Artificial intelligence used across pension schemes is creating a governance challenge rather than a new regulatory risk, according to Cartwright Pension Trusts.
Cartwright said trustees should focus on oversight, accountability and existing governance frameworks as AI becomes more widely used across scheme operations. It said trustees remain responsible for decisions and member outcomes, whether services are delivered by people or AI tools and should incorporate AI considerations into existing governance, risk management, supplier oversight and information security frameworks.
According to Cartwright, many of the concerns surrounding AI come back to familiar principles around data protection, supplier oversight, risk management and operational resilience.
The comments follow the publication of The Pensions Regulator’s AI strategy in May, which outlined the regulator’s approach to artificial intelligence, its expectations for trustees and scheme managers, and how it plans to use AI internally.
Cartwright director of pensions administration Julie Yates says: “The emergence of AI has understandably generated a lot of discussion across the pensions industry. But in many respects, the principles trustees need to apply are the same ones they already use when overseeing administrators, advisers, technology providers and other outsourced services. The issue is not whether AI is being used, but whether there is sufficient visibility, oversight and accountability around how it is being used and what controls are in place.
“Trustees remain responsible for decisions and member outcomes regardless of whether activities are undertaken by people, technology platforms or AI-enabled systems. As a result, focus should be on understanding where AI is being used within the service provider ecosystem, who is accountable for outputs, how decisions are monitored and what safeguards exist around them.
“One of the biggest risks is not necessarily the use of approved AI solutions, but the unmanaged use of publicly available tools where information may be entered without a full understanding of the security, confidentiality or governance implications.
“Many of the concerns being discussed today ultimately come back to familiar principles around data protection, supplier oversight, risk management and operational resilience. The technology may be evolving, but the governance fundamentals remain largely unchanged.
“Schemes should avoid viewing AI risk as a standalone issue and instead incorporate AI considerations into existing governance, risk management, supplier oversight and information security frameworks. AI has the potential to deliver significant benefits across pensions administration and member services. The challenge for trustees is not whether to engage with the technology, but ensuring its use is properly understood, governed and controlled. Good governance always remains the most effective safeguard.”