(9 months, 3 weeks ago)
General CommitteesI beg to move,
That the Cttee has considered the draft Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2024.
This instrument makes an update to financial services legislation to make operating a pension dashboard service a Financial Conduct Authority-regulated activity. Let me begin by saying that the Government have long held the ambition of delivering pension dashboard services to the public. It is very important that individuals can easily access and view data about their pension savings in one place and at their convenience. Executed well, pension dashboards can deliver significant benefits to consumers, providing better access to information about their pensions held in different schemes. These days, people often have many different schemes.
The instrument will bring a step change in how people engage with their pension savings and will finally allow people to have a full picture of those savings. Equipped with that information, individuals will be better able to plan for their retirement, seek financial advice and guidance, find lost pension pots and make informed decisions. The Government are supporting the development of the digital architecture needed to make pension dashboards a reality, as well as facilitating the development of a Government-backed pension dash-board by the Money and Pensions Service. We have also supported the development of multiple private sector pension dashboards. Different individuals will have different needs, and this will ensure that a wider range of platforms exist to suit such needs.
However, we are clear that this multiplicity of providers can only take place with a suitable and robust regulatory framework, recognising that consumers using pension dashboards could be vulnerable to unfair potential harms. During the passage of the Pension Schemes Act 2021, the Government committed to bringing the operation of a pension dashboard service within FCA regulation. This order amends the regulatory perimeter to make operating a pension dashboard service that connects to the Money and Pensions Service’s digital architecture a regulated activity. Once in force, it will mean that anybody choosing to operate a pension dashboard will need to be authorised and regulated by the FCA.
This new legislation refers to a lot of personal data about individuals’ pensions, and the Government have suggested that commercial bodies will also be involved. Can the Minister give guarantees about the protection of the data of individuals concerned?
I thank the hon. Gentleman for his point. The whole Committee knows of his strong commitment not only to those in his constituency but those across the country when it comes to protecting people from unfair potential harms. He has illustrated that commitment with his question. I would say two things in response. First, the reason we are making this a regulated activity is precisely to protect individuals, whether it is their data or protecting them from being open to potential scams or anything else. That is why under the regulated activity the FCA will be watching anybody who operates a pension dashboard service. Secondly, the reason we are not just having one Government dashboard service but a multiplicity of private providers is that different people will want different things, and different institutions will operate in different ways. It is important to ensure that we have the right competition, but that competition needs to be underpinned by safety and security. That is why this is being made a regulated activity.
Firms that are authorised by the FCA and are granted permission to undertake the new regulated activity will have to follow the rules set by the FCA. As hon. Members may be aware, the FCA consulted on rules for pension dashboards last year. We will continue to work with the FCA as it develops its response. In conclusion, this instrument delivers an important change to ensure that appropriate consumer protections are in place while progressing our ambitions for pension dashboards. I hope the Committee will join me in supporting this measure, which I commend to the House.
It is a pleasure to serve under you, Mr Twigg. I support the order, which designates the operation of a pensions dashboard as a regulated service; it must therefore be regulated by the FCA. The Opposition support any initiative that helps people to manage their finances and save for later life. The changes being debated are long overdue. Even though I support them, the Minister will not be surprised to know that I have some questions. International evidence and the DWP’s own impact assessment show that to reach their potential to help millions of people, dashboards must be incorporated into services that people already use, so how will the Government encourage firms to come forward to offer dashboards and ensure that they are regulated safely? When will the FCA publish its final rules? Does it expect commercial dashboards and the Money and Pension Service’s dashboard to be available at the same time?
Pension dashboards have already faced delays, as the Minister will know, and the Association of British Insurers has warned that the industry needs confidence that the existing timetable will stick to ensure effective delivery of this initiative. To what extent will pension dashboards rely on other parts of the Government? For example, will they rely on the Government’s One Login service and how will that affect the market for pension dashboards?
Some dashboards will present other financial data alongside pensions. That is one of the main benefits to consumers: to see all their finances in one place. As such, this statutory instrument is relevant to the Data Protection and Digital Information Bill as the smart data proposals in the Bill will enable the Government to create a framework for open finance and the digital verification proposals will make it easier for consumers to prove who they are online. Could the Minister reassure me that these related initiatives will not be considered in isolation and that he will take a holistic view of the legislation?
I will also support the order, but I too have some questions. Too often in the pensions field, we have seen the Government and the regulators act in two ways. I doubt that any of us are without constituents who have been affected by scandals such as those at London Capital & Finance, the Atomic Energy Authority pension scheme and the British Steel pension scheme—the list goes on and on. There cannot be any doubt that the way in which the Government moved in the mid-2000s and the 2010s made it easier for people to do different things with their pensions. That is how they saw it. It also made it far too easy for people to get caught out and scammed out of their pensions. The risks were not properly thought through at the time and, to a large extent, we are still playing catch up.
The victims of some of the schemes that I mentioned still have not got the money back, and some of them never will. Could the Minister give more detail on what specific criteria applicants will need to satisfy in order to be allowed to operate a pension dashboard, and what follow-up action will there be? How will we make sure either the Government or the Financial Conduct Authority will be able to make sure that a business that met the criteria at the start continues to meet it after two years, three years, five years and so on?
I want to reiterate some of the issues raised by the hon. Member for Wansbeck about security standards, particularly for information security. This is clearly going to be an area of interest to the Information Commissioner’s Office because it is responsible for the protection of personal data in any circumstances. It concerns me when a legal regulatory responsibility is split between two regulators, especially when one of those regulators is the FCA. Too often we have seen catastrophes that could have been prevented were it not for the fact that the Financial Conduct Authority thought it was somebody else’s job to regulate and somebody else thought it was the FCA’s job. Can the Minister give a bit more detail about where precisely the regulatory boundary will lie between the Financial Conduct Authority and the Information Commissioner’s Office? How will he make sure that, if there is a problem with where that boundary lies, it will mean that two people try to intervene rather than them both standing back and assuming that it is other person’s responsibility?
Assuming that the data on someone’s dashboard will have to have come from, for example, the Money and Pensions Service, and that that service will have to have brought information about somebody’s state pension, possibly indirectly, from the Department for Work and Pensions, what will the Minister do to make sure that the people who hold the initial information—such as the DWP or the Money and Pensions Service—are not legally permitted to share that data with anyone until after the registration has been fully cleared? What will he do to ensure that they stop providing that information immediately if, for any reason, the registration comes into doubt?
It is one thing to say that firms will not be allowed to operate these systems if they are not registered, but we should also surely say that those who provide information into a system and who provide access to electronic means of exchanging information have a responsibility as well. If the Money and Pensions Service has authorisation to hold somebody’s personal data, surely it can only release that information with the service user’s explicit permission, and it should not be allowed to do that until after it has been approved by the Financial Conduct Authority.
Finally, will there be any restrictions on the operators of a dashboard using the information that will be held there for any other purposes? Will they be allowed to use that information to provide helpful advice—as they would see it—to push their own products? Will they be allowed to suggest to somebody, “I see you’re getting a pension from so and so—have you thought about shifting it to somewhere else? Because you would do better out of that.”
There is a very grey area between the provision of information and the provision of pension advice. Again, far too many people have been caught out because they were given what they thought was independent advice, but what was actually a sales pitch for particular pension schemes. Could the Minister please explain what steps are contained either within this order, or elsewhere, to make sure that the benefits of the pension dashboards, which I agree could be very significant for the pension holder, will not be tempered, or even undone completely, by placing the holder at greater risk of suffering the fate that far too many of my, and all our constituents, have already suffered? They put their pensions somewhere they thought was safe, but when the time came to collect those pensions, they discovered that they had disappeared.
A lot of interesting points have been made, and I will address those made by the hon. Member for Hampstead and Kilburn, who raised the broader policy agenda around open banking. In response to her question about whether I will take a holistic view, the answer is yes. It is important to see all of these things in one picture, and I am doing a lot of work with the industry on that.
However, it is important to see that there are fundamental differences between the goals of open banking and pension dashboards—and this also addresses some of the points made by the hon. Member for Glenrothes. Open banking seeks to enable data sharing and increased competition and innovation in the banking market, whereas pension dashboards will help increase consumer awareness and understanding of their pensions. Therefore, in terms of what the purpose of those services are, we are talking about a difference between producers and consumers. One of the key differences is that it would be very unusual for somebody not to know the provider of their bank account, whereas we know that people have lost track of their pensions—often because they have so many different pots.
On the hon. Lady’s question about whether pension dashboards will use the Government’s One Login service, the short answer is that I do not know, but I am happy to write to her on that. I confess that I will have to check that myself, and I thank her for that question. On the hon. Lady’s question about timing, this SI is the beginning of the process whereby, as soon as possible, we will make sure that the architecture is developed safely.
That takes me on to not just the hon. Lady’s point, but also the point made by hon. Member for Glenrothes about minimising the risk of people losing their data. It is important for the Committee to know that no data is stored on pension dashboards. As a result, it is not possible to mass-harvest individuals’ data via dashboards technology. As for the Money and Pensions Service, security standards are designed to ensure that the ecosystem interface of qualifying pension dashboards meet the appropriate level—
I appreciate the Minister’s reassurances, but he will be aware that it was not possible for anybody at Fujitsu to mess about with the information held on Horizon until somebody discovered that it was possible. Without going into too much detail, at what level of expertise and at what level of independence from the whole project are the assurances of IT security being tested?
The hon. Gentleman asks at what level. In terms of the Money and Pensions Service, it is the National Cyber Security Centre that is advising specifically on these. I am happy to talk to him about it in future weeks and months, but that is the level of seriousness with which we take this issue.
When it comes to other private sector providers, as we talked about at the beginning of the debate, the FCA will determine at which point they are able to connect to the technical architecture. There are various dependencies, including the time required for them to familiarise themselves with the rules, when the architecture is ready and various other things, but the FCA will determine that. Why? I go back to the whole purpose of this statutory instrument: the FCA will make sure that this is a regulated activity to address the concerns of the Committee and others, because it is very important, as we all agree.
The SI introduces an important addition to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 to ensure that pension dashboard operators are appropriately regulated and that consumers are protected. I am glad that there appears to be broad support from the Committee for the aims of the order. I thank Committee members for this debate, which I hope they have found informative, and I hope that they will join me in supporting this secondary legislation.
Question put and agreed to.