2018 to 31 March 2019;

(ii) the governance control procedures established by the Trustee described in section 5 of the Trustee’s report were suitably designed to provide reasonable, but not absolute, assurance that the specified control objectives would have been achieved if the described governance control procedures operated effectively throughout the period from 1 May 2018 to 31 March 2019; and

(iii) the governance control procedures established by the Trustee that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved the throughout the period from 1 May 2018 to 31 March 2019.

Crowe U.K. LLP Chartered accountants London Date:


4. Summary of control objectives

Value for members

Assessing value for members

1. A value for money assessment is undertaken annually and the process followed is documented and approved. The assessment should include value to members derived from scheme management and governance, administration, investment governance and communications.

Management of costs and charges

2. Disclosure of information to members of costs and charges (rates (%) and/or amounts (£)) are complete and accurate.

Investment governance

Protection of assets

3. Scheme and member assets or entitlements are safeguarded from loss, misappropriation and unauthorised use. Financial protection and compensation available to members in the event of default is assessed and documented.

4. The design and on-going suitability of the default arrangement and range and risk profile of other investment options are regularly reviewed and monitored. This review is documented, and the investment aims and objectives for the arrangement and investment policies for all investment options are included in an approved Statement of Investment Principles.

5. The performance of each investment option including the default arrangement(s) in which member funds are invested are regularly reviewed and monitored against objectives in the Statement of Investment Principles. This review is documented and approved.

The Trustee board

6. Fitness and propriety requirements for trustees are recorded and managed in accordance with a policy which is regularly reviewed and approved. The fitness and propriety of trustees is reviewed prior to appointment and annually thereafter. This review is documented and approved.

Scheme management skills

7. Conflicts of interest are subject to ongoing monitoring and are identified, recorded and managed in accordance with a defined policy which is regularly reviewed and approved.

8. Trustee levels of knowledge and understanding are managed and maintained in accordance with an approved training and development plan. This plan is regularly reviewed and updated.

9. A business/resource plan is maintained, that sets out when scheme related activities are due to take place or be completed, and regularly reviewed to ensure that resources are available and allocated.

10. Roles, responsibilities and duties of all trustees, advisers and service providers are documented and the performance and quality of their service is subject to regular documented reviews. The suitability of advisers and service providers is reviewed against criteria before appointment and this review is documented.

11. Discontinuance plans, which address how member assets or entitlements are safeguarded in the event of the Master Trust or any key service provider failing, defaulting or transferring ownership, are documented, approved and maintained.

12. A risk management framework is established to identify, evaluate and treat scheme risks. Risks are recorded in a risk register which is reviewed at least annually.


4. Summary of control objectives (continued)

Administration

Core financial transactions

13. Core financial transactions are processed promptly and accurately.

14. Contributions are invested and allocated in accordance with member instructions or the requirements of the default arrangement.

15. Transaction errors are identified and rectified.

16. Cash is safeguarded, and all payments are suitably authorised and controlled.

17. Late and inaccurate contributions are pursued and resolved.

Business and disaster recovery

18. Data and systems are backed up regularly, retained offsite and regularly tested for recoverability. Business and information systems recovery plans are documented, approved, tested and maintained.

19. The capacity of an administration system to take on new business is assessed, approved and regularly monitored.

20. New business take-ons are properly established in accordance with Master Trust’s rules and contractual arrangements.

Data quality and security

21. Member data is complete and accurate and is subject to regular data evaluation.

22. Monitoring of operations implemented to support the security of data transmissions and measures implemented to mitigate the threat of malicious electronic attack are regularly reviewed and documented.

23. Physical and logical access to computer systems, and member and Master Trust records and data, is restricted to authorised persons.

24. IT equipment is maintained in a controlled environment and the maintenance and development of systems, applications and software is authorised, tested approved and implemented.

Communication and reporting

25. Retirements are managed in accordance with a documented process which is regularly reviewed and approved.

26. Member communications are accurate, clear and understandable and are produced in accordance with a communications plan. The plan is regularly reviewed and monitored.

27. Member communications contain information to support the decisions members need to make at retirement.


5. Control objectives and procedures

This Master Trust Supplement to AAF 02/07 focusses on the Trustee’s governance of how B&CE conducts its business and controls and manages its risks. References to the Trustee includes the Trustee Board and Trustee Board Sub Committees.

The People’s Pension Master controls matrix

Control objectives Background information Control procedures Crowe testing performed

Control Objective 1

A value for money assessment is undertaken annually and the process followed is documented and approved. The assessment should include value to members derived from scheme management and governance, administration, investment governance and communications.

Value for members is one of the key attributes of The People’s Pension, which has a simple and transparent 0.5% annual management charge (AMC).

The Trustee and B&CE recognised that in the Scheme’s early years, the Scheme’s costs would outweigh income generated from the AMC. The Scheme Administration Reports provided to the Trustee at Trustee meetings show the ‘Balancing Amount’ paid by B&CE to offset this deficit.

B&CE periodically reviews The People’s Pension against the Government established NEST (National Employment Savings Trust) master trust and other major master trusts in the market place. This analysis includes a yearly Value for Member assessment.

B&CE and the Trustee produce and approve a Value for Members report for each scheme year.

The Trustee reviews each Value for Members report in accordance with the Trustee Governance Schedule. The review is recorded in the Trustee meeting agenda and minutes.

We obtained and inspected a copy of the Value for Members report.

No exceptions were noted.

We obtained and inspected the Trustee Governance Schedule to confirm that a review of the Value for Members report is scheduled.


We obtained and inspected the Trustee meeting agenda and minutes which included the Trustee’s review of the Value for Members report.


Control Objective 2

Disclosure of information to members of costs and charges (rates (%) and/or amounts (£)) are complete and accurate.

Upon joining the Scheme, new members are provided with a member booklet confirming there is just one simple AMC of 0.5% of the value of their fund, which is automatically reflected in the value of their fund. The member booklet states that this equates to just 50 pence a year for every £100 of the value of the member’s fund.

Scheme members can also find confirmation of the Scheme’s simple 0.5% AMC on The People’s Pension website at www.thepeoplespension.co.uk/employees.

The Scheme members’ annual benefit statement also states that there is an AMC of 0.5% and that this is reflected in the price of the units.

The member booklet and member’s annual benefit statements contain complete and accurate information to members about the Scheme’s costs and charges.

The Trustee reviews the annual benefit statements each year in accordance with the Trustee Governance Schedule. The review is recorded in the Trustee meeting agenda and minutes.

We obtained and inspected a copy of the member booklet and observed a sample of annual benefit statements to confirm that information in relation to costs and charges is included.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of the annual benefit statements is scheduled.


We obtained and inspected the Trustee meeting agenda and minutes which included the Trustee’s review of the annual benefit statements.



5. Control objectives and procedures (continued)


Control Objective 3

Scheme and member assets or entitlements are safeguarded from loss, misappropriation and unauthorised use. Financial protection and compensation available to members in the event of default is assessed and documented.

The Trustee has a written Statement of Investment Principles (SIP) setting out the principles governing how decisions about investments must be made.

All Scheme assets, except those invested in the Scheme’s Shariah Fund, are managed by State Street Global Advisors Limited (‘SSGA’). Assets are invested in mainstream pooled investment funds accessed via a contract of long-term insurance with Managed Pension Funds Limited (‘MPF’). MPF is SSGA’s flagship UK-domiciled pooled fund vehicle for pension fund investors.

Where members elected to invest in the Scheme’s Shariah Fund, the assets are held by HSBC Investment Funds (Luxembourg) S.A. via an investment-only platform with SSGA. These assets are also accessed via a contract of long-term assurance with MPF.

Both investment managers are regulated by the Financial Conduct Authority and are signatories to the United Nations Principles on Responsible Investment (UNPRI), which can be found on: www.unpri.org.

The People’s Pension has a daily valuation cycle with automated electronic transaction instructions sent between B&CE’s in-house system and the investment managers via SWIFT. B&CE’s finance team check the instructions before sending these to the investment managers. Automated validation checks are performed on the valuation details received from the investment managers. The valuation process ends with automated validation checks confirming at a member level that the member funds and unit movements agree with the overall valuation totals.

The Trustee reviews the SIP at least every three years, and without delay after any significant change in investment policy. This is in accordance with the Trustee Governance Schedule. The review is recorded in the Trustee meeting agenda and minutes.

The Trustee reviews the investment manager’s or investment adviser’s quarterly investment reports. The Trustee reviewed any stock lending and collateralisation during the period at Trustee Investment Committee meetings. The review is recorded in the Trustee meeting agendas and minutes.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the effectiveness of B&CE’s valuation and unit reconciliation process.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Internal Audit reports. These reviews are recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee reviews the member protection statement which addresses compensation arrangements in the event of a default. The review is recorded in the Trustee meeting agendas and minutes

We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes and SIP to confirm that the Trustee has reviewed the SIP at least every three years and without delay after any significant change in investment policy.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the investment manager’s or investment adviser’s quarterly investment reports, including details of stock lending and collateralisation.


We obtained and inspected B&CE’s internal audit function’s reports provided to the Trustee.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of B&CE’s internal audit function’s reports is scheduled.


We obtained and inspected the Trustee meeting agenda and minutes which included the Trustee’s review of B&CE’s internal audit function reports on the work conducted in relation to the effectiveness of B&CE’s valuation and unit reconciliation process.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of the member protection statement is scheduled.




Control Objective 3

(continued) The Trustee and B&CE have consulted with the Financial Services Compensation Scheme to assess the financial protection open to members. The Scheme does not offer unregulated investments to members, and there are appropriate compensation arrangements in place in respect of the regulated investments offered to members.

Upon joining the Scheme, new members are provided with a member booklet. This directs new members to The People’s Pension website at www.thepeoplespension.co.uk/memberprotection for further details about the financial protection available to members.

A member protection statement is available to Scheme members upon request and is also available on The People’s Pension website (see above).




Control Objective 4

The design and on-going suitability of the default arrangement and range and risk profile of other investment options are regularly reviewed and monitored. This review is documented and the investment aims and objectives for the arrangement and investment policies for all investment options are included in an approved Statement of Investment Principles.

The Trustee, in conjunction with an authorised, regulated investment adviser, regularly reviews the suitability of the funds and the SIP.

The Trustee has taken professional advice from the current investment adviser on the default arrangement, and on the range and risk profile of other investment options available to members. The investment adviser also provides advice to the Trustee on an ad-hoc basis, as and when requested.

The Trustee has established a sub-committee, the Trustee Investment Committee, which has responsibility for the monitoring of:

• member behaviours, identifying trends and recommending future strategy;

• developments within the market; and

• setting asset allocation.

The Trustee decided that the Trustee Investment Committee would be chaired by Mr Alan Pickering, and would comprise of the Trustee directors.

In accordance with the Trustee Governance Schedule, the Trustee formally reviews the suitability of the default arrangement and the range and risk profile of other investment options offered by the Scheme. The review is recorded in the Trustee meeting agendas and minutes.

The Trustee includes the investment aims and objectives, and policies for investment options in the SIP.

We obtained and inspected the Trustee Governance Schedule to confirm that a review of the suitability of the default arrangement and the range and risk profile of other investment options offered by the Scheme is scheduled.


We obtained and inspected the Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the suitability of the default arrangement and the range and risk profile of other investment options offered by the Scheme.


We obtained the SIP to confirm that the investment aims and objectives and policies for investment options had been included.





Control Objective 5

The performance of each investment option including the default arrangement(s) in which member funds are invested are regularly reviewed and monitored against objectives in the Statement of Investment Principles. This review is documented and approved.

The Trustee has taken professional advice on the range of investment options available to Scheme members. The Trustee usually asks the investment adviser to attend the quarterly Trustee meetings, and the investment adviser regularly attends these meetings.

The Scheme offers passive tracking funds. The Trustee monitors whether the fund performance is within expected tolerances for the asset class in question on a quarterly basis. Any greater variance would be queried with the Investment Manager.

The Trustee monitors the performance of each investment option including the default arrangement(s), through the investment manager’s investment report for the quarter, or through investment adviser’s reports presented to the Trustee at Trustee meetings. The quarterly investment manager’s investment report, or B&CE’s Investment Overview reports, or Scheme Administration reports, contain information about the performance of the funds compared with the total return of the relevant benchmark index.

In accordance with the Trustee Governance Schedule, the Trustee reviews the performance of each investment option including the default arrangement(s) at quarterly Trustee meetings. These reviews are documented in the Trustee meeting agendas and minutes.

We obtained and inspected the Trustee Governance Schedule to confirm that a review of the performance of each investment option including the default arrangement(s) is scheduled.


We obtained and inspected the Trustee meeting agendas and minutes and confirmed that the Trustee monitors the performance of each investment option including the default arrangement(s).





Control Objective 6

Fitness and propriety requirements for trustees are recorded and managed in accordance with a policy which is regularly reviewed and approved. The fitness and propriety of trustees is reviewed prior to appointment and annually thereafter. This review is documented and approved.

The People’s Pension Trustee Limited acts as corporate trustee of the Scheme. The Directors of the Trustee who served during the reporting period are listed below:-

Steve Delo, Chairman of the Trustee

Chris Fagan, Trustee Director (appointed 1 July 2018)

Sue Lewis, Trustee Director

David Maddison, Trustee Director (appointed 31 May 2018)

Alan Pickering CBE, Trustee Director

Ruston Smith, Trustee Director (resigned 31 May 2018)

The Trustee has a written Fitness and Propriety policy. Prior to their appointment, new Trustees are required to complete a declaration confirming their fitness and propriety. In addition, each year all Trustee directors complete the declaration in accordance with the Trustee’s Fitness and Propriety policy.

The documented procedure for a new Trustee director includes roles and responsibilities for Trustee recruitment and selection criteria.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Fitness and Propriety Policy. This review is recorded in the Trustee meeting agendas and minutes.

In their letters of appointment, the duties of the Trustee directors include ‘using the skill and care expected of a competent independent trustee of a pension scheme of the size and nature of the Scheme’. The Articles of Association of the Trustee sets out circumstances in which a Director is required to vacate their office.

In accordance with the Trustee Governance Schedule, each year each director of the Trustee makes a declaration to B&CE and other Trustee directors, confirming their fitness and propriety. This is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, a review of the fitness and propriety (competency) of each Trustee Director is carried out by the Trustee. This review is recorded in the Trustee meeting agendas and minutes.

Prior to their appointment, new Trustees are required to complete a declaration confirming their fitness and propriety.

We obtained and inspected a copy of the Fitness and Propriety Policy.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of the Fitness and Propriety Policy is scheduled.


We obtained and inspected the Trustee meeting agenda and minutes which included the Trustee’s review of the Fitness and Propriety Policy.

Exception noted.

The review of the Fitness and Propriety Policy was not considered by the Trustee at a scheduled Trustee meeting and was therefore not included on a Trustee meeting agenda, in accordance with the Governance Schedule, or within meeting minutes.

Management response.

Whilst the Fitness and Propriety Policy was not reviewed at a scheduled Trustee meeting, it was circulated for review and Trustee approval in January 2019, outside of a formal Trustee meeting.

We obtained and inspected newly appointed Trustee Directors’ letters of appointment to confirm that their duties include ‘using the skill and care expected of a competent independent trustee of a pension scheme of the size and nature of the Scheme’.





Control Objective 6

(continued) We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that each year each director of the Trustee makes a declaration to B&CE and other Trustee directors, confirming their fitness and propriety.


We obtained and inspected the Trustee Governance Schedule and minutes and confirmed that a review of the fitness and propriety (competency) of each Trustee Director was carried out by the Trustee.


Through enquiry we confirmed that prior to their appointment, new Trustees will be required to complete a declaration confirming their fitness and propriety.





Control Objective 7

Conflicts of interest are subject to ongoing monitoring and are identified, recorded and managed in accordance with a defined policy which is regularly reviewed and approved.

The Trustee has a written Conflicts of Interest policy. This sets out the Trustee’s process for determining when a potential conflict situation might arise, how the Trustee would evaluate this and how the Trustee will deal with it once it has been identified. The Trustee also maintains a Conflicts of Interest register recording any actual conflicts of interest as well as any potential and perceived conflicts of interest.

In their letters of appointment, the Trustee directors declared they were not aware of any conflict of interest or potential conflict of interest arising from their appointment. The Trustee directors also agreed to notify B&CE and other Trustee directors if they became aware of any such conflict during their appointment.

In their letters of engagement, service providers are asked to inform the Trustee of any conflict of interest that may arise as soon as reasonably possible.

The Trustee has a policy for working practices between the Trustee, Scheme Strategist and the Scheme Funder. This includes Scheme Funder and/or Scheme Strategist conflicts of interest.

At each quarterly Trustee meeting the Trustee is asked whether there are any conflicts of interest to be considered. This is documented in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Conflicts of Interest policy and Conflicts of Interest register. This review is recorded in the Trustee meeting agendas and minutes.

The Trustee has approved a policy for the Disclosure, Engagement and Escalation between the Trustee, the Scheme Strategist and Scheme Funder in February 2019 and this is recorded in the Trustee meeting minutes.

We obtained and inspected a copy of the Conflicts of Interest Policy.


We obtained and inspected the quarterly Trustee meeting agendas and minutes.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed their Conflicts of Interest policy and Conflicts of Interest log.


We obtained and inspected a copy of the policy for the Disclosure, Engagement and Escalation between the Trustee, the Scheme Strategist and Scheme Funder in February, and meeting minutes to confirm that this policy has been approved.





Control Objective 8

Trustee levels of knowledge and understanding are managed and maintained in accordance with an approved training and development plan. This plan is regularly reviewed and updated.

The Trustee maintains a Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills, which includes action plans for Trustee training requirements. A Trustee training schedule is also maintained which sets out training delivered and training to be delivered to the Trustee Board.

The training undertaken by each director of the Trustee Board is recorded in their individual training logs.

As documented in Trustee meeting agendas and minutes, B&CE provides the Trustee with briefings on matters relevant to the Scheme such as legislative changes and changes to Scheme documentation.

The Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills includes a succession plan for maintaining skills on the Trustee Board.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills, which includes action plans for Trustee training requirements. This review is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Trustee training schedule. This review is recorded in the Trustee meeting agendas and minutes.

During the year the Trustee Board directors consider whether there are any other matters that they would like training on. This is documented in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the skills and knowledge of the Trustee Board directors is included in a review carried out by the Chairman of the Trustee. The review is recorded in the Trustee meeting agendas and minutes.

We obtained and inspected a copy of the Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills, which includes action plans for Trustee training requirements.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of the Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills, is scheduled,


We obtained and inspected the Trustee meeting agenda and minutes which included the Trustee’s review of the Trustee policy on obtaining and improving Trustee Knowledge, Understanding and Skills.


We obtained and inspected the Trustee meeting agendas and minutes and confirmed that the Trustee training schedule was reviewed.


We obtained and inspected the Trustee meeting agendas and minutes and confirmed that the Trustee directors consider whether there are any other matters that they would like training on.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the skills and knowledge of the Trustee directors was reviewed.





Control Objective 9

A business/resource plan is maintained, that sets out when scheme related activities are due to take place or be completed, and regularly reviewed to ensure that resources are available and allocated.

The Trustee meets with B&CE each quarter to discuss key issues affecting the Scheme.

The Trustee has prepared a Trustee Governance Schedule outlining the objectives and aims of the Trustee together with the Trustee’s plans for the effective governance of the Scheme throughout the year. In addition, the Trustee has produced a Summary Governance Schedule outlining the activities to be undertaken at Trustee meetings during the year.

As documented in Trustee meeting agendas and minutes, the Trustee regularly discusses its vision and Governance Schedule.

The Trustee Governance Schedule, approved by the Trustee, sets dates for future Trustee meetings including indicative agenda items and standing agenda items.

The Trustee Governance Schedule specifies under what circumstances meeting dates can be changed and the process for scheduling special meetings.

In accordance with the Trustee Governance Schedule, the Trustee reviews and approves the Trustee Governance Schedule and Summary Governance Schedule. This is recorded in the Trustee meeting agendas and minutes.

The number of Trustees required to be present for a meeting to be quorate is specified in the Memorandum and Articles of Association reviewed by the Trustee.

We obtained and inspected the Trustee Governance Schedule, Summary Governance Schedule, Trustee meeting agendas and minutes and confirmed that the Trustee Governance Schedule and Summary Governance Schedule were reviewed and approved.


We obtained and inspected the Memorandum and Articles of Association to confirm that it specifies the number of Trustees required to be present for a meeting to be quorate.






Roles, responsibilities and duties of all trustees, advisers and service providers are documented and the performance and quality of their service is subject to regular documented reviews. The suitability of advisers and service providers is reviewed against criteria before appointment and this review is documented.

The People’s Pension Trust Deed and Scheme Rules are the governing documents by which the Scheme is currently administered and managed.

The Trustee and Founder have jointly reviewed the Scheme Rules and have agreed a Balance of Powers document setting out how the various powers, duties and discretions within the Scheme Rules are to be exercised, which party exercises the powers, and what constraints there are.

The Trustee reviews the performance of the service providers and the Chairman of the Trustee reviews the effectiveness of the Trustee Board.

There is a Trustee policy in place for the appointment of Trustee directors in an open and transparent manner. This policy includes the roles and responsibilities for Trustee recruitment and selection criteria. This policy was agreed with the Trustee and is subject to ongoing review.

The duties, delegated responsibilities and accountabilities of the directors of the Trustee Board, advisers and service providers are acknowledged in the contracts and terms of engagement that the Trustee has entered into with each Trustee, adviser and service provider.

The Trustee has agreed a policy and, in accordance with the Trustee Governance Schedule, a schedule for their monitoring and reviewing of the Trustee’s service providers and advisers, together with a review schedule which is documented in the Trustee Governance Schedule.

The Trustee reviews B&CE’s quarterly Scheme Administration reports which include B&CE’s performance against the service levels agreed with the Trustee. The review is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, a review of the effectiveness of the Trustee Board is carried out by the Chairman of the Trustee. This review is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee reviews and approves the Appointment and Office of Trustee Directors policy. This is recorded in the Trustee meeting agendas and minutes.

The Trustee has approved the policy for the Appointment, Resignation and Removal of Trustee Directors in February 2019.

The performance of advisers and service providers will be reviewed, in accordance with the Trustee Governance Schedule, against documented performance criteria.

Prior to appointment and thereafter the fitness and propriety of advisers and service providers will be formally assessed by the Trustee against documented fitness and propriety criteria.

The Trustee formally reviews and approves all contractual agreements with advisers and service providers.

We obtained and inspected a sample of contracts and terms of engagement with the directors of the Trustee Board, advisers and service providers.


We obtained and inspected a copy of the Trustee’s policy and schedule for their monitoring and reviewing of the Scheme’s service providers and advisers.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes and confirmed that the Trustee had agreed a policy and schedule for their monitoring and reviewing of the Trustee’s service providers and advisers.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed B&CE’s quarterly Scheme Administration reports, which include B&CE’s performance against the service levels agreed with the Trustee.


We obtained and inspected the Trustee Governance Schedule to confirm that a review of the effectiveness of the Trustee Board by the Chairman of the Trustee is scheduled.

Note – as stated in the Governance Schedule, this review has been postponed to mid 2019.


We obtained and inspected the Trustee meeting agendas and minutes and confirmed that the effectiveness of the Trustee Board was reviewed by the Chairman of the Trustee.

Note – as stated in the Governance Schedule, this review has been postponed to mid 2019.






(continued) We obtained and inspected a copy of the policy for the Appointment, Resignation and Removal of Trustee Directors.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes and confirmed that the Trustee had agreed a policy for the Appointment and Office of Trustee Directors.


Through enquiry we confirmed that the performance of advisers and service providers will be reviewed against documented performance criteria.


Through enquiry we confirmed that prior to appointment and thereafter the fitness and propriety of advisers and service providers will be formally assessed by the Trustee against documented fitness and propriety criteria.


Through enquiry and observation we confirmed that the Trustee formally reviews and approves all contractual agreements with advisers and service providers.






Discontinuance plans, which address how member assets or entitlements are safeguarded in the event of the Master Trust or any key service provider failing, defaulting or transferring ownership, are documented, approved and maintained.

The Trustee had prepared a Scheme Discontinuance Plan considering the events that could trigger the discontinuance of the Scheme and how the Trustee may fulfil their overarching duty to act in the best interest of the beneficiaries of the Scheme.

As part of the Master Trust Authorisation process, the requirements in relation to the Discontinuance Plan are now addressed in the Continuity Strategy agreed by the Trustee in February 2019.

The People’s Pension’s Trust Deed and Scheme Rules are the governing documents by which the Scheme is currently administered and managed.

The Rules include provisions for the eventuality of the termination and winding up of the Scheme as well as the possibility of the merger with another scheme.

In accordance with the Trustee Governance Schedule, the Trustee reviews the Scheme’s Continuity Strategy. This review will be recorded in the Trustee meeting agendas and minutes

We obtained and inspected a copy of the Continuity Strategy.


We obtained and inspected the Trustee Governance Schedule which included the Trustee’s review of the Continuity Strategy.


Through enquiry we confirmed that the review of the Continuity Strategy will be recorded in meeting agendas and minutes.






A risk management framework is established to identify, evaluate and treat scheme risks. Risks are recorded in a risk register which is reviewed at least annually.

The Trustee has implemented an effective risk management process which forms a key part of the Trustee’s internal control and governance framework.

The Trustee identifies the risks applying to the Scheme, assesses these by considering the impacts and likelihood of their occurrence, and manages the risks by identifying suitable controls and countermeasures to mitigate the risks.

The Trustee records this information on a Risk Register, which is held on an electronic risk management software system. This allocates two scores to each risk, which are:

• an untreated score with no controls in place; and

• a current risk score assuming all countermeasures to mitigate the risks have been implemented.

To support the Trustee Board, the Trustee delegated powers to the Risk, Administration and Communications Committee comprising of at least two Trustee directors. The committee has the power to investigate matters falling within its Terms of Reference and reports to the Trustee on matters within its remit.

B&CE regularly provide the Trustee with updates on Risk and Regulatory Compliance matters at Trustee meetings. This is documented in the Trustee meeting agendas and minutes.

All risks identified, including any risks associated with the delivery of the business plan, are recorded in the risk register.

The Risk Register includes internal controls and a controls note for each risk identified.

The Trustee maintains a Risk Register.

The Risk Register includes internal controls and a controls note for each risk identified.

In accordance with the Trustee Governance Schedule, the Trustee reviews a segment of the Risk Register at quarterly Trustee meetings and this is documented in the Trustee meeting agendas and minutes.

B&CE provide RACC/Trustee with a report on risk and regulatory compliance matters. This is reviewed by RACC and documented in the meeting minutes.

We obtained and inspected the Trustee Risk Register and confirmed that it includes internal controls and a controls note for each risk identified.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee reviews a segment of the Risk Register at quarterly Trustee meetings.


We obtained and inspected the Trustee Governance Schedule to confirm that reviews by RACC of risk and regulatory compliance has been scheduled.


We obtained and inspected the RACC meeting minutes to confirm that the reports on risk and regulatory compliance provided by B&CE have been reviewed.






Core financial transactions are processed promptly and accurately.

B&CE has systems and procedures in place for processing core scheme transactions which provide assurances that related income and expenditure are completely and accurately processed in a timely manner, and recorded in the proper period.

To support authorisation of the Master Trust proposition the Trustee commissioned an independent assessment of systems and processes relevant to The Pensions Regulator’s Systems and Processes requirements as set out in legislation. This report was obtained from an independent firm of accountants and the report was presented to the Trustee Board. This report included controls specifically relevant to the reconciliation of contributions from the point at which they are received through to investment and unitisation.

In accordance with the Trustee Governance Schedule, the Trustee monitors B&CE’s administration of core financial transactions. This is reviewed at quarterly Trustee meetings and documented in the Trustee meeting agendas and minutes.

The Trustee reviews the performance of the processing of core financial transactions through the Scheme Administration Reports provided to the Trustee at Trustee meetings. These reports show B&CE’s performance against the service levels agreed with the Trustee.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the completeness, accuracy and timeliness of processing of core scheme financial transactions by B&CE.


The Trustee obtained and reviewed an independent report addressing the functionality and frequency of financial reconciliations.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, including the Trustee’s review of B&CE’s administration of core scheme transactions and performance against service levels through the Scheme Administration Reports.


We obtained and inspected B&CE’s internal audit function’s report to confirm that it includes work relating to the completeness, accuracy and timeliness of processing of core scheme financial transactions.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to the completeness, accuracy and timeliness of processing of core financial transactions by B&CE.


We obtained and inspected the independent report to confirm that it includes the functionality and frequency of financial reconciliations.






Contributions are invested and allocated in accordance with member instructions or the requirements of the default arrangement.

B&CE has processes and procedures in place for carrying out investments in accordance with each member’s instructions.

The Trustee reviews this through Internal Audit and Scheme Administration reports provided to the Trustee at Trustee meetings.

These reports show B&CE’s performance against service levels agreed with the Trustee. These reports also include a reconciliation of contributions received against the contributions invested together with a summary of investments within each fund.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the assessment of B&CE’s procedures relating to the investment of contributions in accordance with member instructions or the default policy.


In accordance with the Trustee Governance Schedule, the Trustee reviews the scheme administration reports which include investments and contributions. These reviews are recorded in the Trustee meeting agendas and minutes.

We obtained and inspected B&CE’s internal audit function’s report to confirm that it includes work relating to the assessment of B&CE’s procedures relating to the investment of contributions in accordance with member instructions or the default.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes, to confirm that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to the assessment of B&CE’s investment of contributions in accordance with member instructions or the default policy.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas, minutes and Scheme Administration reports to confirm that the Trustee review investments and contributions.






Transaction errors are identified and rectified.

The Trustee monitors B&CE’s administration performance. This is reviewed at quarterly Trustee meetings and is documented in the Trustee meeting agendas and minutes.

In the event of any transaction errors occurring, B&CE will provide the Trustee with details of the error, what actions have been taken to prevent a reoccurrence, whether the member has suffered a loss and what actions have been taken to remedy the situation.

In accordance with the Trustee Governance Schedule, the Trustee reviews B&CE’s performance through the Scheme Administration reports provided to the Trustee at Trustee meetings, which include B&CE’s resolution of transaction errors.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to B&CE’s administration performance and resolution of transaction errors.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas, minutes and Scheme Administration reports to confirm that the Trustee has reviewed B&CE’s resolution of transaction errors.


We obtained and inspected B&CE’s internal audit function’s report to confirm that it includes resolution of transaction errors.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to B&CE’s resolution of transaction errors.



Cash is safeguarded and all payments are suitably authorised and controlled.

B&CE’s Finance Team has a documented set of procedures and controls for the authorisation of payments.

User functionality within this system is restricted using appropriate permissions enabling a clear segregation of duties.

Once a payment has been authorised a second set of authorisation processes begins within the Finance Team which involves dual authorisation, including Senior Management authorisation.

The Trustee has a mandate with the HSBC Bank PLC setting out a list of authorised signatories and the authorisation levels for accepting payment instructions.

The Investment Manager will only ever accept instructions to change the details of the authorised Trustee bank account if the instructions are signed by two authorised signatories made up of the Trustee directors and B&CE directors.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the assessment of B&CE’s payment processes and procedures.


We obtained and inspected B&CE’s internal audit function’s report to confirm that it includes an assessment of B&CE’s payment processes and procedures.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to B&CE’s payment process and procedures.






Late and inaccurate contributions are pursued and resolved.

B&CE has procedures in place for the monitoring and resolution of late and inaccurate contributions. This includes validation checks on the payroll data submitted by employers designed to help reduce inaccurate contributions.

The Trustee has reviewed B&CE’s procedures for monitoring the payment of contributions in accordance with The Pensions Regulator’s Code of Practice No.5 - Reporting late payment of contributions to occupational pension schemes.

The Trustee undertook an exercise to identify scenarios which could result in a higher risk of material payment failure and reviews this each year. The Trustee then approves B&CE’s testing of a sample of payroll data from each risk scenario identified, which is then carried out throughout the year.

The Trustee reviews B&CE’s sample testing at quarterly Trustee meetings, and this is documented in the Trustee meeting agendas and minutes.

B&CE’s Internal Audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period. This includes work relating to the assessment of B&CE’s chasing and resolution of late and inaccurate contributions.

The B&CE procedure for the monitoring and resolution of late and inaccurate contributions includes procedures for insolvent employers and redundancy payment service.

B&CE maintains a log of late contributions which includes action undertaken to collect payment.

In accordance with the Trustee Governance Schedule, the Trustee reviews late and inaccurate contributions and B&CE’s sample testing, at quarterly Trustee meetings. These reviews are documented in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee monitors the timeliness of contributions and B&CE’s sample testing through the quarterly Scheme Administration Reports provided to the Trustee at Trustee Board meetings. These reports show details of any late payments, any employers reported to The Pensions Regulator for material breaches and the results of B&CE’s sample testing.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the assessment of B&CE’s chasing and resolution of late and inaccurate contributions.


In accordance with the Trustee Governance Schedule, the Trustee monitors breaches of pensions legislation, identified by B&CE, through the quarterly Scheme Administration Reports provided to the Trustee at Trustee Board meetings.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, including the Trustee’s review of B&CE’s monitoring of late and inaccurate contributions and B&CE’s sample testing, through the Scheme Administration Reports.


We obtained and inspected B&CE’s internal audit function’s reports to confirm that it includes late and inaccurate contribution resolution.


We obtained and inspected the Trustee Governance Schedule, Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to the assessment of B&CE’s chasing and resolution of late and inaccurate contributions.


We obtained and inspected the quarterly Scheme Administration Reports provided to the Trustee at Trustee Board meetings to confirm it includes breaches of pensions legislation identified by B&CE.






Data and systems are backed up regularly, retained offsite and regularly tested for recoverability. Business and information systems recovery plans are documented, approved, tested and maintained.

The People’s Pension Scheme member and employer customer records are held on B&CE’s in-house IT systems. These records are also replicated at its Disaster Recovery (DR) site, and additional data backups are also remotely stored in fireproof safes at a secondary site. The DR site is operated by a specialist provider in Data & Recovery Centres who adhere to multiple ISO standards including ISO27001.

B&CE replicates its transactional SQL Server data via its dedicated secure internet link to the Disaster Recovery site during site operational hours. This replication ensures that B&CE’s disaster recovery database is in step with that of the primary database at its in-house location. The same approach is taken for B&CE’s corporate files and folders using a Distributed File System (DFS) for replication across all sites.

All core application systems & associated data within B&CE’s data centres is saved to servers with RAID disk systems (a combination of RAID 5 & 10). These servers continually copy data from one disk to another (between 5 and 10 disks) so that they mirror each other and there is no disruption should one of the servers fail. RAID will automatically manage any failures in the event of hardware failure, thus providing resilient data storage.

Additional data backups are taken during each business day and at the end of each business day. These backups are in the form of encrypted tapes and also store copies of B&CE’s core application systems and associated customer data. They are transported off-site, on a daily basis and stored in a fire-proof safe.

In accordance with the Trustee Governance Schedule, B&CE provides the Trustee with a report following each Business Recovery exercise.

In accordance with the Trustee Governance Schedule, the Trustee reviews these reports. These reviews are recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, B&CE’s Director of IT provides the Trustee with an IT report each year which includes the robustness of B&CE’s data backup and recoverability procedures.

The Trustee reviews this IT report, and the review is recorded in the Trustee meeting agendas and minutes.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This included work relating to the effectiveness of the Business Recovery exercise on 14th April 2018.


We obtained and inspected transaction logs of the CRM and B&CE database to confirm that replication is occurring according to the designated schedule. We confirmed the monitoring process of this replication.


We inspected the additional VEEAM backup processes to confirm that backups are occurring according to the defined schedule. We obtained and inspected the readability testing performed over these backups.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, to confirm that the Trustee has reviewed the internal audit function’s report following each Business Recovery exercise and B&CE’s Director of IT’s report.


We obtained and inspected evidence of the latest disaster recovery test, which was confirmed to have been performed on 2nd February 2019. It was confirmed that the results of this test had not yet been presented to the Trustee.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed B&CE’s Director of IT’s report on the robustness of B&CE’s data backup and recoverability procedures.






(continued) B&CE’s IT Department regularly test the core application systems and associated databases for business recoverability and follow documented procedures and checks.

Each of B&CE’s business areas has their own individual Business Continuity Plan, detailing the steps each area will take following an incident, to return to ‘business as usual’ in the quickest possible time. These plans are reviewed every six months and are stored on an electronic information software system. B&CE has a Corporate Business Continuity Plan, which outlines how it will respond at a strategic level to a major incident, such as a premises closure. This includes the structure and responsibilities of B&CE’s Crisis Management Team.

B&CE regularly tests its business continuity and disaster recovery capability by operating the application systems from its Disaster Recovery site. The Business Recovery exercises are set up and co-ordinated by the Business Continuity function, which sits in the second line of defence governance model. The test is performed by the B&CE IT department in conjunction with business owners.

A Business Recovery exercise was successfully carried out on 14th April 2018 and B&CE’s internal audit function observed the exercise.

B&CE’s Internal Audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period.

B&CE’s last Business Recovery exercise was successfully carried out on 2 February 2019. The Business Continuity function observed this exercise, undertook the post exercise review and will report to the Trustee on the outcome of the exercise.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the internal audit function’s report on the work conducted in relation to a Business Continuity assurance report to the Trustee after Business Recovery exercises.






The capacity of an administration system to take on new business is assessed, approved and regularly monitored.

B&CE regularly reviews the capacity of its administration systems and resources. B&CE’s Director of Finance produces a quarterly forecast of Scheme membership and also uses Capacity and Forecasting Tools for resource planning.

In accordance with the Trustee Governance Schedule, the Trustee reviews B&CE’s capacity at quarterly Trustee meetings. These reviews are documented in the Trustee meeting agendas and minutes.

The Trustee monitors B&CE’s capacity through the Scheme Administration Reports provided to the Trustee at Trustee meetings. These reports include active and deferred Scheme membership figures.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas, minutes and Scheme Administration Reports and confirmed that the Trustee had reviewed B&CE’s capacity.



New business take-ons are properly established in accordance with Master Trust’s rules and contractual arrangements.

The People’s Pension is a multi-employer workplace pension scheme specifically tailored to deal with automatic enrolment, and is available to all employers from any sector. The Scheme was established by the Founder, through a Trust Deed dated 28 June 2012.

The People’s Pension Trust Deed and Scheme Rules are the governing documents by which the Scheme is currently administered and managed. Employers wishing to participate in the Scheme are admitted to the Scheme by the Founder in accordance with these Rules.

The employer agrees to be bound by the provisions of the Scheme Rules via an electronic admission process. Each participating employer has their own section within the Scheme. Legal advice was taken when the electronic admission process was developed.

The Founder may, at the request of a participating employer, agree to make a variation to a section of the Scheme by way of Deed and will seek the agreement of the Trustee. The Founder may make a minor change to the section of the Scheme by way of Memorandum without seeking the agreement of the Trustee, but will make the Memorandum available to the Trustee for review.

In accordance with the Trustee Governance Schedule, the Trustee monitors B&CE’s electronic employer admission process. This is documented in the Trustee meeting agenda and minutes.

Contractual arrangements are made between the Founder and the participating employer with responsibilities of each party clearly defined in rules.

Through inquiry and inspection we confirmed the electronic employer admission process.


We obtained and inspected the quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee monitors the employer admission process.


We obtained and inspected a sample of the Deeds, Memorandum and Trustee agreement for new employers joining the Scheme during the year.






Member data is complete and accurate and is subject to regular data evaluation.

B&CE’s computer system records are updated daily through ad-hoc instructions received from Scheme members and information received from employers participating in the Scheme.

B&CE regularly reviews the completeness and accuracy of the Common data and Conditional data it holds for members of The People’s Pension.

B&CE provide the Trustee with Administration Reports to enable a review of the completeness and accuracy of member data at Trustee meetings. These reports will show the percentage of Scheme membership where Common data and Conditional data are present.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the assessment of B&CE’s data evaluation processes and procedures.

B&CE run monthly data quality reports on the completeness and accuracy of common and conditional data.

To support authorisation of the Master Trust proposition the Trustee commissioned an independent assessment of systems and processes relevant to The Pensions Regulator’s Systems and Processes requirements as set out in legislation. This report was obtained from an independent firm of accountants and the report was presented to the Trustee Board. This report included controls specifically relevant to record keeping and data quality (including common and conditional data).

In accordance with the Trustee Governance Schedule, the Trustee monitors and reviews the completeness and accuracy of member data through the Scheme Administration Reports provided to the Trustee at Trustee meetings. These reviews are documented in the Trustee meeting agenda and minutes.

B&CE’s internal audit function provides the Trustee with a report at Trustee meetings summarising the internal audit work conducted during the reporting period in relation to The People’s Pension. This includes work relating to the assessment of B&CE’s data evaluation processes and procedures.


The Trustee obtained and reviewed an independent report addressing the maintenance of member records (data).

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and Scheme Administration Reports and confirmed that the Trustee had reviewed the completeness and accuracy of member data.


We obtained and inspected B&CE’s internal audit function’s report to confirm that it includes completeness and accuracy of member data.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed the internal audit function’s reports on the work conducted in relation to the assessment of B&CE’s data evaluation processes and procedures.


We obtained and inspected the independent report to confirm that it includes maintenance of member records.






Monitoring of operations implemented to support the security of data transmissions and measures implemented to mitigate the threat of malicious electronic attack are regularly reviewed and documented.

Should any breach of data protection regulations occur, B&CE will inform the Trustees as soon as reasonably possible, or at their next quarterly Trustee meeting, depending upon the nature of the breach.

As part of its Data Protection Policy, B&CE uses encryption capability to protect the contents of files being transmitted via email. End users are trained in this functionality and the IT Acceptable Use Policy mandates the encryption of sensitive data.

B&CE has an Intrusion Prevention System deployed to counter the threat from malicious activities on its perimeter UTM Firewall. This is a component of B&CE’s firewall, from a leading provider, protecting the internal systems, in-house hosted website and mail server from unauthorised access from the internet.

B&CE has also deployed licensed software that manages the roll out of antivirus updates on end users computers and B&CE’s mail servers. Virus definitions are downloaded regularly to the server and on first boot of end user computers and regularly thereafter. Further protection is afforded by Endpoint Security that runs on each computer to quarantine any malware that may circumvent the first line defence.

B&CE operates a secure Company WiFi network that restricts use to company equipment only. A further Guest WiFi network is made available for personal use for staff and visitors and to segregate this traffic from B&CE’s internal network.

In accordance with the Trustee Governance Schedule, the Trustee will monitor and review Data Protection breaches recorded in the Scheme Administration Reports provided at Trustee meetings. These reviews are documented in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, B&CE’s Director of IT shall provide the Trustee with a report each year which includes B&CE’s IT procedures and processes, including matters related to data security.

In accordance with the Trustee Governance Schedule, the Trustee reviews this report and the review is recorded in the Trustee meeting agendas and minutes.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes and confirmed that the Trustee has reviewed any data breaches via the Scheme Administration Reports.


We obtained and inspected B&CE’s Director of IT’s report to confirm it includes matters related to data security.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed B&CE’s Director of IT’s report on the IT procedures and processes.


We observed the email menu on one of the staff’s consoles while onsite at B&CE and confirmed that the emailing application used has the capability to encrypt the messages.


We observed the WiFi network connection at B&CE to confirm that the visitors’ traffic is segregated from B&CE’s internal network.






(continued) B&CE has partnered with a Security Information and Event Management (SIEM) cyber security system provider that offers 24/7 monitoring and assurance from a centralised Security Operations Centre (SOC).

B&CE also engages leading IT security specialist firms to carry out regular IT penetration testing. These tests are performed internally and externally to provide assurance that B&CE’s systems and network are protected against known vulnerabilities.

We observed and confirmed through enquiry that security monitoring systems are deployed at B&CE, and that the definitions to these systems are regularly updated and monitored by the IT department.


We observed the antivirus protection in place at B&CE including the initial pilot phase of a new product.


We obtained and reviewed the penetration test performed by the third party to confirm that a penetration test is performed internally and externally to provide assurance that B&CE’s systems and network are protected against known vulnerabilities.






Physical and logical access to computer systems, and member and Master Trust records and data, is restricted to authorised persons.

B&CE’s locations are protected by a combination of security measures which can include CCTV systems providing 24 hour security monitoring, a 24-hour guard, electronic-card operated barrier access, electronic card-based door access and also alarms. The Disaster Recovery site is protected by CCTV and 24-hour guard security – access also requires pre-notified entry and photo ID such as a driving licence or passport – all access is recorded. Access to the servers and network equipment is monitored in all locations by movement detected video recording that triggers alerts to IT staff when activated.

All electronic data is held on servers in a secure, locked room. Only authorised members of B&CE’s IT Department have access and B&CE’s Facilities department holds administrative access to the control system.

B&CE’s administrators are allocated user names and a password is required to access servers, PC’s and other network devices. These passwords expire frequently and users are prompted to change them. The system requires best practice from users in relation to setting passwords. Active Directory permissions segregate levels of access and VLAN security is in place. Role based administration is in place within the IT teams and physical floor ports are protected by NetworkAccess control.

User functionality within B&CE’s in-house system is restricted using appropriate permissions. Functional groups of users are maintained, each with appropriate levels of access permissions based upon their job function.

In accordance with the Trustee Governance Schedule, B&CE’s Director of IT shall provide the Trustee with a report each year which includes B&CE’s IT procedures and processes, including matters related to physical and logical access to computer systems.

In accordance with the Trustee Governance Schedule, the Trustee reviews this report and the review is recorded in the Trustee meeting agendas and minutes.

We obtained and inspected B&CE’s Director of IT’s report to confirm it includes matters related to physical and logical access to computer systems.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed B&CE’s Director of IT’s report on the IT procedures and processes.


We inspected the physical controls in place at the B&CE offices, both on the main building / floors and securing the onsite server room.


We observed and inspected environmental controls protecting the onsite server equipment.






(continued) Only authorised IT administrators can define users and user group policies, rights and permissions, which are enforced by the system. Updates to system records have an audit trail, showing the user ID, date and timestamp.

B&CE has an Intrusion Prevention System deployed to counter the threat of unauthorised access from the internet. This is a component of B&CE’s firewall protecting its internal systems, in-house hosted website and mail server. B&CE has also engaged a leading IT security specialist firm to carry out regular IT security testing.

To access server and network devices from remote locations, a secure connection to B&CE’s firewall using a network logon account is required, as well as having remote access enabled by B&CE’s IT Department. This is all controlled using Windows Active Directory security.

Reusable components such as memory disks have data erased in-house. Non-recyclable components, such as hard disks, are destroyed on-site using a specialist waste company’s wrecking equipment to render the components inoperable.

Physical access to server rooms is restricted to authorised IT personnel and a video monitoring system records all access events.





IT equipment is maintained in a controlled environment and the maintenance and development of systems, applications and software is authorised, tested approved and implemented.

All electronic data at B&CE is held on servers in a secure, locked room. This room is equipped with air conditioning and a system is in place to control the temperature and humidity. The room is protected by an inert gas fire suppressant system.

B&CE regularly updates its website and mail servers with the latest security patches. These new patches and updates are logged on B&CE’s TopDesk service management system. B&CE then download these patches and deploy them to the Model Office testing environment as soon as practically possible and released to production following successful testing.

B&CE test the patches in the Model Office test environment for two weeks before applying them to their core site servers, web servers and half of the end user systems. The following weekend, B&CE’s secure site in Leatherhead is updated along with the remaining user systems. Super critical patches may be fast-tracked after specific testing if required. B&CE use software auditing solutions to ensure systems are maintained at the up-to-date patch state.

To support authorisation of the Master Trust proposition the Trustee commissioned an independent assessment of systems and processes relevant to The Pensions Regulator’s System and Processes requirements as set out in legislation. This report was obtained from an independent firm of accountants and the report was presented to the Trustee Board. This report included controls specifically relevant to maintenance of IT systems and the planning for change.

In accordance with the Trustee Governance Schedule, B&CE’s Director of IT shall provide the Trustee with a report each year which includes B&CE’s IT procedures and processes, including matters related to the maintenance of IT equipment and systems development.

In accordance with the Trustee Governance Schedule, the Trustee reviews this report and the review is recorded in the Trustee meeting agenda and minutes.

The Trustee obtained and reviewed an independent report addressing the maintenance of IT systems and the planning for change.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed B&CE’s Director of IT’s report.

Exception noted.

The Director of IT’s report does not include matters related to the maintenance of IT equipment and systems development.

Management response.

Whilst the Director’s IT report did not address systems development and change management within the body of the report, development and maintenance related matters formed part of the Trustee discussion and has been minuted. However, we acknowledge that the actual documented report excluded this detail, and this will be included in future reports.

We obtained and inspected the “IT Change Management Process” to confirm there are processes and procedures in place for system development and changes.


We observed the TopDesk ticketing system to confirm that tickets are raised for the changes requested.


We observed the patching system onsite to confirm that the systems and applications are updated on a regular basis.


We obtained and inspected the independent report to confirm that it includes matters relating to maintenance of IT systems and IT systems change management.






Retirements are managed in accordance with a documented process which is regularly reviewed and approved.

The People’s Pension Trust Deed and Scheme Rules are the governing documents by which the Scheme is administered and managed. The Scheme Rules include provisions for the commencement of benefits and ways of providing a pension, through the purchase of an annuity in the name of the member.

The People’s Pension does not provide members with a pension from the Scheme. Scheme members can use the Open Market Option to secure a suitable retirement income product.

Since June 2017, members meeting certain criteria have had the option of taking a tax-free cash sum from their pension pot and designating the remainder to Flexi Access Drawdown.

Upon joining the Scheme, new members are provided with a Member’s Booklet which includes a summary of the different options at retirement.

The retirement process and options available at retirement are documented on The People’s Pension website at thepeoplespension.co.uk/employees/your-retirement/.

The Trustee reviews changes in the retirement process and options available at retirement through B&CE’s reports provided to the Trustee at Trustee Board meetings. These reports provide the Trustee with details of changes in the retirement process and options available at retirement together with changes to the relevant key scheme documentation.

We obtained and inspected the quarterly Trustee meeting agendas and minutes and confirmed that the Trustee had reviewed changes to the retirement process and options available at retirement, together with changes to the relevant key scheme documentation.






Member communications are accurate, clear and understandable and are produced in accordance with a communications plan. The plan is regularly reviewed and monitored.

B&CE maintain a communications plan and provide this to the Trustee. This plan sets out the business and marketing objectives for the financial year and the channels of communication that will be used to communicate these messages.

The Trustee has agreed the key Scheme documentation which should be referred to the Trustee for approval.

As part of B&CE’s documentation re-approval process, documentation is reviewed at least once each year to ensure they continue to provide accurate information.

In accordance with the Trustee Governance Schedule, B&CE shall provide the Trustee with a communications plan.

In accordance with the Trustee Governance Schedule, the Trustee reviews the communications plan and this review is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, B&CE shall provide the Trustee with a report on B&CE’s document approval process and scheme communications.

In accordance with the Trustee Governance Schedule, the Trustee reviews the report and the review is recorded in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee monitors and reviews changes to key Scheme communications. These reviews are documented in the Trustee meeting agenda and minutes.

Each year the Trustee delivers a webinar that enables members to raise questions directly with the Trustee.

We obtained and inspected B&CE’s communications plan to confirm in place.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed B&CE’s communications plan.


We obtained and inspected B&CE’s report on B&CE’s document approval process and scheme communications to confirm in place.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed the B&CE’s report on B&CE’s document approval process and scheme communications.


We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas and minutes, and confirmed that the Trustee had reviewed changes to key Scheme communications.


Through enquiry we confirmed that a webinar was undertaken during the period and that future webinars have been scheduled.






Member communications contain information to support the decisions members need to make at retirement.

The People’s Pension does not provide members with a pension from the Scheme. Scheme members can use the Open Market Option to secure a suitable retirement income product.

The retirement ‘wake-up’ letter sent to Scheme members is accompanied by the Money Advice Service’s ‘Your pension: it’s time to choose’ booklet. This explains the various options for converting a pension fund into an income in retirement and the decisions that the member will have to make.

B&CE has procedures in place for managing the retirement process and ensuring that communications to members approaching retirement meet regulatory requirements, including the Association of British Insurers code of conduct on retirement choices and The Pension Regulator’s guidance on communicating with members about pension flexibilities.

Upon joining the Scheme, new members are provided with a member booklet which includes a summary of the different options at retirement.

The retirement process and options available at retirement are documented on The People’s Pension website at thepeoplespension.co.uk/employees/your-retirement/. The Trustee reviews and approves the member booklet and this website content.

In accordance with the Trustee Governance Schedule, the Trustee regularly reviews how the Scheme’s communications support the members in making decisions at retirement through B&CE’s reports on changes to Key Scheme Communication provided to the Trustee at Trustee meetings and approves these changes. This is documented in the Trustee meeting agendas and minutes.

In accordance with the Trustee Governance Schedule, the Trustee reviews the report and the review is recorded in the Trustee meeting agendas and minutes.

We obtained and inspected the Trustee Governance Schedule, quarterly Trustee meeting agendas, minutes to confirm that the Trustee regularly reviews B&CE’s reports on changes to Key Scheme Communication and approves these changes.




Appendix – Letter of engagement

Crowe U.K. LLP is a limited liability partnership registered in England and Wales with registered number OC307043. The registered office is at St Bride's House, 10 Salisbury Square,

London EC4Y 8EH. A list of the LLP’s members is available at the registered office. Authorised and regulated by the Financial Conduct Authority. All insolvency practitioners in the firm

are licensed in the UK by the Insolvency Practitioners Association. Crowe U.K. LLP is a member of Crowe Global, a Swiss verein. Each member firm of Crowe Global is a separate and

independent legal entity. Crowe U.K. LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Global or any other member of Crowe Global.

Crowe U.K. LLP

Chartered Accountants

Member of Crowe Global

St Bride's House 10 Salisbury Square London EC4Y 8EH, UK

Tel +44 (0)20 7842 7100 Fax +44 (0)20 7583 1720 DX: 0014 London Chancery Lane

www.crowe.co.uk

Our ref: AP/PS/LOP00034 1 March 2019

The Trustee C/O Philip Crisp The People’s Pension Manor Royal Crawley, West Sussex RH10 9QP Dear Sirs This letter sets out the basis on which we are to act for you and includes your and our respective responsibilities.

1. Scope of our work

1.1 You have asked us to act as reporting accountant to deliver services to you in connection with the governance control procedures established by the Trustee of The People’s Pension (“the Master Trust”) for the period from 1 May 2018 to 31 March 2019 (the Specified Period), or other period end date as agreed in writing.

2. Responsibilities of the Trustee

2.1 The Trustee of the Master Trust (“the Trustee”) in relation to which the reporting accountants’ assurance report is to be provided is and shall be responsible for the design, implementation and operation of governance control procedures at the Master Trust. The Trustee’s responsibilities are and shall include:

a) acceptance of responsibility for governance control procedures;

b) evaluation of the effectiveness of the governance control procedures established by the Trustee using suitable criteria; and

c) supporting its evaluation with sufficient evidence, including documentation.

2.2 The Trustee acknowledges and accepts its responsibility for providing a written statement (“the Trustee’s Report”) about whether in all material respects, and based on suitable criteria:

a) The Trustee’s Report describes fairly the governance control procedures established by the Trustee that relate to control objectives which were in place throughout the Specified Period;

b) The governance control procedures described were suitably designed throughout the Specified Period such that there is reasonable assurance that the specified control objectives would be achieved if the described governance control procedures were complied with satisfactorily; and

c) The governance control procedures described were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives were achieved during the Specified Period.



- 2 -

2.3 This written statement will be included in, or attached to, the Trustee’s description of the Trustee’s governance control procedures in the Trustee’s Report and provided to user entities as part of the final Trustee’s Report issued by the Trustee.

2.4 In drafting this report the Trustee has regard to, as a minimum, the criteria specified within TECH 12/16AAF, the Assurance Reporting on Master Trusts (Master Trust Supplement to ICAEW AAF 02/07) issued by the Institute of Chartered Accountants in England and Wales.

3. Responsibilities of reporting accountants

3.1 It is our responsibility to form an independent opinion, based on the work carried out in relation to the governance control procedures established by the Trustee as described in the Trustee’s Report and report this to the Trustee.

4. Scope of the reporting accountants’ work

4.1 We conduct our work in accordance with the procedures set out in AAF 02/07 and TECH 12/16 AAF. Our work will include enquiries of key individuals at the Master Trust.

4.2 In reaching our conclusion, the minimum criteria against which the governance control procedures are to be evaluated are the control objectives developed for assurance reporting on Master Trusts as set out within TECH 12/16 AAF, together with additional governance control procedures as considered appropriate

4.3 Any work already performed in connection with this engagement before the date of this letter will also be governed by the terms and conditions of this letter.

4.4 We may seek written representations from the Trustee in relation to matters on which independent corroboration is not available. We shall seek confirmation from the Trustee that any significant matters of which we should be aware have been brought to our attention.

4.5 Our objective will be to conduct an examination that will include procedures to obtain reasonable assurance, in all material respects and based on suitable criteria, to enable us to express an opinion as to whether:

a) The Trustee’s Report fairly presents the governance control procedures established by the Trustee that relate to the control objectives specified in the Trustee’s Report which were in place throughout the Specified Period;

b) The governance control procedures established by the Trustee described in the Trustee’s Report were suitably designed to provide reasonable, but not absolute, assurance that the specified control objectives would have been achieved if the described governance control procedures operated effectively throughout the Specified Period; and

c) The governance control procedures established by the Trustee that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved throughout the Specified Period.

4.6 In conducting our work we will examine on a test basis, evidence supporting the Trustee’s description of controls, including the operating effectiveness of the related controls, and perform other procedures as we consider necessary in the circumstances to provide a reasonable basis for our report. Our examination will not include other systems, controls, operations or services not specified herein including internal control at user organisations and, accordingly, we will express no opinion on such items.



- 3 -

5. Inherent limitations

5.1 The Trustee acknowledges that governance control procedures designed to address specified control objectives are subject to inherent limitations and, accordingly, errors or irregularities may occur and not be detected. Such procedures cannot guarantee protection against fraudulent collusion especially on the part of those holding positions of authority or trust. Furthermore, the opinion set out in our report will be based on historical information and the projection of any information or conclusions in our report to any future periods will be inappropriate.

6. Use of our report

6.1 Our report will, subject to the permitted disclosures set out in paragraph 6.3 below, be made solely for the use of the Trustee and solely for the purpose of reporting on the governance control procedures established by the Trustee, in accordance with these terms of our engagement.

6.2 Our work will be undertaken so that we might report to the Trustee those matters that we have agreed to state to it in our report and for no other purpose.

6.3 We permit the disclosure of our report, in full only, to verify to the recipient that a report by reporting accountants has been commissioned by the Trustee and issued in connection with the governance control procedures established by the Trustee without assuming or accepting any responsibility or liability to the recipient on our part.

6.4 To the fullest extent permitted by law, we do not and will not accept or assume responsibility to anyone other than the Trustee as a body for our work, for our report or for the opinions we will have formed.

OTHER MATTERS

7. Limitation of liability

7.1 We will perform the foregoing services with reasonable skill and care and acknowledge that we will be liable to you for losses, damages, costs or expenses ("losses") caused by our negligence, breach of contract, fraud or wilful default. However, Crowe U.K. LLP will not be liable if such losses are due to the provision of false, misleading or incomplete information or documentation or due to the acts or omissions of any person other than Crowe U.K. LLP.

7.2 Where any damage or loss is suffered by you for which Crowe U.K. LLP would otherwise be jointly and severally liable with any third parties, the extent to which such loss shall be recoverable by you from Crowe U.K. LLP, as opposed to the third party, shall be limited so as to be in proportion to Crowe U.K. LLP's contribution to the overall fault for such damage or loss, as agreed between the parties, or in the absence of agreement, as finally determined by the English court.

7.3 The aggregate liability, whether to you or any third party, of whatever nature, whether in contract, tort or otherwise, of Crowe U.K. LLP for any losses whatsoever and howsoever caused by or arising from this engagement shall not exceed (including interest) £1 million.

7.4 Nothing in this section shall exclude or restrict the liability of Crowe U.K. LLP for fraud or dishonesty or otherwise to the extent that it cannot do so by law.

7.5 In this section, "Crowe U.K. LLP" refers to Crowe U.K. LLP, and any successor or assignee.



- 4 -

7.6 You agree that you have fully considered the provisions of this section and all the other provisions of this letter (including the Terms and Conditions) and that they are reasonable in the light of the factors relating to the Engagement.

7.7 You agree (to the extent such agreement is enforceable under applicable laws) that you will not bring any claim in respect of or in connection with the engagement whether on the basis of contract, tort (including negligence), breach of statutory duty or otherwise against any member or employee of Crowe U.K. LLP whether or not that person is described as a “partner”.

7.8 The advice we give you is for your sole use. Our work is not to be made available to third parties without our written permission and we accept no responsibility to third parties for any aspect of our professional services or work that is made available to them.

8. Fees

8.1 Our fees are calculated on the basis of the time spent on your affairs by the partners and staff and on the levels of skill or responsibility involved and will be billed at approximately monthly intervals during the course of our work and once a particular assignment has been completed. The amount of our fee to provide Type 2 reporting accountant’s assurance services will be agreed with you annually. We shall charge in addition any disbursements and VAT, and reserve the right to charge interest on unpaid bills and suspend work until they are paid.

8.2 You undertake to ensure that our bills are settled in accordance with the attached statement of our terms of business “Terms and Conditions”.

8.3 If we need to do work outside the responsibilities outlined in our engagement letter, we will advise you in advance. This will involve additional fees. Accordingly it is in your interest to ensure that your records and information requirements are completed at the agreed stage.

9. Communicating with you

9.1 We may communicate with you by email. As with other means of delivery this carries with it the risk of inadvertent misdirection or non-delivery. The recipient is responsible for carrying out a virus check on attachments.

9.2 Internet communications may be corrupted, and, we accept no responsibility for changes to such communications after their despatch. It may therefore be advisable to obtain hard copy confirmation of advice in an email. We do not accept responsibility for any errors or problems that may arise through the use of the internet and you must accept all risks connected with sending commercially sensitive information relating to you. If you do not accept this risk, you should notify us in writing that email is not acceptable to you

10. Improving our service

10.1 Our aim is to provide a high standard of service, reliability and skill. If at any time you would like to discuss with us how we could improve our service to you or you are dissatisfied with the service you are receiving, please let us know by telephoning or writing to Andrew Penketh or Peter Varley (the Managing Partner of this office). Alternatively you may contact the Chief Executive of the firm, Nigel Bostock, at Crowe U.K. LLP, St Bride’s House, 10 Salisbury Square, London, EC4Y 8EH.

10.2 Should our service be less than satisfactory we will take all reasonable steps to correct the situation. We undertake to investigate any complaints carefully and promptly and to report our findings to you.



- 5 -

10.3 If you are still dissatisfied you may take the matter up directly with the Institute of Chartered Accountants in England and Wales at:

Professional Conduct Department ICAEW Level 1, Metropolitan House 321 Avebury Boulevard Milton Keynes MK9 2FZ

11. Professional rules and practice guidelines

11.1 We will observe the bye-laws, regulations and ethical guidelines of the Institute of Chartered Accountants in England and Wales and accept instructions to act for you on the basis that we will act in accordance with them. We are registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales and details about our audit registration can be viewed at www.auditregister.org.uk, under reference number C001095468. The Audit Regulations and Guidance and APB Ethical Standards that we are required to adhere to can be found at icaew.com/auditnews and http://www.frc.org.uk/Our-Work/Codes-Standards/Audit-and-assurance/Standards-and-guidance/Standards-and-guidance-for-auditors/Ethical-standards-for-auditors.aspx.

11.2 Details of our professional indemnity insurer can be found on our internet web site (www.crowe.co.uk) on the Disclosures page, in accordance with the requirements of the Provision of Services Regulations 2009.

11.3 We reserve the right during our engagement with you to act for other clients whose interests are or may be adverse to yours, subject to the further provisions with regard to confidentiality below. We confirm that we will notify you immediately should we become aware of any conflict of interest involving us and affecting yourselves.

11.4 We confirm that where you give us confidential information we shall at all times keep it confidential, except as required by law, regulatory, ethical or other professional requirements.

11.5 Our files are periodically reviewed by an independent regulator or quality controller as part of our ongoing commitment to providing a quality service. The reviewers are bound by the same rules of confidentiality as our partners and staff.

11.6 You agree that we will be complying sufficiently with our duty of confidence if we take steps that we in good faith think fit to keep appropriate information confidential during and after our engagement.

12. Data protection

12.1. When acting for you, we are a data controller in respect of any personal data you provide to us or to which we have access. This is because accountants and similar providers of professional services work under a range of professional obligations which oblige them to take responsibility for the personal data they process. For example, if we detect malpractice whilst performing our services we may, depending on its nature, be required under our regulatory obligations to report to relevant authorities. In doing so we would not be acting on your instructions but in accordance with our own professional obligations and therefore as a data controller in our own right.

12.2. Where we and you are deemed in accordance with the data protection laws to be joint data controllers, you shall be liable for the personal data you process and we shall only be liable for the personal data we process.



- 6 -

12.3. You confirm that you have the right to supply personal data to us and you will not breach applicable data protection laws. Where you are providing personal data to us about a third party, for example a family member, a partner, a director (including a non-executive director), and/or any other type of member, business associate or third party, you confirm that you have their authority and express permission to provide us with their personal data.

12.4. Neither of us will by our act or omission put the other in breach of the applicable data protection laws.

12.5. Where we and you are joint data controllers, you should provide all relevant information to data subjects relating to the processing of their personal data (including the processing carried out by us) and to the exercise of their rights in relation to the processing of their personal data as required by the data protection laws in a written notice ("Fair Processing Notice") and you will act as the contact point for the data subject.

12.6. To enable us to discharge the services agreed under our engagement, and for other related purposes including updating and enhancing client records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance, we may obtain, use, process and disclose personal data about you or your entity, its officers and employees, as applicable. We confirm when processing data on your behalf we will comply with the relevant provisions of the applicable data protection laws.

12.7. Where we act as a data processor in relation to your personal data, we will:

process personal data:

for the purpose of performing our services and obligations to you; and

for such other purposes as may be instructed by or agreed with you as otherwise notified in writing from time to time; and

in accordance with the applicable data protection laws;

implement appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure;

not otherwise modify, amend, remove or alter the contents of the personal data or (unless legally obligated to, as specified above) disclose or permit the disclosure of any of the personal data to any third party without your prior written authorisation;

adopt measures to maintain up to date records of our processing activities performed on your behalf which shall include the categories of processing activities performed, information on cross border data transfers and a general description of security measures implemented in respect of processed data;

unless otherwise required by data protection laws, or our own retention policy, we will return or delete all personal data upon the termination of the our relationship with you;

adopt measures to ensure that only those personnel who need to have access to your personal data are granted access to it and that all of the personnel required to access your personal data are reliable and have been informed of its confidential nature;



- 7 -

sub-contractor which includes terms which are substantially the same as the terms set out in these clauses;

where we transfer your personal data to a country or territory outside the European Economic Area, to do so in accordance with data protection laws (including for the avoidance of doubt entering into standard form contracts);

notify you without undue delay if we receive (i) a request from a data subject to access your personal data, or (ii) a complaint or request relating to the data protection laws;

assist you should you need to carry out a privacy impact assessment;

notify you without undue delay in the event of becoming aware of any breach of the data protection laws; and

permit without charge, on an annual basis, and / or where you become aware of a data breach or alleged breach of the data protection laws by us, reasonable access to the relevant information for the purposes of appropriately reviewing compliance with the data protection laws.

12.8. Each of you and us shall indemnify and keep indemnified the other in full from and against all claims, proceedings, actions, damages, costs, fines, expenses and any other liabilities which may arise out of, or in consequence of the indemnifying party's breach of the data protection laws or the performance or non-performance by its sub-processor(s) and personnel of its obligations in connection with these Engagement Terms in relation to the data protection laws, including loss of or damage to property, financial loss arising from any breach of the data protection laws or any other loss which is caused directly or indirectly by any act or omission arising from any breach of the data protection laws.

12.9. When acting for you in a personal capacity how we process your personal data is described in our privacy notice. This is available on our internet page.

12.10. We will tell you if, in our opinion, your instructions may breach the applicable data protection laws.

13. Retention of records

13.1 During our work we will collect information from you and others acting on your behalf and will return any original documents to you when our work is complete.

13.2 We will not hold copies of these documents, so you need to keep them safely.

13.3 Unless you tell us not to, we intend to destroy correspondence and other papers that are more than six years old (from the end of the relevant period end date). You must tell us if you wish us to keep any documents.

14. Applicable law

14.1 Only someone who is a party to this Agreement has the right under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms. This clause does not affect any right or remedy that exists independently of that Act.

14.2 Our engagement with you is governed by, and interpreted in accordance with, English law. The Courts of England shall have exclusive jurisdiction in relation to any claim, dispute or difference concerning our engagement letter and terms of business and any matter arising from them. Each party irrevocably waives any right it may have to object to any action being brought in those courts, to claim that the action has been brought in an inconvenient forum, or to claim that those courts do not have jurisdiction.



- 9 -

TERMS AND CONDITIONS

1. DEFINITIONS

In these Terms and Conditions.

“We” means Crowe U.K. LLP.

“You” means the person or company with whom the Contract is agreed.

“Contract” means the terms of engagement agreed between Crowe U.K. LLP and you to which these terms and conditions relate.

“Services” means the services we agree to provide you with under the Contract.

2. SERVICES

2.1 We shall provide Services as agreed with you and in doing so we shall observe the Ethical Guidelines issued by the Institute of Chartered Accountants in England and Wales.

2.2 We shall provide Services for your exclusive benefit and you agree not to disclose or supply to any other party written or verbal advice, reports or other information provided by us without our specific written agreement.

3. FEES

3.1 We shall charge fees on the basis set out in our proposal or engagement letter or as otherwise agreed in writing.

3.2 From time to time we shall bill you for Services together with any applicable VAT.

3.3 We may from time to time render bills together with applicable VAT on account of or in advance of Services.

3.4 You agree to pay our fees within 30 days from the date of the invoice.

3.5 Payment of our fees from a bank based outside the UK must be made via transfer to our bankers and must quote our invoice details.

3.6 We will claim for relief for any fees falling within the scope of the VAT Regulations 1995 (SI 1995/2518).

4. NON-PAYMENT OF FEES

4.1 If you fail to pay our fees within 30 days from the date of the invoice we reserve the right:

– to charge monthly interest on the unpaid amount at 8% APR over the Barclays Bank plc Base Rate in accordance with the Late Payment Legislation.

– to suspend the Services and any other work which we are carrying out for you.

– to take whatever legal remedy exists in order to obtain payment, and

– claim cost of debt recovery.

4.2 If you consider the fees which we have charged are excessive or unfair, you may within a period of 30 days from the date of receipt of the bill complain in writing to us, specifying the cause of complaint. If you do not make such complaint within 30 days of the receipt of the bill, our rights specified in 4.1 will apply.

4.3 If you make such complaint:

– we shall investigate it. If we agree with you we shall make an appropriate reduction in the amount invoiced and interest will not be charged on the amount of the reduction but may be charged on the balance.

– we shall still have the right to suspend the Services and any other work we are carrying out for you and to take whatever legal remedy exists in order to obtain payment.

5. VARIATION

Any variation to the Contract shall only be effective if it is agreed in writing between you and a member in Crowe U.K. LLP.

6. TERMINATION

In relation to Services as Auditor under any statutory provisions, you or we may terminate the Contract only in accordance with the provisions of the relevant Act or regulation. In relation to any other Services, you or we may terminate the Contract at any time by giving not less than 30 days notice in writing.

7. ENGLISH LAW

The Contract is governed by English Law.

THE ABOVE TERMS OF TRADE WILL APPLY UNLESS SPECIFICALLY VARIED BY A LETTER OF ENGAGEMENT.

FR ALL 0005.0819

The People’s Pension Trustee Limited Manor Royal, Crawley, West Sussex, RH10 9QP. Tel 0300 2000 555 Fax 01293 586801 www.bandce.co.uk

Registered in England and Wales No. 8089267. The People’s Pension Trustee Limited is the corporate Trustee of The People’s Pension Scheme. To help us improve our service, we may record your call.

For more information:

01293 586666

[email protected]

www.bandce.co.uk

aaf 02/07 assurance report · aaf 02/07 assurance report 2018/19 | 2 1. introduction (continued)...

Documents