Anthony Rafferty, Managing Director, Origo, sets out below 3 key technology issues he believes will affect the occupational pensions market in 2021.
In 2020 use of technology in financial services moved on considerably, not because of advances in technology (although they were happening) but because the pandemic forced companies to work in ways they may not have considered implementing for another five years or so; digital plans were accelerated almost overnight.
Moreover, businesses found that those new ways are not only viable but also often delivered benefits for their businesses. The world has shifted several steps on in the adoption of online and digital services. But there is so much more that can be achieved and we expect continued progress in 2021.
Through the work we do at Origo, we see three key areas affecting the financial advice market in 2021 – these include a major threat but also numerous opportunities for firms to become more profitable and offer their clients better service.
1. Cybercrime will become a greater threat in 2021
Cybercrime has been rising rapidly up the priority list for financial services firms with more and more companies realising the very real risk that exists to their business. Instances of companies being hacked, losing data, and of financial fraud are multiplying. Cybercrime has become highly profitable for criminal businesses so we can expect it to proliferate in 2021.
As far back as June 2019, David Fairs, Director of Regulatory Policy, Analysis and Advice at The Pensions Regulator was warning pensions providers and administrators: “It’s not a case of if you will be attacked, it’s a case of when.”1
The first step in protecting against cybercrime is to understand the risks – TPR2 and PASA3 have issued guidance around the threat to pensions schemes and administrators from cybercrime and the need to increase cybersecurity.
Then to put in place appropriate controls, particularly for inward and outward communications, which will include technology solutions such as system protection and encrypted emails, formal processes and procedures, staff awareness and training.
Cybercrime relies on collecting and collating information on target companies and individuals within them, which is later used in a targeted attack or to gain further information to mount such an attack.
Cybercriminals are becoming ever more resourceful and often it is the simplest means and the weakest link which is targeted. Email is both ubiquitous and vulnerable and so it is a primary way for criminals to obtain the information they need and to infiltrate companies’ systems.
Unsecured email is vulnerable to hacking and email phishing is described as “the most successful and dangerous” of cybercrimes, with research showing that 91% of all cyber-attacks start with a phishing email3.
A basic step in cybersecurity for pension providers, schemes and administrators, therefore, is to put in place a secure email service. This should use military grade encryption, have an identification process to ensure only the authorised recipient can open the email, and an audit trail to provide compliance support.
2. Pensions dashboard will focus minds on data
The Pension Dashboard Programme published two key document towards the end of 2020, the first confirming the schedule for dashboard implementation and the various stages along the way; the second, establishing high level data requirements for pension schemes and administrators (mandatory, conditional and optional) in order to deliver the required information back to consumers. This will include an estimated retirement income.
There have been plenty of signposts for schemes and administrators along the dashboard path regarding the need to assess and where necessary, address the quality of policyholder data – including from pensions minister Guy Opperman.
The latest document leaves schemes and administrators with a choice – put off tackling the assessment and/or any problems until 2022 when it will become an issue, or start addressing the process now, with full buy-in from senior management and trustees, so that it does not become a business issue, and potentially a reputational issue, further down the line.
While appreciating differing levels of resource between providers, the very real necessity to have data that can be matched by the dashboards Pension Finder Service with an individual’s pensions savings as providers are onboarded to the Dashboard , we recommend starting work now.
3. A greater move to smarter/digital ways of working
The pandemic has thrown into sharp relief where the industry’s processes are lagging behind the times. This was brought home to me personally earlier this year when instructing a new financial adviser and going through the Letter of Authority process.
What became apparent was that there was no consistent way of working within the industry, both in requesting information and what was received back in terms of detail and format, and so much of it was paper based. This was exacerbated by the pandemic but it is clearly not what consumers expect two decades into the 21stcentury.
For the industry to develop and better serve its end customers, it has to embrace more openly digital processes and confine paper to the past wherever possible, and sooner rather than later. The good news is that in many cases there are solutions coming to or already in the market – digital Letter of Authority and digital signatures being examples, and it has been encouraging to see the greater adoption of digital signatures by platforms and providers during the pandemic.
There is an imperative here for the industry, as consumers have become far more online savvy and have had their expectations raised by services such as Amazon Prime’s next day delivery. While no-one is expecting financial services companies to compromise security and sound due diligence, there are areas where the end customer experience can be improved, sometimes greatly, by the adoption of digital processes.
1&3 https://www.pasa-uk.com/cybercrime-guidance-november-2020/
2 https://www.thepensionsregulator.gov.uk/en/document-library/regulatory-guidance/cyber-security-principles-the-pensions-regulator
