Volume 2022 | Issue 26
Download this FYI as a printable PDF
The forthcoming introduction of pensions dashboards includes a new set of duties for trustees to comply with.
The Pensions Regulator will be responsible for overseeing trustees’ compliance with the requirements (with the FCA having a similar role for pension providers). It has published a consultation on its draft compliance and enforcement policy, for trustees and their advisers, setting out how it will regulate compliance with the dashboard duties.
Background
There is a huge amount of work being undertaken to prepare for pensions dashboards. In addition to the preparations by trustees, providers and their advisers, the government, regulators and other organisations are also involved in ensuring that pensions dashboards are a success.
The government has produced legislation, in the form of provisions in the Pension Schemes Act 2021 and recently finalised regulations, which come into force on 12 December 2022. The Pensions Dashboards Programme at the Money & Pensions Service (MaPS) has developed a suite of standards documents, which set out the technical detail on a number of practical issues not covered in the legislation.
The Regulator has now set out its plans for ensuring the compliance of occupational pension schemes with dashboard legislation and how it will approach cases where the requirements are not met. This includes some useful example scenarios where schemes will and will not fall foul of the Regulator in not meeting their obligations in particular cases.
The scope of the draft policy
The policy, which sits alongside the Regulator’s other policies and procedures such as its enforcement policy and monetary penalties policy, is aimed at trustees of occupational pension schemes, along with sponsoring employers, administrators and Integrated Service Providers (which allow trustees to connect to the dashboards’ digital architecture without them having to build their own find and view interfaces).
Separate FCA rules apply for pension providers, who are not in scope of the Regulator’s policy.
Policy principles
The Regulator’s proposed approach is driven by eight broad principles.
It recognises that delivering pensions dashboards represents a huge challenge for the pensions industry. The Regulator is keen to help trustees and advisers meet their duties and this will inform a pragmatic approach to compliance when it works with schemes to reach the best outcome for the members. However, cases of wilful or reckless non-compliance will see a robust enforcement approach taken.
A key focus will be the quality of the data held by schemes, as the success of dashboards relies on the quality of this data, both in terms of locating members, and ensuring that the information presented on dashboards can be trusted.
The Regulator will also focus on scheme governance as robust internal governance is key for ongoing compliance, which will enable the scheme to identify issues and risks early and put in place mitigations accordingly.
Key risk areas
The Regulator will focus on behaviours or breaches that it considers pose the greatest risk to a member’s ability to receive a complete and accurate picture of their pensions, and therefore make appropriate decisions.
Schemes’ connection to the dashboards ecosystem is necessary for members to be able to find and view all their pensions. The Regulator will focus strongly on connection compliance, (including but not limited to a scheme):
- not connecting by its statutory deadline;
- only connecting part of their membership/entitlements to the system; or
- failing to remain connected to the dashboards in line with MaPS’ standards.
Once connected, schemes will need to find members and return data as expected. It is critical that schemes connect the right pensions to the right member.
The Regulator is clear that it is only giving examples of areas that are of particular interest and it will continue to monitor and take action in other areas. Trustees should consider how they may mitigate these risks and ensure they have robust internal mechanisms to detect and deal with any that may transpire.
Compliance expectations
The Regulator expects trustees to have read, considered and implemented its guidance and that from MaPS where appropriate, as well as good practice industry guidance.
All schemes are expected to operate adequate internal controls, which includes (but is not limited to):
- thoroughly reviewing and assessing their data quality from multiple dimensions, and putting adequate controls around them for continuous improvement;
- having appropriate controls when selecting, appointing and managing service providers;
- having risk management processes in place, including processes to ensure the resolution of any issues between the scheme and any relevant third parties; and
- having processes in place to identify breaches of the law and, if necessary, reporting them to the Regulator.
Clear audit trails should be maintained to demonstrate how trustees prepared to comply with these duties. They should also keep a record of compliance as set out in MaPS’ reporting standards, and the steps taken to resolve any issues that arose, such as communications with third parties.
Trustees should keep records of their matching policy, and the steps taken to improve their data. This will give the Regulator a rounded and transparent view of how trustees have sought to comply with the legislation.
Third parties, such as advisers and employers, are expected to help and support schemes in meeting their duties appropriately.
Compliance monitoring
The Regulator will implement a framework for monitoring and identifying risk of non-compliance, using multiple sources of evidence. It will receive regular data from the dashboards system run by MaPS – data captured by the system itself (such as the connection status of schemes) and data sent through by schemes to the system (as per reporting standards), which will flow through to the Regulator.
Additional information may be requested from schemes where concerns are identified or where the Regulator is looking to identify best practice.
Existing duties around whistleblowing to the Regulator continue to apply.
How will the Regulator react to breaches of the law?
Where there has been a breach or suspected breach of legislation, the Regulator will consider if an investigation is appropriate and, if necessary, take regulatory action (including enforcement). Broadly, the more serious the matter, the more likely it is that action will follow. This means that persistent, intentional, wilful breaches, or where there are signs of dishonesty, are likely to be given a higher priority.
Any investigation or regulatory action will be risk-based and proportionate, subject to the particular circumstances and context of each case.
The Regulator will consider a range of factors before deciding whether action is necessary, which may include (but are not limited to):
- the nature and scale of the impact on the member(s);
- the number of members affected;
- whether a breach is the result of wilful non-compliance or if there are circumstances outside the scheme’s control;
- a scheme’s compliance history and the duration of any breaches;
- consideration of MaPS’ and the Regulator’s own guidance; and
- trustees’ openness and co-operation with the Regulator.
Comment
The proposed approach will be familiar to anyone who has interacted with the Regulator on automatic enrolment and seems entirely sensible. There is recognition of the amount of work trustees will need to undertake to ensure a scheme is ready to connect to the dashboards ecosystem and that breaches will occur.
Where trustees breach the legislation despite their best endeavours, they will find a Regulator willing to assist them. Should signs of wilful non-compliance be detected, trustees may well find themselves facing the full weight of the Regulator’s enforcement powers.