A significant risk to the Kingston upon Thames Pension Fund's financial stability has been identified due to a failure by its software provider, Civica, to deliver compliant software. This red-rated
risk was highlighted at a meeting of the Pension Board on Thursday, 26 March 2026.
The Pension Board was informed that the core issue is Civica's ongoing failure to provide a fully compliant and tested solution for the fund's administration system. This poses a risk of incorrect benefit payments to members and a lack of guaranteed operational compliance with Local Government Pension Scheme (LGPS) regulations.
Officers are actively managing this risk through continuous dialogue with Civica's client manager and by applying collective pressure through the national Civica Client User Group. Despite initial software patches being delivered, outstanding issues persist, and further updates are still anticipated.
This software failure is one of 23 active risks currently on the fund's risk register. Six amber
risks were also detailed, including operational resource strain from legislative changes, the skills and knowledge of panel and board members, cyber security, climate change impacts, adverse market movements, and uncertainty surrounding Fit for the Future
pension reforms.
Skills and Knowledge Gaps Addressed
The risk rating for Panel and Board members possessing the necessary skills and knowledge to effectively challenge Officers and Advisors
has been increased to Amber. This is in anticipation of potential turnover in membership following local elections in May 2026, which could lead to a loss of experience and institutional knowledge. To mitigate this, officers are preparing a comprehensive induction and training plan for all new members. A new training plan for 2026/27 has been designed to support the Panel and Board, including foundational knowledge modules on LGPS induction, committee roles, pensions legislation, governance, and cyber risk. The fund's annual training plan will be guided by the CIPFA Pensions Finance Knowledge and Skills Framework, based on identified training needs from annual evaluations.
Cyber Security Threats and Mitigation
An amber
rated risk identified is the Failure to protect the Fund's key information and data as a result of malicious cyber-attack.
Such a failure could place confidential member information at risk and lead to a potential breach of the Data Protection Act 2018. To mitigate this, the fund adheres to the Council's IT policies and its unpublished Cyber Policy, ensuring all staff receive up-to-date cyber training. Furthermore, the updated Data Improvement Policy introduces a Data Minimisation process to regularly delete obsolete member data, thereby reducing the fund's cyber-risk surface.
Other Identified Risks
Beyond the software and cyber security concerns, the fund faces other amber
risks. These include operational resource strain due to legislative changes, adverse market movements, and uncertainty surrounding Fit for the Future
pension reforms. The impact of climate change on investments is also a noted concern, with projections on the likelihood of the pension fund being 100% funded under various climate scenarios detailed in the Public reports pack.
The fund's financial health is further illustrated by a waterfall chart detailing the change in surplus from the 2022 to the 2025 valuation, influenced by factors such as net interest on assets, benefit accrual, and investment outlook. This update was presented to the Pension Board as part of the governance and risk update.
