Skip to main content

Data integrity

Monday 23 March 2009

Ramani Venkatramani, General Manager - Conference of Major Super Funds

When the wondrous human genome experiment inexorably advances to deciphering the composition of the prudential regulator, a starting hypothesis will be needed. Based on my experience, I offer the four distinct elements: Firstly, the party pooper: in a time of raging irrational exuberance, as in a few years ago, a gentle tap on the shoulder - 'slow down and avoid the hangover'; Secondly, the agony aunt: when everything looks gloomy and lost, as in recent times, a comforting shoulder - 'perk up, things can only get better'; Thirdly, the helpful counsel: when short term issues crowd out the long term ones that are overlooked, a nudge into strategic thinking - 'let us deal with this looming issue before it overwhelms us'; Finally, the judge executioner - when all else fails, a reluctant, yet firm, move into the enforcement mode - 'So long'.

I was a party pooper at the 2008 CMSF Conference. Not being particularly adept at playing the agony aunt, I crave your indulgence to shift into phase three today, with some friendly counsel. In so doing, I implore the superannuation industry to consider an important aspect that can and must be tackled.

The issue

Data in all its aspects form the ‘life blood’ of superannuation. Whether qualitative or numerical, primary or derivative, internally or externally sourced, fund operations depend on the existence, accuracy, completeness, maintenance and smooth flow of data in a secure fashion for meeting the obligations to members. The nature of superannuation – compulsory, preserved till retirement, supported by ongoing concessional tax treatment, with little or no capital-backing to smooth adverse developments – makes this an imperative. Changes to the basics such as member investment choice, choice of fund, transition to retirement pensions enabling members to be simultaneously in accumulation and withdrawal phases and improving longevity make the task more difficult and urgent. The known problem of multiple member accounts, although being addressed through a range of initiatives, does not make it easier.

The number of stakeholders in super as members pass through the system from entry to final exit, and potentially via many funds, is large. As the data is being processed, the weakest link determines the outcome. Establishing accountability for errors in a practical, as distinct from a legal sense, becomes therefore difficult.

For the affected members and contingent beneficiaries, the issue is quite opaque: a black box. In many instances the issue may become too difficult or even impossible to fix, if not tackled at an early enough stage.

The availability of reliable data is a necessary[1] pre-condition to funds working out member entitlements such as tax, investment earnings, insurance and other costs.

Despite the ongoing attention to improving members’ financial literacy and engaging their attention in their retirement plans, success remains patchy. Complete data integrity cannot be achieved without an interested and engaged membership but trustees can, and should, be able to ensure there is an increased level of data integrity even while striving for improved member engagement.

More fundamentally, how and when could trustees know that data may be compromised? Do the controls facilitate timely detection and rectification?

Who will bear the cost of fixing errors: in an economic sense, it is always the consumer, over time. Within this, the equity of allocating the cost between classes of members and over time poses challenges. This assumes that the errors are able to be fixed appropriately. If the underlying data cannot be reliably retrieved and validated, approximations become inevitable, with their consequences for equity and integrity.

The super licensing regime, without doubt, involved seeking, and to some extent achieving, enhanced risk management. More fundamentally, at the trustee and the responsible officer level, fitness standards are required. Data integrity is closely linked to these.

These considerations lead to the conclusion: while there is no need for panic yet that in Australia data issues have significantly affected the entitlements of beneficiaries, the very nature of the industry and the experience of other jurisdictions show that we cannot be complacent. To avoid collectively costly, in some cases hard-to-remedy situations, we need short and medium term actions, now.

APRA is keen to play its part in this task by ensuring that there is sound information available on good practices and expectations and encouraging the industry to appropriately deal with this important area.


The object is to recognise the need for identifying and dealing with data issues, by involving:

  • Trustee and responsible officers;
  • Outsourced service providers;
  • Internal audit;
  • Professional advisers;
  • Employers;
  • Insurers;
  • Members, and
  • Regulators.

Evidence – anecdotal, overseas

Recognising that the industry is preoccupied with many difficult issues at the moment – substantive as well as procedural - what evidence do we have that we are not beating up a non-issue?

We have anecdotal and investigation-based evidence.

  • Some scary stories from other jurisdictions should serve as a wake-up call:
  • Japan 2007: 14 million accounts were found not having been integrated with pension agency data;
  • Japan 2007: 50 million bungled pension payments;
  • UK: Dec 2008: 100,000 public service pensions were found to have been wrongly calculated, since 1978;
  • UK: Oct 2008: pensioner details leaked from audit records;
  • US: 2006 – employee laptop with AHOLD US pension data checked in as airline baggage, and lost;
  • US: Aug 2007 – California State Pension Fund breaches the security of 445,000 retirees’ data;
  • March 2006: Fidelity laptop with HP staff data stolen;
  • Nov 2008: NY Express scripts threatened with an attempted extortion to expose patient records.

The incidents range from system design problems, including legacy aspects; calculation errors; security lapses, whether human or system-based;  and fraud. The magnitude of reworking calculations (assuming the necessary data can be retrieved from ancient systems and validated), not to mention the impact on public confidence, is stunning.

Evidence – investigative, Australian

In Australia, specific industry investigations[2] have highlighted two disturbing attitudes on the part of some trustees. One is deliberate indifference to the need for periodical and pro-active testing of data quality, completeness and security. This is demonstrated by an attitude of ‘we know we are all right’, - a touching, if somewhat naïve, faith in their own invincibility. While the personal preferences of regulated industry boards and management, spiritual or secular, are of no concern to APRA, we do seek a more evidence-based approach on matters that affect the interests of beneficiaries.

Of greater concern is the attitude of conscious avoidance. This arises where there is the awareness that anecdotally and empirically, data quality needs ongoing attention. This is followed by a fear ‘why look, lest we find issues?’ or ‘If we don’t find it, we won’t have to fix it’. The resulting short term avoidance could lead to long term distress.

Of the 19 projects[3] conducted by ITM in 2008, covering 600,000 members, there were some very basic issues found:

  • Basic member details in 14
  • Key dates and numbers in 14
  • Duplicate numbers in 11
  • Benefit Payments in 8, and
  • Contributions in 5.

The type of errors identified included:

  • Failure to follow up data errors systemically
  • Financial losses
  • Critical data errors – eg., payments but no exit record, negative contributions, post June 2007 contributions with no TFN
  • Benefits wrongly paid
  • Breaches of the law
  • Platform bugs
  • Duplicate / Dummy data, and
  • Issues being dealt with post migration (too late).

The good news is that these are issues that trustees can, and should be, addressing with planning and with a proper focus on risk mitigation in this important area.

APRA experience

While we have been spared the trauma of major episodes, by no means are we immune. APRA’s experience reveals the following:

When we examined Eligible Rollover Funds, we came across a number of data issues, including multiple instances of dummy dates of birth. The nature of ERFs makes data cleansing more difficult, given the lack of access to, or responses from, members.

When successor fund transfers take place, we have received requests for dispensation to permit a freeze on redemptions and rollovers during a temporary period while data is checked, transferred and reconciled. While we are responsive to practical implementation aspects, a more robust attitude to data quality would have avoided the incidence and extent of delays.

Since mid 2008, we have undertaken a review of fund liquidity. In assessing the impact of the market volatility and underlying fund freezes, we had sought specific information to delineate trends, especially in the context of past movements in areas such as member investment switching.  This revealed limited trustee ability to extract such useful information at short notice - a clear indication that trustees have not seen this as an important area for them to consider and monitor. APRA believes such information is essential for trustees in managing fund operations and preparing for contingencies.

While specific data issues were being dealt with by individual trustees, we have not seen a uniform practice across the industry to periodically test and cleanse data. This is desirable and, in a fast consolidating industry as well as in one where members move between funds, perhaps necessary. 

Remediation of identified issues has been sporadic, being neither pro-active nor systemic. It is as if the trustees have said: ‘We have disposed of this issue. Let us wait for the next’, rather than ‘What can we do to mitigate the risks of another data issue?’

The various unit pricing and crediting rate calculation issues (which the industry has been addressing, following well-publicised episodes) have highlighted that the ability of members to realise there is something wrong is limited. The onus therefore shifts to other parties: trustees primarily, but there is also a role for service providers, advisers and regulators. 

You will be aware that we are currently in the course of a review of a number of fund administrators to understand their operational processes better and cascade the findings for trustee guidance. Expected to be completed in 2009, to date this project has already indicated that trustees have a vital role to coordinate and drive data integrity initiatives across the range of involved parties for a particular fund. 

In short, our experience corroborates the overseas and local evidence above.

The ATO experience[4]

Working with the ATO, in their capacity as revenue collectors rather than SMSF regulators, APRA has obtained further corroboration. The ATO has a continuing focus on ensuring that APRA regulated funds meet their superannuation reporting obligations in an accurate and complete manner. This covers member contributions, lost and unclaimed super and departing Australia payments.

Last financial year (2007/8) there were 120 accuracy and completeness audits conducted. Every second fund audited was found non-compliant on at least one audit issue. Audits of lost member statements contained the most issues, which commonly included:

  • Non-reporting and / or non-payment of unclaimed money. In particular, a lack of documented procedures resulting in large numbers of members over the age of 65 still being recorded on the lost member register;
  • Lost members reported with incorrect or nil account balances;
  • Contributions still being received for members reported lost;
  • Lost members ‘found’ not being reported or reported twice;
  • Lost members so reported, not fitting the criteria;
  • Information held (such as TFN) not being reported;
  • Rejected information not being rectified, and
  • Transfers to ERFs not reported.

The ATO has been working with funds, administrators, software providers and professional associations to foster better compliance, and encourage voluntary disclosures. Last year, a large administrator, involving nine funds found systemic deficiencies in their reporting software. As a result of the work done by all parties, more than 600 members could be removed from the lost member register with a value close to $ 100 million.

Other failures commonly seen in ATO audits include:

  • Failure to return incorrect co-contribution payments to the ATO with the payment variation form;
  • Member contribution statement with missing or incorrect employer and rollover information;
  • Incorrect processing of departing Australia payments and misreporting; and
  • Superannuation holding account payments from the ATO not being reported correctly as ‘employer contributions’.

The corrective actions suggested by the ATO include:

  • Enhancing the reporting software
  • Relodgement
  • Reviewing and implementing revised fund procedures
  • Reviewing and implement stringent quality control checks

All of this should spur trustees into action. As an incentive, the ATO has helpfully scheduled another 120 audits in 2008/9!

Other industries 

All prudentially regulated industries require reliable, secure and complete data, and have to have the appropriate framework of culture, governance, risk management, as well as policies and procedures that are implemented effectively. The superannuation industry presents some additional challenges, given its differences.

As an integrated regulator taking a consistent approach on comparable risks, APRA takes, where possible, a principles-based approach across industries. Excessive prescription is likely to lead to a rule-based approach by regulated entities, which could miss significant risks in the context of changing markets and operating environments.

For example in March 2007, in the context of Basel 2 implementation, we wrote to the relevant deposit takers seeing accreditation of their advanced modelling approaches outlining the approach we wished to see in relation to data management. These included:

  • a data management framework;
  • overarching architecture;
  • lifecycle management;
  • data validation;
  • defining and testing quality metrics;
  • a robust issue management process including the root causes;
  • independent assessment; and
  • inculcating staff awareness.

We are currently finalising a prudential practice guide on IT Security Risk Management that will apply to all our regulated industries. Again, this will detail principles which we expect individual boards and management to adapt to their business strategies.

The UK guidance

Following industry consultation, the UK Pensions Regulator (TPR)[5] has released its good practice guide ‘Record Keeping’ for measuring member data. At this stage, TPR seeks to educate and enable stakeholders in achieving data integrity, whilst flagging its intention to move into enforcement as the next phase.

Whilst a careful study of the guide will provide many useful pointers to trustees and others in Australia, I highlight its salient features:

  • TPR suggests that fund operators measure ‘core’ (applicable across all funds) and  ‘conditional’ (dependent on individual schemes) data;
  • They should report on numerical aspects  by proving suitable commentary to provide context;
  • They should assess internal controls for their ability to capture risks;
  • They should develop improvement plans and implement them on agreed time frames;
  • Annual data measurement; and
  • TPR will review the outcomes in 2009.

A sobering lesson for us in Australia, where relative to the UK we have accumulation funds dominating the superannuation landscape, is that our funds demand more work in preserving data integrity. Here, members bear most of the risks in particular operational consequences including remediation. The number and incidence of account movements are more complex and less predictable, compared with the employer and member contributions in DB schemes. To add to the excitement, our taxation regime (including the ability to use foreign tax credits) has certain features that do not apply to overseas regimes.

The UK (DB pensions) regime has undergone some searing experiences which our regime (founded on accumulation and compulsory super guarantee contributions) has not had to contend with. The resulting buy-out in the UK of corporate pension liabilities by financial providers has, among other things, revealed the glaring issues in data management, probably leading to the initiatives TPR has undertaken.

Even so, it would clearly be sensible for the Australian super industry to pick up the lessons from this guidance.

APRA expectations

In the light of such overwhelming evidence, what does the regulator expect?

Trustee actions 


First and foremost, trustees being legally responsible for ensuring beneficiaries will, under all reasonable circumstances, receive their entitlements accurately and on time, must set the tone. From determining the culture of the fund operations through embedding it in its data management framework (as part of its risk management strategy and fund-specific plan), arranging for documented policies, procedures and controls, periodical reviews and final implementation by internal as well as external providers the entire process must carry trustee involvement and endorsement. In particular, trustee deliberations need to consider data issues as a regular feature (similar to investment performance, contributions flow or member complaints) rather than merely in response to identified hiccups.

A suggestion for better data management

An interesting example: trustees can clawback contribution taxes from the ATO after enhancing the death benefits to a member’s estate under ‘the anti-detriment’ provision applicable under the tax laws. However, the ability of trustees to correctly work out the actual contribution taxes paid in respect of members at any given moment is notably absent.  Rollover payments do not transfer this information. As a result, trustees who implement this beneficial provision, while clearly acting in the best interests of members by doing so, are constrained. Recourse to approximations, including the formula provided in the relevant explanatory memorandum, becomes necessary. Surely our trillion dollar industry (admittedly, pre-GFC!) should figure out a way to record, maintain and pass on this important piece of data?

Check before change

A key message is that waiting for a major system or administrator change is futile to resolve or improve data issues. In the past data many migration exercises and administrator changes have highlighted inherent data issues, holding up the project implementation. Futile too is the practice of cleansing data after a successor fund transfer. If there are issues they are better found and dealt with before. In extreme cases, serious data quality issues could prevent the trustees establishing (as required under SIS) the equivalence of benefits, and the member service quality post transfer could deteriorate to an unacceptable level.

Unit pricing and crediting rates

Unit pricing and crediting rate calculations are severely impacted by poor data quality (in addition to system, formula and estimation issues).  Given the good work done by the industry in this area, it would be a pity to erode the advantages gained.


It would be sensible for trustees to set up a process of attestation of data quality completeness and security, through a cascading mechanism – the CEO provides an annual attestation to the Board, supported by similar well-supported work through the internal and external chain of data flow.  With external audit representation letters now being an accepted practice, why should this not be extended internally to such a vital area of the superannuation business?

Internal audit

Internal audit should be enlisted as an ally in ensuring data quality. Their programmes must be so designed.

Service providers

What trustees expect of administrators, custodians, investment managers, insurers must be clarified in contracts and followed up in discussions, with a commensurate process to track performance.

Professional advisers

External advisers, such as actuaries, auditors and asset consultants should be asked to highlight data issues as they are encountered in the course of their professional work. Additionally, it would be good practice to periodically measure the data held and validate it. Independent assessment, including by specialist agencies, would be worthwhile once in a couple of years.

GS 007

In a timely move, the new audit guidance GS 007[6]  effective from 2008/9 contains more prescriptive control objectives with a minimum set prescribed for each service: custody, asset management, property management, superannuation member administration, investment administration and registry. Its part A guides fund auditors and part B auditors of service providers who provide assurance report to fund auditors.

This should enable trustees to query service providers, by requiring appropriate rigour of their own auditors. 


The relationship with employers is crucial. In the current competitive environment in super, it may not be easy to demand of employers what data should be provided,  and when. How practical is it to expect a trustee, in these days when economies of scale are an imperative, to refuse to accept contributions in the absence of accompanying complete and validated data? On the other hand, if employee data are not passed on to the trustee and therefore the insurer on time, there is a distinct chance that insurance cover that should be in place in terms of the disclosed PDS may not exist, with disastrous consequences if a claim arises. Without being unrealistic, APRA believes setting mutual expectations at the outset and following up regularly will save significant problems later: ‘a stitch in time saves nine’.  Perhaps the relevant industry bodies can work with employer associations to facilitate this.


Finally the role of members: axiomatically, the best results would ensue if an interested and involved membership will take an active interest in their super throughout the course of membership, and question information that is clearly erroneous. At the most basic level, some information can best be provided and checked by members. If section 64 (after tax) contributions paid in a year are not shown on member statements, due to the fund’s mistake, employers error or worse, the member is best placed in terms of knowledge and self-interest to identify this and alert the trustee.

We all know that traditionally members have been very much unengaged with their superannuation.  This has clearly changed to some extent with the investment market turmoil we have seen in the last twelve months. However, it is a significant challenge to encourage member engagement. This is an important area for trustees, however, and cannot be put in the 'too hard' basket.  Trustees can clearly enhance data integrity for their funds even without significantly increased member engagement but they should also be considering (and not just for data integrity reasons) avenues to encourage members to take a greater interest in their superannuation.


We will cover data management in our prudential reviews, paying special attention to trustee processes, IT management and outsourcing. Risk assessments and our supervisory stance will then be tailored to include data integrity and linked to trustee fitness.  Remediation should be agreed on suitable time frames. An effective voluntary system to ensure data integrity, designed and implemented by an enlightened industry, is invariably more effective than a statutory imposition.

The proposed Clearing House

The Government initiative to set up a clearing house recognises the operational risks to which our generally sound system is exposed. In introducing it in November 2008, the Minister for Superannuation and Corporate Law, Senator Nick Sherry, noted that the present system is like a ‘sprawling city with each house and suburb struggling to develop their own water and power distribution networks and then trying to interconnect them’. He noted that administration is struggling under frequent policy changes and the industry’s massive size. If other industries can compete on products and services, yet collaborate on shared services to leverage the economies of scale, why can’t super? 

A useful by-product of the clearing house system would be increased central access to member level data (already available in many other countries) that would be useful in industry analysis, targeted policy and separating good performers from ‘momentum huggers’.

Noting the success of the good work done by the ATO in integrating the data and records of taxpayers, it is anticipated that the initiative will yield results.

Competitive advantage

While serious effort needs to be directed by a range of participants to improve the system when we still have some time, there is a bright side: trustees who proactively ensure data integrity would have a clear competitive advantage in terms of marketing. Substantively, their operational risk would be significantly lower, resulting in lower costs over time.


I have highlighted the data risks we face and what we should collectively do about them, now. As I hypothesised, the prudential regulator can shift into different phases as the occasion demands, and you will note the reluctance with which we shift into phase four, if indeed we must.

Our biggest concern is not about the problems which demand hard work. We can overcome them, as we have in other areas. The worry is the ‘wise’ people unshakeably convinced nothing needs to be done or that it is all too hard.

Perhaps Shakespeare might shake them up:

God give them wisdom that have it,
And those that are fools[7],
Let them use their talents. 
- Twelfth Night

Here is wishing the know-alls a healthy dollop of foolishness!



  1. But not sufficient, as the many unit-pricing and crediting rate errors the industry has had to remedy have shown.
  2. These have been conducted by Independent Transition Management Pty Ltd (ITM) an Australian service provider in the area of testing and remedying data issues. APRA is grateful for their input into this presentation.
  3. Anti-Money Laundering as well as Income Stream aspects not covered. Thus the real extent may be understated.
  4. PRA is grateful to ATO for sharing their generic audit findings.
  5. ‘Record keeping’ issued in December 2008. In preparing this presentation, APRA acknowledges the assistance provided by TPR’s work in this area.
  6. ‘Audit Implications of the Use of Service Organisations for Investment Management Services’ released by AuASB on 12 March 2008. It replaces AGS 1026 entirely, and AGS 1042 to the extent it applies to investment management services.
  7. The allusion to ‘fools’ here is as in ‘clowns’, regarded more talented than the merely wise.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $6 trillion in assets for Australian depositors, policyholders and superannuation fund members.