Decree No. 117/2012 Coll. on Detailed Regulation of the Activities of Pension Companies, Pension Funds, and Participatory Funds

1 117/2012 Coll. DECREE of 29 March 2012 on the detailed regulation of the activities of pension companies, pension funds, and participatory funds

The Czech National Bank, pursuant to Section 110(1) of Act No. 426/2011 Coll., on pension savings, for the implementation of Section 52(6), Section 63(5), Section 68(3), Section 79(3), and Section 82(3) of the Act on Pension Savings, and pursuant to Section 170(1) of Act No. 427/2011 Coll., on supplementary pension savings, for the implementation of Section 52, Section 54(2), Section 59, Section 100(6), Section 102(6), Section 115(5), Section 118(3), Section 130(3), Section 133(3), and Section 189 of the Act on Supplementary Pension Savings, has determined:

PART ONE BASIC PROVISIONS

Section 1 Subject Matter This Decree regulates a) the method of complying with individual rules of conducting the activities of a pension company pursuant to Sections 49 and 50 of the Act on Supplementary Pension Savings, b) the requirements for authorization to conduct the activities of a pension company by another person and the requirements for the conduct of the activities of a pension company by another person pursuant to Section 51 of the Act on Supplementary Pension Savings, c) the method of fulfilling the rules of conduct of a pension company pursuant to Section 54(1) of the Act on Supplementary Pension Savings, d) the content and method of submitting information to participants by a pension company in cases specified in Section 79(3) of the Act on Pension Savings and in Section 130(3) of the Act on Supplementary Pension Savings, e) the time limits within which a pension company is obliged to inform participants about the facts mentioned in Section 82(1) of the Act on Pension Savings and in Section 133(1) of the Act on Supplementary Pension Savings, f) the types, limits, methods of use, and requirements for qualitative criteria of techniques and instruments that a pension fund may use for the efficient management of assets pursuant to Section 52(6)(a) of the Act on Pension Savings and that a participatory fund may use for the efficient management of assets pursuant to Section 102(6)(a) of the Act on Supplementary Pension Savings, g) the procedure for assessing the degree of risk associated with financial derivatives pursuant to Section 52(6)(b) of the Act on Pension Savings and pursuant to Section 102(6)(b) of the Act on Supplementary Pension Savings, h) the method of determining the fair value of assets in a pension fund and the liabilities of a pension fund pursuant to Section 63(5) of the Act on Pension Savings, and the method of determining the fair value of assets in a participatory fund and the liabilities of a participatory fund pursuant to Section 115(5) of the Act on Supplementary Pension Savings, i) the requirements for qualitative criteria of investment instruments into which a participatory fund may invest pursuant to Section 100(2) and (4) of the Act on Supplementary Pension Savings,

2 j) the scope, structure, form, periodicity, time limits, and method of publishing information pursuant to Section 68(1) of the Act on Pension Savings and pursuant to Sections 59 and 118(1) of the Act on Supplementary Pension Savings, k) the rules for calculating the capital requirement to cover risks associated with the assets and liabilities of a transformed fund pursuant to Section 189 of the Act on Supplementary Pension Savings.

Section 2 Definition of Terms For the purposes of this Decree, the following shall be understood: a) "information system" means a functional unit ensuring the acquisition, processing, transmission, sharing, and storage of information in any form, b) "organizational unit" means a person or group of persons authorized to perform certain activities of a pension company, including the body or committee of a pension company, if established, c) "person with a special relationship to a pension company" means

1. its managing person,
2. its employee who participates in activities pursuant to Section 29(1), Section 35, or Section 74 of the Act on Supplementary Pension Savings,
3. a natural person other than those mentioned in points 1 or 2 who participates in activities pursuant to Section 29(1), Section 35, or Section 74 of the Act on Supplementary Pension Savings under the instructions of the pension company,
4. a natural person who directly participates in activities whose performance the pension company has authorized another person in connection with activities pursuant to Section 29(1), Section 35, or Section 74 of the Act on Supplementary Pension Savings, d) "repo" (repurchase agreement) means the transfer of securities for monetary funds with a simultaneous obligation to take back these securities by a specified date for an amount equal to the original monetary funds and interest; "repo" also means sale with a simultaneous agreement for repurchase or the provision of a loan of securities secured by monetary funds, e) "reverse repo" means the acquisition of securities for monetary funds with a simultaneous obligation to transfer these securities by a specified date for an amount equal to the transferred monetary funds and interest; "reverse repo" also means purchase with a simultaneous agreement for resale or the acceptance of a loan of securities secured by monetary funds, f) "repo transaction" means repo or reverse repo, and g) "highly liquid asset" means an asset whose conversion into monetary funds does not take longer than 5 working days and the achieved price corresponds to the fair value of the asset.

PART TWO ORDINARY AND PRUDENT CONDUCT OF ACTIVITIES OF A PENSION COMPANY (Regarding Sections 49 to 51 of the Act on Supplementary Pension Savings)

Chapter I General Rules of Ordinary and Prudent Conduct of Activities of a Pension Company

Section 3 Basic Requirements for Ordinary and Prudent Conduct of Activities of a Pension Company (1) A pension company shall ensure that the requirements established for the management and control system and procedures of the pension company for their fulfillment and in the performance of other activities are reflected in the organizational regulations and other internally established principles, statutes, plans, rules, or procedures (hereinafter referred to as "internal regulations") of the pension company. The pension company shall establish a procedure for adopting, changing, introducing, and applying internal regulations. (2) To fulfill the condition of proper management and administration of the company through the application of proper procedures, the pension company shall select and reflect in its internal regulations the recognized principles and procedures used in activities of similar nature (hereinafter referred to as "recognized standards"). The pension company shall regularly verify whether the internal regulations and recognized standards are current and appropriate to the nature, scope, and complexity of its activities. (3) A pension company shall ensure that all approval and decision-making processes and control activities, including related internal regulations, can be reconstructed. To secure this requirement, the pension company shall also establish, maintain, and apply an information retention system as part of its information system.

Section 4 Performance of Activities of a Pension Company through Another Person If a pension company authorizes another person to perform activities (hereinafter referred to as "outsourcing"), it shall ensure that a) these activities are performed in accordance with applicable legal and internal regulations and are not restricted in their controllability by the pension company, fulfillment of information obligations to the Czech National Bank, supervision, including possible inspection of facts subject to supervision at the outsourcing provider, and the performance of an audit of the financial statements and other verifications established by legal regulations, b) the conditions for the ordinary and prudent conduct of activities of the pension company are not endangered, c) the rights of the managed funds and their participants are not endangered, and d) rules for the control of these activities are established, including possible inspection of facts concerning outsourcing at its provider by the pension company.

Section 5 Organization of the Performance of Activities of a Pension Company A pension company shall define the job descriptions of organizational units so as to support proper, efficient, and prudent management and the performance of other activities and to enable effective communication and cooperation at all levels.

Section 6 Management of Conflicts of Interest (1) A pension company shall ensure that a) areas of conflict of interest and areas of its possible emergence are identified in a timely manner, b) powers and responsibilities are assigned to organizational units and employees at all management and organizational levels so as to sufficiently prevent the emergence of possible conflicts of interest, c) procedures for detecting and managing conflicts of interest pursuant to Sections 21 to 23 are properly observed, d) areas of conflict of interest and areas of its possible emergence are subject to continuous independent monitoring. (2) A pension company shall independently of the trading of assets in the managed fund (hereinafter referred to as "trading activity") perform a) the valuation of assets and liabilities in the fund it manages and the determination of the current value of a pension unit of a pension fund and a participatory unit of a participatory fund, b) the settlement of transactions agreed upon on financial markets,

3 c) the control of the conformity of data on transactions agreed upon on financial markets with the actual state and the elimination of detected discrepancies (reconciliation), d) risk management, e) the approval and control of compliance with limits for risk management, f) the approval of valuation systems and models related to trading activity, and g) the creation of quantitative and qualitative information on risks reported to the senior management and the board of directors of the pension company. (3) A pension company shall ensure, up to the level of senior management (Section 10), the separation of responsibility for the management of trading activity from the responsibility for the management of risks and the settlement and reconciliation of transactions agreed upon on financial markets. (4) The development of the information system is ensured separately from the operation of this system. The administration of the information system is performed separately from the evaluation of security audit records, the control of the allocation of access rights, and the preparation and updating of security regulations for this system. (5) A pension company shall ensure the appropriate independence of the performance of internal control with regard to the nature, subject matter, and significance of the control and the prevention of conflicts of interest in securing all control mechanisms, including the compliance function (Section 17(2)); the internal audit function is independent of all executive activities.

Section 7 Supervisory Board (1) The supervisory board of a pension company supervises and evaluates at least once a year whether the management and control system is functional and effective. In fulfilling this obligation, the supervisory board shall also regularly discuss matters concerning the overall strategy of the pension company, including the method of investing the funds it manages and the guidance of risks to which the pension company or the funds it manages are or could be exposed. (2) The supervisory board participates in directing, planning, and evaluating the activity of internal audit and the evaluation of compliance (Section 17). (3) The supervisory board expresses its opinion in advance on the proposal of the board of directors to authorize a natural or legal person to perform the function of risk management, internal audit function, or compliance function, and on the proposal for their dismissal. In the event that the performance of the function of risk management, internal audit function, or compliance function is ensured by multiple natural persons, the supervisory board expresses its opinion only on the proposal to authorize or dismiss the head of the respective organizational unit. (4) The supervisory board establishes the principles of remuneration of members of the board of directors and persons whose authorization it expresses in advance pursuant to paragraph 3, if this is not within the competence of the general meeting.

Board of Directors

Section 8 The board of directors shall ensure the creation and evaluation of the management and control system and the permanent maintenance of its functionality and effectiveness as a whole and in parts. To fulfill this requirement, the board of directors shall always ensure a) the conformity of the management and control system with legal regulations, b) the sufficiency of information and effective communication in the performance of activities of the pension company, c) the establishment of an overall strategy including its assumptions and sufficiently specific principles and goals for their fulfillment, d) the functioning of the internal control system,

4 e) the establishment of rules that formulate ethical principles and expected models of behavior and conduct of employees in accordance with these principles, and their enforcement, f) the establishment of human resource management principles, including principles for the selection, remuneration, evaluation, and motivation of employees, g) the establishment of requirements for the knowledge and experience of persons through whom the pension company performs its activities, and the method of proving the required knowledge and experience, h) the application of proper procedures for the performance of activities and such management procedures that lead to the prevention of undesirable activities, especially the preference for short-term results and goals that are not in accordance with the fulfillment of the overall strategy, and a remuneration system that is disproportionately dependent on short-term performance, or procedures that allow the misuse of resources or cover up deficiencies.

Section 9 (1) The board of directors approves and regularly evaluates a) the overall strategy, b) the organizational structure, c) the method of investing managed funds, d) the risk management strategy, e) the strategy related to capital and capital adequacy, f) the information system development strategy, g) the principles of the internal control system, including principles for preventing the emergence of possible conflicts of interest and principles for compliance, h) security principles, including security principles for the information system, i) the system of limits that the pension company will use to restrict risks, and j) the strategic and periodic plan of internal audit. (2) The board of directors supervises the implementation of strategies, principles, and goals approved by it, and other activities, especially the activity of senior management and its members. The board of directors properly and timely evaluates regular reports and extraordinary findings, including information submitted to it by the auditor1), supervisory authorities, or other relevant persons. Based on these evaluations, the board of directors adopts appropriate measures, which are implemented without unnecessary delay. (3) The board of directors regularly discusses matters concerning the management and control system with senior management and evaluates the overall functionality and effectiveness of the management and control system at least once a year, and ensures any measures to remedy deficiencies thus detected.

Section 10 Senior Management (1) Senior management means a) heads of organizational units directly subordinate to members of the board of directors, b) members of the board of directors who simultaneously perform activities pursuant to paragraph 2, and c) other persons whom the pension company includes in senior management. (2) Senior management ensures especially a) the implementation of strategies, principles, and goals approved by the board of directors, including the elaboration of procedures for their fulfillment and the daily management of the pension company,

1. Act No. 93/2009 Coll., on auditors and on the amendment of certain laws (Auditors Act), as amended by subsequent regulations.

5 b) the maintenance of a functional and efficient organizational structure, including the separation of incompatible functions and the prevention of the emergence of possible conflicts of interest, and c) the creation, maintenance, and application of a functional and efficient system for acquiring, utilizing, and storing information.

Information and Communication

Section 11 (1) A pension company shall ensure that relevant organizational units and employees have current, reliable, and comprehensive information available for their decision-making and other specified activities. (2) The board of directors shall be informed without unnecessary delay a) about all facts that could significantly and adversely affect the financial situation of the pension company or the managed fund, including the effects of changes in the internal or external environment, and b) about all breaches of limits endangering the compliance with the accepted degree of assumed risks. (3) The board of directors shall be regularly informed about a) the compliance with the method of investing managed funds, b) the degree of assumed risks, and c) the fulfillment of capital requirements.

Section 12 (1) A pension company a) establishes the conditions for access to the information system and data recorded therein, the scope of access rights and the process for their establishment, including the method of deciding on the scope of access rights of individual persons and deciding on their changes, b) establishes the conditions under which data related to performed transactions and provided services will be stored in the information system and their permitted modifications will be made, the conditions for handling these data, and the assurance of easy detectability of their original content and modifications made, and c) ensures the protection of the information system against damage and against access and interference by unauthorized persons; in the event of damage to the information system, it ensures the reconstruction of data. (2) A pension company shall make available upon request information and records from the information system to the Czech National Bank so that it can easily reconstruct all key stages of the processing of each transaction in the management of fund assets and determine their original content before corrections or changes.

Section 13 Provision of Information for Supervisory Purposes (1) A pension company shall establish, maintain, and apply a system for creating, controlling, and transmitting information to the Czech National Bank so as to provide information that is current, reliable, and comprehensive. (2) A pension company shall establish, maintain, and apply mechanisms of internal control ensuring the completeness and accuracy of all calculations, data, reports, and other information provided to the Czech National Bank regularly or upon its request.

6 (3) A pension company shall ensure that the process of creating and providing information to the Czech National Bank pursuant to paragraph 2 is retrospectively reconstructible for at least five years.

Section 14 Basic Requirements for Risk Management System (1) A pension company shall ensure the recognition of risks so as to be ensured in all activities and at all management and organizational levels and to allow the detection of new, hitherto unidentified risks. (2) A pension company shall ensure that the risk management system provides an unbiased picture of the degree of assumed risks. (3) In risk management, a pension company takes into account all significant risks and risk factors to which the pension company or the funds it manages are or may be exposed. Risk management takes into account internal and external factors, including the consideration of the future business strategy of the pension company, the funds it manages, the effects of the economic environment and cycle, and the effects of the regulatory environment. Risk management takes into account the quantitative and qualitative aspects of risks, the real possibilities of their management, and the costs and returns resulting from risk management.

Section 15 Risk Management Strategy (1) A pension company shall establish in its risk management strategy especially a) the definition of risks to which the pension company or the funds it manages are or may be exposed, b) principles for assessing significance in risk management, c) principles for the management of individual risks, d) methods for risk management, e) the accepted degree of risk, f) principles for the preparation and adjustment of a contingency plan for liquidity crisis, g) principles for the definition of permitted products, currencies, states, geographical areas, markets, and counterparties, h) principles of control mechanisms in risk management, including the control of compliance with established procedures and limits for risk management and the verification of risk measurement outputs, and i) principles for reporting on assumed risks and their management to senior management, the board of directors, and the supervisory board. (2) A pension company shall ensure that all persons whose activity influences risk management are informed to the necessary extent about the approved strategy and proceed in accordance with this strategy and the procedures and limits resulting from it.

Section 16 Basic Requirements for Internal Control (1) A pension company shall establish and maintain rules of internal control, which it applies at all management and organizational levels. (2) A pension company shall ensure that control activities are part of routine, usually daily, activity and include especially a) line management control, b) appropriate control mechanisms for individual processes, especially the control of compliance with legal and internal regulations and limits, the control of approval and authorization of transactions exceeding established limits, the control of the course of activities and transactions, the verification of transaction details, the verification of outputs of used systems and risk management methods, regular reconciliation, and c) physical control; physical control focuses especially on restricting access to tangible assets, investment instruments, and other financial assets and on regular inventories of assets.

7 Section 17 Compliance (1) A pension company shall establish, maintain, and apply principles and procedures for ensuring compliance, the aim of which is especially to ensure a) the conformity of internal regulations with legal regulations, b) the mutual conformity of internal regulations, and c) the conformity of all activities with legal and internal regulations. (2) A pension company shall ensure continuous control of the compliance with legal obligations and obligations arising from its internal regulations, including continuous control of the compliance with the obligations of the pension company arising from the statutes of the funds it manages and from contractual relations with the depositary and participants (compliance function). (3) A pension company shall ensure a) the informing of senior management about detected non-compliances and the board of directors, or possibly the supervisory board, about all detected significant non-compliances, b) the informing of senior management about prepared or new legal regulations and recognized standards concerning the activities of the pension company, and c) the provision of other useful information related to compliance to the board of directors and senior management, especially regarding whether appropriate remedial measures have been taken in the event of detected significant non-compliances. (4) A pension company shall establish principles and procedures for ensuring compliance so as to comprehensively and interconnectedly cover all its activities.

Section 18 Internal Audit (1) A pension company shall ensure the performance of internal audit so as to provide objective and independent assurance about the activities of the pension company. (2) A pension company shall ensure that internal audit is subject especially to a) the compliance with the rules of prudent conduct of activities of a pension company, b) the compliance with established principles, goals, and procedures of the pension company, c) the risk management system and internal control, d) financial management and valuation, e) the completeness, traceability, and accuracy of accounting records, f) the reliability of accounting, statistical, and other information, including information provided to the bodies of the pension company, and g) the functionality and security of the information system, including the reliability of the system for preparing and submitting reports to the Czech National Bank. (3) A pension company shall ensure that the following activities are always performed in the performance of internal audit: a) the preparation of a risk analysis, at least once a year, b) the preparation of a strategic and periodic plan of internal audit, c) the creation and maintenance of a system for monitoring remedial measures imposed based on findings of internal audit, and d) the evaluation of the functionality and effectiveness of the management and control system, at least once a year. (4) The head of the organizational unit of internal audit informs the board of directors and the supervisory board about detected facts, and in the event of findings that may significantly and adversely affect the financial situation of the pension company or the funds it manages, must initiate an extraordinary meeting of the supervisory board.

Chapter II Further Rules of Ordinary and Prudent Conduct of Activities of a Pension Company

Section 19 Records of Communication (1) A pension company shall regulate a) the rules for the use of communication devices, at least the reservation of certain telephone lines, or possibly other communication devices, for activities related to performed transactions and provided services, including communication between the pension company and the depositary and the outsourcing provider pursuant to Section 4, and the recording of communication on these telephone lines, or possibly other communication devices, and b) the particulars of the record pursuant to letter a), which are at least the date and time of communication, identification data of the person2) sender and recipient, if available, and the content of the transmitted message; the pension company shall ensure the possibility of obtaining complete extracts of communication records on reserved telephone lines, or possibly other communication devices, and the possibility of obtaining output from the recording device. (2) A pension company shall retain communication records pursuant to paragraph 1 for at least the time limits specified in Section 31.

8

9