Draft Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2024 Debate
Full Debate: Read Full DebateDepartment: HM Treasury
Peter Grant
Main Page: Peter Grant (Scottish National Party - Glenrothes)Department Debates - View all Peter Grant's debates with the HM Treasury
Draft Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2024
Peter Grant Excerpts(3 months, 2 weeks ago)
General CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Peter Grant (Glenrothes) (SNP)
I will also support the order, but I too have some questions. Too often in the pensions field, we have seen the Government and the regulators act in two ways. I doubt that any of us are without constituents who have been affected by scandals such as those at London Capital & Finance, the Atomic Energy Authority pension scheme and the British Steel pension scheme—the list goes on and on. There cannot be any doubt that the way in which the Government moved in the mid-2000s and the 2010s made it easier for people to do different things with their pensions. That is how they saw it. It also made it far too easy for people to get caught out and scammed out of their pensions. The risks were not properly thought through at the time and, to a large extent, we are still playing catch up.
The victims of some of the schemes that I mentioned still have not got the money back, and some of them never will. Could the Minister give more detail on what specific criteria applicants will need to satisfy in order to be allowed to operate a pension dashboard, and what follow-up action will there be? How will we make sure either the Government or the Financial Conduct Authority will be able to make sure that a business that met the criteria at the start continues to meet it after two years, three years, five years and so on?
I want to reiterate some of the issues raised by the hon. Member for Wansbeck about security standards, particularly for information security. This is clearly going to be an area of interest to the Information Commissioner’s Office because it is responsible for the protection of personal data in any circumstances. It concerns me when a legal regulatory responsibility is split between two regulators, especially when one of those regulators is the FCA. Too often we have seen catastrophes that could have been prevented were it not for the fact that the Financial Conduct Authority thought it was somebody else’s job to regulate and somebody else thought it was the FCA’s job. Can the Minister give a bit more detail about where precisely the regulatory boundary will lie between the Financial Conduct Authority and the Information Commissioner’s Office? How will he make sure that, if there is a problem with where that boundary lies, it will mean that two people try to intervene rather than them both standing back and assuming that it is other person’s responsibility?
Assuming that the data on someone’s dashboard will have to have come from, for example, the Money and Pensions Service, and that that service will have to have brought information about somebody’s state pension, possibly indirectly, from the Department for Work and Pensions, what will the Minister do to make sure that the people who hold the initial information—such as the DWP or the Money and Pensions Service—are not legally permitted to share that data with anyone until after the registration has been fully cleared? What will he do to ensure that they stop providing that information immediately if, for any reason, the registration comes into doubt?
It is one thing to say that firms will not be allowed to operate these systems if they are not registered, but we should also surely say that those who provide information into a system and who provide access to electronic means of exchanging information have a responsibility as well. If the Money and Pensions Service has authorisation to hold somebody’s personal data, surely it can only release that information with the service user’s explicit permission, and it should not be allowed to do that until after it has been approved by the Financial Conduct Authority.
Finally, will there be any restrictions on the operators of a dashboard using the information that will be held there for any other purposes? Will they be allowed to use that information to provide helpful advice—as they would see it—to push their own products? Will they be allowed to suggest to somebody, “I see you’re getting a pension from so and so—have you thought about shifting it to somewhere else? Because you would do better out of that.”
There is a very grey area between the provision of information and the provision of pension advice. Again, far too many people have been caught out because they were given what they thought was independent advice, but what was actually a sales pitch for particular pension schemes. Could the Minister please explain what steps are contained either within this order, or elsewhere, to make sure that the benefits of the pension dashboards, which I agree could be very significant for the pension holder, will not be tempered, or even undone completely, by placing the holder at greater risk of suffering the fate that far too many of my, and all our constituents, have already suffered? They put their pensions somewhere they thought was safe, but when the time came to collect those pensions, they discovered that they had disappeared.
Bim Afolami
A lot of interesting points have been made, and I will address those made by the hon. Member for Hampstead and Kilburn, who raised the broader policy agenda around open banking. In response to her question about whether I will take a holistic view, the answer is yes. It is important to see all of these things in one picture, and I am doing a lot of work with the industry on that.
However, it is important to see that there are fundamental differences between the goals of open banking and pension dashboards—and this also addresses some of the points made by the hon. Member for Glenrothes. Open banking seeks to enable data sharing and increased competition and innovation in the banking market, whereas pension dashboards will help increase consumer awareness and understanding of their pensions. Therefore, in terms of what the purpose of those services are, we are talking about a difference between producers and consumers. One of the key differences is that it would be very unusual for somebody not to know the provider of their bank account, whereas we know that people have lost track of their pensions—often because they have so many different pots.
On the hon. Lady’s question about whether pension dashboards will use the Government’s One Login service, the short answer is that I do not know, but I am happy to write to her on that. I confess that I will have to check that myself, and I thank her for that question. On the hon. Lady’s question about timing, this SI is the beginning of the process whereby, as soon as possible, we will make sure that the architecture is developed safely.
That takes me on to not just the hon. Lady’s point, but also the point made by hon. Member for Glenrothes about minimising the risk of people losing their data. It is important for the Committee to know that no data is stored on pension dashboards. As a result, it is not possible to mass-harvest individuals’ data via dashboards technology. As for the Money and Pensions Service, security standards are designed to ensure that the ecosystem interface of qualifying pension dashboards meet the appropriate level—
Peter Grant
I appreciate the Minister’s reassurances, but he will be aware that it was not possible for anybody at Fujitsu to mess about with the information held on Horizon until somebody discovered that it was possible. Without going into too much detail, at what level of expertise and at what level of independence from the whole project are the assurances of IT security being tested?
Bim Afolami
The hon. Gentleman asks at what level. In terms of the Money and Pensions Service, it is the National Cyber Security Centre that is advising specifically on these. I am happy to talk to him about it in future weeks and months, but that is the level of seriousness with which we take this issue.
When it comes to other private sector providers, as we talked about at the beginning of the debate, the FCA will determine at which point they are able to connect to the technical architecture. There are various dependencies, including the time required for them to familiarise themselves with the rules, when the architecture is ready and various other things, but the FCA will determine that. Why? I go back to the whole purpose of this statutory instrument: the FCA will make sure that this is a regulated activity to address the concerns of the Committee and others, because it is very important, as we all agree.
The SI introduces an important addition to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 to ensure that pension dashboard operators are appropriately regulated and that consumers are protected. I am glad that there appears to be broad support from the Committee for the aims of the order. I thank Committee members for this debate, which I hope they have found informative, and I hope that they will join me in supporting this secondary legislation.
Question put and agreed to.