Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.

Ignore

This website requires cookies. Your browser currently has cookies disabled.

Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

Data monitoring and improvement

General code in force: 28 March 2024

This module forms part of our expectations for trustees of those schemes required to operate an effective system of governance, see Systems of governance.

  1. Governing bodies should retain records for as long as they are needed. It is likely that fiduciary obligations will require data to be held for long periods of time. Governing bodies will need to retain some records for members even after they have retired. This is to ensure that pension benefits can be properly administered over the lifetimes of members and their beneficiaries.
  2. There are requirements for governing bodies to maintain complete and accurate records1,2 these relate to both common and scheme specific data.
  3. The Occupational Pension Schemes (Scheme Administration) Regulations 19963 and section 49 of the Pensions Act 1995 set out the records that governing bodies of trust-based pension schemes must maintain. Under section 249A of the Pensions Act 20044, governing bodies of certain schemes must establish and operate an effective system of governance (see Systems of governance) including internal controls (see Internal controls). However, there are certain exemptions5. The system of governance must be proportionate to the size, nature, scale, and complexity of the activities of the scheme.
  4. The Public Service Pensions (Record Keeping and Miscellaneous Amendments) Regulations 20146 set out the records that must be maintained by governing bodies of public service pension schemes. Under section 249B of the Pensions Act 20047, scheme managers of public service pension schemes8 are required to establish and operate internal controls, which are adequate for the purpose of securing that the scheme is administered and managed in accordance with the scheme rules9, and with the requirements of the law.
  5. Governing bodies should have the following processes for monitoring scheme data:
    1. Monitor data on an ongoing basis to ensure it is as accurate and complete as possible for all pension scheme members.
    2. Ensure the governing body receives information about material errors and gaps in their scheme data, once identified.
    3. Ensure any service providers operate their own procedures for identifying, rectifying, and reporting errors to the governing body.
    4. Ensure data improvement is prioritised for members close to the point where they start drawing on their benefits.
    5. Ensure any plan for improving data can be monitored and has an achievable deadline.
    6. Where applicable, ensure member records are reconciled with information held by the employer(s).
    7. Ensure regular reconciliation of scheme membership, especially those reaching retirement.
    8. Carry out scheduled tracing and existence exercises to validate member data.
  6. Governing bodies should have the following processes for reviewing scheme data:
    1. Assess the need for a data review exercise at least annually.
    2. Decide the frequency and nature of any additional data review, where errors and gaps are identified, or in response to significant scheme events, for example winding up the scheme or changing the administrator.
    3. Ensure data reviews include an assessment of the accuracy and completeness of common and scheme specific data.
    4. Keep a record of data reviews carried out and the findings.
    5. Where errors and gaps are identified, put a data improvement plan in place to address the issues.
    6. Ensure the plan includes the actions necessary by the governing body or administrator to correct member data.
    7. Maintain agreed, consistent, and fair policies for situations where data cannot be corrected, for example due to age or loss.
  7. Governing bodies should have the following processes for protecting scheme data:
    1. Ensure processes are in place to manage scheme member data to comply with the data protection legislation10 and the data protection principles.
    2. Ensure processes are in place to address any breaches of the data protection legislation or principles.
    3. Understand their obligations under data protection law.

Glossary and legal references

Internal controls

  • Arrangements and procedures to be followed in the administration and management of the scheme,
  • Systems and arrangements for monitoring that administration and management, and
  • Arrangements and procedures to be followed for the safe custody and security of the assets of the scheme.

1Regulation 4 of The Public Service Pensions (Record Keeping and Miscellaneous Amendments) Regulations 2014 [Regulation 4 of The Public Service Pensions (Record Keeping and Miscellaneous Amendments) Regulations (Northern Ireland) 2014]

2Regulation 12 of The Occupational Pension Schemes (Scheme Administration) Regulations 1996 [Regulation 12 of The Occupational Pension Schemes (Scheme Administration) Regulations (NorthernIreland) 1997]

3Occupational Pensions Schemes (Scheme Administration) Regulations (Northern Ireland) 1997

4Article 226A of The Pensions (Northern Ireland) Order 2005

5Section 249A(3) of the Pensions Act 2004 [Article 226A (3) of The Pensions (Northern Ireland) Order 2005]

6Public Service Pensions (Record Keeping and Miscellaneous Amendments) Regulations (Northern Ireland) 2014

7Articles 226B of The Pensions (Northern Ireland) Order 2005

8As defined in section 318(1) of the Pensions Act 2004 (Article 2(2) of The Pensions (Northern Ireland) Order 2005)

9As defined in Section 318(2) of the Pensions Act 2004 (Article 2(3) of The Pensions (Northern Ireland) Order 2005)

10The law includes the Data Protection Act 2018 and the Retained Regulation (EU) 2016/679) (UK General Data Protection Regulation)

Related content

Back to top