The institution remains in touch with its internal and external stakeholders in order to listen before speak.

Advances in information and communication technology (ICT) are explored for cost efficiency and to facilitate interactions with the institution.

• Relevant legislation and regulations are taken into account when developing the services under all guidelines. This includes, especially:
• Regulations on administrative procedures, especially concerning contribution collection and compliance;
• Regulations on data privacy and protection;
• Financial regulations involving bank transfers;
• Authentication of operations and documents.

Contributor non-compliance (especially, deliberate evasion) and the limits of preventive compliance administration measures mean that instances of failure to comply with the law are inevitable.

Therefore, institutions must establish effective mechanisms to prevent and control fraud on social security contribution collection and compliance. These need to be regularly reviewed to update fraud detection approaches to counter new types of fraud.

The diversity in governance practices around the world is a reflection of differences in the political, social, economic and cultural histories of countries. There is common recognition, however, that good governance is aimed at delivering what is mandated and ensuring that what is delivered is responsive to the evolving needs of the individual and society. Improved education and new technologies have increased the expectations of the public for accountable and transparent administration, including constant improvements in the delivery and performance of social services.

For social security institutions that have an investment mandate, legislation, policy or decree establishes the general direction of the investment policy and prescribes the types of allowed investment instruments. Furthermore, in order to maximize the long-term rate of return on reserves and at the same time mitigate investment risks, the range of instruments allowed for investments is sufficiently diversified.

The management is the group of persons who, under the legislation or by-laws establishing the entity, is given the responsibility for the administration and daily operations of the social security programme.

The 23 guidelines for the management support and promote the following five principles of good governance, as applied to social security institutions:

1. Accountability

2. Transparency

3. Predictability

4. Participation

5. Dynamism

The management adopts and abides by a board-approved, workable code of conduct for its officers and staff, which includes a policy on the disclosure and management of conflicts of interest.

The strategic plan embodies a clear statement of the institution’s vision for the planning period. The vision statement is inspiring and easy to communicate. It is guided by the institution’s mandate.

The programme has regular actuarial valuations to monitor sustainability.

The board and management are duty bound to prevent and control any form of corruption and fraud in the collection of contributions for and the payment of benefits of the social security programme.

Corruption and fraud undermine the credibility of the programme to stakeholders, which can lead to a weakening or withdrawal of stakeholder support.

These two guidelines will help prevent and control corruption and fraud in the collection of contributions and the distribution of benefits.

The management ensures that the officers and staff are loyal to the institution and its mandate.

The institution operationalizes its mission and general objectives into specific ICT-related plans and actions implementing social security functions.

The institution develops a unique master data model, which standardizes the definition of the core objects and relationships (e.g. persons, employers, enrolment periods, benefits). A corresponding ICT-based master data system fosters the consistency of such information.

The institution implements a comprehensive system to control access to technological equipment and devices and software systems.

This includes mechanisms for data access control, endpoint access control, authentication and identification, user privilege management, network access control, password management and logs.

The institution determines the value of the master data and performs master data governance and master data management practices to optimize the results expected from ICT investments (services and authorized assets of ICT) throughout the master data life cycle.

The institution establishes a strategy and an action plan to implement the international social security agreements.

The institution, in coordination with the other institutions participating in the international agreement, specifies the processes enabling the application of the agreement in specific cases.

Investment functions will be undertaken by different bodies or institutions. In order for the governance process to be effective, the roles and responsibilities of each body and how these interact will be clearly defined and communicated.

Investment proposals generated internally or externally are subject to appropriate due diligence.

The incentives of the external fund managers are aligned with the overall investment objectives of the social security institution.

The institution provides a sustainable financial basis for setting up a successful and effective prevention programme. The board and management take the necessary decisions to provide the required financial resources.

Good internal communication carries the prevention message to the operational level of the institution, enables staff to better understand the purpose of the institution’s prevention activities and facilitates motivation.

Innovation at the workplace, changing work processes or the use of new products and materials at work can lead to exposure to new risks. Research in prevention plays a crucial role in identifying and addressing these risks. Research and development, including evaluation research, ensures constant improvement in the quality of provision of occupational safety and health services.

The institution – if it covers work-related traffic and/or commuting accidents – cooperates with employers and road safety stakeholders to address these risks.