Organisations responsible for consumer protection

PDP is working with our delivery partners and stakeholders to address the potential consumer harms we’ve identified and tackle the areas of consumer concern. In doing this we will stretch our consumer protection beyond the digital infrastructure that the programme will deliver.

Below, we outline which organisations are directly responsible for consumer protection relating to dashboard use.

 
Contents

Pensions Dashboards Programme

As we are responsible for delivery of the central digital architecture that will make dashboards possible, Pensions Dashboards Programme’s (PDP) role in relation to consumer protection primarily concerns:

  • the security of personal data within the digital architecture
  • ensuring only legitimate parties can connect to the pensions dashboards ecosystem
  • detailing the standards for all participants within the ecosystem
  • setting design standards to ensure dashboards present consumers with information clearly, to avoid confusion

PDP will design consumer protection into the pensions dashboards ecosystem. This includes building a technical system in line with current best practice, which is tested for its vulnerabilities prior to going live. It will have a robust system of governance, extending to data and dashboard providers, with all participants monitored for compliance, which will be enforced by the regulators.

PDP will also create the security, technical and design standards that will define how users’ data may be shared within the ecosystem, to ensure compliance with the UK General Data Protection Regulation (UK GDPR). It will design a system that securely transmits the pensions data to dashboard users but does not retain it. We have more information on how the ecosystem will comply with UK GDPR in our page on PDP deliverables that will protect consumers.

We are currently working on how best to display pension value information to users, through discovery research and user testing. This information will feed into the design standards, which will apply to dashboard providers.

Money and Pensions Service

The Money and Pensions Service (MaPS) is required to offer a public service pensions dashboard.

This public service dashboard is part of MaPS’ suite of online and offline support to consumers about how to manage their pensions, which includes MoneyHelper and a retirement hub. MaPS has a specific role to play in addressing consumer confusion or misunderstanding of the pensions information provided via dashboards and preventing people making detrimental decisions as a result.

MaPS is researching how best to create onward journeys from its dashboard, to support consumers in making decisions once they have viewed their pension information online. Its aim is to reduce detriment by supplying consumers with the guidance and support they need to make good financial decisions. This could be via its digital tools and information on MoneyHelper, which is open to anyone, or the Pension Wise service, which offers free telephone appointments about pensions freedoms to consumers over 50 years old.

Department for Work and Pensions

The Department for Work and Pensions (DWP) will create the regulations around pensions dashboards, which aim to minimise consumer detriment. The DWP legislation will also determine the conditions dashboards will have to meet to be a qualifying dashboard service. It plans to consult on regulations this winter, with the results of that consultation expected in summer 2022.

The DWP legislation will also detail the requirements of occupational pension schemes, which will set out what data they must send to dashboards.

Financial Conduct Authority

FCA will consult on and make the rules setting out the dashboard connection and data provision requirements for  personal and stakeholder pension providers.

In due course, HM Treasury will amend the Regulated Activities Order to introduce a new regulated activity of providing a pensions dashboard, thereby making dashboard providers subject to the FCA’s regulatory framework.

Existing regulatory frameworks and protections will, of course, continue to apply in respect of any other regulated activities that FCA authorised qualifying pension dashboard providers might choose to  offer consumers as part of any ‘off-dashboard’ onward journeys.

Find out more about FCA regulation of pensions dashboard providers.

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the regulatory body that upholds information rights and enforces compliance with the UK General Data Protection Regulation (UK GDPR), which covers the use and storage of personal data. Using a pensions dashboard will involve the transfer of small amounts of an individual’s personal data between dashboards and data providers, which will all take place within the parameters permitted by UK GDPR. However, the number of individuals using dashboards will create the scale.   

Pension providers – and their regulators

Although the regulations and rules are yet to be consulted on,  it is likely that pension schemes and providers will be responsible for ensuring that they:

  • find all matching pensions
  • produce and send correct data to users
  • only send data to a user authorised dashboard
  • do not hold on to users’ data after determining whether or not they have a matching pensions record for them

The pension provider regulators (TPR & FCA) also have enforcement and supervisory roles in relation to pension providers’ compliance with duties in respect of the operation of pension schemes.

Pension providers are identified as data controllers under UK GDPR. They are responsible for ensuring their members’ data is accurate, up-to-date, and not disclosed without member authorisation. The pension provider is responsible for setting its matching criteria and for the management of risk of mismatching. The pension provider is also responsible for returning the correct data to the user at their dashboard.

Some pension providers may choose to outsource their duties to connect to the pensions dashboards ecosystem to an integrated service provider (ISP). However, all the responsibilities for compliance remain with the pension provider, as the data controller and regulated entity.

Any breach of UK GDPR could result in ICO fines.

Financial Ombudsman Service

The Financial Ombudsman Service  was set up to help consumers resolve problems with regulated financial businesses – it has the power to help if dashboard providers treat consumers unfairly. The Financial Ombudsman Service is a free service and can award compensation up to £355K.

The Financial Ombudsman Service can consider complaints about FCA-regulated pension providers and advisers.

The Pensions Ombudsman

The Pensions Ombudsman offers a free and impartial service to help people resolve their occupational (employment-linked) or personal pension scheme disputes. The Pensions Ombudsman can consider and investigate complaints about the maladministration of pension schemes, as well as disputes of fact or law; and where a complaint cannot be resolved informally the Ombudsman may issue a binding determination, for which there is no maximum limit on redress.

While all parties will do all they can to protect consumers using pensions dashboards, it is not possible to eliminate risk entirely. Responsibility for the actions or decisions consumers make using the information displayed on a pensions dashboards rests with the consumer – although FOS and the FCA may still have an interest in the quality of financial advice a user receives.   

Shared responsibilities

Consumer protection is a focus of our ongoing work with the DWP, the regulators and the pensions industry. While PDP can work directly on the ecosystem design to reduce consumer harm, there are several areas, which require a coordinated approach.

Protecting against scams

PDP’s system design will protect against scams within the pensions dashboards ecosystem, as only FCA and TPR regulated entities will be able to operate within it.

Protecting pensions dashboards users from scams outside the ecosystem is a shared responsibility, which involves activity across a range of organisations, including government and the regulators. There are different types of risk here, which require separate mitigation activity.

  1. fake dashboards: consumers could unwittingly disclose personal information to a fake dashboard. Actions against bad actors require a coordinated approach across multiple parties, including the regulators
  2. scammers trying to access the ecosystem: PDP can mitigate this through robust ecosystem governance and security, working with FCA and TPR to ensure access is only granted to legitimate organisations
  3. scammers targeting people, once they’re in possession of their pensions information: consumers could make detrimental investments on receipt of scam information. There are a range of initiatives in place, to work against this type of behaviour. PDP can work to ensure there are warnings in place on dashboards and appropriate signposts to the impartial information and guidance offered by MoneyHelper and help users who want to find a regulated financial adviser

There are industry-wide initiatives such as Project Bloom, The Pensions Scams Industry Group plus initiatives run by the regulators and government, which aim to tackle scams in the pensions industry through a combination of education and enforcement. The FCA also runs the ScamSmart campaign, which provides information to consumers on how to avoid pension and investment scams.

There is also work underway to tackle false advertising: financial services advertisers on Google must now evidence they are authorised by the FCA or that they qualify for one of Google’s limited exemptions; and government is planning to consult on the role advertising can play in enabling online pension scams later in 2021.