Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao Ecuador El Salvador Guatemala Honduras Mexico Panama Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Afghanistan Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Liechtenstein Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Côte d’Ivoire Egypt Ghana Iraq Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Syria Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
Contact us
home Insights

AI in pensions

The governance gap trustees must address

Daniel Sibthorpe
03/06/2026
Woman in yellow looking into camera

“Act now” – the Pensions Regulator’s message to pension schemes as artificial intelligence (AI) adoption grows across the sector.

The Pensions Regulator (TPR) has published its AI Plan, setting out its expectations for responsible use of AI in pension schemes and how trustees should govern its application.

In terms of speed, efficiency and cost reduction, AI is transforming every industry – the pensions sector included. The Society of Pension Professionals’ (SPP) 2026 AI Survey highlights just how embedded AI has become, with universal usage across the UK pensions industry. Notably, 69% of respondents expect AI to be used in up to half of services in the future.

TPR recognises AI’s potential to improve administration, decision making and member engagement. It also notes that growing adoption by members in everyday life could drive higher expectations, with members increasingly looking to their pension providers for AI-powered services and support. However, adoption of AI technology is not without risk. Over half of SPP respondents identified hallucinations and inaccuracies as a significant risk, while one in five raised concerns around data protection.

But it’s not just the risks associated with trustee use of AI that schemes should be concerned about; TPR also warns of the growing use of AI in sophisticated cyberattacks and fraud.

AI-enabled cyberattacks and fraud:

  • Phishing and deepfakes:
    AI can generate convincing emails, text messages, phone calls, and videos. It can also search the internet for information about targets to tailor correspondence to specific individuals
  • Malware:
    AI can generate malicious code, some of which can evolve and adapt to evade detection and identify new exploits, making it more difficult for traditional intrusion detection systems to respond effectively.
  • Identity fraud:
    Fraudsters are using AI to create entirely synthetic identity documents, from passports and driving licences to bank statements and utility bills, that may be capable of bypassing some Know Your Customer verification.

What should trustees do from a cyber security perspective?

Trustees and scheme managers remain ultimately accountable for the effective running of schemes and the delivery of member benefits, even when activities are delegated to third parties. TPR expects a proactive and structured approach to AI, including:

  • Strong governance:
    Establish clear governance frameworks for trustees’ use of AI, as well as ensuring that suppliers and advisers maintain robust security controls relating to AI
  • Risk management:
    Identify and assess AI-related risks, putting in place appropriate controls that are regularly reviewed and updated as technologies evolve
  • Threat awareness:
    Stay alert to emerging AI-enabled cyberattacks and fraud risks and ensure appropriate member identity verification processes are in place to protect members fro evolving threats
  • Knowledge and competence:
    Maintain sufficient understanding of AI technologies, including cyber security implications, limitations, and risks, and stay informed of evolving regulatory expectations and industry standards
  • Data management:
    Maintain a clear data strategy to ensure scheme and member data is high quality, securely handled and protected from unauthorised access, and compliant with data protection requirements when used in AI systems
  • Seek professional advice:
    Speak to specialists where appropriate, taking a proportionate approach to cyber security and risk considerations when exploring or implementing AI technology.

In short, while AI presents clear opportunities for the pension sector, it also introduces new cyber security, governance, and oversight challenges for those responsible for the operations of the scheme. Trustees and their third parties must ensure they have the understanding and controls necessary to manage evolving AI-enabled cyber and fraud threats and protect sensitive scheme and member data.

If you would like some further advice or support to ensure your pension scheme is in line with TPR’s AI guidance, our Cyber Security team are always available for a conversation.

Contact us

Daniel Sibthorpe
Daniel Sibthorpe
Director, Cyber Security and Counter FraudLondon
020 7842 5308

Insights

magnify glass on desk

Significant Cyber Incidents

A round up of all the cyber incidents of 2025.
glass chess pieces

Capita cyber breach sends a clear message to pension Trustees

Capita fined £14m for cyber failings affecting 6.6m people, prompting urgent lessons for pension Trustees on data security.
lady looking at laptop

Cyber resilience in action

Ask the right questions to boost cyber resilience. Engage your IT team and strengthen your organisation’s security posture.

Related services

Cyber Security Pension Funds