At a media presentation ahead of the launch of Sanlam’s annual Benchmark Survey of retirement funds, Maharaj quoted David Gluckman, the head of research at Sanlam Employee Benefits, who predicted the likelihood of such an attack, in which a fund could have all of its investments wiped out.
But who should be responsible for the protection of members’ assets from cyber crime? Should it be the trustees of a fund or its administrators?
The Pension Funds Act is clear on where responsibility ultimately lies. The Act says it is the fiduciary duty of the trustees of a fund to exercise their powers to the benefit of the fund and in such a manner as to always act in the best interest of the fund and its members. They must:
* Ensure that the fund employs proper control systems;
* Obtain expert advice on matters where they lack sufficient expertise; and
* Ensure that the rules, operation and administration of the fund comply with the relevant legislation.
Maharaj says collective action is needed in the industry, with all stakeholders, from trustees and administrators to consultants and advisers playing a role in protecting members. He says awareness among trustees and consultants is extremely low, with cybersecurity far down on their priority lists.