The Australian Institute of Superannuation Trustees (AIST) said Prudential Practice Guide 235 is a useful tool in assisting regulated super funds to manage risk data but should be linked more explicitly to risk management standards in SPS220, and vice versa.
SPS220 did not contain a specific requirement to include the management of data risk in a fund's risk appetite statement or risk management framework, which should be a minimum requirement, AIST said.
"While it is self-evident that data risk is an ‘other risk that may have a material impact on the RSE licensee's business operations', its invisibility in SPS 220 suggests that it is a lower priority risk," AIST said, citing SPS220, 12(g).
SPS220 requires that a fund's risk appetite state its material risks — but data was not classified as a material risk in either PPG235 and SPS220, AIST said. However funds and service providers regularly manipulated data.
"Data can be moved from one organisation to another; it can be moved from one IT system to another; it can be analysed, aggregated and reported upon; it can be used for purposes other than the primary or initial reason for which it was collected or obtained; it can be modified, updated and corrected," AIST said.
"There are risks associated with the collection, storage, movement and manipulation of data, and at each stage there is the prospect of error, lack of reconciliation, estimation and approximation," it said.
AIST said the Australian Prudential Regulation Authority (APRA) had not made it clear what level of data issues were tolerable.
"On the one hand, funds have a zero tolerance (or appetite) for data errors; on the other hand, there is a recognition that some errors will occur."
It said different data items would have different levels of importance and it was important to clarify between, for example, the title of a member and a unit-pricing error.