Skip to content

Pensions: what's new this week - 28 November 2022

Welcome to your weekly update from the Allen & Overy Pensions team, covering all the latest legal and regulatory developments in the world of workplace pensions.

This week we cover topics including: Dashboards: revised standards published; Dashboards: draft TPR compliance and enforcement policy; TPR: progress on equality, diversity and inclusion (ED&I); Guides on DC investment in illiquid assets; ICO: updated guidance on international data transfers.

Dashboards: revised standards published

The Pensions Dashboards Programme (PDP) has published a revised suite of dashboards standards, along with a response to the consultation on those standards held earlier this year. The standards set out the technical and operational detail of the requirements which schemes and dashboards will need to comply with. They cover data formatting, security, service and reporting duties.

The finalised standards include some key changes compared to the consultation version:

  • an extension of the time limits for schemes to acknowledge a request to find member data (from one to two seconds), and to provide ‘view data’ (from two to ten seconds);
  • clarification that data providers must be able to respond to requests 99.5% of the time, 24/7;
  • removal of the possibility of a free text box, so schemes will not be able to provide bespoke messages;
  • members who have taken an uncrystallised funds pension lump sum (UFPLS) will remain relevant members for dashboards purposes;
  • clarifications around requirements for schemes entering wind-up or Pension Protection Fund (PPF) assessment: information does need to be provided, but not necessarily pension values;
  • more detailed record-keeping requirements and new requirements for complying with investigations;
  • the requirement to report complaints has been changed to a record-keeping requirement;
  • the requirements to inform the PDP of threats to the performance or security of the ecosystem will now be guidance only – the PDP is leaving it to schemes to judge when to notify them of issues;
  • there is a new requirement to notify the PDP in the event of data loss as soon as this is identified;
  • internal escalation frameworks and processes will be required, ensuring staff know when, how and to whom issues should be escalated, and a framework for raising issues and monitoring them to resolution;
  • inclusion of new detail on the data to be provided at on-boarding, and a requirement to keep this information up-to-date at all times; and
  • clarification of the process for changes to the standards, including how often changes will be made and how industry will be involved in the process.

The revised versions will come into force once approved by the Secretary of State; they have been published before this to give the industry as much notice as possible of the duties that will need to be complied with. A consultation on draft design standards, setting out requirements for presentation of data and design of the dashboards, including messaging, signposting and onward customer journeys, will take place in the winter.

The PDP will be hosting webinars on 5 and 7 December to explain the new standards and on 8 December to discuss the design standards. You can sign up here.

Read the consultation response.

Read the standards.

Dashboards: draft TPR compliance and enforcement policy

The Pensions Regulator (TPR) has released its draft dashboards compliance and enforcement policy for consultation. The consultation closes on 24 February 2023 and TPR expects to publish its final policy in spring 2023, ahead of the first schemes' dashboard deadlines in August 2023.

TPR sets out the following expectations in relation to scheme compliance:

  • governing bodies will have read, considered and implemented TPR’s guidance, as well as standards and guidance issued by the Money and Pensions Service (MaPS) and the PDP;
  • schemes will operate adequate internal controls in line with its new single code of practice (a final version of which is awaited); and
  • schemes will keep records of: steps taken to prepare to comply; compliance, in line with PDP reporting standards; steps taken to resolve any issues; matching policies; and steps taken to improve data.

On its approach to considering whether/what regulatory action is necessary where there is a breach, TPR states that it will be proportionate and take into account a number of factors, including the nature and scale of the impact on members; the number of members affected; whether a breach is the result of wilful non-compliance or if there are circumstances outside the scheme’s control; the scheme’s compliance history and the duration of any breaches; consideration of MaPS’ and TPR’s guidance; and openness and co-operation with TPR.

The policy sets out high level steps that TPR will take where there is a breach or suspected breach and includes a number of scenarios to demonstrate the approach it may take in practice.

Read the consultation.

TPR: progress on equality, diversity and inclusion (ED&I)

TPR has published a blog post discussing the progress of its ED&I initiatives. As well as outlining what TPR is doing as an organisation internally, the plan outlines what is being done to improve ED&I across pension scheme governing bodies.

TPR has identified a number of perceived barriers to change: complex scheme structures, slow rotation of trustees, long tenures and a need to ensure that new trustees have strong industry knowledge. It encourages schemes to explore ways they can gather, interpret and use data to bring about change across their organisations. Potential areas for improvement include: updating recruitment processes to improve board diversity; reviewing succession planning and implementing skills; and board effectiveness assessments to ensure boards are made up of capable trustees from diverse backgrounds. TPR also emphasises the role of the chair of trustees, noting that where the chair is committed to change, this is a good indicator that a scheme will more successfully implement measures to improve diversity and the robustness of decision making.

Read the blog post.

Guides on DC investment in illiquid assets

An industry working group has published a series of guides for DC trustees, employers and other key scheme decision makers on issues around investing in less liquid assets. This is an area of focus for the government, which published draft regulations and guidance intended to broaden the investment opportunities of DC schemes and facilitate investment in these asset types in October this year (read more). The guides cover assessing the value for money of illiquid assets; understanding performance fees; managing liquidity levels; key features and considerations of fund structures; a guide to the Long Term Asset Fund (a new FCA-authorised fund structure for investment in less liquid assets); and considerations when performing due diligence on investment managers and products.

Read the guides.

ICO: updated guidance on international data transfers

The Information Commissioner’s Office (ICO) has updated its guidance on international transfers of personal data. The guidance now includes a new section on transfer risk assessments (TRA) and a TRA tool intended to help with assessing the risk impact of a transfer. A TRA is required where personal data is being transferred outside of the UK using ‘appropriate safeguards’ allowed under the UK GDPR, for example using the ICO’s International Data Transfer Agreement (IDTA) or the Addendum to the EU Standard Contractual Clauses. The TRA assists in determining whether, in the circumstances of the transfer and with the chosen appropriate safeguards in place, the relevant protections for people under the UK data protection regime will be undermined.

Read the updated guidance.