Technological advances could mean pensions administration is about to become a lot sexier, but while cyber security evolves humans still need education if the industry is to protect pensions data and money.
Pensions administration has been catapulted to the fore with the EU’s General Data Protection Regulation and staggering figures associated with pensions fraud cases; Action Fraud recorded 2,909 reports between April 2014 and May 2017, totalling losses of £43.9m.
Cold-calling is yesteryear, scammers have already moved on
Michelle Cracknell, TPAS
At a Pensions Management Institute event held in London this week, Tim Phillips, head of pension markets at mastertrust Smart Pension – which he defined as a fintech company – stated that pensions administration was “ready for a sea change”.
The driver for this, he said, is technology. Phillips stressed the advantages for pension providers of harnessing technology, saying that “when technology is done well”, it can improve member engagement and experience, as well as operational efficiency.
Web chat can replace phone
Phillips said it was “ridiculous” there are not more providers that offer an app to members allowing them to access their pension information from their mobile phones.
Member experience can also be improved by using web chat, he said, noting this as an area where Smart Pension is seeing a lot of online traffic; administrators can have several chat boxes open on their screen and deal with multiple inquiries at once.
One step further is that this can be supported by machine learning tools. Rather than having a human at the other end of the web chat, members could be speaking to artificial intelligence, where the answers to some frequently asked questions are available. The learning mechanism means the robot can also start to predict questions the members will ask.
The future could even see more use of so-called voice biometrics, according to Phillips, where members’ voices are analysed according to the questions they asked and even the mood they are in – giving data on how many members were angry when they phoned up, for example. This could help administrators decide which part of the process to invest in.
Can your scheme ward off a cyber attack?
Better technology should also be able to better safeguard the data that administrators hold and which are continuously under attack, said Phillips.
Cyber security is becoming a key concern for pension schemes. Giving an example, Chris Parrott, head of pensions at Heathrow Airport Holdings, said his scheme’s member site has seen several attempted attacks by a group that calls itself the Anti-Isis League.
Third-party administrators might be better placed to ward off such attacks than individual schemes. Consultancy Barnett Waddingham employs two hackers to try to break into the company’s systems, revealed head of pension administration Paul Latimer. This allows the firm to identify weak points and improve security in these areas.
He advised trustees to “look at all your providers” and ask them crucial questions about the safety of data, noting that “GDPR is really focusing the mind”.
Humans are the weakest link
Educating the workforce is also vital, particularly when it comes to ‘phishing’ and ‘whaling’, where employees – and in the case of ‘whaling’, senior managers – are targeted by often very genuine-looking emails to click on a link, make a bank transfer or reveal other sensitive data.
However, the strongest cyber security and processes will fail to protect members if they choose to give information to someone they perceive to be trustworthy, but who turns out to be a fraudster.
Michelle Cracknell, chief executive of the Pensions Advisory Service, pointed out the difficulty of spotting a scam. As a result, one of the biggest problem areas is, perhaps surprisingly, recommendations made by friends and family.
Another issue, she said, was the fact that many schemes that are “very smelly” are legal schemes.
“We aren’t going to be able to stop them,” she said, but recommended that where trustees suspect something untoward, they should use a third-party provider to approach the member about it.
“If people are angry, with their employer for example, for them the trustees and the employer are all the same people,” she argued, therefore any information coming directly from trustees might not achieve its aim.
Cracknell, who said she got cold-called herself, welcomed the scheduled ban on the practice. However, she said that “cold-calling is yesteryear”.
“Scammers have already moved on,” she added, with many having started to contact people via social media.
