Time is running out fast for trustees to prepare for their upcoming staging deadlines for connection to pension dashboards. We expect that most schemes have identified their staging deadlines and are now working to get their data and systems ready for connection to the dashboard.
Guidance and consultations on dashboards are being published at a fast rate. This blog updates trustees on five of the key issues to be aware of as staging deadlines approach.
1
Getting your scheme’s data ready
2
Selecting your matching criteria
3
Admin agreements
4
Data protection risks
5
Remember AVCs
Explanation of some of the terms used in this post
| TERM | DEFINITION |
|---|---|
| Integrated service provider | A third party service allowing pensions information to be connected to the dashboards ecosystem on behalf of pension providers. |
| Matching criteria | The list of data elements that are used by schemes to find matching pensions. |
| NCSC | The National Cyber Security Centre – the government agency tasked with providing advice and support for the public and private sector in how to avoid computer security threats. |
| Pensions dashboards | Pensions dashboards are digital services which savers will be able to use to see their pension information in one place. |
| Pensions Dashboards Programme | The Pensions Dashboards Programme (PDP) is the government body that has been tasked with designing and implementing the central digital architecture that will make pensions dashboards work. |
1 – Getting your scheme’s data ready
In 2023, schemes must push to get their data ready before their staging date.
Data needs to be:
- accurate; and
- in a format which is compliant with the digital architecture of the dashboard programme.
Both missing and incorrect data pose substantial risks to pension schemes. They may lead to a large proportion of incorrect, partial or false positive matches in the dashboard system, thereby reducing the usefulness of and trust in the system.
Good data management and data quality therefore needs to be at the top of schemes’ priority lists for 2023 when getting ready for dashboards. At a time when pressure will be on administrators like never before, it is essential that you are closely overseeing the work of your administrator in this regard.
2 – Selecting your matching criteria
Trustees are responsible for deciding what matching criteria to adopt but it is expected that trustees will work with administrators on this. In addition, guidance has been published by both TPR and PASA on matching data.
Administrators may, in practice, recommend what matching criteria to set but trustees should be confident that the correct data is being identified, they understand the flow of data, and they have planned how to manage the associated risks.
As part of this, trustees should consider the risks of data being sent to the wrong individual. It’s hoped this risk will be limited by the identity verification and Find Data process, but it’s not clear how obvious it will be to an individual that they are in fact viewing someone else’s data.
3 – Administration agreements
Administration agreements should be considered in light of additional services carried out as a result of the dashboard. Variations may cover:
- preparation of data, systems and services for dashboard requests;
- connecting administrator systems to the chosen integrated service provider (the ISP);
- engaging in dashboard requests;
- liability (e.g. who is liable if a member complains about incorrect data on the dashboard?);
- security standards (to match NCSC standards e.g. encryption); and
- additional volume in contact centre calls if members have questions or if lots of partial matches are returned.
Substantive amendments (or even new agreements) may be necessary where an administrator acts as an ISP.
4 – Data protection risk
Data protection risks come hand in hand with managing and dealing with personal data. Trustees need to balance their duty to carry out their requirements under the dashboard legislation (such as setting matching criteria) along with satisfying UK GDPR requirements.
Trustees should think about the following ways of managing these risks:
- consider completing or updating any existing data protection impact assessment (DPIA) and discuss with your administrator;
- put in place a data sharing agreement which accounts for the controller to controller relationship between MAPS, DWP, the trustees and other dashboard providers; and
- check and update privacy notices to cover the provision of data to MAPS (and eventual dashboard providers) and to reflect the legal basis for processing and sharing data to include pension dashboards.
5 – Remember AVCs
It is important not to forget any Additional Voluntary Contributions (AVCs) in your schemes as well/ Integration of AVC data may be a particularly tricky issue and it will be worth considering this early to make suitable plans.
Next steps and further reading
You can download a more detailed version of this blog post which also sets out:
- next steps for trustees;
- links to guidance and statements published by TPR, PASA, PLSA and the Pensions Dashboards Programme; and
- staging deadlines for large schemes and medium schemes.
About the author(s)
Jason Coates is a leading UK pensions lawyer. He helps his clients to respond to the challenges and opportunities they face in operating their pension arrangements, commercially and without jargon.
Charlotte advises both trustee and employer clients on a wide range of pensions matters which includes drafting pension scheme documentation, dealing with member queries and reviewing contracts.
Saskia is a trainee in Gowling WLG's London office.