COVID-19

Home COVID-19

Update from The Pensions Administration Standards Association – COVID-19 cybercrime spike

TPR have issued general guidance to pensions scheme concerning some extra steps which they should take during the current COVID-19 heath and economic emergency. The guidance can be viewed in full here.

It states that ‘We expect trustees to have appropriate monitoring and contingency planning in place and to be alive to risks that would have a significant consequences for their scheme and members.’ and states that ‘We are currently engaging with key administrators to understand their current preparedness.’

Since the current crisis started escalating there has been a real spike in cybercrime attacks. Cybercriminals have taken advantage of the growing demand for information by loading malicious software into tracking maps, government reports and health fact sheets. New websites with variations on ‘coronavirus’ in their internet addresses have also exploded, with many of them masking online scams. Some cybercriminals clearly think that ‘all their Christmases have come at once’ – an anxious population, vulnerable people at the highest risk, excessive demand for goods no longer in stock, and masses of disinformation awash on social media. All of this equates to a massive opportunity to prey on people and attempt to defraud them while they are at their most susceptible.

Phishing attacks have increased, seeking to exploit anxiety about the virus and bogus websites purporting to offer information about the progress of the virus, its symptoms and how to protect yourself against it. This has been compounded by organisations setting up new ways of remote working at a pace which does not always allow effective cyber security arrangements to be put in place. It is also the case that some organisations do not have an adequate level of visibility of their third-party suppliers of technology-related services, or enough knowledge of the extent to which they are properly protected or not.

In this context, I felt it was right that I should remind PASA members of some steps they should be taking. There is a short 5-minute webinar which you can watch here.

I hope this is helpful. The CFWG will be working hard to develop guidance and standards around both cybercrime and fraud and you will be hearing more about this shortly.

Kind regards,

Jim Gee

 

Chair of the PASA Cybercrime and Fraud Working Group

Partner and National Head of Forensic Services at Crowe UK LLP

Visiting Professor and Chair of the Centre for Counter Fraud Studies at University of Portsmouth

Update from TPR

On Friday 20 March, TPR published an update to its Covid 19 statement for trustees, employers and administrators – you can read the update here.

Key points

  • Schemes will need to prioritise, and the biggest priorities are likely to be to be to pay benefits, continue employer contributions and minimise the risk of scams
  • TPR acknowledges that some administrative breaches of the law may occur and states that it will maintain a proportionate and fair approach to any action it may take
  • Trustees should assess their business continuity plans and those of their administrator and confirm priorities in the event of under resourcing
  • Members are likely to want to transfer, putting them at greater risks of scams
  • TPR understands that many non-critical trustee and member services may be affected, for example administrators may have to delay responding to member queries or producing annual benefit statements
  • Trustees and administrators should report to TPR immediately if they believe they will be unable to pay members’ benefits
  • TPR will take a proportionate and risk-based approach towards enforcement decisions, in light of these challenging times, with the aim of helping to get employers back on track and supporting both employers and savers.

If an employer makes a request to suspend or reduce contributions

DB trustees whose sponsoring employer is at risk, or has asked them to reduce or suspend their scheme’s deficit repair contributions, are directed to TPR’s page on corporate distress.  This page sets out:

  • Questions related to COVID-19 to ask your scheme’s sponsoring employer
  • Issues and principles to keep in mind when considering DRC delay requests

TPR’s plans

It is:

  • temporarily suspending all its regulatory initiatives.
  • postponing the publication of its Corporate Plan, its long-term strategy, and its consultation on bringing together its codes of practice to form one single code
  • all scheduled events have been cancelled or moved
  • keeping its  DB funding consultation open, but will review timings in the coming weeks.
Send us a message