Autoenrolment is a success. A very small percentage of employers are
initially failing to comply with the law. Approximately 6.5% to be
exact. Not bad, given that well over 1m employers are now running a
pension scheme.
But did you know that approximately 65% of all SMEs perform ongoing
AE duties themselves in-house and that 80% of all SMEs do not suffer any
costs for meeting their ongoing duties? (Source : “Employer automatic enrolment ongoing duties survey 2018 (Published March 2018).”
This feels like a minor miracle. How did it occur? Several reasons:
- It’s the law. 93.5% of business owners respect the law (the
remaining 6.5% get served a Compliance Notice, then 50% of those get
served a Fixed Penalty Notice, and then 25% of those 50% of the 6.5% get
served an Escalating Penalty Notice... and then they respect the law).
- The DWP and TPR and NEST are doing a good job. NEST have dominated
the provision of pensions to the SME market. They had the resources and
the remit to get the job done, and never turned an employer away. A
majority market share rarely seems like a good outcome but in this case
it very much looks like HM Gov thinks it’s better to have all eggs
saving into in one NEST than not saving at all. (Apologies for the pun).
- Technology (in the form of payroll software upgrades, pension
provider portals and integration-APIs) has helped the smaller employers.
Technology is the telling factor. It’s the unsung bit, generally
speaking. There’s no way automatic enrolment could have been successful
thus far without internet technology: no direct access to pension
provider portals for example. There’s no way AE would work without
payroll software and benefits-middleware streamlining the assessment
calculations and tax arrangements. Increasingly, technology is being
used to make the fiddly bits of AE even easier: 100,000 employers are actively benefiting from NEST integration; payroll software is able to automate manual data loading via direct integrations like Sage’s own Pension Data Exchange, or via intermediaries such as pensionsync.
So AE is a success. Done and dusted, right?
Probably. But there are a few aspects of autoenrolment which need some ongoing attention.
Firstly, no one knows whether the hundreds of thousands of SMEs who are administering their own pension are remaining compliant.
Initially, to avoid being sent a Compliance Notice, an SME needs to
submit a Declaration of Compliance within 5 months of their staging
date. That’s all. There’s precious little ongoing monitoring of SMEs
thereafter. Pension providers should be monitoring whether or not an SME
submits the minimum contributions required by law, and then reporting
to The Pensions Regulator any SME who fails to maintain contributions.
But autoenrolment compliance goes deeper than just submitting
contributions. The only real way to determine if an SME is failing to
remaining compliant is if The Pensions Regulator audits them in a spot
check, or if an employee blows the whistle.
Thinking about the sheer size of the SME autoenrolment market, it’s
more likely to be the risk of employees blowing the whistle, than a
spot-check by the regulator, which motivates employers to stay on top of
their pension duties.
Autoenrolment is complex legislation and for many SMEs there is a lot
of new terms and new rules to learn. Eg Who is assessed, and by what
criteria? Are staff communications being sent out? What needs to be done
for cyclical re-enrolment? Are the contributions being calculated
accurately, especially with regard to the pay arrangements?
Its entirely possible for an SME to think they are compliant when in fact they are not.
Technology is the only hope the majority of SMEs have of being able
to actually maintain compliance. Good technology will support the SME
through re-enrolment, creation of accurate letters, adjusting the
assessment criteria as and when they are adjusted by HM Gov, and
ensuring tax is calculated correctly.
The concern is, though, that autoenrolment technology is very new and
in most cases is only doing “the essentials”. Rarely is it
“artificially intelligent”. It does not automatically adjust itself to
ensure the SME remains compliant at all times, or proactively warn SMEs
if it thinks they have made an pensions administration mistake. The
investment of software engineering time required to enhance payroll
software to that level of sophistication is significant. The challenge
the payroll industry faces is that SMEs don’t like paying for technology
when a free version is available. The risk for employers is that a free
payroll tool may not have all the same features as a paid-for tool.
Secondly, it looks as though the rate of Compliance Notices (CNs) being issued by The Pensions Regulator is increasing.
The ratio we've examined is between Compliance Notices and employers
who staged 5 months earlier. (What’s a Compliance Notice? A Compliance
Notice under section 35 of the Pensions Act 2008 is a Letter sent by the
regulator to remedy a contravention of one or more automatic enrolment
employer duty provisions).
Our analysis of TPRs data reveals that between October 2016 and June
2017 the ratio of Compliance Notices issued by The Pensions Regulator to
the number of employers staging 5 months earlier was consistently 7.5%.
Put another way, for every 1,000 employers staging on 1st January 2017,
75 Compliance Notices would be issued 5 months later (when those
employer’s failed to declare their compliance with TPR).
But since June 2017 the ratio of Compliance Notices to employers has started to creep upwards.
- Quarter ending September 2017, 13,752 CNs issued within a pool of 164k employers. A rate of 8.4%
- Quarter ending December 2017, 17,949 CNs issued within a pool of 182k employers. A rate of 9.8%
There’s a clear upwards trend over a 6 month period. Given the fact
that the majority of small employers are DIY-ing, perhaps we should not
be so surprised that the Compliance Notices are on the rise.
The future of pensions technology
Its clear that technology, in particular free technology, is key for
SMEs with regard to autoenrolment. However, the next technology
innovations are not likely to be in the space between payroll software
and pension providers, but instead between pension providers and their
members. Autoenrolment could very well be the event which changes the
employee engagement game.
Pension member engagement rates are historically bad. Providers are
compelled to provider annual statements but nothing else. Would there be
so many lost pots if providers were better at member engagement? Would
members reconsider leaving a scheme if they were appropriately engaged,
and fully aware about the long term ramifications of not saving to a
pension?
DWP’s pension dashboard initiative is firmly aimed at the soon-to-be
retiring members who don’t know what their pension will be. But
automatic enrolment has hoovered up millions of younger workers.
Digital-native workers.
If the digital natives all know where their pots are, then would they
be bothered to use a dashboard to find them? Would digital natives
seriously consider moving their pension pot to an alternative provider,
with a slightly lower annual management charge, if the alternative
provider had no mobile app or online wealth management tools?
Mobile apps, tablets, interactive TVs, smart speakers, talking
avatars, social media. These are the channels through which members will
engage with the companies they have trusted with their future wealth.
Smart Pension fully understand this and have already started to go where
no pension provider has been before.
Alexa, “what will I live on when I retire?”
-- Epilogue --
At pensionsync we love our data. And we love
building software. So we could not help but plug the TPR’s data into a
little app we created called “Nostradamus” after the great soothsayer
himself. Based on the trends Nostradamus has identified in the TPR’s
historical data we predict that during period between January 2018 - March 2018, the Pensions Regulator will have issued:
- 24,611 Compliance Notices (we predict the rate at which Compliance
Notices are issued will have risen to over 10% between January and March
2018).
- 9,704 Fixed Penalty Notices
- 1,932 Escalating Penalty Notices.
We’ll know how good Nostradamus is when TPR issues their next Enforcement Bulletin.
The results will be published as a comment to this blog. If you “like”
this blog then you will get an automated update when that happens.
There's an anomaly in the regulator’s data
Whilst we were geeking out on TPR’s data, we noticed something odd.
In the 3 months between July 2016 and September 2016, The Pensions
Regulator issued 15,073 Compliance Notices.
What’s so surprising about that?
Well, the surprising thing is that in the 3 month period before (e.g.
April 2016 - June 2016) TPR issued only 3,392 Compliance Notices. And
in the 3 months after (e.g. October 2016 - December 2016) TPR issued
only 6,296. In fact, the total number of Compliance Notices issued by
the TPR up until July 2016 was 11,151. A spike of 15,073 means that
something happened. There was an event which caused the spike. But we
cannot figure out what it was!
Can anyone shed any light on this? Answers by comment on this blog
please. (Clue - it’s not because of the increase in employers who had to
stage in the preceding months. Or at least the published data does not
support that theory).
About
Following the success of our introductory webinars over the last 12 months, we have launched a brand new (but still FREE) pensionsync masterclass webinar for users of STAR Payroll Professional.
Suitable for beginners and experienced users, the masterclass focuses on the "how" rather than the "why" - we all know that auto enrolment is a huge challenge for payroll; this webinar focuses on the nitty-gritty of how STAR and pensionsync help you conquer that challenge by:
-
- Seamlessly connecting your payroll to Aviva, NEST, NOW: Pensions, Smart Pension and The Peoples Pension
- Sending enrolment and contribution information as a single electronic feed each pay period
- Downloading opt outs directly in to payroll
- Getting maximum efficiency from your payroll software with the benefit of feedback we've collated from over 100 STAR bureaus
And all without a CSV file in sight. What are you waiting for?
by Chris Deeson - pensionsync's Chief Marketing Officer
HEALTH WARNING: This is not a “learn how to comply with GDPR” blog.
This is a “how can you mitigate your personal data risks when sending and retrieving Automatic Enrolment data” blog.
Employers, accountants, payroll bureaus and bookkeepers need to do
everything they can to minimise their GDRP-related risks. Automatic
Enrolment requires frequent movement of data to and from pension
providers and payroll software.
The majority of AE data is moved via CSVs, which need to be downloaded, stored and uploaded. CSVs cannot be password protected.
And all too frequently - when something goes wrong - they are e-mailed, unencrypted for someone to “look at and fix”.
So, here are 4 ways that automated AE processing significantly reduces risks for everyone in the chain.
1. GDPR extends the requirements so that not only Data
Controllers, but also Data Processors have to comply. If everyone along
the payroll processing line is producing and saving CSVs, then Data
Controllers need to keep tabs on multiple CSVs manged in multiple
organisations.
That’s a significant amount of risk for a Data Controller to be on top of (not mentioning potential fines).
How does automated AE processing help?
pensionsync
users don’t use CSVs to send data, nor do they download them when
retrieving error or opt out reports from pension providers. No CSVs,
means data is only held within the payroll software and not scattered
around multiple storage facilities.
2. All businesses now have to produce DPIAs (Data Protection
Impact Assessments) where privacy breach risks are high. The risk of
sending, receiving or saving Automatic Enrolment data using CSVs is
inherently high risk, so businesses reliant on CSVs will have to produce
those DPIAs. CSVs are inherently risky because:
- data is saved outside of payroll software
-
any time the CSV file is sent somewhere it is unencrypted
- e-mailing that CSV file immediately saves it in email accounts (where it could be hacked) and across multiple devices.
How does automated AE processing help?
Proper automation eliminates CSV usage. But pensionsync goes further than other API solutions, as pensionsync
undergoes an annual voluntary independent audit to ensure that we
maintain the strongest security mechanisms as well as data privacy
standards. This provides confidence to our Data Controllers further up
the chain.
3. GDPR requires Privacy by Design.
This includes deleting
information – which means every CSV with personal data must be included
in a deletion plan. Where those CSVs are held in multiple places (e.g.
email, hard-drives, different organisations etc) that becomes a complex
series of plans to co-ordinate.
How does automated AE processing help?
Personal data is only held on individuals in limited circumstances on pensionsync, so usually there is nothing to forget – but if there is then it is one place and can easily be removed.
Data flowing through pensionsync
is encrypted and no human eyes see the data on the way through. To view
data – e.g. for a support query – we need a full audit trail of
permissions before we can even view the data.
And as data flows through the system, we minimise data stored by
deleting submission data within specified timescales. Deletions happen
48 hours after a successful submission for our White Label clients and
after 2 months for our Direct Label ones.
4. GDPR strengthens Individual’s Rights across a number of areas:
- GDPR gives someone the right to be forgotten (including
retention and disposal). It is unlikely that someone will want to be
forgotten while employed, but what about once they’ve left employment?
How are you going to remove them from multiple CSVs if they ask to be
forgotten? Everything gets messy as soon as you hold data outside of
payroll software.
-
Right of Access. Under GDPR, individuals can ask for access to
what information is held on them. It will be a huge undertaking to trawl
through months’/years’ worth of CSVs to see what data is held about
each person requesting this information.
-
Quality and Rectification – are all those CSVs accurate and up to date if a piece of data changes?
How does automated AE processing help?
Again, rare that pensionsync
will have data for an individual – but if an individual wants deletion
of that data or wants to know what data is held, then it is held in a
concise number of places.
This is why many accountants are increasing their use of pensionsync within their payroll software ahead of the GDPR Compliance deadlines.
And, of course, they are saving the time and money they spend on Automatic Enrolment at the same time.
The universal reaction from small employers when benefits.market displays an indicative price for buying employee life insurance for the entire company is: “I didn’t realise it was so cheap”.
One of the barriers to small employers buying any type of group risk
product is a preconception that it will be expensive. Another barrier is
that they believe they have to appoint a financial adviser.
Neither are true.
And yet there is a simple and positive reason why proprietors of
small businesses should explore buying group life insurance before they
consider taking out an individual policy on their life:
Cost.
An individual policy often costs more and provides an insurance policy with less value.
Group policies often require no medical questionnaires and insure more people for an overall lower cost.
For many of the 965,515 small business owners in the UK who employ between 2 and 9 people (source 2017 ONS business population estimates) group life insurance will simply be cheaper than insuring just their own life.
Here’s an example: a 47 year old business owner seeks a £180k benefit
from life insurance (3 x her £60k salary). If she bought her life
insurance from an internet insurance comparison site it would
effectively cost her £879.20 per year. But if she bought the same
level of cover (3x salary) for herself and all 7 of her employees then it would cost the business £262.09.
That’s a staggering difference of £617.11 per year.
At first glance, this is counter-intuitive: the price of insuring 8
people is significantly less than the price of insuring 1 person (who is
also a member of the group of 8).
But, of course, it’s all about risk.
Group insurances spread the risk over the group, making the chances
of an insurance pay out more predictable and therefore easier to cost
for (from an insurance company perspective).
In this example I gave my fictitious business owner a passion for
scuba driving (in the UK!) and Gliding. These are 2 relatively high risk
hobbies. But this is not an issue for group life insurance where there
is no requirement for medical underwriting. On a individual policy,
these slightly riskier activities would certainly push her individual
premium up.
Historically, group risk insurance is sold to employers as an
employee benefit e.g.: “give your staff more financial protection”;
“help reduce their money worries”, or “improve your employee retention
and attractiveness etc.”
These statements are as true for small employers as they are for
larger employers (who are the traditional purchases of group risk). But
what works as a sales strategy on the HR departments of large employers
may not be as successful at influencing small employers.
When I think about how to increase sales of group risk to small
employers I don’t just think about how to advocate the benefits of group
insurance for their employees. I also think about how to tell business
owners who currently buy their own individual life insurance to take a
look at group life insurance… and then review what value for money
really means.
About the author
The author is the founder of pensionsync and benefits.market. benefits.market
is an online comparison site for group life, sickness, and health
insurances. Small employers can open a benefits.market account directly
at www.benefits.market or through their pensionsync account.
pensionsync is a cloud SaaS data exchange which
automates the delivery of employer’s data to autoenrolment pension
providers in the United Kingdom.
The data behind the example
