The millenium bug and trustees’ responsibilities
The Millennium Bug and Trustees’ Responsibilities
Robert West and Clifford Sims, Baker & McKenzie
(From Issue 8,July 1999)
The January 1999 issue of OPRA Bulletin Number 7 was prefaced by an open letter from John Hayes the Chairman of OPRA, on the subject of the Year 2000 compliance, popularly known as Y2K liability. Although the letter was largely directed towards trustees of occupational pension schemes, the fact that it was addressed to the pensions industry as a whole hints at the wider responsibility which third parties, such as scheme administrators, investment managers, custodians, bankers and accountants have towards scheme members and other beneficiaries to ensure that no-one suffers any loss as a result of the change of date on 1 January 2000. OPRA recently followed this up in a more dramatic way by sending out a computer mouse mat (bearing a Y2K warning) to all schemes.
Trustees really face two issues. First, they will be concerned about personal liability. Secondly, even if the trustees are not culpable (and hence not personally liable), Y2K problems may nevertheless result in loss to the scheme. This article concentrates on the personal liability of trustees but, in doing so, it inevitably touches on the rights of recovery which trustees may have against third parties.
The pensions cycle and Y2K problems
OPRA is to be commended for taking a proactive role in raising Y2K awareness. 1Compliance checking and pre-testing of systems 2 are of course essential tasks for all trustees between now and the end of the year. However, is it safe to assume that, if trustees are reasonably diligent about Y2K liability, they will be protected from any claims for breach of trust arising from a Y2K loss or from the imposition of penalties under the Pensions Act 1995 (the `PA`)?
Y2K risks, of course, need to be analysed in terms of the relevant systems programme or hardware. In pensions terms, such systems process funds at three stages: the payment and collection of contributions; the investment of those contributions, and the ultimate payment of benefits in the form of pensions, annuities or lump sums.
As an example of how Y2K problems could affect the first stage in this cycle, the liability for non-compliant payroll systems which result in employee contributions either not being collected or paid to the wrong account would rest with the employer. This could result in criminal liability under section 49(8) of the PA (or, in the future, more probably a civil penalty) if employee contributions are not paid within 19 days from the end of the month of deduction. Given that OPRA has begun prosecuting employers for such breaches, employers should take this potential problem very seriously. Similarly, trustees of money purchase schemes have a responsibility to report any failure to pay any amount shown on the payments schedule (i.e. all contributions and scheme expenses) on or before the due date. The report must be made to OPRA 30 days after the due date and to members 90 days after the due date, if payment has still not been made 60 days after the due date. Failure to do so could result in a penalty for the trustees.
As far as the payment of benefits is concerned, the starting point for assessing whether a payment is late will be the rules of the scheme, which will normally provide for payments to be made monthly in advance or in arrears. Even if the rules are silent and the members’ booklet also offers no guidance, the practice of paying pensions on a regular basis would establish an expectation of payment on or around a particular date. The PA does not prescribe a due date by which pensions must be paid. However, it is reasonably safe to assume that late payment, whether caused by a Y2K loss or some other reason, would run the risk of being classed as maladministration by the Pensions Ombudsman or may even constitute a whistle-blowing event which the scheme’s auditor may consider requires reporting to OPRA under Section 48 PA.3 Claims for late payment might therefore be made against trustees or a third party administrator who was responsible for paying benefits.
What then of liability for the interim stage, the investment of scheme funds? First, let us look at the sources of potential losses.
How could investment management and custody risks arise?
On a simplistic level (and leaving aside the reality of the diversification of scheme’s investments), the basic risk which trustees face from non-Y2K compliant investment management and custodian systems is that a mismatch could arise between the value of the scheme investments and its benefit liabilities. If the investment manager fails to invest scheme funds to buy a particular security in accordance with the trustees’ or members’ instructions and the value of the security goes up, then more funds will of course be required to buy the same security. Similarly, if the trustees wish to sell a security but the price falls after a delay in settling caused by a Y2K problem, the trustees will have missed the opportunity to sell at the `right` price to match the liability.
Depending on the type of scheme, the resulting loss to the scheme may ultimately prove to be a loss to the employer or the member. The recent Pensions Ombudsman determination against the trustees and employer of the Merrill Lynch UK Final Salary Plan shows how this could result in liability for the trustees: the Ombudsman found the trustees of a defined benefit scheme guilty of maladministration simply on the grounds that there had been a delay of as little as ten days between the collection of the members’ additional voluntary contributions and their investment.
Underlying this basic situation are a number of risks associated with the settlement of securities transactions. Investment managers’ daily business is conducted with a variety of third parties, some of whom may be associated with them in the same group. Some investment managers themselves provide custody services but most settle transactions through a separate custodian, whether associated with it or not. A report of the Bank for International Settlements (Delivery v Payment in Securities Settlement Systems, Basle, September 1992) identified the following six types of settlement risks. None of these is a Y2K specific risk, but nonetheless each, with the possible exception of Settlement Bank Failure Risk where the default is caused by an insolvency event, could be triggered by a Y2K problem.
- Credit Risk – where a counterparty’s default leads to losses on unrealised capital gains and the loss of securities delivered or payments made;
- Replacement Cost Risk – the loss of unrealised gains;
- Principal Risk – the loss of the full value of the securities or funds transferred;
- Liquidity Risk – where a counterparty does not settle for value when due as a result of a failed transaction, rather than default;
- Systemic Risk – one institution’s inability to meet its obligations lead to another institution defaulting on its own obligations when due; and
- Settlement Bank Failure Risk – custodian or sub-custodian risks arising from fraud, negligence or insolvency.
When looked at in the context of cross-border settlements, the situation becomes even more complicated. The BIS 1995 Report, Cross-Border Securities Settlement, discussed a further six types of risk which could materialise from systems failures. Again, the analysis of risk here is generically operational to the custody business and not Y2K specific, but that it not to say that the following situations could not be brought about by Y2K failures.
- Cross-Settlement Risks – arising from the inter-dependencies of credit and liquidity risks created between central and international securities depositories, especially where a third party depository may not be linked with the underlying operational problem;
- Transfer of Principal Risk – from the counterparties to the depository where delivery versus payment is not achieved by the depository;
- Cash Deposit Risk – the credit risk associated with the holding cash balances with an intermediary for the purpose of settling securities transactions;
- Securities Lending Risks;
- Foreign Exchange Risks; and
- Mis-matching Risk between different delivery versus payment systems.
Liability of trustees and investment managers under the PA
Although the PA does not change trustees’ duties of care owed under trust law, it does qualify the standard of care owed in many ways, particularly when trustees are exercising their investment powers. Section 33 (1) PA states that trustees cannot exclude or restrict their liability `for breach of an obligation under any rule of law to take care or exercise skill in the performance of any investment functions`. Note that the term `investment functions` is not defined. Section 33(1) also applies to authorised fund managers to whom investment functions have been delegated by trustees under section 34.
Assuming that the trustees have appointed the fund manager in accordance with section 34(6) PA, that is, that they have satisfied themselves that the fund manager has appropriate knowledge and experience to manage the scheme’s investments and that `he is carrying out his work competently and complying with section 36 [observing the requirement to have regard to diversification and suitability of the scheme’s investments]`, section 34(6) has the effect that the trustees will not be responsible for the fund manager’s acts or defaults.
However, although this section may appear to let trustees off the hook by suggesting that the trustees will not be liable, it does not go as far as imposing strict liability expressly on the fund manager. Section 34(4) appears simply to mean that trustees will not be personally liable for the acts or defaults of investment managers. It should also be noted that sections 33(1) and 34 refer only to the relationship between the trustees and an appointed fund manager: custodians are not mentioned at all (despite the fact that custody of investments is an activity constituting investment business under the Financial Services Act 1986).
Contractual liability of investment managers and custodians to Trustees
It may be concluded from the above that trustees cannot be indemnified from the assets of the scheme for investment-related breaches of trust, although this depends to an extent upon the nature of the breach (see below). In the context of Y2K liability, the inability of trustees to contract out of their fiduciary responsibilities created by section 33 (1) PA means that trustees should be considering now what their contractual position would be if they had to seek a remedy from an investment manager or custodian for a Y2K investment or custody related loss.
The potential sources of indemnification of trustees for Y2K losses are fourfold:
- the employer, under an indemnity clause in the scheme’s governing trust deed and rules;
- from a trustee indemnity insurance policy (subject to the terms of such policy);
- directly from the investment manager or custodian who had caused the loss, or
- the investment manager or custodian’s own professional indemnity insurer (if any).
The restriction imposed by section 33(1) PA does not have the effect of nullifying an indemnity given by the employer (rather than by the scheme) to the trustees. However, if the employer indemnifies the trustees he may nevertheless have some difficulty in recovering his costs from the investment manager or custodian itself. As it is unlikely that the employer will be a party to the relevant contract or necessarily owed a duty of care in tort, the chances of success are slim. In any event, the trustees may well not have a relevant trustee indemnity policy in place.
This then leaves a contractual claim being made by the trustees against the investment manager and/or the custodian, whether directly, or indirectly via an indemnity insurance policy held by the manager/custodian. It should be noted, incidentally, that neither the Rules of the Investment Management Regulatory Organisation (`IMRO`) nor the Securities and Futures Authority (`SFA`) makes insurance compulsory for regulated organisations subject to their respective rules.
Obviously, the terms of the investment management or custodian agreement govern the liability of the manager and/or custodian in general terms. A breach of contract claim for a Y2K loss will need to take account of any exclusion of liability provisions. Let us consider a typical liability clause, taken from the Terms for Discretionary Fund Management published by the Investment Fund Managers Association and the London Investment Banking Association (`IFMA/LIBA3a`). IFMA/LIBA3a is, of course, a widely (but not universally) used standard and many investment managers and custodians have incorporated more elaborate terms governing liability into their agreements with customers. Clause 18(a) of IFMA/LIBA 3a states that:
`the Manager accepts responsibility for loss to the Customer to the extent that such loss is due to the negligence, wilful default or fraud of itself or any delegates appointed pursuant to paragraph 6(a) above or that of its or their employees. The Manager also accepts liability for any Custodian which is an associate.`
The annex to IFMA/LIBA3a, which operates where the custodian is either a party to the investment management agreement or the investment manager itself acts as the custodian, contains a similar liability clause:
(a) The Custodian accepts responsibility for the acts and omissions for its nominee. The Custodian also accepts responsibility for loss to the Customer which is due to its negligence, wilful default or fraud, or that of any sub-custodian which is an Associate.`
C5(a) needs to be read in conjunction with paragraph C5(d), which governs certain sub-custodian risks:
`If any sub-custodian should fail to deliver any necessary documents to account for any securities the Custodian will take all reasonable steps on behalf of the Customer to recover such documents or securities, or any sums due, or compensation in lieu thereof, but subject thereto (and to C5(a) above) shall not be liable for any such failure. All reasonable costs incurred by the Custodian shall be paid by the Customer.`
Several points should be noted from the above. Both sets of provisions effectively rule out a claim for breach of contract per se (unless the investment manager of custodian gives a separate warranty or makes a representation about Y2K compliance – see below). The liability clauses do not, of course, expressly deal with the question of Y2K liability. Whether a claim to recover a Y2K loss could be brought on the grounds of wilful default or negligence would depend on the facts and also causation. Investment managers accept liability under IFMA/LIBA 3a for their delegates, but not for agents. It may be that a third party, such as a stockbroker, acts as an agent, and if that party’s systems cause a Y2K loss, then the trustees would have to establish a right of action against the third party (presumably in negligence). Even if it is unlikely that a manager or custodian could successfully argue that the standard of care required of it need not have encompassed taking reasonable steps to achieve Y2K compliance, because it had been advised of its professional responsibilities by its regulator, the problem trustees may find themselves facing is that the systems may not have been developed by the manager/custodian itself but by a software supplier which is acting not as an agent of the manager/custodian but a principal in its own right.
IMRO and SFA approaches to Y2K compliance
IMRO first wrote to investment managers regulated by it in January 1996 to warn them that they should be undertaking systems reviews to assess the scale of the problem, formulating strategic IT plans and developing and pre-testing any changes necessary to systems. In early 1997 IMRO conducted a survey of seventy organisations regulated by it, and subsequently reminded investment managers that:
`all firms are required to have adequate records and systems of control over their business and records. A firm where core systems are not Year 2000 compliant may be unable to meet this requirement. Year 2000 compliance is therefore most important to ensure that firms continue to meet IMRO’s requirements and thereby protect investors’ interests`.
Likewise, the SFA has been proactive with its members and devoted an SFA Bulletin (Number 16, August 1998) to the Y2K problem. SFA suggested that SFA regulated organisations should have a dedicated Y2K team, a comprehensive Y2K plan and timetable which would leave the last six months of 1999 available for `final trials and contingency planning`. SFA suggested that regulated organisations ought to have been testing third party systems by 30 June 1998.
The Financial Services Authority (`FSA`) issued a policy statement on Y2K in October 1998 and has established a Y2K unit to co-ordinate supervisory activity and share information and experience between regulators.
Other contractual limits on liability: force majeure?
IFMA/LIBA3a contains no force majeure provision but such clauses are relatively common in other investment management and custody agreements. At first sight, they might be thought to be attractive to investment managers and custodians in the Y2K context, given the global application of the problem and the fact that there are so many inter-faces between different systems to consider, any one of which could presumably cause a knock-on problem. However, it is of the essence of a force majeure loss that the cause of the loss is both outside the control of the party who otherwise would have been responsible and, because the cause is outside the control and knowledge of the relevant party, that the loss is unpredictable and spontaneous in nature. Trustees should therefore resist any attempt to link Y2K losses to force majeure and insist on an indemnity (directly or by recourse to insurance cover) from their investment manager or custodian or, failing that, seek suitable reassurances in the form of representations or warranties.
Y2K Representations and Warranties
One noticeable omission from the pronouncements of IMRO, SFA and FSA is that none of these regulatory bodies has given any public guidance about how to communicate with clients on the Y2K problem. Indeed, it has even been suggested by some investment managers that regulators have said privately it would be unwise to say anything at all about a given organisation’s Y2K compliance. From a defensive legal point of view, there are merits in this approach, but it is not very helpful to trustees who are trying to establish whether there is likely to be a Y2K problem or not.
Short of a manager or custodian actually taking the initiative and making a representation to its clients that theirsystems are Y2K compliant (subject to any qualifying statements, such as `to the best of our knowledge and belief`), what can trustees do? Some trustees may well wish to take the initiative and propose wording to their investment managers and custodians by amending their agreements to ensure that warranties are given to the following effect:
- that the manager/custodian has made every reasonable effort to ensure that its systems are Y2K compliant;
- that the manager/custodian has also determined whether its suppliers’ systems are Y2K compliant; and
- that the manager/custodian will in any event notify the trustees of any system failure (not restricted to Y2K failure) which has a significantly adverse impact on the manager’s/custodian’s ability to perform its functions.
We also suggest that that it is sensible to agree expressly that Y2K losses will not be excluded from the scope of recovery by falling within the force majeure clause (if any) of the agreement.
Postcript: Y2K losses under a managed fund insurance policy
This article has considered Y2K investment losses only from the stand point of a scheme which is invested in a segregated portfolio. Where the scheme assets are invested in a managed fund insurance policy, the trustees do not in fact own the underlying investments, because these are owned by the insurance company. Does the ownership of assets and the fact that the trustees have only a contractual right to the proceeds of the managed fund policy in these circumstances make any difference? Y2K warranties and representations may perhaps be more difficult to obtain from insurers and, while this is only speculation, it may also be more difficult to establish whether a Y2K loss has occurred resulting in a diminution in the value of the policy (especially where the underlying fund is a with-profits, rather than unit-linked fund). Life companies have been reticent, to date, unlike some of their non-life counterparts who have made their policy clear on paying Y2K related claims under property insurances.
Robert West and Clifford Sims
Baker & McKenzie
- The US Department of Labor has been even more direct, in publishing guidelines (in August 1998) for plan fiduciaries on their potential liability under the Employee Retirement Income Security Act (`ERISA`) in relation to Y2K problems. The Guidelines include questions and answers on the following subjects:
- what is a plan fiduciary’s potential liability under ERISA for Y2K problems?
- what constitutes a prudent procedure for ensuring Y2K compliance?
- to what extent are plan fiduciaries responsible for Y2K problems that are caused by unrelated plan service providers?
- can the plan be charged for costs associated with Y2K problems?
- should the plan administrator disclose the plan’s Y2K activitiesto participants and beneficiaries?
- are plan auditors, as part of their current engagements, required to direct potential record keeping problems associated with Y2K?
- what information will be disclosed to the plan administrator by a plan’s auditor in relation to Y2K problems?
- The Pensions Research Accountants Group published in August 1998 a Y2K checklist for trustees which considers the following areas: accounts; administration; payroll; investment and fraud. There are a number of Y2K specific questions in a separate checklist, some of which deal with trustees’ relationships with third parties, whose systems could have an impact on trustees.
- The Auditing Practices Board Y2K guidance requires auditors to write to their clients to ensure they understand the auditor’s and the client’s respective responsibilities for Y2K.
This article is published with the kind permission of:
Occupational Pensions, 18/20 Highbury Place, London, N5 1QP
Tel: 020 7354 5858
© Occupational Pensions