Fasttrack Trustee
Michelle Benitone
When best practices are in place, organizations get better results. Risks are mitigated. Roles and responsibilities defined and owned. Optimal service providers: selected diligently. Your efforts: documented.
Designed for Trustees, Board Members, and Leaders of Nonprofits, Retirement Plans, Apprenticeship Trusts, Tribal Nations, and Government Treasury / Comptroller / Pensions: Fiduciary Essentials Training, for which successful participants receive a Certificate of Completion. Customized training emphasizes such topics as Investment Steward Management, State Regulatory Requirements and Fiduciary Best Practices.
Empowers executives, trustees and board members with the deeper fiduciary knowledge and tools they need to serve and grow their organization systematically by utilizing the Prudent Practices for Investment Stewards. Successful participants earn their AIF designation from Fi360.
Kate McBride has helped us verify the Best Fiduciary Practices we have integrated throughout our investment portfolios and employee retirement plans. Her expertise has helped us to improve our investment processes further, in a comprehensive cycle to protect the best interest of our tribal members and our community.
@The_Exchange_Team I have a situation where FullAccess and Send-As permission holder users have their PrimarySmtpAddress/UserPrincipalName value stored within various properties on multiple different user objects. For my example, consider the output from:
There will be a list of SMTP addresses. If I then supply these emails addresses to the -Identity parameter for Get-Recipient or Get-User, some of them come back with multiple objects. In my case I have some UserMailbox's which have corresponding MailUser's with ExternalEmailAddress set to the PrimarySmtpAddress of the mailbox. There's a somewhat-reasonable explanation for this arrangement which I'll spare you of. The point is, without know what this SMTP address on the User/Trustee output property is supposed to represent, it's impossible to consider these ACL entries as concrete.
I acknowledge, if it is the PrimarySmtpAddress or UserPrincipalName, there's no chance of ambiguity. So I assume it is one of these, however, I don't find it documented and so I'm asking here and hoping you'll tell me - which one is it?
Also, less important for me right now but I'll point out how Send on Behalf users are returned in EXO PowerShell within the GrantSendOnBehalfTo property is in the similar state, but the users/trustees are stored there as (I think) their Name/cn property. I understand EXO will eventually change all Name/cn's to match ExternalDirectoryObjectId, but it's not there yet and so GrantSendOnBehalfTo is again less than concrete. Any tips for this would also be appreciated. If it is that they are stored using their Name/cn, then I can work with this using -Filter (as is the same plan with User/Trustee main topic).
Thanks very much for this, Vasil! That trick is priceless to know. I use -ReadFromDomainController in on-prem all the time, generally to immediately confirm changes I just made when in a slow replication/large forest . I did not know about it's trickery status in EXO.
So that's Get-MailboxPermission and Get-RecipientPermission, Get-MailboxFolderPermission already good to go. Now just GrantSendOnBehalfTo.
Thanks again.
##EDIT##: I've now tested the -ReadFromDomainController trick. To be honest, it's nice to know but I would otherwise call this completely ridiculous. When supplying ReadFromDomainController, the output of Get-MailboxPermission no longer returns ACE's, instead just an array of users in objects of type 'Deserialized.Microsoft.Exchange.Data.Directory.Recipient.ADUser'. It's nice and all, but this is A) undocumented, so very hard to rely on with any faith at all, and B) requires at least two passes with Get-MailboxPermission to get the concrete info. If there are more than 1 users with granted permissions, it's 1 + however many users = # of times to run the command. I know it's my own problem, but man I find this stresses me out. The effort to have done it this way should have been placed somewhere else to do it better and properly. I sound spoiled and thankless having said this stuff, and do feel a little bad, yet I will take the risk and call it what it is - unacceptable.
These kinds of shortcomings don't just exist in PowerShell land either, they also bleed over into the web UI, where admins of all experience levels may encounter them. We have lots of FullAccess/SendAs that has to be managed using PowerShell and with GUID-type properties for the -Identity / -User / -Trustee properties. Dang it I was happy, and now I'm said. Not very but a little.
By law, when Medicare gets into that situation the President must submit, within 15 days of his next budget, a detailed legislative proposal to stem the crisis. Although the trustees have issued a Medicare funding warning every year since he took office, President Obama has never complied with the statutory requirement that he submit a plan to save Medicare from bankruptcy and preserve it for future generations.
We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?
The Fast Track approach will act as a filter for our assessment of actuarial valuations that are submitted to us. If a valuation submission meets a series of Fast Track parameters, we are unlikely to scrutinise it further and it is less likely that we will engage with trustees.
The Bespoke approach is intended to allow trustees to still have the flexibility to select scheme-specific funding solutions if the funding approach and actuarial valuation meet legislative requirements and follow code principles.
New legislative requirements mean all trustees have to submit a certain amount of quantitative and qualitative information to us in a statement of strategy. The complexity of the risks being taken will determine the level of evidence and explanation required.
Bespoke offers trustees greater flexibility and scope to select an approach that suits the specifics of their scheme. Bespoke submissions are principles-based but with clear boundaries based on the legislative requirements and expectations in our code.
If trustees submit a Bespoke valuation, the level of evidence and explanation required in the statement of strategy will depend on the level and complexity of the risk being taken. We would expect a key focus to be on:
Fast Track is not risk-free for trustees. It represents our view of tolerated risk for a scheme and sets out a series of quantitative parameters that need to be met. If a scheme meets all the Fast Track parameters, we are unlikely to scrutinise the valuation submission further. Where they do not meet individual parameters, the scope of our engagement will likely be limited to those areas.
There is one set of Fast Track parameters for TPs and investments, set by reference to the maturity of the scheme. There will also be a set recovery plan length dependent on whether a scheme has or has not reached significant maturity.
Fast Track does not mirror the minimum level of compliance. In some instances, the Fast Track parameters are set above the minimum level of compliance. Some trustees may find Fast Track a useful tool when negotiating with their sponsoring employers.
Fast Track represents our view of tolerated risk, it does not represent minimum compliance. However, in some instances, adopting Fast Track may not be the most appropriate route and trustees should think carefully about whether Fast Track is right for their scheme.
Trustees submitting a Bespoke valuation submission may need to provide a greater level of evidence and explanation than expected in a Fast Track submission. Legislation requires trustees to explain their approach to setting their funding and investment strategy and managing risk in their statement of strategy.
We may also check compliance with Fast Track through sampling submissions. We will use this information to understand behaviours and risks across the landscape to inform setting parameters in the future.
Employer covenant support is recognised explicitly in legislation as a key element for assessing supportable risk. Our draft code and this consultation document provide clear expectations for how we expect trustees to assess covenant.
One of the challenges of the current system is the subjective nature of what constitutes varying covenant grades. Detailed intervention discussions invariably turn to value of cash flow, the value of contingent assets and prospects of the employer and wider group. We will be moving away from an internal assessment based purely on covenant grades to one that better considers the three fundamental covenant pillars of cash, contingent assets, and prospects.
We have not made fundamental changes to what covenant is, or the key areas of assessment. However, we will aim to better reflect how the relevant elements of covenant tie into decisions around funding, investment and recovery plans. We are reviewing and expanding our existing guidance and will add more examples. We plan to consult on our proposed changes to the covenant guidance in 2023.
We plan to review our approach to the regulation of DB scheme funding, including our enforcement approach. This section outlines our initial proposal regarding the practical operation of the new funding approach.
We have been careful to ensure our regulatory approach builds on the following opportunities provided by the legislation and draft DB funding code to support the use of our range of regulatory tools, engagements and funding enforcement powers:
If a Bespoke valuation submission is selected for further scrutiny, we will use our regulatory tools proportionately across a range of low to high intensity engagements. Our aim is to facilitate the most effective and efficient resolution.
c80f0f1006