Agenda item

The Pensions Manager presented the report.

The Chair referred to the report on the data breach (Annex 1) and suggested that this should be reviewed in the Board’s digital strategy workshop with a view to learning how similar breaches might be prevented in future as digitization is rolled out. This might be achieved by reducing the amount of paper communications mailed to members and increasing online access. The Head of Business, Finance and Pensions said the digitization strategy emphasized self-service for employers and employees. This required a digital system with robust inbuilt controls, which the Fund’s system did not have at present, though such systems were available in the marketplace. The digitization strategy would focus on specifying such a system and identifying a suitable supplier, which might not be the current supplier. He pointed out that the Pensions Regulator regulates funds, while there is no regulation for employers, so a security failure by an employer is the responsibility of the Fund. That needs to be addressed in the regulatory framework. The Pensions Regulator should introduce standards for employers, payroll providers and data control.

The Chair noted that the Fund had fined 15 employers for late submission of data, and asked how they could be helped to avoid this in the future. The Pensions Manager replied that late payers were at first offered training. If they were late submitting data two years in a row they were required to sign a document committing themselves to improve their performance and attend training. The penalty charges are set out in the Pensions Administration Strategy. The Chair asked whether information about how the escalation process was being applied was shared with the Committee and the Board. The Pensions Manager said that it would be included in a report to the next meeting of the Board and the affected employers would be named.

The Service Director – One West asked whether the data breach had been escalated within North Somerset Council. The Pensions Manager informed the Board that he had a conversation about it with the head of HR in North Somerset and with their payroll provider.

A Member said that he was aware that schools often did not take pensions into account when selecting their payroll provider. The Pensions Manager said that all employers in the Fund had been notified of their obligations in relation to data provision; consideration was being given to sending them regular reminders about it. The Head of Business, Finance and Pensions said that when Bath and North East Somerset ceased to provide payroll services to schools, it had sent them a document setting out all the issues they should take account of when procuring new payroll services and what conditions they should include in payroll contracts. However, he thought the failure of the Regulator to issue standards for employers was the most fundamental problem. He said that the Fund had no legal power to expel poorly performing employers. The most it could do was to report them to the Regulator, but the Regulator had little power over them because they were usually not breaching any regulation. A Member said that Bristol City Council took the decision not to offer payroll services to schools, so that the 100+ schools in Bristol have very many different payroll providers. In reply to a question from a Member the Pensions Manager confirmed that officers of the Fund had regular meetings with the finance officers of employers.

After the discussion the Board RESOLVED to note

1. membership data, Fund and Employer performance for the 3 months to 30th September 2019;

2. progress and reviews of the TPR Data Improvement Plan.