Risk transfer...and transfer risk

The risk-transfer market for defined-benefit pensions in the UK has been  buoyant for many years.  There is considerable demand from pension schemes — to say nothing of their sponsoring employers — for solutions that transfer risks to insurers.  These risk transfers can be comprehensive, such as bulk annuities that take on investment, inflation and all demographic risks.  Or else they can be narrowly focused, such as the longevity swaps that only transfer a specific part of a scheme's overall risk.

Whatever the solution, something else needs to be transferred long before the risk can be: data.  To price a longevity swap or a bulk annuity, an insurer or reinsurer needs some very specific data on the lives covered.  In early stages of pricing it is common for pension schemes to leave out the names of pensioners to reduce the risk of personal data leaking (this is less common for annuity portfolios, as names are important for deduplication).  However, the reality of bulk pricing in the UK is that full postcodes are required for geodemographic pricing.  Since a UK residential postcode typically covers under forty lives, the combination of date of birth, gender and postcode is enough to identify a person and so counts as personal data even without the name or full address.

If sending personal data for pricing or analysis is unavoidable, how best should you securely transfer it?  Unfortunately, the easiest choice — emailing a password-protected Excel spreadsheet — is a very poor option.  The first problem is that your email packets may route through public infrastructure before reaching their final destination.  The second reason is that it can be alarmingly easy to bypass Excel's password protection.  A far better solution is a point-to-point transfer using a secure protocol like the HTTPS used on authenticated websites.  Such transfers are very much harder to snoop on than standard email, and they can be password protected as well.  Furthermore, an audit log can be kept of which IP addresses were used for the download, whereas you have no way of knowing if a standard email was intercepted or who might therefore have a copy of your emailed spreadsheet.  In a world where leaks of personal data become ever more damaging, both to reputations and corporate bank balances, the time to stop emailing spreadsheets of personal data has long passed.

Written by: Stephen Richards
Publication Date:
Last Updated:
Tags: personal data, postcodes, security, Excel

Secure Transfers

All Longevitas applications come equipped with a built-in secure-transfer capability.  This allows administrators to create password-restricted areas that allow secure and private data exchange.  For extra security there is also the option to restrict access to specific IP addresses

View all posts

Add new comment

About text formats

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.