The IBM scheme has warned its members about hoax phone calls, underlining the importance of administration and data cleansing to minimise the risk of fraud

Tips to manage fraud risk:

  • Keep a good working relationship with administrators;

  • Promote rigorous data cleansing;

  • Ensure any cutbacks do not mean details are overlooked; and

  • Ensure administrators have a good knowledge of the Data Protection Act.

A telephone scam reported by IBM could have been prevented by administration controls, rigorous data cleansing and segregation of duties, advisers have warned.

Members of the technology company’s £6.1bn pension scheme were advised to report any unusual contact.

This came after one employee received a hoax call from a person claiming to be from the IBM pensions department.

Schemes can avoid paying out pensions incorrectly by putting in place effective controls to prevent fraud. This also reduces the risk of members being victims of fraud.

The recession has seen the incidence of smaller-scale fraud cases rising, according to Karen Tasker, senior audit manager at Baker Tilly.

"There may be a gap in segregation of duties because resources are short and people are made redundant," she said.

Good governance to prevent fraud should include regular communication with administrators, rigorous data protection checks, installing appropriate peer review processes and making sure resources are not overstretched.

Hoax phone call

An IBM employee received a call from a person claiming to be from the IBM pensions department, who said the member was entitled to a pension refund of £1,000.

The employee was reportedly suspicious and they ended the call.

It is more prominent at times like this for trustees to be asking those questions

Karen Tasker, Baker Tilly

"It is possible the caller was trying to obtain personal details or even bank details from the employee, as has been in the case in similar scams reported in the press," announced the scheme.

Fraud is more likely at a member level than at a large-scale, criminal level, according to advisers, as schemes may overlook smaller transactions.

Schemes have been urged to maintain a good working relationship with third-party administrators to ensure all member data are as up to date as possible and emphasise the importance of detecting and preventing fraud.

Trustees can ask their administrators for the following:

  • Information about whether fraud has taken place and the effect on the scheme;

  • To breakdown controls in place to prevent and detect fraud;

  • Information on the fraud policy of the organisation is;

  • To be updated of every incidence of fraud; and

  • To incorporate specific achievements in annual reports and accounts.

Tasker said: “It is about being more challenging just to see if there are any holes there."

Practical steps

Third-party providers are under a lot of pressure after losing resources in the current economic climate.

Schemes must assess if there are gaps in the segregation of duties, and how easy it would be for members to set up an early payment without a peer review taking place.

“It is more prominent at times like this for trustees to be asking those questions," said Tasker.

“In any transaction, from member refund to huge transaction processing, there should be segregation of duties and there should not be access for one person to deal with that procedure right the way through the process."

Smaller payments may fall below the trustee radar but it is vital to keep a handle on them for the scheme to be cost-efficient.

This player should be used for when editorial embed a video in an article page.
                   

sX Review: The panel discusses how schemes can protect themselves from fraud (6:18)

Rosalind Knowles, partner at Linklaters, said schemes should keep an eye on deferred member data as they are often more difficult to monitor.

Schemes can also keep reminding deferred members to update their details and promote the use of online tools, rather than post, to collate member data.

Martin Miles, a professional trustee at Independent Trustee Services, said administrators could pay particular attention to careful monitoring of transfer values.

Trustees need to demonstrate that they have quizzed the administrators about their procedures

Martin Miles, ITS

To ensure transfers are being made into legitimate schemes, scheme registration numbers should be sought and accounted for.

Miles called upon schemes to ensure administrators have appropriate data protection controls in place, especially regarding attachments to emails and the setting of passwords.

“It is delegation of responsibility to a third party but it does not mean the trustees are off the hook just because they have delegated," he said.

"Trustees need to demonstrate that they have quizzed the administrators about their procedures. Were there an issue, trustees could demonstrate they have done all they could."

Topics