Standards webinar 2: connecting to the ecosystem

This was the second in a 3-part series of webinars to support our consultation.  This webinar focused on connecting to the ecosystem and the standards and guidance pension providers and dashboards providers will need to be able to connect.  We introduced the code of connection (comprising of the security, service and operational standards), the technical standards, the connection process and guidance for pension providers and our guidance for early connection. 

These Q&A’s detail the questions asked by attendees and the answers given by the panel during the webinar.

As a Third Party Administrator who will be “subscribing” to an integrated service provider (ISP), the first two sections of this presentation seem more linked to ISP providers. Am I correct?

Yes, in practice, we expect most pension providers to be connecting via third parties (such as ISPs). So the implementation of these standards will be undertaken by third parties who will connect to the ecosystem on their behalf, rather than the pension provider connecting directly themselves. As the regulated entity to whom the standards apply, the pension providers will still be accountable for their compliance, but the third parties doing the connecting would be the ones actually implementing them.

When do we need to start our connection process if we’re connecting via an ISP?

You should allow up to 30 working days to complete registration and connection via an already-connected third party. This means, for all but the first cohort of pension providers to connect, that you will need to come to PDP ahead of your connection window opens, since the legislation will give you a window of a month, you should allow 30 days for us to connect you, and we won’t necessarily be able to grant your first preferences for your chosen connection day. In practice we expect it to take no more than a week to connect via a third party, but we advise you to allow 30 days to be sure.

Why do we need to build in time to consult with TPR if you’re not going to consult with them every time?

First of all we have to be led by TPR when they wish to be consulted. We’ll raise the issue of publication with them as part of the discussion.

Until you operationalise this then we can’t really answer your consultation questions.

We appreciate that. But we’ve got to come up with a starting position, which we can amend once in place. But to help us start in the best position, we’re looking for your comments and feedback, please.

As a third party pensions administrator (30 schemes) do we register as pensions provider once or 30 times?

If you’re connecting multiple clients, you will need to register as a data provider connecting to the ecosystem (going through testing, service acceptance and transition to live) only once, and then subsequently just register pension providers connecting via your connection when they connect via your established connection.

Do you think the 1 week to 30 days lead time for connection via third party could lead data providers to leave decisions a little late? Wouldn’t good governance suggest that they should have a longer lead time to ensure proper diligence for connections and contracts with an ISP?

We’re clear in our guidance materials for pension providers (see our steps to connection on the data providers hub) that pension providers need to think about how they’ll connect early and start getting ready. The 30 days is for a pension provider to register via a connected third party – the pension provider will need to have started thinking about this well in advance and already have decided and made contractual arrangements with the ISP ahead of this.

Do we know what testing will be needed from August 23 to DAP? Hard to plan without knowing.

The connection testing requirements for connecting parties will not be affected by this. In advance of the dashboards available point, we will also be doing further user testing to continue to improve the service and user experience, but the connection testing requirements as set out in the code of connection are separate from this.

Is PDP’s expectation that contracts between trustees and ISPs / administrators would require ISPs / administrators to comply with the detail of the standards and statutory guidance? So that trustees have reassurance as the parties which are ultimately liable?

Yes it is the responsibility of the trustee to ensure a third party acting on their behalf be that as an ISP or administrator follows the standards.

Do you think that the 2 seconds for return of view data is overly optimistic and prescriptive?

We’re proposing 2 under seconds because it prioritises a fast response and therefore good user experience for the consumer. We are keen to understand, however, whether this would create a barrier to calculating real-time values, and have asked a question on this in our consultation, and would be grateful for views on this.

You mentioned adding multiple schemes as a data provider will be an easy process. What is the process for registering?

Our connection process and guidance document sets out what the connection process looks like for both connecting directly, and connecting via a third party. Connecting as subsequent pension providers being added to an existing connected data provider is much quicker and simpler, and just involves:
(1) Registering as pension provider associated with the connected endpoint – providing necessary pension provider information
(2) Confirming the 3rd party’s IT health check still holds, and
(3) Submit operational change request to link the pension provider to the endpoint

When we say pension provider level connection, is that at FCA firm reference level? Some firms / providers have multiple entities still.

The standards (and legislation) will apply to FCA-authorised firms at the firm level.

When scheme is connected to the dashboard via ISP, who will be liable in respect of any failures to meet the ongoing adherence to the Maps standards or if connection to the dashboard goes down? The regulators expect 24/7 connection to the dashboard. Failure to meet the standards or keep a stable connection to the dashboard can result in fines or regulatory enforcement. Who will be liable for any fines from the regulator for any loss of connection to the dashboard, for whatever reason?

The regulated entity (occupational pension scheme or provider of personal pensions) will be accountable for compliance with the standards, but they may delegate the implementation to a third party.

If a find request is missed due to (scheduled or unscheduled) downtime, is there an expectation it will be served when service is restored, and if not, will the person searching be informed which providers did not respond?

The service standards in the code of connection set out that in the event of non-response by your find interface, after three retry attempts, your endpoint will be deemed to be down. After retry failure, you must restore your service within 2 hours. The backlog of find requests should be processed accordingly. Data is not saved in the central digital architecture (CTA).

We are exploring innovative ways of keeping the consumer informed.

How will compliance with requirements such as response times be monitored? Will PDP inform schemes / ISPs if they are failing to meet these standards or will this be left to TPR?

Reporting has been developed from the central technical architecture (CTA) to provide data to the regulators to monitor adherence to standards.

PDP will also work with participants to try to resolve issues but ultimately the regulators will be responsible for monitoring, supervising and enforcing pension providers’ compliance with their legal duties. TPR will be consulting on their proposed approach to compliance later this Autumn.

Just a follow up question to supplying the view data. Has thought been given to the roll out of the pensions dashboards service to the public, and potential for a large uptake in requests in a short period of time. This might overwhelm even the best ISP?

The DWP have consulted on the notice period the government will give to industry in advance of the Dashboards Available Point – the point at which the service is opened up and launched to the public as a whole, and the government is considering the steps industry will need to take to prepare for this. The DWP consultation committed to the government working transparently with MaPS and industry to provide updates on plans for the DAP well in advance of the formal notice, to enable industry to prepare.