A great deal has been written about Pensions Dashboards since DWP published their feasibility study in December last year. Much of this coverage has focussed on perceived risks that could be created and on the multiple dashboards model proposed by the department. Many pundits have, with the best of intentions, misinterpreted key elements of the infrastructure and the risks that they pose. Three of the most common criticisms have been an increase in scams risk, lack of consumer benefit from multiple dashboards and cyber security risks. I’m here to set out exactly what the risks are, how they are mitigated and why it’s sometimes best to look at the detail rather than the hot takes.
Scams Risk
One of the concerns that is most frequently raised in relation to multiple dashboards is that it will add to the rising tide of pension scams. The argument goes that greater access to data on a variety of platforms will make it easier for scammers to beguile customers into parting with their hard-earned savings and therefore there should only be one centralised dashboard. Whilst this does seem sensible on first reading, it does not hold up when you examine how pension scams are perpetrated or the way in which a multiple dashboard environment will function.
Pension scams are, at their core, confidence tricks. Unscrupulous individuals take advantage of people’s lack of financial capability and use the same tactics as other confidence tricksters to convince consumers to take actions that cause severe detriment. The only difference between a pensions scammer and the snake oil salesmen of old is the type of product (fictious hotels rather than useless ointments) and the scale of impact (small outlay on useless items vs life savings).
The data regarding how much lifetime savings someone has is of course an important element to such scams - after all, scammers are likely to go after marks with greater value. However how you get that data is less important than what you do with it. The University of Exeter did a great piece of work for the Office of Fair Trading where they analysed different types of financial scams and why they work. Put simply certain techniques are used to short circuit people’s sense of suspicion and convince them to hand over their savings. This process involves appealing to certain “visceral triggers”, using tendencies that involve the spinal cord rather than the brain. Loss aversion is a well-documented flaw in human reasoning, and suggesting that a sponsoring employer of a pension scheme is likely to become insolvent activates this primal feeling. Similarly, greed can be a very powerful motivator, with the promise of high returns, especially when combined with a time limitation (this offer is only available for the next two weeks). When scammers apply the right sort of pressure, they can produce a reaction that bypasses our usual cognitive faculties with disastrous consequences.
All of the elements articulated above are equally applicable to a single dashboard as they are to multiple dashboards. A scammer could send out a mass email with a link to a single central dashboard asking people to reply with the valuation of their pots for a “free pension review” and the whole manipulative process starts from there. The risk factor here is exactly the same regardless of whether you have one monolithic dashboard or many regulated ones. The only way to not increase risk in this sense would be to keep data in their current siloes and not give consumers the digital access that consumer research shows they want.
The most effective way to tackle scams is not to limit the ways in which consumers can access their data, it is to limit the statutory right to transfer. If the auguries are to be believed we are expecting a Pensions Bill this year, at the same time as liberalising the way in which consumers access their data, government should limit the destinations to which they can transfer their long-term savings. This would then give senior managers and trustees the powers they need to prevent severe consumer detriment. Expanding the protection of consumers in tandem with expanding their access to data is of course the right thing to do, but doesn’t have to come at the expense of choice and innovation.
Consumer Benefits of Multiple Dashboards
Not only do multiple dashboards not present a greater scams risk than a single version, but they will in fact benefit consumers greatly. There are two key reasons for this: usage and innovation.
Put simply the more dashboards there are, the more likely consumers are to use them. The ultimate aim of the policy is to reconnect people with lost pension pots and encourage them to engage with them. A single central dashboard will serve both of these aims poorly. People tend not to engage with guidance services until later on in their lives meaning there is going to be relatively little “footfall” for a single dashboard. The industry will risk creating a very useful tool that is only used by a small part of the population. Pension pots will continue to proliferate in isolation and won’t be consolidated, meaning that consumers do not benefit from economies of scale in terms of their investment and will have lower incomes in retirement.
By contrast multiple dashboards would mean more consumers looking at their data and taking action. Your average thirty-year-old might not look at the MAPS website, but they will probably use a mobile banking app. They might even use their Trade Unions website to keep track of their membership or an employee portal to book their annual leave. All of these contact points are potential hosts of pensions dashboards. Lloyds Banking Group are already showing their retail banking customers pensions they have with Scottish Widows, leading to a significant increase in engagement. Between them Fintech pioneers Starling Bank, Monzo and Revolut have nearly 5 million customers. Refusing to use these connections to engage with digitally savvy consumers would be a missed opportunity of the highest degree. By allowing a federated model you allow consumers to choose how they want to engage, a privilege that has been extended to them in almost all other areas of their financial lives. This is not to say that just anyone should be able to offer dashboard type services, much like in the world of Open Banking, a strong system of regulation should be established. This regulation should include business model analysis to ensure that data is being used for appropriate purposes.
As single dashboard model would represent a massive missed opportunity for a step change in how consumers engage. We should be looking to create the engagement tools of the future rather than risk creating an underused service in the pursuit of purity.
Cyber Security and the Pensions Dashboard
Another criticism that is levelled at the ecosystem that DWP proposed as that it will pose a cyber security risk. High profile data breaches like Talk Talk and Equifax have understandably made people nervous about data sharing. However, the structure that has been proposed is specifically designed to mitigate these risks.
The first type of cyber risk that people think of is of course a data breach. These kinds of risks are at their greatest when large amounts of data are stored in the same place. The architecture proposed by DWP is specifically designed to avoid this. Providers and trustees will continue to maintain their own databases which will be accessed by dashboards. Dashboards themselves will also be barred from holding customer data for longer than they have specific permission for. Like in Open Banking, consumers will have to give their permission at least once every three months or all the data held will have to be deleted.
The second type of cyber risk is that someone acting in bad faith will be able to access the infrastructure in order to harvest information like National Insurance Numbers or Dates of Birth. In order to prevent this, DWP are proposing that a governance register should be created to hold a list of all those who are approved to access the data sharing infrastructure. In order to get on this list, companies will have to demonstrate that they have hit the right standards of technology and are run by suitably trustworthy individuals. Put simply, if you’re not on the list you’re not coming in. This means that someone wanting to access the infrastructure for nefarious purposes would have to set up either a pension scheme or a dashboard, hit all of the technical standards, pass fit and proper tests and then and only then would they be able to sit in on the messaging system that will power dashboards. It should be noted that even if a dubious character decided to go through these relatively herculean tasks, they would be permanently at risk of being discovered and shut out for not adhering to the strict code of conduct that is envisaged. IAs a high risk and fairly low reward venture, it just wouldn’t be a particularly efficient use of criminal’s time.
It’s often easy to be critical of government and the way they deliver projects. A great deal of ink has been spilt critiquing DWP’s efforts thus far on the dashboard and the time it is has taken to get to where we are now. It cannot, however, be said that the model that has been put forward is unsafe. A great deal of thought went into the feasibility study and it produced a template that will make consumers safer and better informed.
Matt works as a Policy Adviser in the Long Term Savings team working on issues relating to the Retirement Market and pensions technology. Before joining the ABI Matt worked for the Pensions and Lifetime Savings Association, advising on issues relating to the DC Pensions market with a particular emphasis on Master Trusts.