Risk transfer...and transfer risk

The risk-transfer market for defined-benefit pensions in the UK has been  buoyant for many years.  There is considerable demand from pension schemes — to say nothing of their sponsoring employers — for solutions that transfer risks to insurers.  These risk transfers can be comprehensive, such as bulk annuities that take on investment, inflation and all demographic risks.  Or else they can be narrowly focused, such as the longevity swaps that only transfer a specific part of a scheme's overall risk.

Whatever the solution, something else needs to be transferred long before the risk can be: data.  To price a longevity swap or a bulk annuity, an insurer or reinsurer needs some very specific data on the lives covered.  In early stages of pricing it is common for pension schemes to leave out the names of pensioners to reduce the risk of personal data leaking (this is less common for annuity portfolios, as names are important for deduplication).  However, the reality of bulk pricing in the UK is that full postcodes are required for geodemographic pricing.  Since a UK residential postcode typically covers under forty lives, the combination of date of birth, gender and postcode is enough to identify a person and so counts as personal data even without the name or full address.

If sending personal data for pricing or analysis is unavoidable, how best should you securely transfer it?  Unfortunately, the easiest choice — emailing a password-protected Excel spreadsheet — is a very poor option.  The first problem is that your email packets may route through public infrastructure before reaching their final destination.  The second reason is that it can be alarmingly easy to bypass Excel's password protection.  A far better solution is a point-to-point transfer using a secure protocol like the HTTPS used on authenticated websites.  Such transfers are very much harder to snoop on than standard email, and they can be password protected as well.  Furthermore, an audit log can be kept of which IP addresses were used for the download, whereas you have no way of knowing if a standard email was intercepted or who might therefore have a copy of your emailed spreadsheet.  In a world where leaks of personal data become ever more damaging, both to reputations and corporate bank balances, the time to stop emailing spreadsheets of personal data has long passed.

 

Comments

captcha

Find by key-word


RECENT POSTS

This collection of blogs is called Information Matrix , and ... Read more
Examining residuals is a key aspect of testing a model's ... Read more
Many western countries, including the UK, have recently experienced a ... Read more
Stephen Richards
Stephen Richards is the Managing Director of Longevitas
Secure Transfers

All Longevitas applications come equipped with a built-in secure-transfer capability.  This allows administrators to create password-restricted areas that allow secure and private data exchange.  For extra security there is also the option to restrict access to specific IP addresses.