Good administration is the bedrock of a well-run scheme. As the trustee of a scheme providing defined contribution (DC) benefits you should make sure the board works well with the scheme administrator, and that you have the right people and processes in place to ensure members’ benefits are administered to a high standard.
Published: July 2016
Last updated: March 2024
28 March 2024
Minor changes made throughout to align the guidance with the new code of practice.
28 July 2016
First published.
Introduction
Administration covers a wide variety of activities, all of which are crucial to the successful running of a scheme.
The administration function is likely to be the key link that members will have with a scheme, and the way they see the quality of service the scheme provides.
Failure to properly carry out any aspect of scheme administration can seriously affect members’ benefits.
In the case of money purchase benefits, the timing and accuracy of every transaction has a direct impact on the member’s pot:
Example
Phil was invested in the default arrangement of the Madeup DC Scheme, which operated a lifestyling strategy, moving the members’ funds into cash over the 10 years preceding their expected retirement date.
Phil’s record on the admin system incorrectly recorded his expected retirement age as 60 instead of 65, which resulted in the lifestyling process starting five years too early.
By the time Phil came to access his benefits at age 65, his pension pot was £8000 smaller than it would have been if the lifestyling process had started at the right time. Phil chose to purchase an annuity with his pension pot. He obtained an annuity of £1180, which was £200 less than it would have been if the lifestyling error had not been made.
However, the error was not picked up until three years later, when Phil’s daughter, who had recently begun working as a financial adviser, noticed the error when helping her father sort out his paperwork.
The cost to the trustees and the administrator to put Phil in the correct position after the error was identified was significant.
Working with your administrator
The administration of the scheme is the function through which a large proportion of your duties are carried out. It is important that you pay attention to the way your scheme is administered, and engage with your administrators to ensure that:
- the scheme is being administered in accordance with the scheme rules
- the scheme is being administered in accordance with the trustees’ legal obligations
- members are receiving value for money from the administration service
It can be extremely useful for both the trustee board and the administrator to put mechanisms in place to receive feedback from members about the administration service. Many third party administrators have this facility in place.
Ways to deliver feedback might include:
- a short telephone survey that the member could be asked to complete after they make contact with the administrator
- an online survey (eg using one of the free online survey tools available)
- a questionnaire attached to the annual benefit statement
We encourage you to establish whether your administrator has obtained independent voluntary accreditation, such as the accreditation standard offered by the Pension Administration Standards Association (PASA). If accreditation has not been attained or explored, find out why, and whether there are plans to apply for accreditation in the future. Independent accreditation can assist you in being confident that a high standard of administration, whether in-house or third party, is being provided.
Administration is an area that you must consider and discuss routinely; not just when problems have been identified.
Having a day-to-day contact within the administrator, whom you can contact directly, is an important part of this. In the case of an in-house administration function, this is likely to be straightforward. Where there is a third party administrator, there may be an account manager or team leader that you can use as a point of contact.
Some schemes may choose to put in place a sub-committee specifically to oversee the scheme’s administration, particularly for larger or more complex schemes. Whilst having a sub-committee in place is likely to remove the need for detailed discussions about administration at each full board meeting, the sub-committee will need to ensure that high-level information and any substantive risks or issues that have been identified, or changes to procedures that have been implemented, are shared at full board meetings.
You should consider inviting appropriate representatives from the administrator to attend relevant trustee meetings (for the relevant agenda items), or meetings of the administration sub-committee where one is in place. This will help to build a relationship with the administrator, and help to ensure that your discussions around administration issues are fully informed. This will also help you gain a better understanding of the administration function and identify changes that can lead to improvements.
Where your scheme administration is part of the services offered in a wholly insured or bundled arrangement, a representative from the provider of the bundled arrangement should be able to cover agenda items relating to administration. They should also be able to deal with queries and concerns you have about the standards of administration. For small schemes with fewer resources, and where administrator attendance at trustee meetings incurs additional cost, it may be more practical for one of the trustees to speak with the administrator to gather the relevant information to report back at the trustee meeting.
Working with the employer
Employers participating in the scheme play an important role in ensuring that the scheme is administered to a high standard. A key part of this is the interaction between the employer’s payroll function and the administrator.
You can help to facilitate a good working relationship between the employer and the administrator, where the administration is outsourced or provided by a separate in-house team.
You can support the administrator by working with them to set up and maintain processes with the employer, and by helping the employer to understand their role.
For example, in a single employer scheme this could be achieved by inviting representatives from the payroll department to the same trustee meetings (for relevant agenda items) that the administrator representative attends. This can foster a three-way relationship and to increase the employer’s understanding of why it is important that the data they provide and the contributions that they deduct from members are accurate and paid promptly.
Or, in a larger multi-employer scheme there may be scope for providing more formal training (which could be delivered online) to participating employers, particularly if new systems are being used to support the interaction between the employer and administrator. The administrators in large multi-employer schemes might also have a dedicated team to assist employers in setting up and maintaining the necessary processes.
Administration reporting
The reports that you receive from your administrators should contain all the information necessary to enable you to measure the extent to which your legal obligations are being met. The administration report and the risk register (see our guide on scheme management skills which covers risk management) are key documents that will inform the discussions on administration that should take place at trustee board meetings.
Administration reports for DC schemes, or DC sections in schemes that also provide defined benefits, should be bespoke for the purpose of reporting information that is relevant to the administration of DC benefits; a report that has been adapted from a report used for DB schemes is unlikely to be sufficient. Similarly, you should check that the administration reports are specific to your individual scheme; reporting at an aggregate level across all, or a section of, schemes administered by an insurer or third party administrator is unlikely to be sufficient for you to ensure that your legal obligations are being met.
The content of an administration report may be more or less detailed according to the size of the scheme and the resources available to it.
As a minimum, the report should cover the following:
- Membership movement statistics.
- Reporting against service level agreements, in particular on tasks related to the processing of core financial transactions:
- contribution reconciliation and investment. Details of any discrepancies and problems encountered, and details of any undesignated assets
- payment of benefits (retirement and death)
- investment switches
- transfers in and out of the scheme
- Error and breach reporting – volume, type of error, severity, action taken to resolve.
- Cash flow reporting.
- Risk management reporting with reference to the scheme’s and the administrator’s (where separate registers are kept) risk register.
- Reporting on annual tasks, eg annual benefit statements.
- Where member web access is offered, details of any periods that web access was not available, eg server problems, maintenance.
When considering what information should be included in administration reports, it can be helpful to think about it from a member’s perspective; what information will provide an insight into your members’ experience with the scheme?
Third party administrators will generally have their own templates for administration reports, but it is important that you are satisfied they provide all of the information required. You may want to ask the administrator to amend any template to meet your own requirements.
The level of detail and frequency of reporting that is appropriate will depend on the size and stability of the scheme. For example, it may not be necessary for reports to be provided more frequently than quarterly where the membership is small and relatively stable. However, for a larger scheme with a high volume of transactions taking place and a mobile membership, additional interim reporting on a monthly basis is likely to be appropriate.
Administrator training and experience
Some schemes will have a dedicated team who work only on the administration of their scheme, or perhaps alongside one or two other schemes. In this case, and in the case of in-house administration arrangements, it is likely to be more straightforward to establish what training and experience those individuals have. Other administration services, whether standalone or part of a bundled arrangement, will have a large number of individuals working on many schemes, and it may not be practical to enquire about the training and experience of each individual.
In the case of a third party administration service, you should talk to your administrator, find out what their policy and practices are for training their staff, and establish the extent to which their staff are required, or encouraged and supported, to obtain formal qualifications (eg qualifications awarded by the Pensions Management Institute). What procedures are in place to ensure that administration staff are informed and adequately trained to understand the impact that new legislation or codes of practice have on your scheme and any relevant procedures? Do they run a structured in-house training programme? If your scheme is a bundled arrangement, your provider may outsource administration services to a third party, so you should find out how they have checked the training and experience of the administrators.
Where you don’t feel confident that adequate training and expertise are in place, you will need to consider whether this might impact on the quality of administration services you receive, and discuss this with your administrator.
Where the administration is run in-house, you are likely to have greater control over the training policies and procedures, and should be able to influence and implement any required change more easily.
Quality assurance and continuity
As well as having appropriate expertise, it is important that the administration procedures incorporate quality assurance, and that procedures are well documented and clear, so that any change in administration personnel or administration provider has minimal impact on the continuity and consistency of service.
Many schemes will have a procedure manual which contains this documentation, and we encourage this practice for all schemes, including small and legacy schemes which may have particular complexities. You should obtain assurance from your administrator that procedure manuals are kept up to date and relevant to the needs of the scheme. This is particularly important for schemes using a third party administrator, where similar procedures may be applied across a number of schemes. Some administrators may also maintain a summary of the scheme rules to assist in the running of the scheme. If such a summary is in place for your scheme, you should be satisfied that it accurately reflects the scheme rules.
Well-documented procedures will aid a smooth transition in the event of a change of administrator. You may wish to establish whether or not your administrator adheres to the PASA Code of Conduct on Administration Provider Transfers.
Adequate checking and peer reviews should be incorporated into the scheme’s administration procedures, and you should be content that these are adequate to minimise the risk of errors. It is likely to be appropriate for all tasks carried out manually to be checked, with regular peer reviews carried out on a sample of cases. Checking procedures should not only apply to tasks that are carried out manually; regular checks on automated tasks and systems should also be built into procedures. The rates of errors found to have been issued and reported in the administration reports will help you to judge this, and decide whether changes to the procedures should be explored with the administrator.
Disaster recovery and business continuity planning
It is important for you to ensure that arrangements are in place to manage risks that would have a significant impact on scheme administration and member data (see the guide on scheme management skills for more information about managing risk). This includes having a business continuity plan (BCP) in place, which sets out what actions would be taken if certain events take place that would impact on the running of the administration operation.
Where a scheme is very small and the administration operation is not complex, for example where it is run by a small in-house team within the HR department, the BCP may not need to be very sophisticated, though the risks are likely to be the same as those faced by larger schemes. However, continuity plans for the loss of a key member of staff should be given particular attention, especially if there is only one individual carrying out the administration.
The BCP should cover disaster recovery to ensure that where there is physical damage to the property or premises of their administration provider:
- data will continue to be available and accurate at all times
- core scheme financial transactions can continue to be processed accurately and promptly at all times
- computer hardware and software will be maintained
- records are secure and retrievable
- data will be regularly backed up and tested
Where the administration of the scheme is run in-house, you may have more control over the details of the BCP, and ensuring that it is reviewed and tested. Where a third party administrator is used, you may have less control, but should be confident that the risks to members’ data and benefits are adequately mitigated, and that plans cover the discontinuance of the administrator business. Certain confidentiality issues may prevent the third party administrator from sharing their full BCP with you. However, you should seek assurance from the administrator that:
- the plan is reviewed on a regular basis (no less than annually) to reflect any changes such as to staff, roles, scheme membership, service providers or systems
- periodic testing of their plans are undertaken to ensure they work in practice
You might consider asking the administrator to provide a declaration, perhaps within the administration report, to confirm that the BCP is up to date and confirm when it was last tested. Trustees may also wish to establish where the liability lies if processes are interrupted by a BCP event, or where a BCP plan fails in practice.
Cyber security guidance
Pension schemes hold large amounts of personal data and assets which can make them a target for fraudsters and criminals. As trustees and scheme managers, you need to take steps to protect your members and assets accordingly, which includes protecting them against the ‘cyber risk’.
You should take steps to build your cyber resilience – your ability to assess and minimise the risk of a cyber incident occurring, but also to recover when an incident takes place.
Read our cyber security guidance for trustees to find out what steps you should take to make sure your scheme and its data are secure.
Core financial transactions
Promptness
Members with DC benefits are highly vulnerable to market risks, and delays in processing financial transactions on their behalf can significantly affect their benefits.
Each scheme will have agreed procedures and protocols to follow when processing any financial transaction. You will need to review the procedures with your administrators to ensure you are comfortable that the procedures associated with each type of financial transaction are as streamlined as they can be without increasing the risk of inaccuracy. For example, it would not be appropriate to remove checking processes in order to speed up a transaction.
Financial transactions should be processed without delay once all the necessary tasks have been completed. The scheme’s procedures and administration function should facilitate this.
There are a number of variables which can influence what is considered to be ‘prompt’. For example:
- the timing of investment dealing cycles
- whether transfer requests involve domestic or overseas pension schemes, or suspected scam arrangements
For more information, see financial transactions.
Example 1
A scheme’s procedures for transferring a member’s fund to another pension arrangement include establishing whether the receiving scheme is registered with HMRC for tax purposes and when that registration took place. Where the administrator has not previously established the information for a particular scheme, and the scheme is not known to the administrator as a registered scheme, the administrator writes to the scheme to provide documentary evidence of their registration. Though it may take time for the receiving scheme to provide the information, this task is necessary to help ensure that the scheme the member wishes to transfer to is not a scam. Therefore, carrying out this task is not considered to be a delay in the context of the prompt processing of a financial transaction.
Example 2
When all the information necessary for the transfer to proceed has been received, the administrator dealing with the request is on annual leave, so the transfer is not processed until three days later when the administrator returns. This is considered to be a delay. The scheme’s procedures should ensure that work is assigned to an alternative individual when an administrator is on leave, so as not to delay transactions.
Example 3
The scheme’s procedures are that transfers are paid by BACs, and that BACs requests must be authorised by a particular trustee. The administrator disinvests the member’s funds and draws up a request for authorisation. The trustee takes several days to authorise the request, so a week has passed before the payment is sent to the receiving scheme. This is considered to be a delay. The trustees should consider amending their procedures to delegate authorisation to the administrators, and explore whether they can process transfers using faster payment methods.
Bear in mind that member complaints about delays are common. The Pensions Ombudsman reviews many such complaints every year, and determines on a case by case basis whether such delays amount to maladministration. All of the Ombudsman’s determinations are published online.
When considering your scheme’s processes and procedures, and related service level agreements (see below), it will be helpful to consider from a member’s perspective what timescales they would consider to be reasonable and prompt. Would they expect you to be taking advantage of latest technologies and processes (for example, straight through processing), and if you are not, can you justify why not?
If you use a third party administrator, or a professional trustee, they may be able to provide you with anonymised data to illustrate typical transaction times across other similar schemes, or, if you are going through a tender process, you might ask for this information to be included as part of the tender.
Service level agreements (SLA)
All schemes, whether administration is outsourced or in-house, should have metrics in place to enable them to measure the length of time it takes to carry out any transaction, and for performance against those metrics to be reported to the trustee board.
Ideally, SLAs should also include metrics relating to the quality and accuracy of the administration, which go wider than just the time it takes to carry out different tasks. For example, this might include metrics relating to the number of errors identified during peer review processes.
SLAs are a useful tool for you and the administrator to ensure they are aiming to complete certain tasks within appropriate timescales. However, in the case of third party administrators, they are often used as a performance measurement tool for trustees to assess the administration service as a whole. In some cases, the contract between you and your administrator may state that failure to meet the SLA may result in the administrator forfeiting a portion of its fee. You should make sure you are clear on the way the SLA is constructed, and should be aware that SLA reporting alone may not give complete visibility of the true time it takes to process transactions.
For example, a service level agreement may state that contributions will be invested within three working days. You need to be clear on the following:
- When the clock starts; is it from the time the contributions reach the bank account or when the administrator receives the contribution file from the employer’s payroll department?
- What happens if there are queries that need to be raised with the employer? Does the clock stop while the queries are raised or does it continue?
- Does the clock stop when the monies and instructions are sent to the investment managers, or when the investment manager confirms that the contributions have been invested?
- If the clock stops and starts throughout the process, what are the overall timescales that are reported to trustees in the administration report? Is it the true end-to-end time taken to complete the transaction, or are the periods taken to resolve queries etc discounted?
You might also consider measures to ensure that the SLA figures you receive are accurate. This could be by referencing payroll and investment manager transactions, or by carrying out a limited audit of administration casework (for example, by extending the remit of your scheme auditor to include sample checks on timescales).
There is other information that may not be immediately visible on the face of an administration report, and which you should probe with your administrator. Your administrator may categorise some pieces of work as ‘pending’, or ‘brought forward’, for example where further information is required before a transaction can be completed. Where this is the case, you should ask your administrator to provide further information about the type of work that falls into that category, and why.
You should make enquiries about the reasons for SLAs not being met for some pieces of work.
Average service times can hide cases that have taken a long time to process. Therefore it can also be useful to ask how old the oldest piece of work is, and you should consider requesting information about the cases that have taken the longest to complete. These may also come to light as cause for a complaint.
Payment methods
Digital payments are becoming the normal method of receiving contributions into a scheme and transferring funds between schemes. However, while cheques are still used in some circumstances this is unlikely to be the most efficient method. As part of the requirement to process core financial transactions promptly, you will need to review the payment method used by your scheme, and if cheques are used as a payment method, consider whether it is absolutely necessary.
There are some circumstances in which use of cheques to pay certain benefits may be appropriate, for example:
- where the member has specifically requested payment by cheque
- where lump sum death benefits are being paid to beneficiaries for whom bank details may not be available
Members are particularly vulnerable to ‘out of market’ risks in relation to receipt and investment of contributions from employers and transfers between schemes. Save for very exceptional circumstances, it is highly unlikely to be appropriate for these transactions to be processed by cheque.
In all cases, payments out of the scheme should be clearly documented and authorised by a person of appropriate seniority.
Transfers
There is a balance to be struck in relation to the processing of transfers, between prompt processing and adequate due diligence, to guard against the risk of transferring members’ funds to a scam arrangement. Delays in the time taken to process a request to transfer can have a significant impact on a member’s funds at retirement, which is amplified the closer they are to an age where they may wish to access their benefits or transfer to an arrangement offering their preferred decumulation option.
Read our guidance on dealing with transfer requests.
The code of practice Combating Pension Scams, developed by the Pension Scams Industry Group, provides further guidance about due diligence processes.
In order to minimise the time spent gathering and exchanging information with the receiving or transferring scheme, the use of a platform that facilitates standardised information and the electronic processing of transfers should be explored. To understand more about these services and whether they would be suitable for your scheme, you may wish to refer to the marketing materials of the providers of these services (Origo Options, Altus transfer gateway or other providers offering a similar service: these are examples only and we do not endorse any services). If your scheme does not make many transfers, or is very small or less resourced, it may not be suitable or financially feasible to invest in the use of such a platform, but it should be given due consideration.
Where use of such a platform is not possible, you should examine your processes and make sure any information you need from the member or from the transferring/receiving scheme is absolutely necessary to process the transfer, and is not inconsistent with the requirements of other schemes. Your advisers should be able to help you assess this. You might consider the use of a common declaration standard offered by platform providers, even where the platform itself is not used. This involves an agreed set of words being incorporated into transfer application forms so that a member can make the necessary declarations about discharge and pension commencement when making a transfer.
When the risk of a receiving scheme being a scam arrangement has been assessed and you’re satisfied that a transfer would be safe, funds should be disinvested and the transfer completed without delay. If you are not satisfied that a transfer is safe, contact Action Fraud.
Investment of contributions
Our code of practice module on financial transactions sets out the timescales in which contributions and sums transferred to the scheme should be invested.
On occasions when it is not possible for these timescales to be met, you should liaise with the relevant parties (eg the employer, administrator or investment manager) to understand the circumstances, and whether your scheme’s processes could be reviewed in order to limit the chance of recurrence.
Though the expected timescale for investment does not include time taken to reconcile the contributions received, the reconciliation process should not unduly delay investment. This is an area where the processes in place with the employer are of particular importance. Where weaknesses in the process are identified (eg similar errors are routinely identified in the information or monies received from the employer), you should attempt to address this with the employer and work with them to improve the process wherever possible.
If you believe that the employer’s processes are inadequate, or the employer is not carrying out its duties in respect of the scheme to the extent that, even after engaging with them, they prevent you from meeting your legal obligation to process core financial transactions promptly and accurately, you should decide whether to report a breach of law to us.
Accuracy – data and record-keeping
Our guidance on record-keeping contains information about what data you should hold. It also sets out details of the reporting you should put in place to give you visibility of the quality and completeness of your scheme’s records, to help you identify areas where improvements are needed.
For further details about what types of data to keep, read data guidance from PASA.
Some areas particularly pertinent to schemes offering DC benefits are expanded on below.
Addresses
For members with DC benefits, it is particularly important that they regularly receive communications about their benefits, even after they have stopped contributing to the scheme. Members with DC benefits carry the risk related to those benefits and, particularly following the introduction of the pension freedoms, must make decisions relating to those benefits that can significantly impact on their standard of living in retirement.
Therefore, it is important that you make appropriate efforts to keep all member addresses up to date. The best way to do this is to encourage members to keep you updated with any change of address, to regularly remind them of how important it is, and make it as easy as possible for them to do so. For example, allow members to update their details electronically, via email or online portal, rather than via post.
Where you become aware that member addresses are out of date there are a number of options available to trace the members and get up to date details. Holding an email address or mobile phone number for members may assist in enabling you to directly contact the member for up to date details. Alternatively, you might speak to former colleagues to see if they are still in touch with the member. There are now many services available to trustees to help them trace member addresses, and the costs have reduced significantly over the past few years. You should investigate the options available to your scheme, which could be through discussing with your advisers or even by carrying out an internet search to find out what services are available to you. Other options such as utilising social media to encourage members to get in touch can be effective at a relatively low cost. When using social media, care should be taken to verify the identity of the individual, and not to accidentally allow others to see personal information. See the section on data security below.
When the available options have been assessed, you should agree a policy for member tracing which, in your judgement, is proportionate relative to the resources available to the scheme, and the potential risks to members. For example, you might decide to attempt to trace members with funds in excess of £25,000 on an annual basis, or you might only attempt traces every three years where the pot size is less than £5,000.
Scheme-specific data
You will need to discuss with your administrators the exact constituents of scheme-specific data, based on an understanding of the requirements of your scheme and the administration system in use. You will need to pay particular attention to areas such as the following.
Contributions and investments reconciliation
- Check there is a matching transaction for each contribution recorded and, if the investment date is held on the member record, that the contribution has been invested promptly.
- Where a member’s contributions are being invested in more than one fund, and the total amount contributed in a period is recorded explicitly, check that the sum of the transaction elements equals the total amount of the contribution. In addition, the allocation for investment types must equal 100%.
- Check there is a contribution recorded for each pay period where the member is active in the scheme and that details of the investment purchased are present for each contribution received.
- Check there is a record of each investment sold, date sold and amount realised. This should be split by investment fund, but does not have to be recorded separately for each contribution type.
- Check the records held by the investment manager (or the platform provider as applicable) are consistent with the records held on your administration system. For example, where applicable, does the total number of units held in a particular fund match across the investment manager’s system and the administration system?
- Check the records of unallocated assets are maintained and reconciled.
Lifestyling
Where a member is recorded as having a lifestyle investment strategy or similar phased investment pattern, you should check that the member’s investments correctly reflect the point reached by that member within the lifestyle formula.
Flexible benefit access
If your scheme permits members to partially access their benefits, check that your records accurately reflect any amount that has been accessed, and when. This includes relevant information relating to attachment orders or divorce earmarking orders, which may be affected by a member’s decision to flexibly access their benefits.
Where the management of scheme data has been outsourced, you will need to understand what controls are operated by the administrator to ensure the integrity of member data is maintained. Consider the extent to which the administrator’s own audit and assurance processes cover this, for example the AAF 01/20 assurance framework issued by the ICAEW, or PASA accreditation.
Data review exercise
You should assess the need to carry out data review exercises at least annually. See data monitoring.
After an initial detailed data review, the scope of subsequent reviews may vary. For example, a small scheme which is closed to contributions and processes a relatively small number of transactions will have fewer changes to its records over a year, so the data review exercise may be scaled accordingly. A scheme that has a high turnover of members and processes a large number of transactions is likely to require a more comprehensive data review.
There are certain events that will require a full data review and cleanse to be carried out, regardless of the size or stability of a scheme’s records. These include:
- where a decision has been made to wind up a scheme
- where there has been a change of administrator or the administration system/platform
- where the scheme is affected by a merger or an acquisition
You will need to ensure that there is an improvement plan to address poor quality data (noting that there will be instances when trustees may have exhausted all reasonable measures to secure accuracy).
The plan should have specific data improvement measures, which can be monitored and tracked. The plan should also have a defined end date within a reasonable timeframe with a view to having complete and accurate data.
Read about improving your scheme data and reviewing your scheme data for more information.
General Data Protection Regulation (GDPR)
As well as ensuring members’ records are complete and accurate, you also need to have controls in place to ensure the security of member data, both to ensure that you meet your obligations to guard against fraud, and those under the General Data Protection Regulation (GDPR). This includes considerations relevant to the use of social media.
You should work with your administrators to ensure that the right controls are in place. For example:
- ensuring you and your administrators are trained in the principles of GDPR
- ensuring that any data breaches are reported appropriately, and that reports of breaches are received from your administrator
- taking steps to ensure the quality of data is continuously improved
- ensuring that appropriate security measures are in place with regards personnel that can access scheme and member records
- ensuring that appropriate security measures are in place where you provide members with online access to their personal accounts
In the case of wholly insured or bundled arrangements, you should seek assurance from your provider that controls such as those listed above are in place.
The Pensions and Lifetime Savings Association (PLSA) has produced a GDPR made simple guide to help schemes understand the rules.
Other useful resources to help you ensure that the right controls are in place include:
- The Information Commissioner’s Office website including information and updates published by them such as a data dozen to prepare for reform and Preparing for the General Data Protection Regulation.
- The government’s Cyber Essentials guidance which provides information on how to protect against cyber security threats
Accuracy – calculations and communications
Accurate data is not the only driver for ensuring the accuracy of core financial transactions.
It is important that any software used to carry out tasks such as:
- calculating fund values and member benefits
- processing lifestyling
- populating figures in member communications
are tested both at the point of implementation and on a regular basis thereafter.
Checking and peer review procedures should also be in place, particularly where any manual calculations or non-routine projects are carried out.
Further information
- DC Governance Guidance, provided by the Pension Administration Standards Association (PASA)