There is a requirement for ongoing connection, which is explained in further detail in the Money and Pensions Service (MaPS) code of connection. You need to be able to demonstrate to MaPS that you are able to comply with this. If you are using a connection provider to assist your connection, your provider will handle this requirement on your behalf.
Your scheme must target availability of at least 99.5% of the time, 24 hours each day, seven days of the week, measured on a calendar monthly basis. This means if you are considering something that may potentially disrupt connection, such as a change of administrator or IT provider, you should plan this carefully to minimise disruption. MaPS are regularly updating their guidance on their connection hub, which you should monitor to understand this requirement. Additionally, you should maintain a robust audit trial, which includes the planning process and any risk management measures put in place, for example, in the case of a change of administrator.
For any scheduled unavailable time, such as maintenance work or change of provider, you will need to notify MaPS at least five working days in advance.
You will also need to:
- update your systems when MaPS makes any updates or changes to standards
- keep the scheme’s information on the Governance Register up to date
If you fail to meet MaPS standards and requests, your scheme could be automatically disconnected. This may have regulatory consequences for you and we may take compliance and enforcement action.
Record-keeping requirements
The key information that requires recording (and later reporting through MaPS reporting standards), includes:
- number of connections your scheme has used to connect to the digital architecture (for example, if you have multiple sections with different providers)
- number of your relevant member records which have been connected
- number of your relevant member records which have not yet been connected
- number of view requests received and the time taken to respond to each one
- start and end time of each instance where your scheme’s ability to find members was unavailable, along with the reasons for any unavailability
- in the situation where you are unable to perform the functions to return value data to members, you need to capture the start and end time of each instance where your scheme was unable to do this, along with the relevant reasons
- in the situation where the scheme is only able to return part of the value data items, you need to capture the number of value data items where they were unavailable and the relevant reasons
- number of value data items that are not provided within the timescales set out in the regulations
You should keep records of complaints related to pensions dashboards for six years. This should include volumes, the nature of complaints (in particular whether this relates to a missing pension or inaccurate value information) and outcomes. The records should be accessible to MaPS and The Pensions Regulator upon request.
You will also need to keep a record of:
- how you have carried out steps set out in guidance on connection, or other steps you’ve taken to achieve connection
- how you have carried out steps to remediate any issues which may occur, and how you are monitoring the progress of your plan for these
- your matching criteria
You will need to keep a record of this information for at least six years from the end of the scheme year to which it relates.
Reporting requirements
The routine reporting of the information set out in MaPS’ reporting standards is not yet required. MaPS will give notice of when this requirement will come into effect, though this is not expected to be before October 2025.
Once routine reporting is required, you will need to report certain information through the digital architecture to help MaPS and us to monitor your compliance with legal requirements and the performance of the digital architecture.
You need to work with your third-party providers to ensure your system is able to generate, record and report the data as required. You should keep these data records for six years.
Your existing duties to make breach of law reports as appropriate still apply. We have expanded our reporting breaches guidance to include specific dashboard examples which include circumstances where a provider should consider reporting a breach to us.