The ICO exists to empower you through information.

Data protection and effective communications to consumers in relation to retail investments and pensions

Retail customers and pension scheme members should receive the information they need, at the right time, and in a way they can understand, while respecting their direct marketing preferences. This is crucial for creating an environment where customers can trust the information they receive, helping them to make informed decisions and pursue their financial goals.

We have heard from retail investment firms and pension providers that they would benefit from further regulatory clarity about how The Pension Regulator’s (TPR) Code of Practice and guidance on communications requirements and the Financial Conduct Authority’s (FCA) Consumer Duty interact with direct marketing rules under data protection law and regulations.

In brief

This statement is intended to provide greater clarity for firms and pension scheme trustees or managers to support their customers decision-making through their communications, in line with the FCA Consumer Duty and TPR’s Code of Practice and Guidance.

Firms can provide regulatory communication messages to retail customers and pension scheme members that provide neutral, factual information that supports them to make informed decisions about retail investments and pensions options, including at retirement.

UK data protection laws, including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR), do not stop firms from sending these regulatory communications. However, firms must ensure that they comply with data protection requirements.

In detail

Direct marketing and regulatory communication messages

Direct marketing is defined in data protection law as “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. UK data protection laws enable direct marketing to be done responsibly. Key requirements include:

  • Complying with data protection principles (eg fairness, lawfulness and transparency) when you process information about people.
  • Providing people with a right to object to and ‘opt-out’ of direct marketing, which you must respect.
  • Not sending electronic mail marketing (eg emails, text messages, direct messages on social media) to individuals unless:
    • they have specifically consented to receiving electronic mail marketing from you; or
    • they are an existing customer, and you gave them a simple way to ‘opt out’ of direct marketing, both when you first collected their details and in every message you have sent (this is known as the ‘soft opt-in’).

When a message is not direct marketing, it can be communicated to customers who have opted out of direct marketing, not consented, or when no ‘soft opt-in’ opportunity was available. The ICO’s guidance on direct marketing and regulatory communications helps firms determine if regulatory communication messages are likely to count as direct marketing.

Communications required under the Consumer Duty

The FCA’s Consumer Duty includes rules and guidance relating to how firms communicate with their customers. For example:

  • Principles for Businesses (PRIN) 2A.5.3R requires firms’ communications to equip their retail customers to make effective, timely and properly informed decisions.
  • PRIN 2A.5.5R requires firms to communicate before the purchase of a product and at suitable points throughout its lifecycle.

Firms are also required to act in good faith towards retail customers (PRIN 2A.2.1R and PRIN 2A.2.2R), enable and support retail customers to pursue their financial objectives (PRIN 2A.2.14R) and avoid causing (by act or omission) foreseeable harm to retail customers (PRIN 2A.2.8R and PRIN 2A.2.9R).

The FCA’s guidance on the Consumer Duty sets out how firms can use their communications to support good retail customer outcomes. There is flexibility for firms to decide how best to achieve this objective.

The Consumer Duty does not interfere with or replace other regulatory requirements and does not require firms to act in a way that is incompatible with any regulatory requirements, including data protection law.

Communications expected under TPR Code and Guidance

Various statutory requirements apply to pension scheme trustees or managers (including master trusts and collective defined contribution schemes) which require them to communicate with their members. These statutory requirements range from providing information when a member joins the pension scheme to ongoing communications updates, and reports.

TPR’s Code of Practice and Guidance are to help pension scheme providers and trustees better understand their obligations and how to comply with them. TPR expects pension schemes to consider broader communication strategies to support members to make informed decisions throughout their membership journey, including:

  • Understanding members’ views and needs in order to communicate with them at the right time, and in the right way, to help them make good decisions.
  • What additional information or explanation members may need to make informed decisions about their benefits. For defined contribution and hybrid pension schemes, regularly inform members of the impact their contributions will have on their overall benefits.
  • Utilising technology to enhance communication, such as online tools that model outcomes and show the effects of different choices, for example, how it affects outcomes if a member contributes more.
  • Guiding members to free resources like the MoneyHelper pension calculator.

Our joint position

Firms and pension scheme trustees or managers can provide regulatory communication messages to customers even if they don’t have direct marketing permissions from them, provided these messages are not direct marketing. The ICO’s direct marketing and regulatory communications guidance provides advice to firms on how to do this. To help ensure compliance, firms should use a neutral tone and avoid active promotion or encouragement when communicating facts to customers.

Importantly, the context and content of the message must be considered. There are illustrative examples included in the ICO’s guidance that demonstrate how regulatory communications can be drafted and delivered in different contexts, including where this might affect the interests of both customers and firms.

The law also does not prevent firms sending ‘service messages’ that tell customers important information that they need to know as part of relationship with the firm or pension scheme. These messages are for purely administrative or customer service purposes and don’t contain promotions or advertising.

Non-exhaustive examples of regulatory communications to retail customers and pension scheme members, that can be drafted in a way that are unlikely to be direct marketing 1, include:

  1. A message that warns a customer that they are at risk of harm from having an inadequate pension income in retirement due to their existing contribution rates; or from drawing down on their pension at an unsustainable rate.
  2. Helping a customer to understand their pensions or retail investments product or service, such as explaining jargon and signalling where consumers can go for support.
  3. Reminding customers of the option of consolidating their pension pots and the relevant factors around this, where that is appropriate for the client.
  4. Factually describing the details of different decumulation options to help customers make an informed choice.
  5. Noting where people can access free tools, such as pension tracing tools and savings or retirement income calculators.
  6. Informing a customer they are being transferred to another pension scheme.
  7. Giving a child trust fund owner important information about their account, where the account was opened for them during their childhood.
  8. Highlighting to a customer that they have unused Individual Savings Account (ISA) allowance towards the end of the tax year.
  9. Telling customers who are reaching the end of a term deal what their options are.

Please note that these examples are for illustration purposes only and may not be the only way to interpret the statutory requirements.

The ICO always welcomes feedback on the guidance it produces and will continue to support firms to comply with the law.

Conclusion

This statement is intended to provide some additional clarity for firms and pension scheme trustees to support their customers' decision-making through their communications, in line with the FCA Consumer Duty and TPR’s Code of Practice and guidance.

The FCA, ICO and TPR continue to work together to ensure firms have sufficient regulatory clarity about the interaction between their regimes. This includes for new proposals being considered as part of the FCA’s Advice Guidance Boundary Review, including the concept of targeted support.


1 When considering the example regulatory communications above, firms are reminded that they must also consider whether they are carrying out a regulated activity (for which the firm must be authorised or exempt), and whether the regulatory communication constitutes a financial promotion (for which the firm must be authorised, or the financial promotion approved or exempt).