In January this year the Dutch pensions supervisory authority, the PVK, circulated policy rules for outsourcing by pension funds, the Beleidsregel uitbesteding pensioenfondsen. These rules, which came into effect on 1 February 2004, set out regulations with which pension funds and the service supplying party must comply.
They define a pension fund as the institution responsible for the execution of pension regulations agreed between employers and employees as set out in the Pensions and Savings Funds Act and the Act concerning compulsory membership of a pension scheme for professions:
- of outsourcing as the structural provision by other entities within the group to which the pension fund belongs or by other independent third-parties (including the employer) of services, goods or facilities which form part of the operating processes associated with or supporting the delivery of the pension services, except insofar as this concerns purchasing; and
- of a service provider as the organisation which performs work through outsourcing for a pension fund.
It also requires that a pension fund undertake a systematic analysis of the risks associated with outsourcing operating processes, that it establish a policy for managing the risks, ensures that the policy specify that the pension fund obtain adequate guarantees for maintaining controlled and sound operational management and that the service provider take measures on the prevention of fraud.
The pension fund must also regularly check whether the way in which outsourced operating processes are being performed is in line with the agreement and that it has adequate procedures, expertise and information to be able to assess and, if necessary, correct the work of service provider.
The pension fund and the service provider must set out the outsourcing arrangements in a written agreement, the service level agreement, that includes all relevant matters with respect to the outsourced operating processes, such as its nature, scope, quality, timing, service level, expertise, information provision, ownership of data and obligation to comply with relevant legislation and regulations. The pension fund can terminate the agreement in specified circumstances.
Should the service provider work for more than one client it must declare and guarantee that the data and files of the different clients be segregated, that the privacy aspects are guaranteed and that there are adequate safeguards on the separate provision of information to the different clients. The agreement must ensure that the service provider provide any information requested by the PVK.
The rules also specify that the pension fund board always remains responsible for all activities undertaken for the pension fund.