Issues affecting all schemes
The Institute and Faculty of Actuaries (IFA) has published a paper on pension scheme cybercrime risk
The paper ( click here) describes these risks in detail (e.g. ransomware attacks; data breaches; theft of assets and disruption to service) including the types of loss schemes and their sponsors may be exposed to. It also addresses how to manage these risks and who is responsible for managing these risks.
In order to manage cybercrime risks, the paper states that trustees should consider their own personal cyber hygiene, third party assessment, cyber insurance and incident management.
With cybercriminals becoming more and more sophisticated, it's important that trustees and employers understand the types of cyber risks their scheme could be vulnerable to as well as how to manage these risks.
Trustees are ultimately responsible for managing these risks and ensuring that adequate internal controls are in place to address and keep cybercrime under review.
In addition, the Pensions Administration Standards Association (PASA) have launched guidance ( click here) which aims to help pension scheme administrators by outlining four key areas covering different elements of cybercrime:
- meeting legal and regulatory standards,
- understanding their organisation's vulnerability to cybercrime,
- ensuring resilience, and
- remaining able to fulfil critical functions in the case of an attack.
Action
Consider IFA paper and liaise with administrators about PASA guidance.
Climate Change update including the Joint Government-Regulator Task Force on Climate-related Financial Disclosures (TCFD) Interim Report and Roadmap
The UK has announced its intention to make TCFD-aligned disclosures mandatory across the economy by 2025, with a significant portion of mandatory requirements in place by 2023. The interim report ( click here) and accompanying roadmap ( click here) set out an indicative pathway to achieving that ambition.
The outcome of the DWP's consultation on mandatory governance and reporting requirements for UK pension schemes is awaited. The DWP is proposing that this reporting follow the 11 recommendations of the global TCFD which cover governance, strategy, risk management and accompanying metrics and targets. It hopes these mandatory TCFD-aligned disclosures will allow trustees to better demonstrate how consideration of climaterelated risks and opportunities is integrated into their governance and decision-making processes. For more information see our August 2020 Pensions Brief ( click here).
Timing under the roadmap for imposing reporting requirements on occupation pension schemes reflects those set out in the DWP's consultation. Under the roadmap, regulatory or legislative measures on mandatory TCFD-aligned disclosures are expected in 2021 for occupational pension schemes with assets under ownership of more than £5bn, as well as all master trusts and all authorised collective money purchase schemes. As of 2022, all occupational pension schemes with assets over £1bn will be bought into scope. All other UK-authorised asset managers, life insurers and FCA-regulated pension providers will be bought in in 2023, with regulation and legislation for all other occupational pension schemes expected in 2024-25, although this will be subject to further consultation.
In addition to having to report on their environmental, social and governance (ESG) policies, occupational pension schemes will also have to report on their carbon footprint.
Action
For noting.
Pension Schemes Bill 2019-21 update
The Bill had its third reading in the House of Commons on 16 November 2020 and was reported with amendments. It will now return to the House of Lords for consideration of the Commons amendments which should be the final stage. A date for the House of Lords to consider the Commons amendments is yet to be set.
The Bill is expected to become law before the end of 2020.
Action
For noting.
To read the full article click here
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2020. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
