By Carl Stanford at BWCI
carl.stanford@bwcigroup.com
“scheme governance
a key focus of the new code”
What is expected to be the final version of the UK Pensions Regulator’s (TPR) “General Code of Practice” was published in January 2024. The pensions industry has been waiting for some considerable time for this document, with an earlier draft having previously been issued for consultation almost 3 years earlier, back in March 2021; it is expected to come into force on 27 March 2024.
Running to 170 pages, it is a substantial document. However, it does consolidate and update 10 of TPR’s other codes. The new code covers five main areas:
- Governing body
- Funding & Investments
- Administration
- Communications
- Reporting
TPR has said that it hopes that the Code will provide “consistent expectations, regardless of scheme type and so far as legislation permits” across all types of governing body. It is notable that over a third of these 170 pages are dedicated to scheme governance; a key focus of the new code.
Effective System of Governance (“ESOG”)
The code states that all pension schemes must have systems of governance and internal controls that:
- Provide the governing body with oversight of the day-to-day operations of the scheme.
- Include any delegated activities for which the governing body remains accountable.
- Provide the governing body with assurances that their scheme is operating correctly and in accordance with the law.
The code emphasises that an effective system of governance (ESOG”) should be proportionate to the size, nature, scale and complexity of the activities of the scheme.
Own Risk Assessment (ORA)
Schemes which are required to have an ESOG and have 100 members or more must carry out and document an “own risk assessment” or “ORA”. Again, this needs to be proportionate to the size, nature and complexity of the scheme and must be signed off by the chair of the governing body.
The ORA documentation should record how the governing body has assessed the effectiveness of each of the policies and procedures covered by the ORA and whether they are considered effective and why. While schemes with fewer than 100 members are not obliged to carry out an ORA, TPR anticipates that “governing bodies of other schemes may carry out an ORA as an example of good practice”.
Schemes will have at least two years from the effective date of the code to complete their first ORA. Subsequently, the assessment will have to be completed at least once every three years.
Remuneration Policy
Governing bodies of schemes with more than 100 members should have a written remuneration policy that will need to be reviewed at least every three years, but in most cases annually or when there are significant changes to a scheme’s governance arrangements. This policy only needs to cover the costs that the governing body is responsible for paying.
Cyber controls
Governing bodies are expected to have knowledge and understanding of cyber risk, assess vulnerabilities, adopt suitable policies and maintain a response plan for cyber incidents to ensure scheme continuity.
Actions
While the Code is designed specifically for UK schemes, the general guidance provided on a wide range of areas could be a useful summary of good practice for some other schemes; including those established in the Channel Islands and the Isle of Man. It is important that all pension schemes’ governing bodies:
- Identify relevant risks, governance requirements and areas that the scheme needs to focus on
- Test existing governance systems to check that the current procedures are robust
- Identify any gaps in existing governance processes and decide how these will be addressed and in what priority order.
- Keep all policies, procedures and processes under regular review