The Financial Sector Conduct Authority has published the finalised Conduct Standard that imposes new compliance obligations on benefit administrators of retirement funds governed by the Pension Funds Act (PFA).
As Moonstone reported in April, Conduct Standard 2 of 2025 (RF) significantly enhances the regulatory framework set by Board Notice 24 of 2002.
Read: Updated regulatory framework aims for ‘fair customer outcomes’ in pension administration
The FSCA has said that policy and regulatory developments since 2002 – such as Treating Customers Fairly (TCF), the Retail Distribution Review, and the Financial Sector Regulation Act – require the introduction of an updated framework to address risks such as conflicts of interest, inadequate governance, and poor customer outcomes.
The primary purpose of Conduct Standard 2 of 2025 (RF) is to ensure that benefit administrators operate with integrity, transparency, and accountability, embedding the TCF principles into their practices. The Conduct Standard is part of the FSCA’s broader shift toward outcomes-based and principles-based regulation.
Although some of the requirements in the Conduct Standard echo those in the Board Notice, it also introduces clearer expectations, tighter controls, and several new requirements. Notably, the Conduct Standard:
- introduces fit and proper requirements for benefit administrators and their key persons – including disqualifying criteria and competency thresholds;
- requires benefit administrators to establish and maintain an effective complaints management framework to ensure the effective resolution of complaints;
- mandates new requirements for service level agreements between retirement funds and their benefit administrators;
- requires the enforcement of conflict-of-interest policies; and
- requires protocols for communication with funds and members.
The FSCA also published RF Notice 10 of 2025, which determines the format of submissions to be made to the Authority in terms of the Conduct Standard. These include the notification of termination of an administration agreement, the register of assets held on behalf of a retirement fund, and the application for a proposed merger/acquisition.
The Standard’s provisions come into effect on different dates from the date of publication on 6 August. Some provisions take effect immediately, whereas others will come into operation six or 12 months thereafter, per paragraph 40(3) of the Standard.
Paragraphs 5 to 13 of Board Notice 24 were repealed on 6 August, while paragraphs 1 to 4 and 14 are scheduled for repeal in August 2026.
The following provisions of the Conduct Standard are now in effect:
Part 1 – Interpretation and application
Paragraph 1: Definitions and application. This paragraph defines key terms used throughout the Conduct Standard. It clarifies that the Standard applies to all benefit administrators performing services for retirement funds. Where an administrator is also licensed as an insurer or a bank, any conflicting provisions in the Insurance Act or Banks Act take precedence over the Standard.
The Standard’s requirements may be applied proportionally based on the administrator’s business and operating model, the scope of its activities, and the associated level of conduct risk exposure.
Part II – Business principles and governance
Paragraph 2: Business principles. Benefit administrators must conduct business transparently, honestly, and with integrity, prioritising fair customer treatment. This includes designing services to meet customer needs, providing clear and timely information, maintaining acceptable service standards, and avoiding unreasonable barriers to terminating agreements or lodging complaints.
Part III – Notifications regarding changes in business information
Paragraph 5: Change of certain business information. Administrators must notify the FSCA within 30 days of changes to their business or trading name, registered address, or contact details.
Part IV – Key persons
Paragraph 6: Appointment and termination of key persons. Administrators must notify the FSCA within 30 days of appointing or terminating directors, senior managers, or heads of control functions. In the cases of termination, reasons must be provided. The FSCA may object to appointments if a key person fails to meet fit and proper requirements, violates the PFA, or acts against the public interest.
Part V – Fit and proper requirements
Paragraph 7: Fit and proper requirements. Administrators and key persons must comply with fit and proper requirements, focusing on honesty, integrity, good standing, and competence.
Paragraph 8: Honesty, integrity, and good standing. Key persons must be honest and of good standing. Evidence of non-compliance includes convictions for financial crimes, theft, fraud, or dishonesty; civil judgments for similar offences; frequent regulatory actions; or removal from positions of trust. The FSCA considers the seriousness, relevance, and timing of such conduct when assessing compliance.
Paragraph 9: Competence requirements. Key persons must possess adequate skills, knowledge, expertise, educational qualifications, and experience relevant to their roles.
Paragraph 10: Remedial measures. Empowers the FSCA to direct interventions – including training, resource support, outsourcing, suspension, or termination – if a key person fails to comply with the fit and proper requirements.
Part X: Data management and maintenance of records
Paragraph 26: Safe custody of documents of title and register of ownership of fund assets. Mandates the secure storage and maintenance of all title documents and asset-ownership registers.
Part XI: Financial matters
Paragraph 27: Accounting records and financial statements. Administrators must maintain proper accounting records updated monthly and prepare annual financial statements conforming to generally accepted accounting practices.
Paragraph 28: Appointment and termination of auditor. An auditor registered under the Auditing Professions Act must be appointed to audit financial statements annually. The FSCA must be notified of appointments and terminations within 30 days.
Paragraph 29: Submission of annual financial statements. Audited financial statements and a management representation letter confirming compliance and accuracy must be submitted to the FSCA within six months of the financial year-end.
Paragraph 30: Deposit of fund monies. Fund monies must be paid into a fund’s or an insurer’s bank account within one business day of receipt.
Paragraph 31: Trust account. Trust accounts for fund monies must be interest-bearing, separate from the administrator’s assets, and reconciled daily. Contributions must be allocated within two business days, unallocated amounts investigated within 30 days, and unresolved amounts reported quarterly.
Paragraph 32: Unclassified payments and suspense accounts. Unclassified payments must be investigated immediately, placed in a suspense account within three business days if unallocated, and reported monthly to a senior manager and quarterly to the governing body.
Paragraph 33: Indemnity and fidelity guarantee insurance. Administrators must maintain adequate professional indemnity and fidelity guarantee insurance, disclosing any self-payment gaps or material exclusions to funds.
Part XII – Financial soundness and operational procedures and controls
Paragraph 34: Financial soundness. Administrators must maintain current assets equal to or greater than current liabilities and liquid assets covering at least 8/52 weeks of annual expenditure, complying with the most stringent requirements if regulated under other legislation.
Part XIII – Mergers, acquisitions, and business cessation
Paragraph 36: Mergers and acquisitions. Prohibits mergers or acquisitions without due diligence on fit and proper compliance, necessary external approvals (for example, the Competition Commission), and FSCA approval. Unauthorised transactions are void.
Paragraph 37: Cessation of business. Requires notice to all administered funds upon intent to cease or liquidation, data transfer to clients or successor administrators, and a post-cessation report to the FSCA within 90 days confirming compliance.
Paragraph 38: Suspension/withdrawal of approval. Requires administrators to inform funds if the FSCA proposes to suspend or withdraw approval and prohibits entering new agreements during suspension.
Part XIV – Administration
Paragraph 39 empowers the Authority to prescribe formats for all required notifications/applications.
Paragraph 40 confirms the Conduct Standard’s title and commencement dates.
Paragraph 41 repeals Board Notice 24 of 2002.
The following provisions will take effect six months from 6 August:
Part II – Business principles and governance
Paragraph 3: Governing body obligations. Holds the board accountable for compliance, oversight, documentation, implementation, monitoring, review, and continual compliance with the administrator’s governance framework.
Paragraph 4: Governance arrangements. Requires documented policies and processes covering business planning, role segregation, resourcing of key persons, control functions, remuneration aligned to customer interests, risk identification and remediation, and periodic effectiveness reviews.
Part VIII – Conflicts of interest
Paragraph 15: Conflict-of-interest management. Administrators must adopt and maintain a conflict-of-interest policy, approved by the governing body, detailing identification, avoidance or mitigation measures, disclosure criteria, a register of associates, internal controls, training, monitoring, annual review, and customer access. Material conflict incidents must be reported to the FSCA.
Part IX – Communication, disclosures, and complaints management
Paragraph 16: Communication and disclosures. Benefit administrators must provide timely, accurate, and plain-language communications to funds before, during, and after concluding administration agreements. Disclosures must be relevant, complete, and not misleading.
Paragraph 17: Establishment of a complaints management framework. Administrators must establish an effective complaints management framework tailored to their business model, ensuring fair treatment, accessibility, and thorough investigation of complaints, with regular reviews.
Paragraph 18: Requirements for complaints management framework. The framework must define objectives, responsibilities, performance standards, and procedures for managing, categorising, and escalating complaints. It must include record-keeping, monitoring, and reporting to the governing body, as well as processes for handling outsourced service complaints.
Paragraph 19: Allocation of responsibilities. The governing body is responsible for overseeing the complaints management framework. Complaint handlers must be trained, experienced, impartial, and empowered to make fair decisions.
Paragraph 20: Complaints escalation and review process. An accessible, balanced escalation and review process must be established, allowing internal escalation of complex complaints and complainant-initiated escalations to a senior, impartial functionary.
Paragraph 21: Decisions relating to complaints. Upheld complaints must be resolved promptly with agreed actions, while rejected complaints require clear reasons and information on escalation options.
Paragraph 22: Record keeping, monitoring, and analysis of complaints. Administrators must maintain accurate records of complaints, including complainant details, evidence, and progress. Data on complaint numbers, types, resolution times, and outcomes must be tracked, analysed, and reported to improve processes and prevent recurring issues.
Paragraph 23: Communication with complainants. Complaint processes must be transparent, accessible, and free of charge, using plain language. Administrators must inform complainants of required information, submission processes, timelines, and progress updates.
Part X – Data management and maintenance of records
Paragraph 24: Data management. Administrators must maintain an effective data management framework with strategies, systems, and controls to ensure access to accurate, secure, and compliant customer and administrative data. Outsourced data must be accessible, and the framework must be regularly reviewed.
Paragraph 25: Maintenance of records. Administrators must document and store customer communications, transaction records, and member-related information securely, retrievable in accessible formats, and retained for at least five years after transfer, unless the administrator ceases operations.
Part XII – Financial soundness and operational procedures
Paragraph 35: Operational ability. Administrators must have adequate resources and controls to perform services effectively, using systems that ensure timely, accurate service delivery and compliance. System changes require FSCA notification and confirmation of compliance, with affected funds informed promptly.
The following provisions will take effect in 12 months from 6 August:
Part VI: Agreements in respect of administration services*
*Includes administration agreements entered into before the date of publication.
Paragraph 11: Administration and service level agreements. Administrators must enter written agreements with funds before providing services, detailing services, responsibilities, communication requirements, remuneration, take-on procedures, record ownership, breach remedies, outsourcing conditions, and termination notice periods (at least 90 days).
Paragraph 12: Termination of administration agreement. Upon termination, administrators must notify the FSCA within 30 days, transfer all relevant information and records within 15 business days, and submit reconciliations and reports on unresolved complaints within 30 days. Data must be provided in an agreed format to ensure efficient transfer.
Part VII: Outsourcing*
*Includes outsourcing arrangements entered into before the date of publication.
Paragraph 13: Outsourcing of administration services. Outsourcing is permitted only if provided for in the administration agreement, with the administrator remaining accountable for outsourced duties and records.
Paragraph 14: Management, oversight, and review of outsourcing arrangements. Administrators must implement processes to manage, oversee, and review outsourced services, ensuring regular assessments and prompt action to address shortcomings or breaches.
What protections are offered or mandated for health data breached? Who is responsible for implementing those protections? Plan sponsor or Administrator?