Just as the unexpected can disrupt our personal lives, unforeseen events can disrupt businesses. You only have to look at the Covid-19 pandemic to see how something that could not be predicted a year ago is having a massive impact on firms’ ability to go about their usual business. Who would have thought that virtual meetings and working from home would have been possible to the extent that they have been this year?
Financial services firms such as workplace pension providers are heavily reliant on technology to deliver their products and services. Therefore, they need to have processes in place to protect them if something happens to disrupt their IT systems or puts the security of the data they hold at risk.
Examples of disruptive events can include the transition to upgraded technologies, untriggered events (such as Covid-19) or a cyber-attack. As well as preventing these kinds of things from happening in the first place, preparing for the unexpected means firms can limit the damage caused by such events to customers, the business and the wider market – while recovering from them quickly.
It is very reassuring to see that the workplace pension providers in our analysis are all well placed to continue running as ‘normal’ during these times. For all providers at least 95 per cent of their staff are able to work remotely, which would have helped maintain ‘business as usual’ during the recent Covid-19 related national lockdown.
Our data also shows that staff who are working remotely can do the majority of their role away from the office. Most providers say remote workers can do 100 per cent of their job but even at the lowest end of the spectrum, remote workers at Aegon and Legal & General can still do 90 per cent of their roles from home.
However, most providers acknowledge that there are some duties that staff cannot do while working remotely due to a disruptive event – known as a ‘triggered event’. Dealing with traditional post is mentioned frequently as an example of something that staff cannot do remotely. Other tasks that need staff to be present in the office include physical security, mailroom scanning and cashing cheques.
Only Aviva, Hargreaves Lansdown and Salvus say staff can do everything they need to while working remotely.
Not surprisingly, all providers have a business resilience policy and plan covering loss of availability, integrity and confidentiality. There is an even split between providers who review their policy and plan annually, and those who do so bi-annually. Only Standard Life deviates from this by reviewing its policy and plan more frequently on a quarterly basis.
However, it is not enough to have processes in place that are reviewed – they also need to be tested regularly to make sure they are adequate and identify if improvements need to be made. The whole point of a firm’s IT resilience and continuity plan is to strengthen the business and minimise disruption to all aspects of the business if an incident did happen.
All providers also have access to alternative premises if they can’t use their usual premises and the vast majority are happy to state the name and position of the person who is responsible for business resilience/disaster recovery in their organisation.
If a triggered event happens, all providers will notify the Financial Conduct Authority or The Pensions Regulator, but exactly how they do this varies. For example, Aegon, Legal & General and Scottish Widows will report it to their usual contacts at the regulatory bodies. Hargreaves Lansdown assesses the situation before acting within the regulatory guidelines, while Royal London’s risk management process ensures the regulator must be notified within 72 hours.
Looking specifically at how long after the event providers will notify the regulatory bodies, there is not much difference between the number of providers who take one day and those who take up to one week.
Those who take one day have a slight majority, perhaps suggesting that overall, companies prefer to act swiftly in dealing with disruption and the regulatory requirements that result from it.
As we enter our second national lockdown this morning, at least we can have piece of mind that our pension providers are working very hard to ensure that we are affected as little as possible.