Trustee Quarterly Update

Budget 2025: Pensions changes

The pensions changes announced in the Budget included a cap limiting the National Insurance contribution exemption under salary sacrifice arrangements, new measures to allow scheme members to benefit from surplus payments, and an announcement on how the inheritance tax regime will operate in relation to pension scheme death benefits.  For more detail see our e-bulletin.

Pension Schemes Bill amendments include section 37 certificate “fix”

The Government has published draft legislation that aims to provide a "fix" for past pension scheme amendments that are at risk of being void due to a failure to obtain a "section 37 certificate" from the scheme actuary at the time.  For more detail see our e-bulletin, but note that it is now no longer clear whether the forthcoming judgment in Verity Trustees Limited v Wood will deal with section 37 issues.  It is possible the parties may wish to avoid a ruling on these issues, as that would have the effect of excluding the scheme from the scope of the “fix”.  

The FRC has announced that it will develop guidance for actuaries in relation to the “fix”.

Parties bringing data protection claims not required to show misuse

The Court of Appeal has held that it is not essential for a party bringing a data protection claim to show that the data was misused (Farley and others v Paymaster (1836) Ltd).

The Court was hearing an appeal against a High Court judgment which struck out more than 400 claims made by police officers for breaches of data protection law. The claims related to an incident in August 2019, in which about 450 annual pension benefit statements containing the personal details of current and former police officers were sent to their out-of-date addresses by the defendant, the administrator of the relevant police force’s pension scheme.

14 of the claimants could show an arguable case that the envelope containing their statement had been opened and the statement read. The High Court had struck out the claims of the other 432 claimants, who had not produced evidence that their statement had been opened and read by a third party.

The Court of Appeal allowed the appeal and remitted the case to the High Court for each claimant’s claim to be assessed on a case-by-case basis.  It held that it was not necessary for the claimants to show that anyone actually read the statements sent to the wrong addresses, nor was it essential for the claimants to prove distress in order to bring a successful claim.

While this decision is a victory for the appellants, it does not change the key principle about class actions: each claimant's loss must be assessed on a case-by-case basis. A class action cannot claim the same amount for each member of the class. This means that (as in this case), the costs of bringing the claim are likely to exceed the modest amount of damages that may be awarded. 

High Court decision on meaning of “State pension age” in scheme rules

The High Court has allowed an appeal by a scheme trustee against a Pensions Ombudsman decision which had concluded that a member was entitled to a bridging pension until age 66 (Spirit (Legacy) Pension Trustee Ltd v Alexis).  The scheme rules provided for a bridging pension that would cease at “State pension age”, defined by reference to “the rules in paragraph 1 of Part I of Schedule 4 to the Pensions Act 1995 (rules for equalisation of pensionable ages for men and women)”.  The trustee argued that this reference was static, meaning that it referred to the legislation as originally enacted in 1995 under which the member’s state pension age (SPA) was 65.  The member argued that the reference was “dynamic”, meaning that it had been altered by subsequent amendments to the original legislation which had increased her SPA to 66.  For more detail see our briefing.

Tribunal upholds £12,500 penalty for failure to complete value for members assessment

The First-tier Tribunal (FTT) has rejected an appeal against the Pensions Regulator’s decision to impose a £12,500 penalty in respect of a trustee’s failure to complete a value for members assessment (New Internationalist Publications Ltd v Pensions Regulator).

Regulation 25 of the Occupational Pension Schemes (Scheme Administration) Regulations 1996 generally requires trustees of scheme providing money purchase benefits to complete an annual assessment of whether member-borne charges and other costs represent good value for members.  New Internationalist Publications Ltd (the “Company”) was the trustee of a scheme to which this requirement applied, but was unaware of the requirement until contacted by the Pensions Regulator about its failure to complete an assessment.  The Company argued that the £12,500 penalty was disproportionate to the size of both the Company and the scheme.  The Company was a not-for-profit company with 12 full-time equivalent employees and a turnover of approximately £1 million.  The scheme had only six members and their total pension savings were less than £100,000.

The FTT upheld the penalty, saying that the Company’s ignorance of the law was not relevant and that the level of the penalty was fair and reasonable.

No duty to carry out due diligence before paying CETV

In a recent determination (CAS-81940-Z2S8) involving a transfer value paid in 2014, the Ombudsman found that there was no statutory or regulatory obligation on the trustees of an occupational pension scheme to provide members with a copy of the Pensions Regulator’s “Scorpion” warning leaflet nor to follow the steps in the Pensions Regulator’s pension liberation fraud action pack (the Action Pack).  The Ombudsman also considered whether trustees who received a statutory transfer value request had a broader duty of care to carry out due diligence beyond that necessary to establish that the member had a statutory right to a transfer value.  The Ombudsman concluded that there is no such general duty, noting that such a duty could potentially conflict with trustees’ statutory duties to pay transfer values in accordance with the timescales specified in legislation.  For more detail see our briefing.

Statutory right to a transfer value: no requirement for member to be an “earner”

A recent Deputy Pensions Ombudsman (DPO) decision has concluded that a member does not have to be an “earner” in order to have a statutory right to have a transfer value paid to an occupational pension scheme (Mrs T, CAS-78486-R9D8).  This decision goes against previous Ombudsman decisions and the generally understood position since the case of Hughes v Royal London was decided in 2016.  For more detail see our briefing.

Complaint upheld over currency conversion rate

The Deputy Pensions Ombudsman (DPO) has partially upheld a member’s complaint regarding the currency conversion rate used in a case where the member’s salary and bonus were awarded in Swiss francs (CHF) but the member belonged to a UK pension scheme (Mr Y CAS-12388-L3Z2).  For more detail see our briefing.

Compensation awarded where retirement decision based on incorrect pension figures

The Pensions Ombudsman has made a substantial financial loss award against a fire and rescue authority as manager of the Firemen’s Pension Scheme 1992 in a case where the authority provided incorrect information to the member about his pension entitlement which resulted in the member retiring earlier than he otherwise would have done (Mr R CAS-84083-M5S5).   For more detail, see our e-bulletin.

Pensions Regulator alert highlights risk of impersonation fraud

The Pensions Regulator has issued an industry alert highlighting the risk of impersonation fraud. Action Fraud has received numerous reports of criminals seeking to exploit security vulnerabilities to gain access to members’ pension accounts.  Methods include:

• hacking members’ e-mail accounts to obtain information which enables hackers to impersonate the member, change the member’s bank details and withdraw funds;
• accessing members’ account information to set up fake pension accounts in the member’s name and move funds to the fake account;
• individuals known to the member accessing the member’s account where it has poor security credentials; and
• deceased members’ pension funds being diverted to an alternative bank account without the next of kin’s knowledge.

The Regulator recommends that scheme administrators should:

• educate members on the importance of online security, encouraging them to ensure their pension account details are up-to-date and to turn on two step verification;
• signpost members to City of London police identity fraud guidance and the Government’s “Stop! Think Fraud” guidance; 
• review existing security measures and read the PASA “Protecting Identities During High Risk Events” guidance; and
• report fraud or cybercrime to Action Fraud.

Consultation on revised enforcement strategy

The Pensions Regulator (TPR) has consulted on a revised enforcement strategy. TPR identifies some of the key differences in its revised strategy as:

• a shift in focus from monitoring outputs to delivering real-world outcomes such as preventing harm, securing redress and building saver confidence;
• focussing enforcement efforts on the issues that matter most and those that pose the greatest risk to savers and the pensions system;
• acting earlier to prevent harm;
• using data to make smarter decisions; and
• optimising how TPR publishes enforcement outcomes and communicates expectations.

New questions on scheme return

The Pensions Regulator (TPR) has announced that new questions will be added to the next scheme return for defined benefit and hybrid schemes.  Schemes with LDI arrangements will be asked to provide details of pre-agreed asset sale plans.  These may take the form of a single fund, a pre-defined portfolio or a ranking structure (“waterfall”).  They will also be required to specify the asset classes planned for sale using a set of asset classes specified by TPR. “Tier 3” schemes (broadly those with section 179 (PPF) liabilities of £1.5 billion or more) will be required to provide a more detailed breakdown of the unquoted/private equity class.

Revised member data guidance

In November the Pensions Regulator published revised member data guidance that consolidates all data-related guidance in one place and sets out the Regulator’s expectations regarding how trustees manage their data.

No levy for 2025/26 and proposed zero levy for 2026/27

In September the PPF announced that it will not be charging a levy for 2025/26.  In November it published its 2026/27 levy consultation.  The PPF is not proposing to charge a levy for conventional schemes provided that, at the point when it sets its levy rules, it has a very high level of confidence that the Pension Schemes Bill measures relating to changes to the levy will become law.  The PPF must set its levy rules before 31 March 2026.  The PPF is still proposing to charge a levy for “Alternative covenant schemes”, ie schemes such as superfunds which do not have a substantive employer covenant.

Government announces plan to abolish PPF administration levy

In September the pensions minister, Torsten Bell, announced that the Government intends to lay amendments to the Pension Schemes Bill to abolish the PPF administration levy.  The PPF administration levy, not to be confused with the pension protection levy, is a specific levy to raise funds for the purpose of meeting the administration costs of the PPF.  The policy intention appears to be that in future those costs will be met from the pension protection fund.

CDC Schemes

Response to consultation on unconnected multi-employer CDC schemes

In October the Government published its response to its consultation on legislation to allow collective defined contribution (CDC) schemes for multiple unconnected employers. A CDC scheme is a type of money purchase scheme that pools contributions into a single fund, with member pensions determined by reference to the performance of the fund as a whole rather than the performance of individual pension pots and individual member decisions regarding how to use their pension pots.  The Government intends to bring legislation into force to allow CDC schemes for multiple unconnected employers to apply for authorisation from the summer of 2026.

Consultation on retirement CDC schemes

The Government is consulting on proposals for a new type of CDC scheme to be used only by pensioner members.  Such schemes would allow individuals who have accumulated a pension pot in another money purchase scheme to transfer their pot at retirement into a collective fund that provides a managed income for life, adjusted annually based on investment performance.  The consultation closes on 4 December 2025.

ICO issues £14 million data protection breach fine:  what are the action points for scheme trustees?

The ICO has fined two companies in the same group a total of £14 million for breaches of data protection legislation that resulted from a cyber-attack in 2023 in which cyber-attackers obtained personal data of over 6 million individuals including millions of pension scheme members whose data was processed by one of the companies in its role as scheme administrator.  The fines were issued for breaches of the UK GDPR requirements for personal data to be processed in a manner that “ensures appropriate security… including protection against unauthorised or unlawful processing” and to implement appropriate measures to ensure a level of security appropriate to the risk of processing, taking into account the risk of unauthorised disclosure of personal data.

Based on the ICO’s determination, we have compiled the following list of key questions which we think scheme trustees be asking themselves in order to identify action points.

• Do we have a cyber-security and data protection policy? If so, do we review it at regular intervals to ensure it remains fit for purpose?
• Do we carry out regular audits of whether our cyber-security policy is being adhered to in practice?
• Do we know whether our scheme administrators are applying the “Principle of Least Privilege”, ie ensuring that accounts and users are granted only the minimum level of privilege strictly necessary for their roles?  Is there anything in our contract with them that requires this?
• What targets do our scheme administrators have responding to alerts that indicate a device has been compromised?  Are these targets contractual?  Are our scheme administrators required to report to us on their performance?
• Do we require our scheme administrators to carry out penetration tests (ie tests carried out to identify vulnerabilities in their systems) and report to us on outcomes and follow-up steps?
• Do we have an “incident response plan” for when a cyber-incident occurs?
• Do our scheme administrators comply with National Cyber Security Centre guidance?
• Do we understand what general contractual obligations our scheme administrators have in relation to cyber-security and data protection?

PASA guidance on use of AI in pensions administration 

The Pensions Administration Standards Association (PASA) has published guidance on the use of AI in pensions administration.  Examples of possible uses of AI include the use of chatbots to handle common enquiries, automation of routine forms such as change of personal details, and production of draft benefit specifications from scheme rules.  The guidance stresses that high quality data is essential when using AI, as it affects how AI learns and its accuracy.  The guidance highlights potential risks with AI, for example that administrators may overestimate AI’s capabilities and therefore fail to provide the necessary human oversight.  The guidance also suggests questions for trustees to ask their scheme administrators about AI use, though these are quite high level.

We have already seen examples of administrators seeking to record trustee meetings so that they can then use AI to scan the recording to produce the minutes.  Such an approach carries legal risks.  For example, the recordings might have to be disclosed in court proceedings where someone is seeking to challenge a trustee decision.  There is also the possibility that recordings of discussions about a specific member may need to be disclosed if the member makes a data subject access request under data protection legislation. 

PASA Dashboards Working Group publishes toolkit on use of warnings and unavailable codes

The PASA Dashboards Working Group has published a toolkit on the use of “Warning” and “Unavailable” codes.  These codes are intended for use where value data can’t be immediately updated to reflect a change in a saver’s circumstances.  The toolkit is intended to ensure consistency in how these codes are used.

SPP concerned scheme administrators could be caught by tax adviser registration requirements

The Society of Pension Professionals (SPP) has expressed concern that draft Finance Bill measures requiring tax advisers to register with HMRC could catch pension scheme administrators. Scheme administrators do not appear to be the intended target of the legislation, but the definition of tax adviser includes a person who provides “assistance with any document that is likely to be relied upon by HMRC to determine” another person’s tax position.  This broad wording could catch activities such as providing information about relevant benefit crystallisation events.  The legislation is currently still in draft, so it is possible that the wording could change before it is enacted.

Pensions Commission’s interim report to be published in Spring

In a speech in October, a member of the Government’s Pensions Commission announced that the Commission is due to publish an interim report in Spring 2026.  The Commission is due to make recommendations to the Government regarding the long-term future of the UK’s pensions system, focussing on the issues of adequacy, fairness and sustainability.

APPT updates sole trustee code

The Association of Professional Pension Trustees (APPT) has published an updated version of its code of practice for professional corporate sole trustees (PCST).  The revised code will take effect from 1 January 2026.  The updated code includes:

• expanded due diligence requirements for accepting a new appointment, eg putting processes in place to enable the transfer of historic scheme knowledge from outgoing trustees;
• additional requirements relating to advisers and service providers, for example stipulating that PCST firms must not rely on professional advice provided by themselves or affiliate firms; and
• more specific requirements for procedures to provide oversight of PCST fees where these are payable from the scheme and the PCSP is responsible for approving its own invoices.