1
Q
Give 3 reasons why a company may seek external administration support? (Notes 2.2)
A
- Expertise and experience: an administrator will have experience dealing with a broad range of
issues for their clients, so that they will have the expertise and experience to assist with complicated administration issues. - Robust systems: an administrator will normally invest heavily in developing and maintaining the administration systems that are used by their clients.
- Cost and time savings: although an external administrator will charge for their services, which can be expensive, building an internal administration solution (both in terms of software and
personnel) can also be expensive and take up a lot of time and resources. As a consequence, the outsourcing of administration to an external administrator may be a more cost–effective solution for the company. - Ability to cope with peaks of activity: the operation of large global plans will naturally involve peaks of activity, e.g., at launch/grant and maturity/vesting. Most companies will not have the
internal resources available to handle the peaks without support from an external administrator. - Improved participant experience: some external administrators will offer specialist support and products that will help to improve the participant’s experience, such as 24/7 local language call centres, the production of plan communications and helpful internet portals and mobile apps.
2
Q
What are the 3 key areas of possible risks that may arise as a consequence of poor administration? (Notes 1.4)
A
- Mistakes: this could be anything and we see a range of mistakes being made in practice. For example, grants are made to the wrong people, if tax withholding or reporting is not operated at the correct time or if leavers are not exited properly and in a timely manner.
- Non–compliance with applicable law: it is important that all parties are aware of, and comply with, all legal, regulatory and tax compliance requirements in connection with the operation and
administration of the plan, such as securities laws, foreign exchange, tax and data protection laws. - Fraud and misconduct: although rare, there may be instances of fraud and misconduct. This
may include malicious events, such as a misappropriation of funds. This could also, potentially include a backdating of documents to cover up a mistake.
3
Q
Identify 3 specific services that an administrator may be able to provide. (Notes 3.1 – 3.6)
A
- Record keeping and reporting
o Processing, monitoring and communication of all relevant award and plan events.
o Collection of award acceptances given by participants.
o Storage of relevant plan and award documentation.
o Maintaining records of all historical award and transaction information.
o Preparing (or providing information for) internal and external reporting and filings. - Trade settlement services (including arranging for a licensed third–party to action)
o Executing a vesting, exercise and/or sale of awards/shares.
o Transferring shares, e.g., to a brokerage account; from a trust.
o Converting currency.
o The transfer of withholding taxes.
o Enforcing share trading policies, e.g., by maintaining ‘closed’/’blackout’ periods. - Portal and participant experience services
o Maintenance of company facing software that shows all awards for all participants and allows
the company to input/download information, as required, amongst other things.
o Maintenance of a participant facing online share plan portal/mobile app that shows all of the
participant’s award information and enables them to trade online, amongst other things.
o Operating company and employee help centres (locally and globally, including in local
language) to provide a call centre or email assistance for questions and transactions.
o VIP services for senior or selected employees. - Implementation services
o Project management.
o Preparing user manuals.
o Data cleansing and migration. - Communication services
o E–delivery of information.
o Design and deliver plan communications.
o Document translations.
o Design of employee and corporate training and HR seminars/workshops.
o Assistance with financial education and planning for companies and their employees. - Specialist transactional or funding/hedging services
o Assistance with corporate transactions.
o Assistance with hedging and share buyback programmes.
o Facilitating share funding and hedging.
o The offer of trustee and nominee services.
4
Q
Give 3 specific reasons why the timely and accurate collection and processing of information is important for effective plan administration? (Notes 1.3)
A
- to ensure that plan events, e.g., grant/vesting/exercise, are tracked and managed;
- to ensure participant requests, e.g., to exercise/sell, are actioned quickly and accurately;
- to comply with tax reporting, withholding and payment requirements;
- to disclose accurate information in the annual report and accounts, including for directors;
- to process management and payroll reporting accurately and in a timely manner;
- to ensure that share dilution limits approved by shareholders are not exceeded;
- to facilitate compliance with any share dealing and market notification requirements;
- to ensure that there is an audit trail in the event of any dispute; and
- to ensure that plan information is readily available in a corporate transaction context.
5
Q
What is the typical nature of the relationship between an administrator and the company?
(Notes 6.1.1)
A
- The external administrator may take on the role of agent of the company where it is acting in a manner that creates, changes or terminates the legal relations between the company and its employees in a share plan context.
6
Q
What terms are covered in administration agreements – why are they important? (Notes 6.2.2)
A
*Parties: This sets out who the parties to the agreement are (the company and the administrator) and ensures the obligations fall upon the correct party.
- Services: The agreement should set out the services that will be provided – this is usually specified in a schedule to the agreement which will specify which plans are covered or cover all plans the company has in operation from time to time. A list of services will ensure the company knows exactly what it is going to receive and the administrator ensures it can provide all the services required.
- Cost: The cost of the services is again usually set out in a schedule. The agreement will also cover how the costs can be changed. It is crucial for both parties to understand and agree to the costs involved so that the right amount is paid to the administrator in exchange for their services.
- Confidentiality obligations: There will be confidentiality obligations on the administrator in relation to company and employee information. The administrator will be privy to sensitive information regarding the incentive plans which the company will want them to keep private.
- Assigning contracts: The agreement will set out whether, and in what circumstances, the agreement can be assigned/novated to another administrator without necessarily requiring a renegotiation of terms. The administrator may need to have the flexibility to do this in situations
where the administrator is going through a corporate action. - Force majeure: This covers ‘frustrating actions’ which are not the fault of either party and prevent the operation of the contract. These events are very rare but would include terrorist activity and ‘acts of God’ e.g. natural disasters. These provisions are not about assigning liability as there is typically no fault from either party – instead these provisions can protect both parties from being accused of a breach of contract where something happens which is beyond their control and/or unforeseeable.
- Termination: The agreement will need to include termination provisions setting out how to end the agreement, as well as the notice provisions surrounding termination. This also needs to cover how the ‘old’ administrator will enable the transfer of data and assets to the ‘new’ administrator. The parties want to know how this can be done to ensure they are not breaching the contract when they stop meeting their obligations.
- Governing law and court or forum: Any agreement should set out the governing law, as well as which court would hear any dispute under the plan. This could potentially be a significant issue if dealing with foreign administrators who choose their local law and courts. It is important to know which law applies in the event of a dispute so that the parties can obtain the correct legal advice and any proceedings are heard in the correct forum.
- Insurance: The agreement will set out whether, and to what extent, the administrator is to be insured to cover certain losses. Insurance is not typically intended to cover all possible losses
under a contract, but certain prescribed losses. This will provide comfort to the company that in the event of a problem, the administrator is sufficiently covered for particular losses incurred. - Intellectual property (IP) rights: IP rights can be very valuable and it is important to know who owns them, so that it is clear that only the owner has the right to receive any revenue generated by them and make decisions about them. E.g., the administrator will want to protect their software/administration systems and the company will want to protect their own IP rights.
- Liability: The agreement will set out what happens if something goes wrong and where there is loss. This is a big issue and needs to be negotiated and reviewed very carefully. Liability clauses will also typically set certain caps or limits on liability, as well as excluding particular types of liability (e.g., one party will not be liable for another party’s negligence).
- Data protection: This is very important – there are legal obligations on the company to require its external administrators to comply with relevant data protection laws and personal data about employees’ remuneration is also often very sensitive.
7
Q
What are the 2 main sources of UK data protection law? (Notes 7.2)
A
- the Data Protection Act 2018 (the ‘DPA’) which became law in May 2018; and
- UK GDPR.
8
Q
Under UK law, why is ‘consent’ not an appropriate basis for processing employee personal
data in an share plans context? (Notes 7.3.6)
A
Consent is not seen as an appropriate basis for processing where there is an imbalance between the data controller and the data subject – there is a strong argument this applies to the employer/employee relationship.
Also note that under UK GDPR consent must be freely given (and freely withdrawable), specific,
informed and unambiguous. Pre-ticked boxes are not sufficient – consent must be given by a clear affirmative action.
9
Q
Can personal data be freely transferred from the UK to the EU? What about to the US? (Notes
7.4, 7.5)
A
The UK and the EU have both approved adequacy decisions in respect of one another’s data protection regimes – personal data can be transferred freely so long as the adequacy decisions
remain in place.
Since October 2023, businesses in the UK have been able to transfer personal data to US organisations certified to the ‘UK Extension to the EU-US Data Privacy Framework’ (known as the
‘UK Extension’). Once a US organisation has been certified and is publicly placed onto the Data Privacy Framework List, they can receive UK personal data through a UK-US data bridge. Certain
organisations are not currently eligible to participate in this framework (including banking, insurance and telecommunications companies).
10
Q
What is ‘MiFID’? How does it impact share plans in practice? (Notes 8, 8.3)
A
MiFID stands for the ‘markets in financial instruments directive’.
From a practical perspective, ‘sales’ in the context of share plan transactions can be caught by the UK MiFID framework. The UK MiFID framework puts increased reporting requirements on administrators, so companies or participants are often required to provide additional data.
11
Q
What is financial education?
A
The process of helping employees to understand financial issues and opportunities that may apply to them.
12
Q
What are the benefits of financial education(9)?
A
- Employees understanding the value of their renumeration
- Employees gaining better value from the offered benefits
- Encourages saving for retirement and life events
- Enables the reduction/management of debt
- Increase take up of plans
- Fosters a greater sense of responsibility
- Remaining competitive in the job market
- Reduces employee absenteeism
- Creates more open business environment
13
Q
In the current economic environment, what 2 main things are impacting participation of employees in share plans?
A
- Lack of disposable income
- High interest rates (money better in the bank)
All can be positively impacted by financial education
14
Q
Name six types of financial education
A
- Seminars
- Financial health checks
- Free independent financial adviser consultations
- Documentary information /confirmation (newsletters)
- Online assistance (plan portals )
- Telephone helplines
15
Q
How can companies mitigate the impact if financial impacts on ptps (3)?
A
- Reduce minimum investment req for share purchase plan
- Reduce the maximum investment requirement to stop ptps from overcommitting themselves
- Increase discount/ matching ratio. This protects the ptps further from share price dips
16
Q
Why should companies consider paper processes (3)?
A
- Legally necessary
- Not all employees have access to computer or telephone
- Physical brochures can have more impact
17
Q
What are the two choices of paperless systems?
A
- Internet (Portals, Mobile App, Emails)
- Telephone (Interactive Voice Reponse, Automated Touch Tone, Texting)
18
Q
What are the four risks of paperless systems?
A
- Deductions from salary, needs approval in writing (can be written or electronic) eg Hong Kong/Belgium
- Acceptance of terms globally, some countries require a wet ink signature
- Effective communications, lack of internet/phones
- All employee plans, you need to invite everyone, does everyone have the internet?
19
Q
What are the five advantages of paperless systems?
A
- Lower running costs
- 24 hour access
- Nothing lost in transit
- Better for the environment
- Instant receipt/acknowledgement
20
Q
What are the six disadvantages of paperless systems?
A
- High setup costs
- Webchat/helplines can have limited availability
- Emails can be junked/overlooked
- Technophobes have difficulties
- Data security
- May reduce effectiveness if not everyone has the internet
21
Q
What should be considered in rolling out a paperless system (7)?
A
- Do the plan rules allow it?
- Any local country rules that need hard copies?
- Have all documents been updated to reference the new system?
- Does the board need to approve it?
- Can all employees use the service (required for UK tax approved plans)
- T&Cs been agreed between provider and company
- T&Cs between the company and ptps available on the systems
22
Q
Who is a controller of data?
A
They determine the purposes and means of processing personal data. They will have the highest level of compliance responsibility, including of their processors. Eg Top Company
23
Q
Who is a processor of data?
A
Those responsible for processing personal data on behalf of a controller. They are liable in the case of a breach. Eg Administrators
24
Q
Who is a processor of data?
A
Those responsible for processing personal data on behalf of a controller. They are liable in the case of a breach. Eg Administrators
25
When does UK GDPR apply?
If the issuing company (controller) or administrator (processor) is established in the UK, or you have data subjects in the UK
26
What are the principles of processing for GDPR (7)?
1. Processed fairly, lawfully and transparently.
2. Processed for a specified legal process
3. Adequate, relevant and not excessive
4. Accurate and kept up to date
5. Kept for no longer than necessary for the specified purpose
6. Processed in a way to ensure security
7. Controllers should be able to demonstrate compliance with these principles
27
On what basis can you process personal data (3)?
1. Consent
2. Performance of a contract
3. Legitimate interests
Via Article 6 of GDPR
28
On what basis can you process personal data (3)?
1. Consent
2. Performance of a contract
3. Legitimate interests
Via Article 6 of GDPR
29
What does GDPR stand for?
General Data Protection Regulation
30
How can you lawfully transfer person data overseas (3)?
1. Adequacy decision (EU, EFTA member states, Korea, Switzerland, Argentina, Guernsey, Jersey and Isle of Man)
2. Binding Corporate rules - framework approved by the UK data protection commissioner.
3. Standard contractual clauses, contract between the tranferee and receiver, approved as per the above
31
What can the Commissoners corrective powered include in non-compliance of GDPR?
1. Warning and reprimand
2. Ordering to comply with subject access requests
3. Ordering to bring C or P into compliance
4. Ordering controllers to communicate data breaches with subjects
5. Serving enforcement notices or Stop Now orders to end data transfer
6. Issuing fines of the higher of £17.5m , or 4% of the companys total worldwide annual turnover for the previous year
32
What are the three key risks involved with poor adminsitration:
- Mistakes (grants made to wrong people, incorrect tax rates)
- Non-compliance with applicable law
- Fraud and misconduct (such as back dating documents)
33
What are the benefits of financial education?
* employees better understand the value of their remuneration package;
* employees obtaining better value from the benefits package offered;
* encouraging employees to save for retirement and other key life events;
* encouraging employees to reduce or more effectively manage debt;
* improving the take up for all-employee share plans;
* remaining competitive/attractive in the job market;
34
What are the legal issues to consider when giving financial education?
- Employers owe a duty of trust and confidence to employees. Any financial education should, for example, be accurate and not mislead employees or misrepresent the benefits on offer.
- Only Financial Conduct Authority (‘FCA’)
‘authorised persons’ can give investment advice. There is no exemption in relation to
employee share plans.
- If the financial education is being rolled out globally, consider any local legal requirements, such as translation requirements or recommendations and restrictions that regulate the giving of investment advice (as above).
35
Name three types of paperless systems?
- Internet based methods, e.g., through dedicated web portals, mobile applications and emails; and
- Telephone:
IVR – Interactive Voice Response (talking to a machine);
ATT – Automated Touch Tone (pressing telephone keypad to confirm responses);
- Texting – where automated text messages can be sent and responded to.
36
Advantages/Disadvantages of Paperless systems
A:
* Lower running costs;
* 24-hour easy access (provided internet and/or telephone access is available);
* nothing lost in the post;
* environmental considerations; and
* instant receipt/acknowledgement.
D:
* High set up/migration costs in going paperless;
* impact/getting attention when emails are auto-junked or overlooked;
* ‘technophobes’ may have difficulty;
* data security − information could be illegally obtained by third-parties; and
* may reduce the effectiveness of the plan if some employees do not have access to the
internet
37
When an administrator is acting in its capacity as Agent, it must amongst other duties
* obey the company’s lawful instructions, including contractual obligations;
* act only within the limits of the authority given to it;
* use reasonable diligence and care, and reasonable ‘despatch’ (speed);
* avoid conflicts of interest, except in limited circumstances;
* disclose all material facts to the company;
* not disclose the company’s confidential information;
38
Why should the contract between the administrator and the company be in writing and finalised/signed? Written contracts enable it to be clear:
* what services are being provided;
* how much will be paid for the services;
* how the appointment can be ended;
* what legal obligations exist under data protection laws; and
* who owns any intellectual property rights.
39
Where can you find the current UK data protection laws?
- The Data Protection Act 2018 (the ‘DPA’)
- UK GDPR (The UK's retained version from the EU GDPR)
GDPR = General Data Protection Regulation
40
What is meant by 'Processing' data and 'Personal Data'?
* ‘Processing’, under the DPA, covers a variety of activities including: collection;
recording; organisation; structuring; storage; retrieval; consultation or use and
much more.
* ‘Personal data’ is an important concept. This means any information that allows
a ‘natural’ or living person to be identified, directly or indirectly. If the data is not
personal data, the data protection laws we are considering will not be triggered
41
At the core of UK GDPR are seven key data protection principles. What are the 7 principles?
* processed fairly, lawfully and transparently;
* processed only for one or more specified legal purposes (purpose limitation);
* adequate, relevant and not excessive for the purposes (data minimisation);
* accurate and kept up to date (accuracy)
* kept no longer than necessary for the specified purposes (storage limitation); and
* processed in a way that ensures appropriate security (security).
* data controllers are responsible for and should be able to demonstrate compliance with the principles
42
In the context of share plans, what are the three bases that you can process data under?
* ‘consent’ – consent to processing of personal data from the data subject for one or more specific purposes;
* ‘performance of a contract’ – where processing is necessary for the performance of a contract; and
* ‘legitimate interests’ – where processing is necessary for the purposes of the legitimate interests of the data controller or a third-party.
43
Under UK GDPR, how can data be lawfully transferred overseas?
An ‘adequacy decision’ – a legal transfer of personal data could be achieved if
there is an ‘adequacy decision’ in place (broadly, a decision that another
country’s data protection laws are adequate when compared to the UK GDPR).
‘Binding corporate rules’ – these provide a framework for lawful transfers of
personal data which are intended for use by multinational companies. Binding
corporate rules must be approved by the UK data protection commissioner
(currently the ICO).
‘Standard contractual clauses’ – these are intended to form part of a contract
between the company transferring the data, and the receiver, and are again
approved by the ICO.
44
Who is the UK’s data protection regulator?
ICO (Information Commissioner’s Office)
45
What are the two powers the ICO has in respect of breaches?
Investigative and Corrective!
Remember: Under their corrective powers, they can issue fines of up to £17.5 million, or 4% of the company’s total worldwide annual turnover for the previous financial year!
46
What does MIFID stand for?
Markets in Financial Instruments Directive.
The UK MiFID framework regulates certain investment services provided to clients
and so it can be relevant in a share plans context, e.g., for administrators.
From a practical perspective, ‘sales’ in the context of share plan transactions can be caught by the UK MiFID framework. The UK MiFID framework puts increased reporting requirements on administrators, which often means companies or participants are required to provide additional data.
47
Can data be freely transferred from UK to US?
Yes, as long as the US organisation is certified to the 'UK Extension to the EU-US Data Privacy Framework'.
48
Tax of awards on death are treated how?
There will normally be no income tax on the exercise of an option or vesting of a conditional share award after the death of the participant. This applies to both tax advantaged and non-tax advantaged plans.
49
What does MiFID mean?
Markets in financial instruments directive
50
Identify five legal obligations the administrator would owe to the company when acting as its agent.
- obey the company’s lawful instructions, including contractual
obligations;
- act only within the limits of the authority given to it;
- use reasonable diligence and care, and reasonable ‘despatch’
(speed);
- avoid conflicts of interest, except in limited circumstances;
- disclose all material facts to the company;
- not disclose the company’s confidential information; and
- not make a profit unless the company is fully informed and
agrees (which will normally be the case in this context).
Tapestry ESP - Part 2
flashcards
Decks in class (5)
# Cards
