Pensions: what's new this week - 18 December 2023

Neil Bowden, Andy Cork, Jane Higgins, Jessica Kerslake, Helen Powell, Angela Stafford
Allen & Overy LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Allen & Overy LLP

Welcome to your weekly update from the Allen & Overy Pensions team, covering all the latest legal and regulatory developments in the world of workplace pensions.

This week we cover the following topics: This week we cover the following topics: TPR updates cybersecurity guidance; TPR sets out its expectations on corporate M&A; PPF finalises levy rules for 2024/25; PASA digital Jargon Buster – Generative AI and Large Language Models; Next edition of WNTW: 8 January 2024.

TPR updates cybersecurity guidance

The Pensions Regulator (TPR) has updated its guidance on cybersecurity (last published in April 2018) setting out practical steps for schemes to take to meet TPR’s expectations in the forthcoming General Code.

TPR is now requesting that trustees and scheme providers report significant scheme-specific cyber incidents to it as soon as reasonably practicable, to help it build a better picture of the cyber risk facing the industry and its members – this voluntary reporting would be in addition to ICO reporting requirements and is wider than the previous request to report incidents that could have systemic effects such as attacks on administrators. Incidents should be reported at report@tpr.gov.uk. Urgent reports should be marked as such, and any associated breach of the law (for example, failure to process core transactions promptly and accurately) should also be reported.

Other key points to note include:

  • Schemes should not assume that their suppliers and system providers/managers have implemented the right controls, since they retain accountability. Cyber security should be an active consideration in supplier selection and appropriate metrics should be established for monitoring.
  • Schemes should ensure they know who is legally responsible for data following a change of third-party supplier such as an administrator or IT provider. They should understand how long the former supplier will hold scheme data, where the data will be held and how it will be protected.
  • The guidance includes a list of the key controls TPR expects to see in place in areas such as prevention (staff engagement and training, data security and technical controls), detection and incident response planning. The section on incident response planning is significantly more detailed and advanced than previously, reflecting practical lessons learned.
  • TPR also expects schemes to consider the incident response plans of third parties, and how these cover the scheme’s data and core systems and services.

Read the guidance.

Read the press release.

TPR sets out its expectations on corporate M&A

The Pensions Regulator (TPR) has published the text of a speech recently given by its Chief Executive, setting out its supervisory expectations and approach relating to the protection of pension schemes during merger and acquisition transactions. The key point to note is TPR’s expectation that, despite the non-arrival of the proposed new notifiable events regime, parties to M&A activity should engage with TPR as if those events were in place already.

TPR’s key message is that it is ‘not here to prevent mergers and acquisitions (M&A) transactions’, but to make sure savers’ interests are protected. It notes that some businesses may be more attractive to M&A activity due to improved scheme funding (TPR estimates that over 80% of schemes are now in surplus on a technical provisions basis, compared to around 50% at the start of 2022). In that context, TPR expects ‘outgoing and incoming executive management teams to support trustees to implement a robust funding plan… underpinned by cash and or tangible security with proven value, which ensures members’ benefits will be paid in full, on time and when contractually due’.

TPR underlines the importance of early engagement between corporates, trustees and regulators. Despite significant uncertainty regarding the introduction of proposed new notifiable events for early notification of M&A activity, TPR still says that the government ‘will bring forward final regulations in due course’. However, it says that ‘in the meantime, we would expect that the trustee reaches out to us. And we talk directly to employers, group companies, third-party purchasers and banks’.

This appears to indicate that TPR expects trustees and other parties to interact with it as if the proposed notifiable events were already in place. One key issue with the proposed new regime is the potential for delaying commercial activity; TPR says that it can respond quickly to meet commercial deadlines through this process, but that ‘solutions should not be presented as a done deal’.

By way of reminder, the notifiable events proposed for the new framework, as set out in the 2021 consultation, were, broadly:

  • Sale of material part of the business or the assets of a sponsoring employer
  • Granting security giving other debt priority above debt to scheme
  • Sale of a controlling interest in a sponsoring employer

However, the details of these events remain unclear, and TPR now appears to be suggesting a more principles-based proactive engagement by corporates and lenders, not only with trustees but directly with TPR in cases that could fall within these broad areas. Since the introduction of the PSA21 criminal offences, parties have often been prepared to satisfy themselves in practice that there is no detriment to the scheme, or that detriment has been mitigated, but parties may now feel a greater need to comply with TPR’s expectation to inform it of proposed M&A activity.

Read the speech.

PPF finalises levy rules for 2024/25

The PPF has announced its final levy rules for 2024/25, including a 50% reduction in its target levy collection to GBP100m, the lowest level set to date. Almost all schemes are expected to pay less levy as a result. The levy methodology remains broadly unchanged and the government is looking at legislating when parliamentary time allows to enable further levy reductions in the future.

The Levy Scaling Factor is confirmed as 0.40 and the Scheme-based Levy Multiplier is confirmed as 0.000015. The risk-based levy cap is set at 0.25 per cent of scheme liabilities. The PPF will use two credit rating agencies’ ratings in the levy (S&P and Fitch), but this is expected to have limited impact on schemes.

Read the policy statement.

PASA digital Jargon Buster – Generative AI and Large Language Models

The Pensions Administration Standards Association (PASA) has published an updated version of its digital Jargon Buster, with a focus on new terms explaining recent technological advances, together with examples of where and how these tools can be used in a pension scheme context (such as communications, automated reminders and process simplification) and some of the risks that should be considered.

Read the Jargon Buster.

Next edition of WNTW: 8 January 2024

This is our final edition for 2023. We hope you have a peaceful and restful break; What’s New This Week will return on 8 January 2024.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Allen & Overy LLP | Attorney Advertising

Written by:

Allen & Overy LLP
Allen & Overy LLP
Contact
more
less

Allen & Overy LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide