CAPSA releases revised electronic communications guideline
On May 8, 2019, the Canadian Association of Pension Supervisory Authorities (CAPSA) released the revised Guideline No. 2 – Electronic Communications in the Pension Industry (the Guideline). The first draft of the revised Guideline was released in November 2018 and discussed in the December 2018 News & Views (the Draft Guideline). The purpose of the Guideline is to provide a set of principle-based industry standards and best practices for pension plan administrators to adopt, in conjunction with legislative requirements, as part of their electronic communications (i.e., e-communications) framework. The revised Guideline will replace the 2002 version of the Guideline.
Changes from the Draft Guideline
The Guideline includes the following revisions and clarifications from the Draft Guideline:
- The Guideline now clarifies that it is not intended to apply to e-communication that pension plan administrators and/or plan sponsors receive from individuals. CAPSA recommends that individuals communicate with pension plans through secure information systems, but this is not the responsibility of the pension plan.
- The Guideline notes the responsibility of the recipient to ensure that their contact information on file with the plan administrator is up to date, to facilitate ongoing e-communications.
- The Draft Guideline only provided that, where legislation requires information to be provided in a specific form, the e-communication must mirror the content of the paper copy. The Guideline now also provides that, where the legislation requires a specific method of providing information, that requirement must be met. For example, where legislation requires a notice to be placed in a newspaper, sending an e-mail would not be sufficient.
- Both the Draft Guideline and the Guideline require that plan administrators must implement a protocol to protect the security of information that is sent and retained, as well as to retrieve lost or corrupted data. The Guideline now states that the protocol should be reviewed as often as is reasonable, as well as when new methods of transmitting e-communication are developed or new security threats are discovered.
- The Guideline states that e-communication that contains confidential information should be delivered to or made accessible to the intended recipient through secure information systems, without specifying how that is to be done. It explicitly states that the plan administrator is responsible for ensuring that the communications channel protects confidential information and accurately delivers information to intended recipients only.
The final version of the Guideline includes helpful clarifications on roles and responsibilities of both pension plan administrators and recipients of information from pension plans. In general, the Guideline takes a principles-based approach to ensuring that the information is delivered and that confidential information is delivered securely. It also requires information delivery protocols to be periodically reviewed and updated, and that they be updated in response to technological changes or new security threats. At the same time, the Guideline continues to recognize the necessity of complying with any specific legislative requirements.