FCA regulation of pensions dashboard providers
During the passage of the Pensions Schemes Act through Parliament, the Government committed to making the provision of a pensions dashboard (by a party other than the Money and Pensions Service) a regulated activity under the Financial Services and Markets Act 2000 (FSMA).
A person may not carry on a regulated activity in the UK (or purport to do so) unless they are either an authorised person or an exempt person. Breaching this general prohibition is a criminal offence.
Therefore, when the appropriate legislative change is made, any entity that wishes to become a pension dashboard provider must obtain FCA authorisation to do so. Once authorised, the pension dashboard provider will be subject to FCA regulation and their details will be published on the Financial Services Register.
Authorisation is an important mechanism through which the FCA can prevent:
- the occurrence of harm to consumers
- barriers to effective competition
- damage to market integrity
The authorisation process ensures that all regulated firms meet common sets of minimum standards. They must meet these requirements before the FCA will authorise them. The FCA refers to these standards as the Threshold Conditions. Below is is a summary of the FCA Threshold Conditions in Schedule 6 of FSMA and its guidance in the ‘COND‘ part of its Handbook:
- the location of offices – the firm must have its head offices (and its registered office, if it has one) in the UK. The meaning of this includes, but is not limited to, the central management and control of the firm being present in the UK
- the FCA’s ability to supervise them effectively – if, for example, an applicant firm is part of a wider group, the FCA must be able to understand the wider group’s impact on the applicant firm
- appropriate resources – the firm must have appropriate financial and non-financial resources and systems to deliver their products or services. This includes having the right people for the proposed business
- suitability to conduct the business – the firm must have suitably qualified people and a well thought-through conduct risk framework (a clear definition of conduct risks, systems and controls for mitigating them and risk indicators for monitoring them)
- business model – the firm’s business model (ie strategy for doing business) must be suitable for a person carrying on the regulated activities that the firm seeks to carry out
In assessing whether firms and individuals meet their standards, the FCA reviews, among other things, business plans, risks, budgets, resources, systems, controls and whether key staff have the necessary qualifications, experience and ability to carry out their roles effectively.
The FCA also considers factors that have an impact on governance and culture, which are central to improving individual accountability and conduct standards. The typical patterns of behaviour and ways of thinking of individuals in a firm create its culture and are embedded over the lifetime of a firm. It uses authorisation to test the most significant drivers of behaviour that can create cultures which lead to harm. These include a firm’s purpose, its leadership, its approach to rewarding and managing people and its governance arrangements.
The FCA expects firms to take regulation seriously and plan how they will meet the standards of the regulatory system before they apply. When it considers the extent to which a firm has planned ahead it asks itself whether the applicant is ready, willing and organised.
Firms that are granted authorisation are expected to continue meeting the threshold conditions for as long as they are authorised. If they fail to do so, the FCA can take a range of actions, including varying or cancelling firms’ FSMA authorisation.
Regulatory obligations for authorised providers of a qualifying pensions dashboard
The FCA will consult in due course on the full set of regulatory requirements and expectations for FCA authorised providers of qualifying pensions dashboards. In advance of this, parties interested in seeking authorisation for this activity can begin to consider many of the high-level standards in the FCA Handbook that apply to all FCA regulated firms, for example:
- Principles for Businesses (PRIN) – the fundamental obligations that firms must comply with at all times as they conduct their day-to-day business. They underpin other, more detailed rules and guidance in the Handbook. For example, the SYSC sourcebook amplifies Principle 3, under which a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. A number of the Principles impose requirements on firms in relation to their customers, for example:
- Principle 6 – a firm must pay due regard to the interests of its consumers and treat them fairly
- Principle 7 – A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading
If a firm breaches the Principles they become liable to disciplinary sanctions
- Systems and Controls (SYSC) – the organisational systems, controls and compliance arrangements that firms should have in place to protect consumers and comply with regulatory obligations to them, for example:
- SYSC 5 requires firms to employ personnel with necessary skills, knowledge and expertise
- SYSC 6 requires firms to maintain policies and procedures that ensure compliance with the regulatory system
- SYSC 9 requires orderly record keeping
- General Provisions (GEN) – covers the administrative duties that apply to the firms we regulate. The intention of these rules is to make sure consumers are not misled, that all firms operate on a level playing field and that firms are transparent about their regulatory status
The application of other elements of the FCA’s Handbook will necessarily be tailored to the regulated activity itself (and the risks it presents). These include, for example:
- the Supervision sourcebook (SUP)
- the Senior Managers and Certification Regime (SYSC 23), which assigns and governs individual accountability for conduct and competence
- the dispute resolution sourcebook (DISP)
Dashboard specific rules
The nature of any additional dashboard-specific FCA rules on which it might need to consult will:
- have regard to the emerging detail of the ecosystem design and build
- take into account its role in the areas of shared responsibility on which it is working collaboratively with Government, PDP, MaPS, and TPR and Government
- be informed by PDP’s user research and prototype testing
Applying for authorisation – some practical considerations
Prospective pension dashboard provider firms will have to apply to the FCA for authorisation when its gateway for applications opens. The timing of this will be set out in its future consultation. The FCA aims to determine applications in a timely fashion, and certainly within the statutory deadline which Parliament put in place. This is a maximum of six months from the point at which a firm provides all the information the application form asks for, or if it contains some incomplete information, a maximum of 12 months from when the FCA receives the initial application. The better the quality of the application submitted, the more quickly the FCA is likely to be able to reach a decision.
FCA experience shows that firms and individuals do not always meet all the threshold conditions, when they first apply to be authorised. There are limits to what the FCA should and can do to help a firm or individual meet the conditions for authorisation, although it will provide assistance as is reasonable, given its resources. FCA experience also shows that some firms are simply not ready to meet the conditions for authorisation or registration. In these circumstances, it will formally recommend refusal of a firm’s application. Firms have the ability to withdraw their application at any time during the authorisations process. They may wish to do so to take on the FCA’s feedback, strengthen their application and re-apply at a later date.
Once authorised, if a firm wishes to carry out additional regulated activities that it doesn’t have the necessary permission for, it will need to submit a Variation of Permission application. Similarly, if a firm ceases to carry out a regulated activity, it should apply to vary its permissions to remove this particular activity. Additionally, if the ownership (control) of a firm is to change, a Change in Control application must be submitted to the FCA. The FCA can object to a change or increase in control on various grounds, including the reputation, knowledge, skills and experience of the proposed controller who will direct or have influence over the firm, if it is deemed unsuitable.