LogoRegulatory Alerts
2013-05-22

Decision on Minimum Requirements Regarding Organizational and Technical Resources of Voluntary Pension Fund Management Company

The Governor of the National Bank of Serbia issued this Decision to establish minimum organizational and technical resource requirements for voluntary pension fund management companies. The regulation mandates that companies maintain organizational structures aligned with corporate governance principles and ensure their IT systems provide secure, reliable data management with multilayer security architectures. Compliance requires specific documentation regarding hardware, software, disaster recovery plans, and employee qualifications to be submitted to the central bank.

National Bank of Serbia logo

Serbia

National Bank of Serbia

Click to view thumbnail

RS Official Gazette, Nos 23/2006 and 23/2013 – other decision1 Pursuant to Article 8, paragraph 2 of the Law on Voluntary Pension Funds and Pension Schemes ("RS Official Gazette", No. 85/2005), Governor of the National Bank of Serbia hereby issues the following D E C I S I O N ОN MINIMUM REQUIREMENTS REGARDING ORGANIZATIONAL AND TECHNICAL RESOURCES OF VOLUNTARY PENSION FUND MANAGEMENT COMPANY

  1. This Decision shall govern minimum requirements regarding the organizational and technical resources that a voluntary pension fund management company (hereinafter: fund management company) is to meet.
  2. Оrganizational and technical resources of a fund management company must correspond to the complexity, riskiness and scope of activities performed by the fund management company, and ensure the functioning of the company in line with the best professional practice, business ethics and principles of corporate governance.
  3. For the purposes hereof, organizational resources of a fund management company shall mean the establishment of such organization of the company that enables successful performance of its activities, within the scope planned, and/or envisaged by the general documents of the company which set down its organizational structure, procedures and personnel. The functioning of a fund management company in line with the principles of corporate governance includes the following:
  1. establishment of organizational units which correspond to the scope and type of activities performed by the company;
  2. clear definition of organizational units’ competences which will ensure unimpeded flow of information;
  3. prescription of precise work procedures;
  4. establishment of a system of responsibilities which correspond to the activities performed and to the significance of the decisions made, in the manner ensuring efficient control of risks pertaining to the company’s operations;

1 Pursuant to the Decision on Minimum Information System Management Standards for Financial Institutions (RS Official Gazette, No 23/2013), Sections 6 and 8 of the Decision on Minimum Requirements Regarding Organizational and Technical Resources of Voluntary Pension Fund Management Company cease to be valid on 1 July 2014.

2 5) establishment of appropriate horizontal relations, and/or coordination between the company’s organizational units and persons with special authorizations and responsibilities in the company; 6) establishment of appropriate vertical relations, and/or subordination between the company’s organizational units, persons with special authorizations and responsibilities and other persons employed in the company, as well as between the company’s broader and narrower organizational units; 7) establishment and constant upgrading of the company’s internal control system. 4. For the purposes hereof, minimum requirements regarding the organizational resources of a fund management company shall be the requirements set down in the documents on the company’s internal organization and job classification, decision on the establishment of the company’s organizational units, rules of procedure of internal audit and other documents. The general documents of a fund management company, which govern the activities of administration and supervision bodies, should stipulate that these activities may be performed solely by persons of good business reputation (assessed on the basis of their biography, professional qualifications and professional background). The general documents should also stipulate the qualifications structure of employees with the required years of service for each position, the dynamics of appointment to classified positions which should correspond to the planned expansion of the scope of activities and organizational network of the company, as well as to stipulate that investment decisions may be made solely by portfolio managers referred to in Article 8, paragraph 3 of the Law on Voluntary Pension Funds and Pension Schemes. 5. For the purposes hereof, minimum requirements regarding the technical resources of a fund management company shall mean the provision of office space for the performance of the company’s activities, which fulfills the prescribed standards with regard to the planned number of employees, as well as the provision of computer and other equipment and program support corresponding, in terms of their scope and technical features, to the number of employees and planned scope of activities of the company (hardware and software system and other). The fund management company is obligated to provide office space in its ownership, which is evidenced by appropriate documentation, or office space leased over a specified or non-specified period of time, provided that the lease period be no less than three years, which is evidenced by contract concluded between the company and the landlord.

3 6. Hardware and software system of a fund management company shall meet the following requirements: – ensure high reliability, security and protection of data from unauthorized access, as well as reliability in the event of system disaster; – ensure adequate performance and capacity, namely such performance and capacity that will support all requirements pertaining to the management, administration and reporting on the voluntary pension fund’s activities (hereinafter: fund) that the company manages; – provide for the compilation of reports on individual accounts maintained by the company, for both internal and external needs, as well as on-line access to the information on the balances in those accounts. 7. Fund management company shall have an information technology system (hereinafter: IT system) which provides the following data from the electronic database:

  1. on contracts, namely: – on membership (with regard to each contributor), – on pension schemes, – data for scheduled payments of accumulated funds from individual accounts;
  2. оn applications, namely: – for the withdrawal of accumulated funds from individual accounts via scheduled payments, – for the transfer from account, – for lump-sum payments in the event of death of a fund member, in the event of purchase of annuity by insurance company, irregular expenses of the fund member’s medical treatment and permanent loss of work capability;
  3. оn individual accounts of fund members;
  4. on fund members that receive their pensions in the form of scheduled payments;
  5. оn the net value of assets owned by the fund, which is harmonized with the data of the custody bank.
  1. Fund management company shall ensure that the IT system has multilayer security architecture and that it meets the following requirements:
  1. that its software and hardware are protected from unauthorized data access by means of detailed supervision (procedures for registration, analysis and control of each activity in the system) and access control through assigning authorizations and user authorization;

4 2) that there is a physical control of access to the resources of the system, namely: physical security, alarm, identification control at the entrance into computer (server) rooms and surveillance and control system; 3) that it is protected from breakdown by hardware solutions, reliable systems for uninterrupted power-supply, spare devices, connections and electric power supply of local network; 4) that its reliability is further enhanced by making back-up copies of data, i.e. by prescribing systems and procedures for making such copies, and that the information and data are stored in no less than two locations; 5) that, in the event of disaster, there is a data recovery plan, as well as prescribed recovery procedures and staff adequately trained to implement them; 6) that employees are adequately trained to use the system and procedures prescribed for system protection; 7) that there is a detailed list of hardware, software and communication equipment in use, as well as a plan for their maintenance. Fund management company shall have an official e-mail contact address and mail server which keeps its official correspondence. As proof of meeting the requirements regarding the technical capacities of IT system, fund management company shall deliver the following to the National Bank of Serbia: – description of the system used, description of software used for the development of that system subject to the expansion of the scope of activities, as well as innovation plan for the existing hardware and software against obsolescence; – description of the systems used for ensuring appropriate protection of data from loss and unauthorized change of record, including the ability of identification and correction of irregularity, inaccuracy and errors with regard to data; – procedures for risk management that include appropriate measures for disaster recovery and maintenance of the continuity of operation. 9. This Decision shall enter into force on the eighth day following its publication in the "RS Official Gazette", and shall be applied as of 1 April 2006. D. no. 19 G o v e r n o r 10 March 2006 National Bank of Serbia B e l g r a d e

5 Radovan Jelašić, sign.

Share