Record-keeping

Overview

As a pension trustee or someone running a public service scheme you are responsible for making sure the scheme has good records. This is still the case if you use a third-party administrator.

To manage a scheme properly you need to make sure it has accurate, complete and up-to-date records. You should have controls and processes in place to maintain these standards.

Failure to maintain complete and accurate records means you are at risk of not meeting your legal obligations. Poor record-keeping can have a huge impact on members and can be very expensive for your scheme if things go wrong due to bad or missing data.

Your role

You should review scheme data regularly. You or your administrator need to tell us about your data as part of your scheme return.

You need to work with your administrator to improve data where it isn’t good enough to run the scheme effectively.

You should not rely on the statutory audit to tell you the quality and accuracy of your data or the controls around it. You should take an active role in monitoring data. This should be an ongoing process.

You should discuss record-keeping at trustee meetings. This includes your standards, processes and any improvements you need to make. Although it can often be overlooked in favour of other priorities, good record-keeping is vital so that:

• defined benefit schemes have accurate funding plans in place
• defined contribution schemes can process core financial transactions promptly and accurately
• all schemes can meet pensions dashboards requirements

Types of records to keep

You need to keep records relating to:

• your meetings and decisions
• scheme documents including trust deed and rules, and any deeds of amendment or rule changes
• member information – this includes common data and scheme-specific data
• all contributions received
• all other payments to and from the scheme
• transfers of members’ benefits and related assets

You must keep records for at least six years. You’ll need to keep some for a much longer period.

Work well with the employer and administrator

Work with the employer to improve their record-keeping. You should help them understand their duty to provide accurate and timely information to the administrator.

You should work with the employer and administrator to investigate and fix any errors that you find.

Failing to meet record-keeping responsibilities

If you fail to meet your record-keeping responsibilities we will investigate. We may take enforcement action if you do not demonstrate adequate internal controls.

Report a breach of the law

Poor quality or missing data increases the risk of you being unable to meet your legal duties. If someone hasn’t complied with legislation relating to administration of a pension scheme this is a breach of the law.

You may need to report the breach to us. See the reporting breaches of the law section of our code of practice.

What records to keep

As a pension trustee or someone running a public service scheme you need to keep certain records and data. This enables the administrator to accurately identify scheme members and value their benefits.

You need to keep records relating to:

• your meetings and decisions
• scheme documents including trust deed and rules, and any deeds of amendment or rule changes – this is particularly important for defined benefit schemes so that trustees and administrators can track which rules apply to each category of member
• member and beneficiary information, including the date each member joined the scheme
• details of all contributions received
• all other payments to and from the scheme, including benefit payments and payments to advisers or the employer
• details of transfers of members’ benefits and related assets to and from the scheme

You should hold two types of member data: common and scheme-specific. Both types of data are equally important.

Common data

Common data consists of:

• National Insurance number
• surname and either forename or initials
• sex
• date of birth
• date pensionable service started, membership/policy start date or first contribution date
• expected retirement/maturity date (target retirement age)
• membership status
• last status event – the date at which the membership status last changed, eg from active to deferred – where appropriate, you should also capture the reason for the change in status (eg retired or opted out)
• address including postcode

This data is needed so that a member can be uniquely identified. All schemes should hold this data for all members. If any is missing it may be impossible to identify or trace the member, or their benefits.

Scheme-specific data

You also need to hold other data relating to members and their participation in the scheme. This will depend on factors such as:

• the scheme type, structure and design
• a member’s status – for example, the data you need for deferred members may differ to the data for active members
• events that have taken place during membership

You should work with your scheme administrator to assess your scheme and decide what scheme-specific data to keep.

You should pay attention to areas such as salary records, member options exercised and payment of benefits.

For more information on scheme-specific data, see data guidance from the Pensions Administration Standards Association (PASA).

Example: How to define scheme-specific data

The trustees of a defined benefit scheme want to assess the quality of their data. They understand what common data is but invite the scheme administrator to their next trustee board meeting to discuss scheme-specific data.

The administrator provides a list of what they consider to be relevant data items for this scheme and why these are key to how the scheme runs. The administrator also explains why some data is not considered key. For example, in this scheme, benefits are calculated based on the highest salary earned within the last five years (or the five years before leaving) so salary information before this period is not essential for running the scheme. It does not need to form part of the scheme-specific data measurement.

The trustees discuss the list with the administrator and commission them to measure the data. They also ask the administrator to break down which data items have gaps and assess the impact of the gaps so they can prioritise any improvements.

How long to keep records

You will need to keep some records, including both common and scheme-specific data, for long periods of time. This means for as long as they remain relevant and are needed for the scheme to operate.

Public service schemes

For public service schemes the records to keep are set out in legislation.

The scheme manager must keep records relating to:

• member and beneficiary information
• transactions
• pension board meetings and decisions

Member and beneficiary information 

Member and beneficiary data

Information to include:

• name
• date of birth
• sex
• last known postal address
• member’s scheme identification number
• member’s National Insurance number (if they have one)
• dates that active, deferred and pensioner members join and leave the scheme
• details of active, deferred and pensioner members’ employment with any employer participating in the scheme including the period of pensionable service and the amount of pensionable earnings each year

Benefits that aren’t money purchase benefits, injury benefits or compensation benefits under the scheme

Information to include:

• any formula used to calculate a member’s or beneficiary’s pension or benefit
• the percentage to be applied for revaluation each year to a member’s accrued rights to benefits under the scheme
• any increase to be applied to a pensioner member’s or beneficiary’s pension or benefit in payment in each year

Money purchase benefits under the scheme

Information to include:

• any investment decisions taken by or relating to a member
• any investments held on behalf of a member
• any anticipated date of retirement notified by a member

Pension credit (under the Welfare Reform and Pensions Act 1999)

Information to include:

• any information relevant to calculating each member’s rights under the scheme which are directly or indirectly attributable to a pension credit

Pension debit (under the Welfare Reform and Pensions Act 1999)

Information to include:

• any information relevant to calculating any reduction in each member’s rights under the scheme which are attributable to a pension debit

Transactions 

Employer or member contributions paid in relation to each active member

Information to include:

N/A

Pension and benefits payments

Information to include:

• date of the payment

Payments made by or on behalf of the scheme manager to any person – except pension and benefits payments, and payments made to members who leave the scheme (other than on a transfer)

Information to include:

• name and address of the person that the payment was made to
• reason for the payment

Any movement or transfer of assets from the scheme to any person

Information to include:

• name and address of the person that the assets were moved or transferred to
• reason for the transaction

Receipt or payment of money or assets relating to the transfer of members into or out of the scheme

Information to include:

• member’s name
• transfer terms
• name of the scheme into or out of which the member has been transferred
• transfer date
• date of receipt or payment of money or assets

Payments made to any member who leaves the scheme, other than on a transfer

Information to include:

• member’s name
• leaving date
• member’s entitlement at that date
• method used for calculating any entitlement under the scheme
• how that entitlement was discharged

Payments made to any employer participating in the scheme

Information to include:

N/A

Any amount due to the scheme that has been written off in the scheme’s accounts

Information to include:

N/A

Any other payment to the scheme

Information to include:

• name and address of the person from whom it is received
• where a payment is made in respect of a member, the name of the member

Pension board meetings and decisions

Records relating to any pension board meeting

Information to include:

• date, time and place of the meeting
• names of all pension board members invited to the meeting
• name of any person who attended the meeting and in what capacity
• any decisions made at the meeting

Records relating to any other decision made by pension board members while carrying out their role as pension board members

Information to include:

• date, time and place of the decision
• names of pension board members who participated in making the decision

Records relating to any decision made by a committee or sub-committee of the pension board not ratified by the pension board

Information to include:

• date, time and place of the decision
• names of pension board members who participated in making the decision

Online learning

• Trustee toolkit: the 'Running a scheme' module contains a tutorial on 'Scheme administration and member data'.
• Public service toolkit: learn more about keeping and maintaining records in the 'Maintaining accurate member data' course.

Review your scheme data

If you are a pension trustee or someone running a public service scheme you should regularly review the quality of your scheme data. This will help you to spot if you need to improve your record-keeping.

You should also ask your administrator to calculate your common and scheme-specific data scores. This will tell you what percentage of members have full and accurate data. You must send us the scheme’s data scores in every scheme return.

When to measure data

We expect you to review scheme data at least once a year. You should have a data review process in place to help you do this.

You may need to run extra reviews if major events take place, such as winding up the scheme or changing your administrator or admin system.

How to measure data

Ask your administrator to confirm that data is present and accurate. This includes giving you scores for common data and scheme-specific data.

You need to be confident that your administrator has processes and controls to make sure that data is of a good standard.

Talk to your administrator to understand their quality controls. These might include:

• checking there is data in all the fields you expect
• checking data items are consistent with each other, eg the date a member joined the scheme is later than their date of birth and before the date they expect to retire
• checking data items are in a valid format, eg the two-letter prefix of the National Insurance number matches the ones that HMRC uses
• having specific processes, eg checking a member’s date of birth against their birth certificate when benefits are taken

Your administrator should update you regularly on the results of their quality controls. If they find any key data types are missing or probably incorrect, they need to verify them with the relevant member or employer.

Submit data scores to us

You must send us the scheme’s data scores in each scheme return. Make sure you or your administrator have included them.

Your data score is the percentage of members in the scheme that you have full and accurate data for. You need separate scores for common data and scheme-specific data.

Example calculation

A data review of a scheme with 100 members shows that 40 addresses are missing but the rest of the data is present and accurate. The common data score is 60% as 60 members have full and accurate common data.

If a data review of the same scheme shows that 40 members have at least one scheme-specific data item missing, the scheme-specific data score is also 60%.

Review data reports

The data reports you receive from your administrator should contain all the information you need to understand the quality of your data and identify if there are issues which need to be addressed.

You should use the reports and your risk register to discuss record-keeping regularly at board meetings and inform decision making.

Where issues with data have been identified, you should agree priorities and actions with administrators to improve your scheme data.

Improve your scheme data

As a pension trustee or someone who runs a public service scheme you should ensure that your administrator has effective processes for maintaining data. You should also continually improve the data your scheme holds.

This involves reviewing data, deciding how you’re going to improve it and agreeing improvement plans.

Work with the scheme administrator and the employer to improve your processes, using them to fix any errors that you find.

Data improvement plans

All pension schemes collect and hold large amounts of data which changes on a regular basis. It is therefore likely that there will be issues with missing or inaccurate data from time to time.

You should review scheme data at least once a year.

If you find any issues you should put an improvement plan in place to address them. Your administrator should be able to help you design an improvement plan, or assess the one you currently have in place.

The improvement plan should clearly set out the steps you’re taking to improve your scheme data.

Your plan should be unique to your scheme’s circumstances. It doesn’t need to be complicated. The amount of detail should depend on the complexity of the issues you’re trying to address.

Set objectives

The data improvement plan should clearly set out the objectives you’re trying to achieve by having better data. If you have more than one objective, you should list them in order of priority.

Objectives can include:

• addressing data issues which impair your ability to run your scheme effectively: paying benefits correctly, processing core transactions, ensuring a high standard of service for members, keeping costs manageable or meeting legal obligations (may be identified using your annual data review, an audit or the valuation process)
• improving members’ experiences, such as providing them with online access to their records
• increasing automation or administrator efficiency, for example by reducing service times as information is more readily at hand
• preparing to move to a new administration system or a new administrator
• improving employer confidence in the assessment of liabilities and the appropriateness of their contributions and recovery plans
• improving data ahead of a risk-reduction or a liability-management exercise 

The administrator’s role

You should break down the activities your administrator will perform for you as part of the improvement plan.

For each activity, you should set out:

• the issue to be addressed
• the method to be used, for example member address tracing or researching company employment records
• who is doing the work and how long it will take
• any assumptions made, for example the number of records likely to need work, which members are covered and how errors will be fixed
  how you will know the task has been achieved

Dependencies with other work

You should identify any other work which might influence your improvement work, especially where data is changed or the same resources need to be used.

This will help you identify potential sources of conflict or opportunities to minimise burden. This includes reducing the number of times you ask employers for data or only writing to members once.

Other work you may need to consider includes:

• valuations
• member communication exercises
• guaranteed minimum pension reconciliation and equalisation
• year-end reconciliation
• negotiating an administration contract
• risk-reduction exercises
• proposed scheme structure changes

Set a timeline for the plan

You should talk to your administrator and agree a timeline for the data improvement plan.

The plan must have a defined end date within a reasonable period. More complex work can take several months, so you should consider breaking it down into phases.

Your timeline should clearly set out key milestones, reporting and decision points. It should also reflect the dependencies you’ve identified.

Secure resources

Plans should take account of available staff and financial resources. The administrator and employer will need to help you, so you should agree resources with them.

You should agree at the start whether the work will be delivered as part of ongoing business as usual administration or as a separately managed project with additional budget and resource.

If you’re diverting resources from other work, you should set out how this will affect the scheme.

As well as the administrator’s resource, you should consider which other parties you may need to source data from.

Likely sources and examples of data they can supply include:

• employers - providing member information, employment and contribution history
• HMRC - National Insurance numbers
• members - dates of birth, email addresses
• tracing companies - address checks, existence checks
• advisers, such as actuaries or lawyers

Set outcomes

You should set out the outcomes you are aiming to achieve, based on your objectives. Include how you will measure them and how long they will take to achieve.

Outcomes can include:

• improved member service, for example fewer member complaints and reduced processing times for events such as transfers
• more member communications issued accurately and on time
• fewer assumptions in valuation data
• better administrator performance, for example less time to complete certain tasks
• reduced administration costs
• completed tasks, for example clearing any backlogs
• updated and documented procedures which reduce the risks of errors recurring
• improved data scores, which you should retest once you’ve cleaned the data to show progress

Roles and responsibilities

You need to have appropriate oversight of progress and the quality of the work delivered.

You also need to be available to answer any queries the administrator has as the work progresses.

You should agree roles and responsibilities at the outset. Your plan should set out who will make decisions, such as sign-off for success criteria, or changes to work on the improvement plan.

Document any leeway the administrator has available to them.

You should set out how the administrator will report on progress, when and who to. This should include reporting to you and other relevant parties, such as pension boards, employers or members.

You may need a range of other formal controls in place depending on the complexity of the work. These can include a decisions/action log or a change control log.

Deliver a data improvement plan

You should work with the administrator to put the data improvement plan into action.

Clearly set out the scope of your improvement work, particularly:

• which data is included
• membership types included
• how far back your improvement work will go

You may need to take a phased approach if:

• there’s a lot of work required
• it’s particularly complex
• your budget requires it
• your objectives need prioritising
• the risks you want to mitigate need prioritising

You should prioritise data which will have the greatest effect on member benefits. Other factors you should consider include:

Data type

Personal information, which will improve your ability to communicate with members.

Specific data item which is a frequent cause of complaints.

Member type or profile

Pensions in payment first.

How close members are to retirement.

Data source

Largest employer first (in a multi-employer scheme).

Scheme event

The data you need for certain scheme events such as issuing benefit statements or valuations.

Return on investment

Issues which have the greatest impact on running costs.

Technical solution

Bulk automated resolution.

Quick wins

Known data issues which are relatively easy to fix.

Improvement work doesn’t end when the data is clean. Make sure the data is fed back into systems. Work with the administrator and employer on follow-up activity such as:

• updating payroll systems and member records
• communicating with members
• correction work, such as sorting out payment errors
• capturing and documenting changes to data and processes so future administration teams know what’s been done
• embedding new processes and working methods to make sure improvements are maintained

Ongoing data improvement

Improving data should be a continuous process, not a one-off exercise.

Your monitoring of data shouldn’t end once you have delivered the improvement plan. You should regularly check the data you need to run an efficient and effective scheme, and make sure data is managed well on a day to day basis.

Improve data quality

There are lots of ways you can improve data quality. This includes:

• reviewing your administrator’s performance
• making sure the administrator validates data effectively
• making sure the employer provides timely and accurate data

Review administrator performance

You should have a robust contract with the administrator. You should review your administrator’s performance against the contract on a regular basis.

You should also have service level agreements (SLAs) with the administrator. These should include metrics relating to the time, quality and accuracy of key record-keeping tasks.

Your administrator should report how they are performing against the SLAs. If the administrator does not meet the SLAs you should ask them to explain why and what they are doing to fix the problems.

The contract may set out what happens if SLAs are not met. This may include financial penalties.

If the contract or SLAs don’t seem adequate you may need to renegotiate them.

It can also be useful for both you and your administrator to put measures in place to receive feedback from members about the administration service. Member experience is a useful measure of quality.

For more information on reviewing administrator performance, see our administration guide.

Validating data accuracy

It’s important that data is accurate. You should know how the administrator makes sure of this.

The administrator should have procedures in place that cover quality assurance. They should be well documented and clear, so any changes in personnel don’t affect the service.

You should make sure your administrator keeps procedure manuals up to date and relevant to the needs of the scheme.

Well-documented procedures will aid a smooth transition if you change administrator. You may wish to check if your administrator follows the PASA Code of Conduct on Administration Provider Transfers.

The administrator should carry out suitable checks and peer reviews as part of the scheme’s administration procedures. You should be happy that these are enough to minimise the risk of errors.

Work with the employer

The employer needs to provide accurate and timely data, so the administrator needs to work well with the employer’s payroll function. Effectively maintaining and transferring data can save money.

You can support the administrator by working with them to set up and maintain processes with the employer, and by helping the employer to understand their role. This could include inviting someone from payroll to board meetings that the administrator attends.

What the employer needs to provide

The employer should provide the following data as and when changes are registered:

• contribution details
• joiners and leavers
• changes to members details, including addresses

Data should be transferred between the employer and administrator electronically wherever possible.

Validation should be built into the process to minimise the risk of human error, and so that data errors are quickly identified. This applies to all data supplied by the employer.

Manage risks to data security

Pension schemes hold significant amounts of valuable data and large volumes are often transferred to and from the employer and advisers. As a trustee or someone running a public service scheme you need to put controls in place to ensure the security of member data.

This will help protect you against fraud and meet your duties under data protection law. It’s vital that their benefits aren’t put at risk because of poor controls on scheme data.

Measuring risk

Your internal controls for measuring and mitigating risks to the scheme should include a risk register. You should record both known and potential risks. You should measure these and use them as indicators to make risk-based decisions.

You should perform risk assessments every year to identify whether your security procedures, systems and internal controls are fit for purpose. Do they prevent and detect errors, and will they help mitigate new risks?

Risk management is an ongoing process. You should continually review exposure to new and emerging risks to data security.

General Data Protection Regulation (GDPR)

You need to make sure that member records are complete and accurate, and you put controls in place to make sure member data is secure. This is needed so you can meet your duties under GDPR.

You should work with your administrator to make sure that the right controls are in place. These may include:

• making sure you and your administrator are trained in the principles of GDPR
• ensuring you report any data breaches and you receive reports of breaches from your administrator
• taking steps to ensure the quality of data is continuously improved
• ensuring that appropriate security measures are in place for staff that can access scheme and member records
• ensuring that appropriate security measures are in place where you provide members with online access to their pension
• considering what controls you need on the use of social media

Pensions UK has produced a GDPR made simple guide to help schemes understand GDPR and its rules.

The Information Commissioner’s Office also offers information and updates on GDPR.

Cyber security

You should take steps to protect scheme members and assets from criminals. This includes protecting them against cyber risk.

Cyber risk is the risk of loss, disruption or damage to a scheme or its members due to its information technology systems and processes failing. It includes risks to information – data security – as well as assets, and both internal risks from staff, and external risks from hacking and computer misuse.

You should have an incident response plan in place to deal with incidents and enable the scheme to swiftly and safely resume operations. Make sure you also understand your third-party suppliers’ incident response processes.

You should take steps to build your ability to assess and minimise the risk of a cyber incident occurring, and to recover when an incident takes place.

Work with all relevant parties to define your approach to managing this risk. This includes in-house functions, third party service providers and employers.

You should have an effective system of governance in place to minimise potential security risks. These internal controls should be proportionate to the size, nature, scale and complexity of the scheme’s activities and the data it holds.

Procedures like this allow you to maintain accurate and up to date member data and keep it secure.

If you’ve outsourced the management of scheme data, you need to understand what systems and controls your administrator is using. You should have data security as part of the service level agreement in their contract.

For more information, see our cyber security guidance.

Business continuity planning

You should have a business continuity plan in place. This sets out the actions to take if certain events occur that affect the running of the scheme.

If your scheme is very small and administration of it isn’t complex, the business continuity plan can be very simple. However, the risks are likely to be the same as those faced by larger schemes.

Without adequate continuity planning, an employer insolvency can interrupt the ability to carry out essential functions – read the Pension Protection Fund guidance on issues you should consider as part of risk management.

If you use a third-party administrator, you should understand your provider’s business continuity arrangements. You need to be confident that they reduce any risks to member data and benefits. Their plans should cover the winding-up of their own business.

Take time to understand where the liability lies if processes are interrupted or a breach takes place.

Disaster recovery

The business continuity plan should ensure that where there’s physical damage to the administrator’s premises:

• data will continue to be available and accurate
• core scheme financial transactions can continue to be processed accurately and promptly
• computer hardware and software will be maintained
• records are secure and retrievable
• data will be regularly backed-up and tested

Make sure the administrator:

• reviews the plan at least annually to reflect any changes to staff, roles, scheme membership, service providers or systems
• tests the plan regularly to make sure it works in practice
• provides a written declaration confirming that the business continuity plan is up to date and when it was last tested