OPDU - Click to return to homepage
 

OPDU Report 26 October 2009

Advisory Service Forum
Data risk
John Broker

Introduction

Scheme member data can pose a significant risk to trustees and aware-ness of this is becoming more widely acknowledged. Member data and record keeping are currently very topical pension issues. In January 2009 The Pensions Regulator (the Regulator) issued Guidance on Record Keeping. The Guidance encourages trustees to undertake regular data audits and to implement a data cleanse plan which should be reviewed regularly to ensure data risks are identified and data quality is improved.  Awareness of the Guidance has been gradually gathering momentum and many trustees have complied and adopted the Regulator’s ‘best practice’ recommendations. However, the Regulator is monitoring take up throughout 2009 and it is anticipated that a mandatory approach will emerge to enforce this. 

The Board for Actuarial Standards has also considered data issues spanning all aspects of actuarial work and has published an exposure draft. This will lead to a standard being published later this year with a proposed effective date, likely to be in 2010. 

The following factors have driven this recent interest and focus on resolving data problems:

  • trustees buying out liabilities – where data in an ‘all risks’ transaction may result in additional costs for the insurer accepting ‘data risk’ 
  • schemes entering the Pension Protection Fund (PPF) assessment or Financial Assistance Scheme (FAS) schemes - the PPF/FAS rightly require correct data
  • trustees focus on risk management and internal control – realising the price of data errors is high and having a commitment to higher administration standards
  • high profile data errors in the public sector – at a time when Personal Accounts loom and public confidence is essential to launch this new scheme effectively.

The above events all crystallise data problems.

Data risks and impacts

The risk of incorrect or missing data impacts on all key areas of scheme management. Examples include:

  • the accurate valuation of liabilities and contribution rates
  • the FRS 17 liability
  • iability de-risking (Enhanced Transfer Value (ETV), early retirement and trivial commutations, buy out/in)
  • the annual financial accounts audit
  • the PPF levy
  • the setting of premiums in insured schemes
  • efficient, cost effective administration
  • paying the right benefits to the right members at the right time.

Trustees’ awareness of the impact of data risk is developing but generally is not high on their agenda. Data is often (wrongly) assumed to be satisfactory (or even good) usually in the absence of any evidence for such a judgement. All too often the issue is disregarded, perhaps seen as inconvenient to address at a time of implementing important strategic projects. Only where problems arise is the impact of data risk fully appreciated. In a recent data audit undertaken by ITM as part of a buy out due diligence process, it was discovered that over 30% of the membership records contained errors, adding up to 5% to the scheme’s liabilities.

Regular reviews of data integrity can minimise data risk and result in real savings for trustees. Administration processes and data security should also be regularly audited. In December 2008 it was revealed around 95,000 retired public sector workers had been overpaid £126m by several administrators over three decades. A subsequent review by the National Audit Office into this matter discovered a “complex and fragmented administrative process” which was prone to errors.

Measuring and mitigating data risk

Trustees can measure and mitigate data risk by undertaking a comprehensive data audit, implementing a data cleanse plan and continually reviewing data to assess risks and measure improvements. This is completely in keeping with the Regulator’s Guidance and recommendations.

Whilst trustees may look to their administrators to provide basic data integrity checks, there is a strong case for a wider and more in depth audit being undertaken by an independent data audit specialist. This is an area of some sensitivity for administrators. Trustees will expect their data to be well administered and in good order. Trustees will not always be aware of or fully appreciate the data issues administrators have inherited and that they have to grapple with daily.  Administrators reporting poor data to the trustees may find this a difficult area to explain and may be conflicted. An independent audit can ensure such issues are explained fully and impartially.

A project to review and improve data quality divides into two distinct phases:

1. data audit phase
and
2. data cleanse phase

The data audit phase is a comparatively short and relatively low cost exercise which can be undertaken in around 4 to 6 weeks although this can be longer for very large pension schemes. At the highest level, the objective of the data audit phase is to identify data risks and their potential impacts and to analyse the feasibility and cost / benefit of either a complete or (more commonly) a partial data cleanse exercise.

At the outset of a data audit project, time spent considering specific objectives in the context of a scheme’s current circumstances and potential future direction is essential. The scope of the project needs to be aligned to the lifecycle of the scheme. Objectives should be set that reflect the scheme’s current and long term position. Careful planning and agreement of scheme specific objectives will ensure a well managed project with defined outcomes that will help the trustees achieve strategic aims. Many data audit projects have multiple objectives. These might typically include one or more of the following:

  • maximising administration effectiveness, mitigating risk and ensuring compliance
  • benchmarking data against The Regulator Guidance issued in January 2009 and covering Common, Conditional and Numerical data 
  • complying with the Regulator Code of Practice 9 (Internal Controls) issued in November 2006
  • examining the feasibility of data to undertake a scheme buy out with an insurer and cleaning the data to ensure the correct benefits are bought out for all beneficiaries, minimising data risk premium additions
  • the suitability of the data for either upgrading pension administration software, outsourcing or changing third party administrator
  • for schemes with DC benefits, ensuring the unit histories are complete, accurate and balance with the investment managers’ total unit holdings.

The above list is not exhaustive and each of the above objectives can be regarded as sensible risk management steps that fit well within a trustee governance programme. Equally, all the above objectives are covered within the recommendations in the Regulator Guidance.

Once the data audit reporting has been completed a cleanse plan can be agreed. Depending on the number of errors and severity of the issues, data cleansing timescales can span anything from a few months to several years. Costs for data cleansing can be substantial, particularly where data capture from fiche or files and reconstruction of member benefits is needed.

Data cleansing can be undertaken in stages and followed up by regular data audits to measure progress. The diagram below illustrates this process:

Data Cleansing Process 

Illustrating data risk and measuring improvement

The Regulator Guidance divides data testing and reporting into three core data sets. These are summarised as:

1. Common Data -
basic data applicable to all schemes

2. Conditional Data -
scheme specific data items

3. Numerical Data -
to support understanding of the above and illustrate scheme statistics.  

Whilst the Regulator Guidance is not a complete test of all scheme data items, it does provide a useful measure for trustees to assess data integrity and improvements in data quality.

A typical Regulator data report format illustration is as follows:
 A typical Regulator data report format illustration: 

The scores that trustees attain for their data using the Regulator data tests as shown above will be higher after data cleansing i.e. as the quality of data improves. The improvement in data quality should be an indication of a reduction in data risk. Trustees will have mitigated their exposure to a number of impacts including those which could have a genuine negative financial impact and also those that can be extremely upsetting for scheme members (many Pension Advisory Service cases originate from data errors).

The benefits of managing data risk

Undertaking a data audit and cleanse project is becoming more widely recognised as a key strategic exercise in pensions governance and de risking and fits with a variety of trustee objectives. It can be under-taken as part of an overall review of risk and internal controls or as a totally separate exercise.

Whilst benchmarking data in accordance with the Regulator Guidance is undoubtedly a worthy aim, a more detailed and comprehensive data audit will provide far more benefit and can be used strategically to fit with scheme objectives. Even if not all data anomalies are addressed and cleansed initially, all data risks will at least have been identified and thus mitigated.

John Broker FPMI
Director
ITM Ltd
020 7648 0095
johnbroker@itmlimited.com

OPDU and its underwriters recognise the importance of the quality of data. Accordingly, the undertaking of regular data audits is taken into account favourably when assessing premiums.

 
the opdu report
 
John Broker

John Broker		  
*


Lloyd's Register Quality Assurance - ISO9001  
The Occupational Pensions Defence Union Limited
90 Fenchurch Street, London, EC3M 4ST
Registration Number 03277897
Telephone: 020 7204 2530 Fax: 020 7204 2477 enquiries@opdu.com
  opdu are fsa approved