When an authorised master trust failed to report member communications failures and breaches of law to us correctly, we took action to make sure savers were protected.
This report shows that we take failure to report significant events and breaches of the law seriously and that we won’t hesitate to take action to protect saver outcomes. We expect schemes to engage with us proactively and effectively when reporting issues, so that we can tackle problems early.
Published: 18 July 2025
Case summary and background
By law, individuals involved in running an authorised master trust must notify us if a significant event occurs in relation to the scheme. This is so that we can understand the nature of the event and how it is being managed. We want to ensure savers are in a well governed scheme with good decisions being made on their behalf, and that the scheme continues to meet the criteria for remaining authorised as a master trust.
We issued penalties to two entities involved in operating and governing NOW: Pensions Trust, which is one of the UK’s largest authorised master trusts. NOW: Pensions Limited (NPL) and NOW: Pensions Trustee Limited (NPTL) were ordered to pay penalties of £50,000 each following failures to report significant events and breaches of law to us. Both NPL and NPTL have paid their penalties in full.
This is the first time we have taken enforcement action against an authorised master trust for statutory failures to report. The case sets a clear expectation that master trusts must comply with reporting obligations or risk financial penalties.
Reporting failures
NPL is the scheme funder and strategist that makes business decisions on commercial aspects of the scheme. NPTL is the sole corporate trustee of the scheme.
In line with their duties, both NPL and NPTL must notify us in writing as soon as they become aware of a significant event occurring. Master trusts regulations list the significant events which must be reported to us. These include reporting failures of systems and processes which have a significant adverse effect on the security or quality of data or on service delivery.
In line with the Pensions Act, both NPL and NPTL were also required to submit breach of law reports to us where they had reasonable cause to believe that a duty relevant to the administration of the scheme had not been complied with, and that failure was likely to be of material significance to us in the exercise of our regulatory functions.
First incident
In April 2019, NPL discovered a ‘no reply’ mailbox had received bounce-back notifications from emails which NPL attempted to send to members dating back to February 2018.
Between September 2019 and October 2020, NPL conducted an internal review which showed emails sent to members and potential members had failed to be delivered due to invalid or missing email addresses and that the error impacted more than 35,000 communications. Around 9,500 of these communications were mandatory. NPTL considered this backlog in an operations committee meeting in July 2020.
In February 2021, following the internal review, a decision was made not to report this incident to us as either a significant event or a breach of law.
Second incident
In May 2021, NPL became aware of further communication failures in relation to missing emails addresses. An internal investigation again followed and in June 2021 NPL identified 86 employers who had been impacted and at least 102 communications which had not been sent. By July, the investigation showed a further 29,000 statutory communications had not been sent dating back to 2018.
By 22 July 2021 NPL had concluded that this second set of failures was a breach of law but decided to conduct an internal investigation rather than report it to us as a breach of law at that time. NPTL were made aware of this second incident in July 2021 and also did not report it to us.
In October 2021, a breach of law report was made to us in respect of this issue. The report was made outside the timeframe considered to be reasonable and a significant event report was not submitted.
Third incident
In February 2022, we opened an investigation into the issues raised in the October 2021 breach of law report. As part of this investigation, we issued information request notices.
In April 2022, as part of compiling its response to these notices, NPL identified a third instance of failure to deliver statutory communications. We received a breach of law report one day after the discovery of this third incident which specified that a further 30,919 communications had not been sent. This breach of law report was made following a decision by NPTL earlier on the same day, however it was not reported to us as a significant event.
Our regulatory response
Following our investigation, we issued a Warning Notice to NPL and to NPTL in August 2023 seeking penalties at £50,000 each for both entities.
Failures to report a significant event
The Warning Notices set out that all three incidents constituted a significant event and that both NPL and NPTL should have reported to us by 2 July 2021 at the latest. The significant events that should have been reported were in respect of failures of systems and processes which had a significant adverse effect on service delivery which should have been reported as soon as reasonably practicable.
Failures to report a breach of law
Our Warning Notices also explained that all three incidents constituted breaches of law which should have been reported to us as soon as reasonably practicable. The breach of law was in relation to failures to send statutory communications to the scheme’s potential and actual membership. A breach of the law was not reported in relation to the first incident, although a breach of law was reported in the second incident, it was outside a timeframe considered to be reasonable.
Representations from NPL and NPTL
In November 2023, NPL and NPTL submitted separate representations to us refuting our case. Their representations were in relation to statutory interpretation, and the nature and timing of significant event and breach of law reporting requirements.
In May 2024, we issued a single, joint response to NPL and NPTL setting out that each of the three failures to report significant event, and two failures to report a breach of law within the required timescales would be punishable by one penalty to each party at the maximum level available.
In June 2024, NPL and NPTL provided a joint reply again refuting our case and repeating their representations made in November 2023.
Referral to Determinations Panel
In August 2024, we referred the case to the Determinations Panel (DP). Following the referral, NPL and NPTL requested discussions with our case team to reach agreement.
The discussions led to an agreement between all parties that three separate failures to report significant events and two separate failures to comply with the breach of law reporting requirements occurred. It was agreed that these failures should result in a financial penalty to each party.
Outcome
In November 2024, the DP issued a Determination Notice imposing a financial penalty on both NPL and NPTL with each required to pay a £50,000 penalty. This amount is the statutory maximum for this type of breach.
What master trusts and the wider industry should learn from this case
We publish information about our cases to show how we regulate and so that our regulated community can benefit from lessons learned and avoid similar errors. This case highlights the importance of engaging with us and ensuring you are clear on key governance responsibilities, including statutory requirements to report certain events to us.
Communicate effectively with members
Failure to send timely and accurate information to members puts them at risk. In its Determination Notice the DP noted that communication failures in this case had caused both financial and non-financial harm to members and potential members. The failures took away members’ opportunities to make decisions about their pensions.
Report problems early
Failure to tackle a problem in a timely way could lead to more risk to savers. You must report significant events and breaches of law early so that we can take appropriate action. Problems should be rectified quickly and prevented from escalating.
Check your systems and processes
Robust systems and processes, which ensure communications are sent to members, are indicators of a well-governed pension scheme. Administrative and governance failures could indicate other issues and shortfalls. Schemes should monitor their systems and processes to ensure they are sufficient for the master trust to run effectively.
Check you know what a significant event is
You should be clear what a significant event is and who has the duty to report. The duty to notify falls on most of the parties involved in supporting the management of a master trust. This typically includes trustees, the scheme funder and the scheme strategist, but also extends to administrators and advisers.
This case involved a significant event (j) which is a failure in the systems and processes used in running the scheme, which had a significant adverse effect on the security or quality of data or on service delivery. Significant events must be reported as soon as reasonably practicable. We give more detail about our expectations regarding timing in our Code of practice. Timely reporting means that we can ensure schemes continue to meet the authorisation criteria and have sufficient systems and processes in place to ensure the scheme is run effectively and savers are protected.
Responsibilities to report significant events are set out in the Pension Schemes Act 2017. Regulation 14 of the Occupational Pensions Schemes (Master Trusts) Regulations 2018 lists the significant events which must be reported to us. In addition, section 70(2) of the Pensions Act 2004 states when schemes must report a breach of law to us.
Get data ready
In this case, missing and incorrect email addresses led to the communication failures. Schemes should ensure they have the correct information for their members. Schemes should now be well on their way to preparing for their connect-by date for connecting to pensions dashboards.