Pensions Dashboards Regulations 2022 Debate
Full Debate: Read Full DebateBaroness Drake
Main Page: Baroness Drake (Labour - Life peer)Department Debates - View all Baroness Drake's debates with the Department for Work and Pensions
(2 years ago)
Lords ChamberMy Lords, I declare my interest as a trustee of an early staging large master trust and a sizeable DB scheme, as detailed in the register. I thank the Minister for her very helpful presentation of these complex regulations. I acknowledge the work that has been undertaken to get this programme to this point.
A pensions dashboard is a great concept for the public good; the challenge is delivering it in a way that enables savers to access their pensions data securely so that it meets their needs and improves their outcome. Let us be clear: the information on the pension benefits and amassed assets of millions of citizens, covering trillions of pounds of value, will be made accessible through this dashboard. It is important that the Government get it right. These regulations form an important part of that assurance.
A consistent concern in this House has been the issue of identity verification to ensure that citizens are protected against fraudsters, scammers and others unauthorised to access their data. There are two key points for identity verification: that required for the citizen to access the pension finder service to search for and request information, and that required by schemes to identify whether they have a match to a request and whether to release the data to be viewed.
On the first, the pensions dashboard programme has procured an interim identity service provider while awaiting progress on the Government’s “One Login” solution as a ubiquitous way to sign into any GOV.UK service. On the second, these regulations leave to the trustee the data criteria for identifying a match and releasing value data. However, given the need to minimise the risk to the individual saver and the cybersecurity risk to the dashboard ecosystem as a whole, is it the Government’s intention that the “One Login” solution must be available for use before the Secretary of State announces the date of the dashboards available point, when the service is made available to the public?
The Minister referred to standards. The DWP has published draft standards outlining mandatory requirements for providers on how they must operationally and technically meet their legal duties, and the pensions dashboard programme has consulted on its approach to governance of standards in the future. However, those standards are outside the regulation to allow for flexibility and further development. While that may make sense, given the public interest in data on trillions of pounds of value being accessible through the dashboard, how will Parliament be kept up to date and receive the necessary assurance that the governance of the dashboard ecosystem continues to be fit for purpose?
Design standards matter too. I leave my actuarial noble friend Lord Davies to go into detail on this. Design standards are about presenting information in the way that will best help users to understand it. They are an important element in consumer protection. Inevitably, consultation to date has largely been with the industry, although user testing is undertaken during development and staging. Is it the intention to permanently embed user testing into future reviews and developments of those design standards, and how will that be done?
Compliance with dashboard requirements is being phased in from August 2023. Reflecting on what the Minister has said, it may be earlier. It will start with large DC schemes used for auto-enrolment. Trustees must connect by their staging deadline, with all in-scope schemes having to connect by 31 October 2025, as detailed in Schedule 2. As has been said, the Secretary of State will give six months’ notice before dashboards go live to the public, an increase on the original 90 days proposed. This is a sensible move, given the importance of getting this programme right, notwithstanding the previous Minister’s lack of sympathy for the delay— I think that the right decision has been made.
Regulation 4 states that, before specifying the dashboard available point,
“the Secretary of State must be satisfied that the dashboards ecosystem is ready to support widespread use of qualifying … dashboard services by the general public”.
I take that to mean that enough schemes are on board, the data is good enough and there is no prospect of crashing. What is the minimum extent of progress in implementing the DWP and FCA staging profiles that has to be achieved before a dashboard available point is announced, or is it necessary for the staging profiles to be completed in full before public access can commence?
Schemes will need to be data-ready for the dashboard to minimise the risk of data breaches or not returning a match. These regulations require schemes to provide detailed information to the regulators on find and view requests, the matching process, the number of possible matches, the number of positive matches and much more before the dashboard is publicly available, and subsequently after it is. What confidence level in respect of minimising false positives and false negatives in response to find and view requests must be met before the public announcement about the availability of the dashboard is made? What happens if all public service pension schemes are not ready to stage by September 2024, given the considerable relevance of these schemes to supporting widespread use of the dashboard?
Increasingly, DB schemes are transferring their assets and liabilities to an insurer under buyout. Do such buyouts pose complexity for the operation of the dashboard service, including from any differences in the FCA and the MaPS/TPR rules?
A key policy objective for the dashboard service is to connect individuals with an escalating number of small pots in the hope that people will transfer and consolidate them. The Government have not taken determined action on this problem to date and are clearly hoping that the dashboard will provide the solution. However, evidence shows that information access does not always overcome inertia, so is the dashboard now the Government’s primary policy for addressing the small pots problem? Will the DWP set hard targets for the reduction in small pots in its critical success factors?
Expected benefits to the consumer include the value of increased engagement, increased savings actions and more informed savings decisions, but these have not been monetised because the data is not available to do that. Given the lack of knowledge and understanding that often prevails, the complexity, the barriers of inertia, present bias and the unknown behavioural responses of providers and savers, it will be important to understand what actually is happening so as to understand the extent of the public outcomes or any emerging detriment from the operation of the dashboard. What plans do the DWP have for a programme of research and monitoring of behaviours?
Finally, on the FCA, there are four regulators in the dashboard space, so it is quite crowded. It raises issues of coherence, from the straightforward, such as minimising duplication of information demands on schemes, to the more complex potential for regulatory omission or confusion, as in the case of the steelworkers. These regulations do not cover FCA-regulated personal and stakeholder pensions. The duty placed on the FCA, to quote its policy statement,
“requires that we have regard to the requirements that the Government’s regulations place on the trustees of occupational schemes”—
so there is clearly scope for some differences. There will be closed books, legacy products, and funds where data quality will be poor and charges high. There could be differences in how pension values and costs and charge data are provided. For example, as I saw from the FCA’s own site, some FCA-regulated providers do not have information on costs and charges on certain plans available online. These schemes will be allowed just to explain where the consumer can find the details—but that is hardly a digital experience compliant with the standards that appear to be being set by MaPS.
I am sorry to intervene, as I know that the Minister is trying to answer all the questions, but I want to ask a question on the regulated FCA authorised advisers. The whole point is that that system of authorised advisers, which has been changed several times, even on the FCA evidence is not sufficiently protecting people. The fact that it is being offered as a solution is one of our concerns.
I note the noble Baroness’s point. This is something that we will take back with officials and to the relevant authorities, and it is something else that I shall write about and I hope give her a better answer than she has had to date.
The noble Baroness, Lady Bowles, raised the issue of risk of exploitation of data. Pensions dashboards and the technology behind them are designed to maximise data security. For example, pensions information is sent directly and securely from the scheme to the individual; it is not stored by qualifying pensions dashboard services or by the digital architecture. Individuals will always have control over who has access to their data, and will be able to revoke access at any time.
The noble Lord, Lord Jones, and the noble Baroness, Lady Sherlock, have raised to me individually the issue of British Steel pension schemes. The FCA is responsible for the regulation of the financial advice market and has looked closely at the advice provided to those BSPS members who decided to transfer out of the defined benefit scheme. It found that a very high proportion had received unsuitable advice, as has been said. The FCA has announced that it intends to take forward a scheme to provide compensation for BSPS members who received poor advice; it published a consultation on this scheme on 31 March, which has now closed. I think that the point that the noble Lord and the noble Baroness were making was that it must not happen again, and I am sure that message is understood.
The noble Baroness, Lady Sherlock, asked me to confirm when the data from personal and stakeholder pension schemes will be available to the public through the dashboard. She also asked what the position was with group personal pension plans. As set out in FCA rules, the majority of personal and stakeholder pension schemes are required to stage as part of the first cohort by the end of August 2023. That includes group personal pension plans. Until dashboards are launched to the public, schemes’ data must be available to invited users for testing purposes.
The noble Baroness raised a point about missing pots. Only a very small proportion of occupational pension scheme memberships are out of scope of the obligations to connect in our regulation and FCA rules. We expect that, at the point when dashboards are launched to the public, most individuals can be confident that all their pensions will be available to find via dashboards. When the value data for found pensions has not yet been provided—for example, if the member is new to the scheme, or when the value is still being calculated by the scheme—information to that effect will be displayed on the dashboard.
The noble Baroness asked how confident Ministers were about the quality of the data and whether the work has so far thrown up any concerns. It is critical that savers can trust the information in front of them; trustees and managers have existing legal obligations in respect of data quality, including the accuracy principle under UK GDPR, which requires that organisations ensure that data remains accurate and up to date. The Pensions Regulator set out its expectations on data quality in its record-keeping guidance; this includes that data is measured at least once a year.
The noble Baroness asked why the DWP had not set particular minimum data standards for schemes for matching and releasing data. The regulations allow for the trustees and managers of schemes to set their own matching criteria. We believe that schemes should be given discretion over which data elements they use to suitably search their records for a match. It is important that any scheme’s matching policy is appropriate to the level of confidence that they have in their own data; a uniform approach across all schemes would be likely to result in suboptimal matching.
Just to divert the House for a moment, I am conscious of how long I have been speaking, and I am keeping others from their business, but I am absolutely committed to answering these questions. With the leave of the House, I hope that I can carry on.
The noble Baroness, Lady Sherlock, asked whether I could explain for the record what would happen if the data submitted by a consumer was a partial match with data held by a firm. Schemes have the option of returning a possible match if they believe that they hold a record for an individual but are not certain. When a scheme returns a possible match, an individual will receive a limited form of administrative data that will enable them to contact the scheme to see if the possible match is in fact a match made.
The noble Baroness asked about screen-scraping. The regulations prohibit the storing of dashboards of view data, unless for temporary caching and for the sole purpose of displaying the view data in a single session. Similarly, transactions are not possible through the dashboard ecosystem. Making it possible for consumers to find information about all their pensions in a single place and requiring the consumer to undertake an identity verification check before being able to access that information significantly reduces the consumer appeal or perceived benefit of agreeing to screen-scraping. I have much more that I could say on that issue, so I shall write and place a copy of the letter in the Library of the House.
The noble Baroness, Lady Sherlock, and the noble Lord, Lord Davies, raised the point about complaints and where the liability lies if a customer makes a decision on the basis of view data that later proves to be inaccurate. As set out in our response to the consultation on the draft regulations, trustees or managers are responsible for meeting the requirements, which include receiving fine data, as well as undertaking, matching and returning the correct view data. Trustees or managers are not responsible for verifying the identity of users, and the authorisation of view requests or any processing of view data carried out by dashboards. The question of liability in the event that something goes wrong to the detriment of the individual would have to be considered on a case-by-case basis.
The noble Baroness, Lady Sherlock, raised the issue of liability and risk for trustees. The Government acknowledge that many trustees do an excellent job, often on a voluntary basis. The vast majority of trustees are in schemes with fewer than 99 members, so will be outside the scope of these regulations, unless they connected to pensions dashboards voluntarily. Although we accept that the regulatory requirements on trustees have grown a great deal over the years, this is only right, given what is at stake—we are talking about pension savings for millions of people.
The noble Baroness, Lady Sherlock, raised the issue of handling complaints and where consumers go to make a complaint. The dashboard ecosystem is made up of multiple different parts and, as such, dashboard users would potentially have complaints against a number of different parties. MaPS will therefore provide a central queries and complaints navigation tool, which qualifying pension dashboard services must direct individuals to, to help them understand their issues and know to whom they should direct their query or complaint if things go wrong, and the available routes to redress.
The noble Baroness, Lady Sherlock, raised the issue of scams and hackers and asked whether there is a strategy in place to counter the risk of scams within the system and whether this is being revisited regularly. It is crucial that dashboards give power to consumers and not scammers, which is why the dashboard ecosystem has been designed to ensure that only relevant pension schemes and authorised qualifying pension dashboard services have access. To maximise the effectiveness of the Money and Pensions Service pensions dashboard, users will have access to a retirement planning hub, which will provide onward planning journeys in a single place, supporting good decision-making. The FCA and MaPS will keep their rules and standards under review as dashboards emerge and evolve.