Samantha Coombes highlights the importance of keeping pension scheme data safe
Pension Scheme Data – it’s not sexy, but it’s essential
Let’s be honest: pension scheme data isn’t sexy. It doesn’t require the intellectual challenge that comes with investment strategy or the financial management that comes with funding discussions.
Often member data falls down the trustees’ agenda in favour of issues which seemingly present a larger risk to a scheme and therefore warrant immediate attention. When systems are running well it is easy to underestimate the importance of good quality member data for every aspect of running a scheme: put simply, data is the silver bullet for pension schemes, and the security of that data has never been more important. With continuing changes to pensions legislation and service delivery continuing to evolve, making sure that the foundations are robust is crucial in making schemes more adaptable. There is a tendency for trustees to see data integrity either as a “tick box” exercise or something that only gets addressed when problems arise; the reality is that this is an issue which every scheme needs to tackle head on, no matter what the long-term strategy. To ensure that the time and effort spent is proportionate, data integrity should be considered in the context of the scheme’s wider strategy, rather than just to fulfil arbitrary targets. With that in mind, there are three fundamental areas to reflect on; futureproofing operations, journey planning and cyber security.
Effective ongoing operations
With so much focus on investment strategy, funding and other strategic activity, it is easy to forget how important it is to get the “business as usual” activity running smoothly. Good quality member data is key to this for a number of reasons:
Poor quality data is often a barrier to trustees who want to be more progressive and offer members an administration service that is fit for the 21st century. In this changing pensions landscape it is absolutely essential that a scheme’s foundations are solid to allow them to move with the times.
Enabling “journey planning”
With the vast majority of schemes now closed to accrual and looking towards a long-term goal of de-risking and ultimately discharging liabilities, data quality becomes crucial to fulfilling that aim. There are plenty of cautionary tales of schemes that have underestimated the importance of making sure that data cleansing work is carried out in advance of de-risking activity.
Having accurate, reliable and up-to-date data puts schemes in the best position to make the most of advantageous financial conditions as they arise and mitigates against insurers loading their premiums to reflect poor quality records. It also helps trustees understand scheme liabilities upfront, with no unexpected liabilities coming to light at a crucial time. Conducting timely and frequent data cleansing will also mean that schemes have the ability to discharge the correct liabilities in bulk.
This is an area which is only now starting to become a board level issue for many corporate entities, but is something that trustees must begin to consider. With an increasing number of high-profile cybercrimes, online security is becoming a significant issue for individuals, and trustees need to understand how they can actively protect their members’ data.
There is a continuing trend towards online member access for both defined contribution and defined benefit members. Whilst this provides significant benefits in delivering an efficient and engaging member experience, it does increase the potential risk of cybercrime.
Online member access typically includes access to information including sensitive personal data, bank details and salary information, all of which could be attractive to sophisticated cyber criminals. Trustees need to take a greater interest in how their data is protected, not just as a one-off activity but as technology and software continue to develop. Without taking these steps, it will be difficult to provide the necessary reassurance to members to make online access a successful part of scheme operations.
So, what should trustees be doing to properly address data integrity?
The quality of data that is actually important to the efficient and effective running of a scheme has to be assessed regularly and rectification work must be undertaken before a problem arises. Trustees have to work with administrators actively manage cyber risk and provide comfort to members that their data is safe.
But first and foremost, trustees and corporations have to treat data quality as a risk management priority. In the digital world where data is everything, we cannot continue to ignore an issue which is so fundamentally important to every aspect of a pension scheme and, as an industry, we need to get our clients to take data seriously.
Matthew Martindale, Director in KPMG’s Cyber Security team commented: “Personal data and financial information are two of the key elements which are attractive to cyber criminals who are actively looking for opportunities to take advantage of organisations which have not properly addressed cyber security. There is every chance that a pension scheme or pension provider could be the next big cybercrime news story.”
First published in Professional Pensions on 2nd June 2016.