Welcome to our Pensions Blog

Hi and welcome!

We would like to introduce you to our new Pensions Blog. This is a tool for all of our clients, friends and admirers in the pensions industry to exchange ideas, knowledge and opinions as they see fit. We would like the Blog to be as open and transparent as possible. As such, we recognise that people may be more comfortable posting comments where they are able to keep their identities confidential. You will therefore have the option to adopt a user name when you initially register on the Blog.

Subject to some light-touch oversight from Big Brother (i.e. us), we invite you to post as many questions, comments and observations as possible. There is no such thing as a stupid question and often the most simple questions can be the most insightful and difficult to answer. If you would like to see other topics of discussion covered on this Blog please post on this page or, if you prefer, e-mail Lee Harding.

Each month, we will be dishing out a free bottle of champagne to the individual who comes up with the best, most original or insightful post.

Enjoy!

Posted by: David Gallagher and Michael Calvert

Oh Darling! Be honest with me!

We know from the April 2009 budget that higher rate tax relief on pension contributions will be abolished for high earners from April 2011. Complicated "anti-forestalling" measures were introduced to prevent clever avoidance schemes in the meantime affecting those with incomes over £150k a year.

More changes were introduced in the Pre-Budget Report on 9 December 2009. The Treasury issued a consultation which closed on 3 March 2010.

As originally announced in April 2009, the restriction of tax relief on pension contributions would apply to those with an income of £150k a year. In the Pre-Budget Report in December 2009, the Chancellor announced his intention that the restriction will apply to those with gross incomes of £150k and over. "Gross income" includes "all pension contributions, including the value of any pension benefit funded by, or eventually funded by, an individual's employer".

The consultation paper makes clear that both employer and employee contributions are to be included in the definition of gross income. In one sense I can see the logic of this – why should an employee earning £140k but with an employer pension contribution of £20k be excluded while an individual earning £160k out of which he makes his own pension contribution of £20k is caught. But the end result is that the tax increase comes in for those on salaries below £150k. The change has the effect of lowering the threshold at which the restriction bites (subject to the £130,000 floor discussed below).

"Gross income" also includes the value of any pension benefit funded (or eventually funded) by the employer – effectively, the value of any defined benefit pension accrued by the individual during the year will be converted into a deemed contribution. The consultation paper seeks views on how to achieve this. Previous tax rules have used a simplistic formula of 20 x pension earned in the year. Without going into the maths here, that will catch basic accrual.

Although the new definition reduces the threshold at which the restriction bites, the Pre-Budget Report also announces that an "income floor" is to apply so that any individual with a pre-tax income (excluding the value of any employer contributions) of less than £130k will be unaffected.

Taxing high earners is, in my mind, a good idea, especially when our public finances are in such a mess. But hiding tax changes in complicated pensions rules damages an industry that is already badly damaged by complex rules and a lack of support from politicians. Darling, I wish you would just be honest with us and increase income tax instead.

Posted by: David Gallagher

There's no point crying over lost data!

Although in mopping up the aftermath, it helps to have a plan. I was talking to Stewart Room the other day, a partner at Field Fisher Waterhouse, who is widely recognised as something of a guru in the field of data protection and privacy. The question I had for Stewart was whether pension schemes really needed to worry about the Information Commissioner's Office ("ICO") now it was being given the power to impose fines of up to £500,000 for serious breaches of the Data Protection Act. Was this something we really needed to worry about or was the dog's bark worse than its bite? What came out of our discussion, was that there were increasing indications that this Regulator really meant business this time.

But as Stewart explained and our briefing note (linked to the side of this blog) explains, all is not lost. There are sensible things which can be done to pacify this potentially dangerous beast. Quite often, organisations spend a lot of time and energy on addressing operational risks associated with the loss of data, whilst ignoring the big picture. What is really needed is not a commitment to designing a full-proof infallible workforce, since to error is human (Did you see what I did there?). The most important thing is to have systems and processes in place, which both minimise the risk of data being lost, as well as limiting the consequences of that loss once it has occurred. For a lot of the people that Stewart meets this is a major learning curve. For trustees of pension schemes it should not be - as it very much follows the Pensions Regulator's risk-based approach to achieving long-term compliance after it discovers inadvertent one-off errors.

But a £500k fine is a substantial amount and some large fines are expected under the new regime. Are you a trustee of a pension scheme or perhaps an employer who has promised to indemnify the Trustees against loss? What do you think about this issue and how do you go about trying to address it?

Posted by: Lee Harding

Tougher on data protection loss and the causes of data protection loss!

From 6 April 2010, the Information Commissioner’s Office (“ICO”) will have the power to impose financial penalties of up to £500,000 for serious breaches of the Data Protection Act (“DPA”). The ICO has published statutory guidance about how it will issue a financial penalty notice. The consensus of opinion is that breaches of the DPA will be treated far more seriously by the ICO in future.

But does this really matter for trustees of pension schemes? It is tempting to view this as relatively low on their list of priorities. Within an increasingly complex legal and regulatory framework, trustees need to ensure good administration and record keeping, continuously maintain and update their trustee knowledge, work closely with auditors, actuaries and other professional advisers in ensuring that pension schemes are sufficiently funded and investment returns managed, as well as maintaining a watching brief on the all important employer covenant.

Although the risk of serious data protection loss might be considered low in some cases, the impact of such loss will often be severe. Handling member complaints, regulatory investigations and possible enforcement action can be stressful, time consuming and professionally embarrassing for trustees, especially where they are confronted by members in their day jobs.

There have been a number of high-profile cases involving the loss or theft of laptops containing sensitive information on pension scheme members. The Pensions Trust, which administers the pension arrangements of more than 4,000 not-for-profit organisations, confirmed recently that a laptop containing confidential data of clients employees had been stolen from an office. The laptop was password protected but was not encrypted. This was a concern for the ICO, which has signalled its intention to take enforcement action in future if it emerges that laptops contain personal data are stolen and are found to have been unencrypted. This is significant because the trustees of pension schemes remain liable for data protection loss even where they outsource the processing of personal data to administrators.

Although trustees face potentially adverse consequences for the serious loss of data, it is unrealistic and impractical to simply stop sharing data. There are sensible steps that can be taken to ensure that risks are minimised and where things do go wrong the damage is limited. In general terms pension schemes, like other data controllers, should operate good, regularly reviewed data security policies in this area.

To help data controllers manage these risks, we have launched “Breach Action”, our service for managing and responding to serious security incidents, including data loss and theft of computer and data proessing equipment. This service is unique and is provided in conjunction with KPMG and RSA, the Security Division of EMC, which provides access to market-leading security consulting and security technologies’ know how, services and products, if they want it. This part of our practice is led by Stewart Room, who is a partner at the firm. He is ranked as a leading individual for data protection by Chambers UK. The Legal 500 says that Stewart’s “data protection and privacy prowess is recognised as being at the forefront of the field”. If you would like to know more about this service, please refer to the Breach Action website.