You are viewing the version of the document as on 2024-12-23.

PDCOB 16.1 General record-keeping provisions

PDCOB 16.1.1 G

1 Firms will need to decide what records they need to keep in line with the high-level record-keeping requirements elsewhere in the FCA Handbook, including in the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) (see SYSC 4.1.5B and SYSC 9.1.1R) and in SYSC 3, eg, SYSC 3.2.24R, for insurers, as well as for their own business needs.

PDCOB 16.1.2 R

1In order to deal with requests for information from the FCA, as well as queries and complaints from customers, firms must keep sufficient evidence and must make and maintain adequate records of how they have complied with the requirements in PDCOB, including evidence of the specific requirements set out in PDCOB 16.2 to PDCOB 16.12.

PDCOB 16.1.3 R

1In complying with the record-keeping rules in this chapter, a firm must not retain the personal data of customers, save as necessary in order to show compliance with the rules – for example, where the record is of correspondence with an individual arising out of a complaint or enquiry.

PDCOB 16.1.4 G

1A firm may seek to comply with the record-keeping rules in this chapter by keeping a visual record, such as screenshots, of the relevant stages of the pensions dashboard platform and screenshots of where the advertising is placed on the platform and how the advertisements are presented.

Duration of record retention

PDCOB 16.1.5 R

1A firm must retain each record referred to in this sourcebook for at least 6 years.

PDCOB 16.2 Specific record-keeping requirements: the customer journey

PDCOB 16.2.1 R

1A firm must make and keep a record of the information customers were presented with at each stage of the pensions dashboard platform and how the information was presented.

PDCOB 16.2.2 R

1Each time there is a material change to the information described in PDCOB 16.2.1R, the firm must keep a record of that updated information and the dates when each version could be accessed by a customer.

3PDCOB 16.2.1 R

1A material change is anything that could have an impact on the way a customer may understand the services offered on the pensions dashboard platform, or the way in which a customer is able to use the services, which includes (but is not limited to):

  1. (1)

    adding or removing advertising or changing its method of marketing; and

  2. (2)

    adding or removing functionality.

PDCOB 16.3 Specific record-keeping requirements: customer volumes

PDCOB 16.3.1 R

1A firm must make and keep a record of:

  1. (1)

    the number of customers using their pensions dashboard platform;

  2. (2)

    the number of customers using their post-view services;

  3. (3)

    the number of customers using each of their post-view services;

  4. (4)

    the total number of times their post-view services are used;

  5. (5)

    the total number of times each of their post-view services are used; and

  6. (6)

    in relation to data export:

    1. (a)

      the number of customers deciding to export their data in accordance with PDCOB 11;

    2. (b)

      the number of customers using data export to the firm; and

    3. (c)

      the total number of times that data export has been used.

PDCOB 16.4 Specific record-keeping requirements: warning and signposting

PDCOB 16.4.1 R

1A firm must make and keep a record of each version of the warning and signposting information provided to customers to comply with PDCOB 5 and the dates that each version was available to a customer.

PDCOB 16.5 Specific record-keeping requirements: advertisements

PDCOB 16.5.1 R
  1. (1)

    1A firm must make and keep a record of the advertisements which it places on the pensions dashboard platform, and how those advertisements are placed, including the size, prominence and positioning of the advertisements.

  2. (2)

    A firm must make and keep a record of the steps it has taken to comply with PDCOB 6.3.4R.

  3. (3)

    A firm must make and keep a record of the remuneration it receives for placing advertisements.

  4. (4)

    A firm must make and keep a record of the checks which it has conducted to comply with PDCOB 6.3.3R.

PDCOB 16.6 Specific record-keeping requirements: consents

PDCOB 16.6.1 R

1A firm must make and keep a record of the text and presentation of consent options:

  1. (1)

    for cookies or similar tracking technologies; and

  2. (2)

    for direct marketing purposes.

PDCOB 16.7 Specific record-keeping requirements: choice architecture

PDCOB 16.7.1 R

1A firm must make and maintain a record of:

  1. (1)

    all versions or iterations of the choice architecture, including the language and format used and the dates each version or iteration was made available to customers;

  2. (2)

    how many customers select each of the choices presented to them by the firm; and

  3. (3)

    each version of the exit communications presented to customers.

PDCOB 16.8 Specific record-keeping requirements: third party dashboard arrangements

PDCOB 16.8.1 R

1A firm must make and keep a record of any third-party dashboard arrangement into which it enters, including the contractual terms of agreements entered into, and of any changes to such arrangements.

PDCOB 16.9 Specific record-keeping requirements: data export

PDCOB 16.9.1 R

1A firm must make and keep a record of:

  1. (1)

    the information presented to the customer prior to their data export election;

  2. (2)

    where data export to the customer is used, the warnings and messages displayed to customers in accordance with PDCOB 11.4.1R, PDCOB 11.4.2R and PDCOB 11.4.6R;

  3. (3)

    where data export to the firm is used, the warnings and messages displayed to customers in accordance with PDCOB 11.5.1R.

  4. (4)

    the text and presentation of consent options for data export storage in accordance with PDCOB 11.6.2R by a firm; and

  5. (5)

    the consent of the customer.

PDCOB 16.10 Specific record-keeping requirements: data protection impact assessments

PDCOB 16.10.1 R

1Where a firm completes, or updates, a data protection impact assessment in relation to its pensions dashboard platform, it must keep a record of that assessment.

PDCOB 16.10.2 R

1Where a firm decides not to complete a data protection impact assessment in relation to its pensions dashboard platform, it must make a record of its reasons for not completing the assessment and retain that record.

PDCOB 16.11 Specific record-keeping requirements: post-view services

PDCOB 16.11.1 R

1A firm must keep a record of:

  1. (1)

    the information which it provides to customers to comply with PDCOB 12.5.1R;

  2. (2)

    the post-view services offered and the dates when they were available;

  3. (3)

    the purpose of the post-view services offered; and

  4. (4)

    details of changes to any post-view services included where post-view services are added or removed.

PDCOB 16.11.2 R

1A firm must make an adequate record of the user testing it has conducted to comply with PDCOB 12.3.1R(2), including a record of what, if anything, was changed as a result of the testing.

PDCOB 16.12 Specific record-keeping requirements: prudential requirements

PDCOB 16.12.1 R

1A firm must make a written record of the assessments required under PDCOB 13.8.4R. In particular, it must make a written record of:

  1. (1)

    the major sources of risk identified in accordance with PDCOB 13.8.4R; and

  2. (2)

    how it intends to deal with those risks.

PDCOB 16.12.2 R

1A firm must retain the records of its assessments referred to in PDCOB 16.12.1R for at least 3 years.