Skip to main content

Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2024

Volume 836: debated on Tuesday 13 February 2024

Considered in Grand Committee

Moved by

That the Grand Committee do consider the Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2024.

My Lords, this draft statutory instrument makes an update to financial services legislation to make operating a pensions dashboard service a Financial Conduct Authority—FCA—regulated activity. As noble Lords will be aware, the Government have long held the ambition of delivering pensions dashboard services to the public. It is vital that individuals can easily access and view data about their pension savings in one place and at their convenience.

Executed well, pensions dashboards can deliver significant benefits to consumers, providing better access to information about their pensions held in different schemes and putting information about private and state pensions in a single place. This will bring a step change in how people can engage with their pension savings and will finally allow them to have a fuller picture of them. Equipped with this information, individuals will be better able to plan for their retirement, find lost pension pots, seek financial advice and guidance at the right time and, ultimately, feel more in control of their pensions.

As noble Lords will be aware, the Government are supporting the development of the digital architecture needed to make pensions dashboards a reality, as well as facilitating the development of a government-backed pensions dashboard by the Money and Pensions Service. The Government are also supporting the development of private sector pensions dashboards. Different individuals will have different needs, and this will ensure that a range of platforms exist to meet them. However, the Government have been clear that this can take place only with a suitable and robust regulatory framework in place, recognising that consumers using pensions dashboards could be vulnerable to potential harms. It is vital that consumers are adequately protected.

During the passage of the Pension Schemes Act 2021, the Government were clear that the operation of pensions dashboard services should be brought within FCA regulation. This order amends the regulatory perimeter of the FCA to make operating a pensions dashboard service that connects to the Money and Pensions Service dashboard’s digital architecture a regulated activity. Once in force, this will have the effect that anyone choosing to operate a pensions dashboard service will need to be authorised and regulated by the FCA. Firms that are authorised by the FCA and granted permission to undertake the new regulated activity will have to follow the rules and guidance set by the FCA, which has the relevant remit and objectives to establish an appropriate consumer protection framework for pensions dashboards.

As noble Lords will be aware, the FCA consulted on the rules for pensions dashboards. The consultation, which closed towards the end of last year, set out a proposed approach to ensure that the new market for pensions dashboards does not introduce or amplify the potential for consumer harms. We will continue to work with the FCA in the coming months as the regulatory framework is finalised.

This statutory instrument delivers a key part of the framework that we are establishing to make pensions dashboards available to consumers. It is imperative that pensions dashboards operate within a strong regulatory framework, providing appropriate consumer protection so that the consumer benefits of dashboards can be realised. I beg to move.

My Lords, we support this pensions dashboard SI, just as we supported the pensions dashboards project during the passage through the House of what became the Pension Schemes Act 2021. We continue to believe that the dashboards should deliver more information to the consumer in a comprehensive and easily understood way, and that this will make it easier to make better choices.

We understand that providing these dashboards, both for MaPS and for commercial suppliers, is a very complex undertaking. We were not terribly surprised by the delays the project has suffered but we would like some reassurance about progress from the Minister. The new connection date is set for 31 October 2026, but some services may be available before then. Could the Minister tell us when we may now expect the MaPS dashboard to be available to consumers, when we may expect commercial variants to be available and what services short of a full dashboard may be available sooner?

It would also be very helpful if the Minister could tell us when she expects the FCA rules that she mentioned, which were previously consulted on, to be published. It is hard to see commercial enterprises being able to finalise their own dashboards without sight of and understanding of the new FCA rules.

During the debates in the House on what is now the Pension Schemes Act 2021, many of us thought that the MaPS version of the dashboard should be allowed at least a year of operation before commercial versions were allowed to enter the market. Can the Minister tell us whether there is likely to be a period when the MaPS version runs alone?

We also debated the issue of allowing consumers to make transactions via commercial dashboards. Can the Minister say what the current position is? Will transactions be allowed?

The mechanics of the SI before us seem entirely straightforward and are clearly vital to consumer protection. We have no issues with either its purpose or its mechanism. We do have a couple of very minor and tangential questions. First, we are curious about the date of the SI coming into force. Why is it 11 March? Does that date have any particular significance?

The second question relates to the final sentence of paragraph 7.4 of the Explanatory Memorandum, which reads:

“Operating a dashboard may include taking regulatory responsibility for any third parties involved in connecting to MaPS digital architecture on their behalf”.

I would be very grateful if the Minister could unpack that a little. Perhaps she could give an example of such an arrangement. What circumstances would trigger the assumption of responsibility?

My Lords, this SI makes good on a commitment given during the passage of what became the Financial Services Act 2021 to ensure that entities running a pensions dashboard will have to be authorised and regulated by the FCA. This is an important safeguard for pension holders and we welcome the SI, even if it has taken longer than expected to arrive and is not quite the final piece of the pensions dashboard puzzle.

In an age of scams, uncertainty about AI and increasing consumer concern about online safety, perhaps I might ask the Minister about technical safeguards that providers are expected to put in place. I understand that dashboards themselves will not store data, so there is no risk of mass collection. But if an app is not secure and someone is using a device infected with malware, for example, could bad actors still be able to view and therefore exploit data such as account names, numbers and balances? It would be helpful to know what specifications private providers will have to meet—or, indeed, whether the Government or the FCA will be setting any technology specifications at all.

Paragraph 7.1 of the Explanatory Memorandum to this SI states that the regulated entity will be responsible for the actions of third parties connecting to the Money and Pensions Service digital architecture on their behalf. In recent years, there has been a number of examples of websites or apps using plug-ins to process logins which it then turned out had been infiltrated and customer data breached. Are the Government satisfied that the FCA and dashboard providers will be on top of these issues and that they will go to the Information Commissioner if needed?

Although more guidance is being issued about pensions dashboards, it is still not clear when the Government expect the first products to be operational. Does the Minister have a specific target date in mind?

Finally, when this SI was debated in the Commons, the shadow Economic Secretary asked the Minister whether he could confirm whether pensions dashboards would be using the Government’s OneLogin service. The Economic Secretary said he would write on the matter but, as far as I am aware, has not yet done so. Does the noble Baroness have an answer to that point in her brief and, if not, whether she will commit to copying the Economic Secretary’s reply, when it comes, to the participants in this debate today?

My Lords, I am very grateful to both noble Lords for their contributions to this short debate on a topic of great interest to all of us pensioners. I, for one, am looking forward to being able to see whether I have any lost pensions that suddenly pop up on my dashboard and it turns out that I am a multimillionaire. I am not holding my breath.

However, I think all noble Lords recognise that it is an incredibly complex undertaking, and it is right that we take the time to ensure that it is done to the level that consumers will expect—particularly given the amount of data available out there relating to pensions. It must be safe and secure; pensions dashboards will allow users to search their pensions and view their data, and they will be connecting to potentially thousands of schemes offered by technologically advanced organisations in some circumstances, and in others, frankly, organisations that are not quite so advanced. It is those laggards that we need to make sure are up to scratch.

Essentially, we expect the digital architecture to facilitate the search of more than 71 million pensions records held by thousands of pension schemes and providers. Each of those—or many of them—will have different IT systems and ways of calculating values. Pulling all of that together is the complex thing behind this, but, as the noble Lord, Lord Livermore, rightly pointed out, we also have the issue of identity verification to consider, and various other critical elements of the ecosystem. Around that sit things such as standards and guidance to pension schemes, in order for them to be able to connect.

The timelines at the moment are that the DWP’s amending regulations came into force in August 2023. That set out a new connection deadline for schemes of October 2026. At the moment the DWP is engaging extensively with industry and has been since last year. It will issue guidance on a connection timetable in spring 2024.

The reason for the delay is that it is a slightly more complex technical issue and solution than initially anticipated. This became apparent once we were able to speak to industry stakeholders to find out how they store their data and present it to their pension holders. But I am convinced there will be a point when we get to the dashboard available point—DAP—at which stage the dashboard will be made publicly available. However, before the DAP can be reached, the Secretary of State for the Department for Work and Pensions will have to issue a notice. He or she will do so only after having regard to whether there is sufficient coverage on the dashboards, that the service is working effectively and that the overall user journey on the dashboard is positive. This will be informed by extensive user testing to ensure the success of the pensions dashboards services from the outset.

I think that it was the noble Lord, Lord Livermore—forgive me, I cannot remember—who asked whether MaPS would be first and then others would follow. In fact, it was the noble Lord, Lord Sharkey. It is too early to say now. Certainly, MaPS will be first, but we are not yet clear whether there will be other private sector providers ready to go at that time. There will not be a rush to try to get private sector providers there because, of course, the FCA is still working on its rules, and we will allow private sector providers only once the FCA has published its final rules. The applicants would need time to prepare accordingly, the dashboard architecture would need to be complete and the private operators would then have to have applied to the FCA, which would have gone away, checked the business model and looked at its usability—all of those things—before it would also be allowed to sit alongside MaPS. So it is too early to say whether a private sector provider would be launched at the same time.

It is correct to say that in the first iteration—indeed, the only iteration that is envisaged—it will be a “find and view” service only. The exact data set out on the dashboards will include administrative information about the pension, as well as the value of the pension, either as an estimated annual income or the current pot value of a defined contribution pension. The FCA has proposed that pensions dashboard services may also offer certain other services that engage with consumers on their pensions and retirement planning as part of their dashboard user journey. However, it will be very clear that it is “find and view” first—it is not a transactional service. If any services are provided subsequent to the “find and view” service, if they are regulated activities in their own right—for example, offering investment advice—that, too, would need to be regulated by the FCA. It is really clear to me that we must protect consumers when they are participating and using these dashboards, such that they are not inadvertently taken in by scammers or other people who may not be regulated.

That brings me on to the point about the third-party provision. We foresee that firms may wish to make their dashboard services more widely available by entering into arrangements with third parties. The new regulating activity allows for such arrangements while ensuring clear regulatory accountability of the dashboard operator. Circumstances will vary—and I am not able to give a practical example at the moment because, frankly, people are still figuring out how this would be commercially viable and what its opportunities for engagement are. But the activity of operating a pensions dashboard service may include taking regulatory responsibility for a third party involved in connecting to the MaPS digital architecture. That of course will need engagement with the FCA, which would need to be content and would need to ensure that the provider has followed the rules and any associated guidance, which will be very wide-ranging.

Protecting against scammers is one of the key things that we are thinking about. ID verification to even get into the system will be very important, and we need to make sure that the only dashboard operators that can connect to the central digital architecture are those that are FCA regulated, which obviously is the subject of the discussion today, and the MaPS dashboard. In addition, the FCA is looking at proposing further rules to reduce exposure to scams, including requirements for scam warnings and marketing restrictions. Obviously, these will be developed in the rules in due course.

The noble Lord, Lord Livermore, was absolutely right that there is no storage of data on the system per se, aside from caching, and individuals must pass the identity verification process to initiate a search. Indeed, they might give access to an agent, but they would be able to revoke that access at any time.

The noble Lord also asked whether the Government intend to use the OneLogin service. At the moment, the Money and Pensions Service is working to identify all possible options that may comprise its new identity service delivery model. That includes the GOV.UK OneLogin, but a decision has yet to be taken. The key focus for the Money and Pensions Service is to ensure inclusivity for individuals while meeting a verification standard that is appropriate, both through government, for state pensions, and to wider stakeholders.

I am slightly running out of things to say. I believe that I have covered everything, except the question about the date. The reason for the date is to allow the FCA to make its rules well in advance. I might write to the noble Lord just to check that we are absolutely clear. If it is 11 March, that is indeed quite soon. For the time being, I commend this Motion to the Committee.

Motion agreed.