7 Days is a weekly round up of developments in pensions, normally published on Monday afternoons. We collate this information from key industry sources, such as the DWP, HMRC and TPR.
In this 7 Days
- TPR issues first climate change reporting fine
- DWP publishes consultation on proposed changes to the General Levy
- Transfers of personal data to the USA
TPR has issued its first fine, of £5,000, against a pension scheme for failing to publish a report on the trustees’ management and governance of climate-related risks and opportunities by the relevant deadline.
TPR’s report into the action taken against the scheme was published on 27 September 2023. Whilst there is a minimum mandatory penalty of at least £2,500 for failure to publish a report, TPR applied an amount above the minimum as the trustee was a corporate body and to “reflect the nature of the breach”.
By way of recap, new climate reporting obligations have been phased in over the last couple of years, with larger schemes whose relevant assets are £5 billion or more, CDC schemes and authorised master trusts in scope from 1 October 2021 and schemes with £1 billion or more in relevant assets in scope from 1 October 2022. Trustees of such schemes must put in place appropriate governance arrangements to manage climate-related risks and produce and publish a report on how they have complied with the requirements within seven months of their scheme year end date. See our Hot Topic for more information.
On 2 October 2023, the DWP published a consultation on the General Levy. The DWP is seeking industry views on the following options for mitigating the “ongoing deficit in levy funding” over the next three tax years:
- continuing with the current levy rates and structure
- retain the current levy structure and increase rates by 6.5% a year
- increase rates by 4% a year plus an additional “premium rate” for small schemes from April 2026.
The consultation closes on 13 November 2023.
New adequacy regulations, which come into force on 12 October 2023, have been laid before Parliament. They specify the USA as a country which provides an “adequate level of protection of personal data” for certain transfers for the purposes of UK data protection legislation. The intention is that personal data can be transferred to US entities that have signed up to the UK Extension to the EU-US Data Privacy Framework Principles, as long as the personal data will be subject to that Framework, without the data controller or processor having to put further safeguards in place.
This should make it administratively more straightforward to transfer personal data to the US. However, whilst the ICO considers it “reasonable” for the Secretary of State to conclude that the UK Extension provides an adequate level of protection, it notes several areas that “could pose some risks to UK data subjects” and suggests that these areas should be closely monitored to ensure individuals’ rights are not undermined.