Revised TPR admin guidance adds IT system governance
Image: madartzgraphics/Pixabay
Pardon the Interruption
This article is just an example of the content available to mallowstreet members.
On average over 150 pieces of new content are published from across the industry per month on mallowstreet. Members get access to the latest developments, industry views and a range of in-depth research.
All the content on mallowstreet is accredited for CPD by the PMI and is available to trustees for free.
The Pensions Regulator has issued new guidance that consolidates all administration expectations for trustees, scheme managers and administrators and introduces some new elements, including around IT and performance measurement.
“High-quality administration is fundamental to delivering good outcomes for savers. Our updated guidance sets clear expectations for schemes and administrators to work in partnership to strengthen governance and ensure resilience in the pensions system. Trustees and scheme managers remain accountable for administration – even when tasks are delegated,” said executive director of market oversight, Julian Lyne.
“We expect schemes and administrators to refer to this guidance regularly to ensure they are following good administrative practices. For example, it provides important information on maintaining an administration IT system and signposts trustees to TPR’s cyber security guidance,” Lyne added.
The revised guidance provides clarifications around member communications, data management, disaster recovery and business continuity planning.
In addition, it introduces new elements, such as:
the importance of having a policy to plan administration and effective oversight of outsourced or in-house administration;
guidance on IT system governance, including assurance on system adequacy, change control processes, technological benefits with proper oversight, and regular backups; and
performance measurement beyond time-based commitments, to better reflect the quality and accuracy of the administration service.
TPR said its recent market oversight report highlighted progress but also persistent challenges around governance, technology, data, and resilience.
Pensions administrator Capita was hacked in 2023, exposing the data of 6.6m people to cybercriminals. It settled with the Information Commissioner’s Office and was fined £14m. In 2020, industry commentators noted a well-known pensions administrator had also become the victim of a ransomware attack.
