What are our standards and why are they important?
The draft Regulations propose to delegate authority to the Money and Pensions Service (MaPS) to set standards, specifications and technical requirements (which we refer to as standards) for pensions dashboards ecosystem participants, such as pension providers and qualifying pensions dashboard providers. This is under the Pension Schemes Act 2021.
The purpose of these standards is to ensure the security, stability and effective operation of the pensions dashboards ecosystem.
The standards will set out a raft of technical and operational detail underpinning the primary and secondary legislation and outline the requirements for participants. These requirements were not available at the time of the passing of the Pension Schemes Act 2021 or the proposed Regulations.
The standards also provide more flexibility than primary or secondary legislation, allowing for further iteration and development as the service matures: as a digital service, the pensions dashboards ecosystem needs to be able to implement changes in service requirements in a simple and timely manner, without amending legislation.
Therefore, the Pension Schemes Act 2021 makes provision for MaPS to set standards in matters relating to the practical operation of pensions dashboards services and the digital infrastructure upon which they depend, and the draft Regulations propose delegating this authority to MaPS, and set the scope of each set of standards. The Regulations expand MaPS’ functions to include publishing initial pensions dashboards standards, as part of its role in delivering the central digital architecture that will make dashboards possible and to provide the day-to-day governance for the ecosystem. (The long-term ownership of the digital architecture and responsibility for governance of the ecosystem is still to be decided.)
These standards will be mandatory requirements on pensions dashboards and pension providers, detailing how operationally, technically or in practice they must meet the duties set out in the regulations/rules. Uniform mandatory requirements on all pensions dashboards ecosystem participants are necessary to ensure the ecosystem functions effectively and efficiently, and to ensure that the ecosystem works for consumers and puts the interests of consumers first. Because of their importance to the operation of pensions dashboards, adherence to these standards will be mandatory.
In effect, MaPS’ standards for the pensions dashboards ecosystem provide a third, tertiary layer of the legislative framework for pensions dashboards, beneath the primary legislation (the Pension Schemes Act 2021) and the secondary legislation (the draft Regulations on which the Department for Work and Pensions (DWP) is currently consulting).
Because of the importance of the standards for the security, stability and credibility of pensions dashboards, serious non-compliance will lead to disconnection from the pensions dashboards ecosystem, as well as potential regulatory action.
Failure to adhere to the standards will be evidence of breach of legal requirements and may be used by the Financial Conduct Authority (FCA) or The Pensions Regulator (TPR) in any regulatory action.
What are we publishing now?
We’re publishing information about our standards and how we’ll go about setting them, to support the DWP’s consultation on its draft Regulations. Our intention is to provide information for respondents to the DWP’s consultation about what our standards will cover and what they will require of participants, to inform respondents’ submissions to the DWP about the proposals to delegate this authority to MaPS.
While we hope the information will be useful and support respondents to respond to the DWP consultation, we want to make it clear that this is information about standards, and not the standards themselves. These documents are neither comprehensive nor binding on anyone and are not definitive. Rather, we aim to provide an overview of the standards, their scope and the areas we expect the standards to cover, how we will go about developing the standards, and some indicative examples of what we see as the likely direction of travel or what we expect they may look like.
What standards will there be and what will they cover?
We will set out our requirements in the following standards:
- Data standards – the data formatting requirements pension providers must follow when returning pensions data.
- Technical standards – the requirements for how pension providers and dashboard providers interface with the central digital architecture and with each other, including connectivity mechanisms, protocols for authorising the sharing of information, and the generation and registration of PeIs.
- Design standards – requirements for presentation of the pensions data on dashboards and design of the dashboards, covering accessibility, messaging, signposting, onward customer journeys.
- Reporting standards – the data required from pensions dashboards and pension providers to monitor the health of the pensions dashboards ecosystem, compliance and performance.
In addition, we will publish a code of connection addressing how to connect to the digital architecture that will incorporate the following standards:
- Security standards – the technical, procedural, physical, and people standards to ensure security of the ecosystem.
- Service standards – the minimum service requirements and required behaviour of participants, including service availability and response times, software compliance, software interoperability, dealing with failed requests, connection state changes (including planned interruption to information technology systems) and when to notify the Money and Pensions Service of personnel changes.
- Operational standards – the operational processes participants must follow to connect to the ecosystem and to maintain connection, including onboarding procedures, dispute management and escalation, service level failure protocols and how frequently to check for newly registered pension identifiers or changes to the registration of existing ones.
Standards and guidance
In addition to the formal requirements in the standards, the code of connection will contain practical guidance on how to implement the standards. We are working on whether it is best to set out our requirements in the standards or this guidance.
We will also provide guidance for pension schemes and pensions dashboard providers, which will primarily explain how they can best prepare themselves to be part of the pensions dashboard ecosystem. Following this guidance will not be mandatory; however, we would suggest that a pension scheme or pensions dashboard provider should have a good reason, if they choose not to follow it. This will especially be the case with our connection guidance (to be developed) and data guidance, as the DWP proposes that pension schemes and dashboard providers will be required to have regard to it.
How will we manage the standards?
The standards will all have rules and controls that set out clearly:
- the minimum version of the standard that must be supported
- deprecation and compatibility policy, where applicable
- change process (including engaging with DWP, TPR and FCA and consultation)
- change frequency and implementation, and the notice period before updates come into effect
- curation (notification, publication)
- community involvement in developing the standards
- monitoring and issue resolution
- exceptional circumstances policy
We will set out our proposals for these rules and controls when we consult on the standards later this year. While we are yet to determine precise details of the rules, controls and procedures for standards management, wherever possible, we will seek to harmonise procedures and rules, to simplify governance of the standards and make them as simple to adhere to as possible, while ensuring they are effective and achieve their purposes of providing ecosystem security, stability and effectiveness. In broad terms, the approach we are developing to this governance and control model is as follows:
We will develop initial standards in collaboration with industry and consult on them before seeking approval from the Secretary of State. Our aim is to consult on these proposed initial standards shortly after DWP introduces the Regulations to Parliament.
Subsequent major changes to standards will also be developed in collaboration with industry, consulted on, and approved by the Secretary of State. Examples of substantial changes could include:
- technological developments (incurring significant resource to implement)
- changes in the way the schemes are required to connect and receive or return information (eg an upgrade of the API standard to a newer technology stack, or the use of new security software)
- substantial changes to business processes required to meet duties (eg additional reporting requirements that mean pension providers or dashboard providers are required to supply significantly more information, or more regular reports to MaPS for monitoring purposes)
The central technical architecture also leverages open standards managed externally to pensions dashboards, so in collaboration with our supplier, we will take an active role in monitoring and where necessary influencing changes to that standard (UMA).
The government has issued consultation principles and we will follow them, where applicable.
To help with responses to the DWP’s consultation, we are working on the assumption we will amend standards no more frequently than once per year in normal circumstances, and at around the same time each year. Similarly, we will want to provide at least a year’s notice before a change becomes effective, given the time it takes to implement system changes. This is unlikely to apply to the first set of standards for some pension schemes and pension dashboards. Nor will it apply in exceptional circumstances; however, we recognise we need a separate implementation policy for this.
All standards will specify the full range of available versions (including a minimum version). Participants must choose to adopt one of the specified, available versions.
Where applicable a clear end of life policy will be specified for each standard version, including lead time for retirement and conditions under which a standard version will be retired.
Each standard will set out which versions are available to be used when connecting to the pensions dashboards service, while remaining interoperable with other participants and the pensions dashboard service.
Where participants experience issues with implementing the standards, we envisage that these will be addressed through collaboration with the Pensions Dashboards Programme (PDP) and the applicable industry group, to make recommendations or provide support in addressing a participant’s issue. Should the issue prove to be of a more endemic nature, the community as a whole will look to address the issue and make recommendations on a course of action.
Adherence to standards is mandatory, and non-adherence will be considered as evidence by FCA and TPR of a breach of legal requirements. We expect that in most cases, any potential non-adherence is a minor technical or operational issue, and could be simply resolved by a ‘word in the ear’, and we will put in place processes to support dashboards and pension providers to address any potential non-adherence. However, since adherence to the standards is an important requirement, and vital to the security, stability and credibility of the pensions dashboards ecosystem, we will also put in place processes to escalate if required, and ultimately we reserve the right to remove participants from the ecosystem. For pension providers, this would of course mean they would be in breach of their legal duties as set out in the Regulations/rules to be connected, to search records for any matches and register PeIs in response to find requests, and to return view data.
MaPS will be responsible for the curation and publishing of standards developed for the pensions dashboards ecosystem. We will define the medium for publishing in collaboration with the pensions industry and our digital architecture supplier
What happens next?
We will develop the standards and guidance, working with our industry working groups, as well as our suppliers, plus the volunteer data and dashboard providers participating in early (alpha) testing. We will also work closely with our partners at the FCA and TPR as we develop the standards, as our standards will make legal requirements of their regulated communities.
As a public body introducing requirements on pension providers and dashboards providers, MaPS is acutely aware of its responsibility to adhere to public law principles, including its duty to consider how to consult appropriately with affected parties and stakeholders.
We expect to consult on the first versions of the standards in summer 2022, with them coming into force after the Regulations are in place (when we formally get the authority). The DWP’s proposed Regulations would require approval of the first set of standards by the Secretary of State, which we will seek at the earliest opportunity, to provide industry with certainty on the requirements as soon as possible.
PDP is already working with industry stakeholders on some of these standards through a number of working groups:
- Data working group (DWG) – data standards
- primary purpose – to enable subject matter experts, spanning all the different sectors of the pensions industry, to bring to bear their knowledge and experience in helping define a set the data standards for pensions dashboards
- membership – selected membership from across the different sectors of the pensions industry
- Ecosystem technical working group (ETWG) – technical standards
- primary purpose – to enable subject matter experts, from organisations planning to connect to the central digital architecture, to bring to bear their knowledge and experience in helping refine a set of technical standards that will be used to connect to the central digital architecture
- membership – initially participation in the group is open to all interested parties wishing to contribute to the technical standards, with the objective of connecting to the central digital architecture
- Usability working group (UWG) – design standards
- primary purpose – to ensure user input into the development of the Pensions Dashboards Service including design standards
- membership – selected organisations from the following three broad categories with which it aims to achieve a balanced mix of representation across the pensions sector
- Integration and test working group – all of the above
- primary purpose – co-ordinate and prioritise onboarding, test and integration activities exercising all standards
- membership – is made up of data providers and dashboard providers participating in testing
These groups’ membership and format will change over time as pensions dashboards mature.
Register your interest in getting involved with the development of standards at firstname.lastname@example.org.