http://www.legislation.gov.uk/id/uksi/2022/1220

PART 2Prescribed requirements for qualifying pensions dashboard services

Qualifying pensions dashboard services6

This Part prescribes the requirements to be satisfied in order for a pensions dashboard service to come within the meaning of “qualifying pensions dashboard service” for the purposes of sections 238A(2) and 238F(3) of the Pensions Act 2004.

Cooperation - providers7

A provider of a pensions dashboard service (referred to in this Part as “a provider”) must cooperate with the Money and Pensions Service to assist with the exercise of its functions in relation to pensions dashboard services, including providing information in accordance with standards referred to in this Part.

Connection and functionality8

1

A provider must—

a

b

meet the requirements in paragraphs (2) to (6).

2

The provider must connect its pensions dashboard service to the Money and Pensions Service in compliance with—

a

connection and security standards, and

b

technical standards,

published from time to time by the Money and Pensions Service.

3

The provider must ensure that its pensions dashboard service complies with service standards and operational standards published from time to time by the Money and Pensions Service.

4

The provider must—

a

if the consent of the user is provided, immediately seek to obtain the user’s registered pension identifier from the Money and Pensions Service;

b

if the user has given consent to a delegate to access the user’s view data, and if the pensions dashboard service allows for delegated access, enable the delegate to access the user’s view data;

c

provide a link to the Money and Pensions Service to enable a user to review, revoke or amend the consents referred to in sub-paragraphs (a) and (b).

5

The provider must issue a view request if—

a

a pension identifier has been obtained,

b

the user requests their view data or state pension information, and

c

the consent of the user is provided in relation to the provider issuing a view request or requesting state pensions information for the user.

6

The provider must notify the Money and Pensions Service without delay of any—

a

connection state changes, such as downtime (whether scheduled or unscheduled) or maintenance, or

b

systemic issues, such as cyber-attacks that could affect the security of the dashboards ecosystem.

7

For the purposes of this regulation, a “delegate” must be—

a

a Money and Pensions Service guider (meaning a person from the Money and Pensions Service whose role involves guiding users of pensions dashboard services),

b

a person who has permission under Part 4A of the Financial Services and Markets Act 20008 (permission to carry on regulated activities) to advise on either of the following—

i

investments as referred to in article 53(1) of the Financial Services and Markets Act 2000 (Regulated Activities) Order 20019;

ii

conversion or transfer of pension benefits as referred to in article 53E(1) of the Financial Services and Markets Act 2000 (Regulated Activities) Order 200110, or

c

another person whom the Money and Pensions Service considers appropriate.

8

For the purposes of this regulation and regulation 11, a “view request” also includes a request made by a qualifying pensions dashboard service or by the pensions dashboard service provided by the Money and Pensions Service to a specified authorised person pursuant to section 137FAA (FCA general rules: pensions dashboards) of the Financial Services and Markets Act 200011.

9

For the purposes of this regulation and regulations 9 and 11, “view data” also includes similar data provided by a personal or stakeholder pension scheme pursuant to rules made under section 137FAA (FCA general rules: pensions dashboards).

View data9

1

A pensions dashboard service must display to the individual concerned the view data provided by a pension scheme—

a

as soon as it is received, and

b

without charge.

2

The presentation by a pensions dashboard service of view data, and of general information about using the pensions dashboard service and accessing the service to see view data, must accord with design standards published from time to time by the Money and Pensions Service.

3

A pensions dashboard service must not store view data, unless the view data is stored in the form of temporary caching and for the sole purpose of displaying the view data in a single session.

State pension information10

1

A pensions dashboard service must display to the individual concerned whichever of the following information is provided by the Secretary of State—

a

state pension information12;

b

notice that state pension information, or an element of state pension information, is unavailable;

c

supporting messages.

2

Information referred to in paragraph (1) must be displayed—

a

without delay, and

b

without charge.

3

The content and manner of display of supporting messages must accord with standards on state pension information published from time to time by the Secretary of State covering the following—

a

generic messages;

b

messages relating to the user’s state pension information;

c

messages to indicate where further information relating to the state pension information provided is available;

d

messages for display where state pension information has not been provided by the Secretary of State;

e

any other messages relating to state pension information that has been provided by the Secretary of State.

4

The presentation by a pensions dashboard service of information referred to in paragraph (1), and of general information about using the pensions dashboard service and accessing the service to see state pension information, must accord with design standards published from time to time by the Money and Pensions Service.

5

A pensions dashboard service—

a

must only display information referred to in sub-paragraphs (a) to (c) of paragraph (1) which is provided by the Secretary of State, and

b

must not store such information other than in the form of temporary caching and for the sole purpose of displaying it in a single session.

6

For the purposes of this regulation—

a

a reference to “state pension information”, in relation to an individual, is to be read as including a reference to the tax years upon which the state pension information referred to in section 42(7) of the Child Support, Pensions and Social Security Act 200013 is based, (where “tax year” means a period beginning with 6th April in one year and ending with 5th April in the next year);

b

“element of state pension information” refers to any of the information relating to an individual that is listed in paragraphs (a) to (e) of section 42(7) of the Child Support, Pensions and Social Security Act 2000;

c

“supporting messages” means—

i

messages relating to state pension information;

ii

messages to be displayed when state pension information, or an element of state pension information, is unavailable.

Operational information and reporting11

1

A provider must provide operational information upon request to any of the following—

a

the Money and Pensions Service;

b

the Regulator;

c

the Financial Conduct Authority;

d

the Secretary of State,

in accordance with reporting standards published from time to time by the Money and Pensions Service or by the Regulator or by the Financial Conduct Authority.

2

In this regulation, “operational information” means information that is relevant to—

a

the operation of pensions dashboard services;

b

monitoring compliance with the requirements prescribed in this Part;

c

supporting the functions of the Regulator in respect of Parts 3 and 4 of these Regulations.

3

Information referred to in paragraph (2) may include (but is not limited to)—

a

analytical and statistical information relating to the delivery of pensions dashboard services;

b

information on missing data, data formatting, and data received from pension schemes;

c

survey data collected from its users to assist with evaluation of the pensions dashboard service;

d

information on—

i

the number of view requests issued in respect of each pension scheme;

ii

view data returned by pension schemes in response to view requests, which may include (but is not limited to) response times and instances of pensions information not being made available within the required timeframe;

iii

any aspect of the processing of an individual’s request for pensions information.

4

Information referred to in this regulation must be retained on record by the provider for at least 6 years from the end of the calendar year to which it relates.

Information on making a complaint12

1

A provider must provide users with information on how to make a complaint relating to the pensions dashboard service that it provides, or to acts or omissions of the provider.

2

This must include a link to the central complaints process for the Money and Pensions Service.

3

In this regulation, “the central complaints process for the Money and Pensions Service” means a service to help users understand what help is available if things go wrong and their available routes to redress.

Enabling auditing13

1

A provider must—

a

procure and enable an independent person to audit whether or not the provider and their pensions dashboard service are compliant with the requirements in this Part—

i

both prior to connection and on an annual basis thereafter, and

ii

as far as possible covering the entire 12-month period between an initial or earlier report and the next one;

b

report the outcome of the auditing process to the Money and Pensions Service, by no later than whichever of the following is appropriate in the circumstances—

i

20 working days beginning with the day after the date of the initial audit report, or

ii

one year and 20 working days beginning with the day after the date of a previous audit report.

2

In relation to paragraph (1)—

a

a provider must—

i

work with the independent person to identify, and must seek to rectify, any areas of non-compliance;

ii

cover the costs of the auditing process;

b

a report on the outcome of the auditing process must—

i

include an assessment as to the extent of any compliance or lack thereof;

ii

in respect of any non-compliance, state—

aa

what measures have been put in place to secure compliance, and

bb

that, in the view of the independent person, these measures are adequate to secure compliance within a reasonable period.

3

In this regulation, “independent person” means a person—

a

who is independent of the provider, and

b

whom the provider reasonably concludes is suitably qualified or experienced to carry out the tasks referred to in this regulation.