FANews
FANews
RELATED CATEGORIES
Category Retirement
SUB CATEGORIES Annuties |  General |  Savings & Investments | 

Cybercrime curse oozes into retirement funding

22 May 2023 Gareth Stokes

One in three domestic retirement funds do not have cyber liability insurance in place, and many of those that have some form of protection in place are covered to a maximum of ZAR5 million. This alarming fact was shared in PwC South Africa’s seventh annual Retirement Fund Survey of 60 funds, 15 of which have assets in excess of ZAR10 billion. In the latest survey, the financial services firm spoke to 27 stand-alone funds and 33 representatives of umbrella, preservation or retirement annuity funds. Their focus: fund officials’ activities, remuneration and work arrangements; investment management; and cyber security.

Do you want 20-plus asset managers on your retirement savings?

This newsletter will skip over the sections on governance and fund officials’ remuneration to concentrate on matters of insurance and investment, before finishing with some comment on the sustainability of the retirement fund industry. Turning to investment management basics, the survey revealed that 85% of funds were applying an active investment strategy compared to just 15% who described their investment strategies as “largely passive”. But from this writer’s perspective, the most surprising revelation contained in the survey was that 32% of funds had more than 20 asset managers managing their investments versus only 28% where five or fewer asset managers were involved. 

“We noted that the majority of the participants with a passive investment strategy have less than five asset managers,” PwC noted in their report, before latching on to the writer’s concerns over the complexity that contracting with too many asset managers might introduce. “It can be questioned whether diversity can be achieved more efficiently through changes in mandates with fewer asset managers, with reduced asset manager costs, rather than employing more than 20 asset managers,” they wrote. “This increasing number of asset managers places greater responsibility on the board to ensure that the control environments of the underlying asset managers remain appropriate”. 

Nolwazi Radebe, PwC South Africa Retirement Funds Associate Director, expanded on the number of asset managers debate in a media release to coincide with the report launch: “The challenge to boards would be to decide on the optimal number of asset managers to employ, given the costs and governance efforts required, weighted against the investment diversification that can actually be achieved,” she said. As for fulfilling the board’s responsibility to ensure that proper internal control systems are employed by or on behalf of the fund, it was recommended that the underlying asset managers’ International Standard on Assurance Engagements 3402 reports be reviewed, in addition to internal audit reports. 

Responsiveness to regulatory change

The survey proves quite useful in unpacking retirement funds’ responses to the evolving legislative environment. For example, regulation 28(2)(c)(ix) requires retirement fund boards to consider environmental, social, and governance (ESG) factors before investing in an asset. Additional, tangible advice on ESG compliance is published in the Financial Sector Conduct Authority (FSCA) Guidance Notice: ‘Sustainability of investments and assets in the context of a retirement fund’s investment policy statement’. The survey asked whether the respondents’ latest investment strategies accommodated ESG principles, to which they received an impressive 92% in the affirmative. PS, regulation 28 also requires each fund to have an investment policy statement, which must be reviewed at least annually. 

Widespread cybercrime and cyber insecurity appear among the top-10 risks identified in the World Economic Forum Global Risks Report 2023, on both a two-year and 10-year outlook. And thus, the inclusion of a section on cybersecurity in the latest PwC Retirement Fund Survey is quite opportune. “Given that most entities have significant integration between their business model and information technology, cybersecurity threats and / or attacks have been on the rise,” noted PwC, before revealing that seven of 60 survey participants were aware of a cybersecurity threat and / or attack at either the fund or a service provider during the latest financial year. Of the rest, 78% said “no” and a worrying 11% said they did not know! 

Staggering, one in three ignore cyber risks

The survey then explored how many of the respondents had some level of cyber insurance cover in place to help manage the impact of cyberattacks on their operations. “Two thirds of the participants indicated that the fund’s fidelity cover included cyber security / data protection,” writes PwC. Around 36% of respondents said their cover was uncapped, while 30% indicated cover limits of between ZAR100 000,00 and ZAR5 million. This writer defers to the liability specialists to argue about appropriate types and levels of cyber liability cover; but he will urge the 34% of retirement fund trustees and boards who seem non-plussed by one of the top-10 risks globally to explore their cyber risk mitigation and risk transfer options. 

Having exhausted the insurance and investment statistics this newsletter has an opening for comment on funds’ governance and sustainability, which PwC acknowledges as interrelated themes. “The sustainability of a retirement fund requires a knowledgeable and well-equipped board; supportive sub-committees; and service providers that best suit the needs of the fund,” they write, in the executive summary to the survey. Somewhat counterintuitively, the latest survey showed a decline in the average number of retirement fund board members between 2020 and 2023, from nine to eight board members and from three to two independent board members. Governance comes at a hefty price, with the number of respondents who said their board members were remunerated rising from 47% to 74% over three years, and steady increase in the average remuneration paid. 

Keep your outsource partners close

Also quoted in the media release, Julanie Basson, PwC South Africa Retirement Funds Lead, said that it was important for retirement fund boards to stay abreast of changes in the industry, while at the same time addressing the needs and well-being of their members. She encouraged due care when appointing outsource partners to handle critical functions such as investment management. “Service providers play an important role in a fund’s operations, and it is important for boards to [keep this in mind] when outsourcing services to service providers … outsourcing does not eliminate the board’s responsibility regarding proper internal control systems being in place,” she concluded. 

Writer’s thoughts:

As I pored over the PwC Retirement Fund Survey, I got to thinking about how frequently financial advisers / financial planners have to interact with their client’s retirement funds. Is this an everyday occurrence, or are you seldom required to intervene in matters of retirement fund admin or management? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts editor@fanews.co.za.

Comment on this post

Name*
Email Address*
Comment
Security Check *
   
Quick Polls

QUESTION

The South African authorities are hard at work to ensure the country is removed from the global Financial Action Task Force grey-list by February or June 2025. What do you think about their ongoing efforts?

ANSWER

But what about the BRICS?
Compliance burden remains, grey-list or not.
End-2025 exit is too optimistic.
Grey-list is the new normal.
Too little, too late.
fanews magazine
FAnews October 2024 Get the latest issue of FAnews

This month's headlines

The township economy: an overlooked insurance market
FSCA regulates crypto assets: a new era for investors
Building trust: one epic client experience at a time
Two-Pot System rollout underlines the value of financial advice
The future looks bright for construction
Subscribe now