Easy to use, accessible and clearer: the new single online code is the place where everyone can find all the information currently contained in 10 codes of practice for the Regulator.
The new code has the potential to bring together codes, guidance and the Trustee Toolkit.
The table below shows which codes of practice are being replaced by the new code.
Expectations, requirements or statements of the law?
It’s important to bear in mind that the codes of practice set out TPR’s expectations for the conduct and practice of those who must meet the requirements set in pensions legislation but they are not statements of the law, except in certain circumstances set out in legislation.
However, even though in most cases there is not a specific penalty for failing to follow a code of practice, TPR may rely on codes of practice in legal proceedings as evidence that a requirement has not been met and the court must take a code of practice into account when considering their verdict.
Governing bodies
The new code is addressed to various pension professionals and, to provide consistency, a new term has been used: governing bodies. This new term groups trustees or managers of occupational pension schemes, managers of personal pension schemes, and scheme managers and pension boards of public service schemes.
However, as some expectations are applicable only to specific audiences (for example the trustees) and not the generic “governing bodies”, the code also uses the specific term when relevant.
We have listed below the different areas introduced or receiving greater detail in the new code.
1-Internal control – Own risk assessment (ORA)
There is no secret, a well-run scheme is a scheme with robust internal controls.
Policies, processes and procedures (that together form the internal control of a scheme) that work correctly and are regularly checked and adjusted to the changing needs are a guarantee for a smooth running of a scheme.
If yours is a private sector scheme with 100 or more members, you, as a governing body, have the new requirement to carry out and document an ORA.
What is an ORA?
The ORA will identify the key governance risks facing your scheme and the governing body need to use the findings:
·In the management of your scheme and the decision-making processes;
·to adjust existing processes and procedures or create new ones; and
·to identify the areas of work that you need to undertake.
Areas covered by the ORA
The Regulator requires that the governing body carries out an ORA that is proportionate to the size, nature and complexity of its scheme.
The areas that should be covered when carrying out an ORA are set out below.
Documentation
The governing body should:
ensure the ORA is in writing
provide the ORA documentation to all members of the governing body
ensure the ORA documentation is available on request
make sure the chair of the governing body signs off the ORA
The governing body should record:
the date on which the ORA has been prepared
the date on which the next ORA will be prepared
details of any interim reviews or updates that the governing body has carried out or plans to carry out
The ORA documentation should cover:
how the governing body has assessed the effectiveness of each of the policies and procedures covered by the ORA
whether the governing body considers the operation of the policies and procedures to be effective and why
The Regulator states that, to meet their expectations, the ORA should consider the effectiveness of, and risks arising from, each element listed below.
Policies for the governing body
How the governing body is integrating risk assessment and mitigation into the management and decision-making processes.
The operation of policies relating to the:
Risk management policies
The operation of policies to identify and assess risks facing the scheme.
Continuity planning for the scheme and, where applicable, how it has performed.
The internal control policies and procedures for the scheme.
Management of potential internal conflicts of interest, and those with participating employers and service providers.
The prevention of conflicts of interest where the employer and governing body use the same service provider.
Investment
The scheme’s investment governance processes.
How investment performance is reviewed and monitored.
How the governing body assesses investment risks relating to climate change, the use of resources and the environment.
How the governing body assesses social risks to the scheme’s investments.
How the governing body considers the potential for depreciation of assets arising from regulatory or societal change.
How the governing body assesses the protection mechanisms available to the scheme, including how these might apply and the risks of them not functioning as intended.
How the governing body ensures the security of assets and their liquidity when they are required.
How the governing body assesses the protection of member benefits in the event of the insolvency of a sponsoring or participating employer, or a decision to discontinue the scheme.
Additional investment matters for DB schemes
How the governing body assesses the scheme's funding needs with reference to its recovery plan.
How the governing body assesses the specific risks relating to the indexation of benefits provided by the scheme.
Administration
How the governing body assesses the risks associated with the scheme’s administration with particular reference to financial transactions, scheme records and receiving contributions.
Action the governing body takes to manage overdue contributions considering the degree to which they represent material amounts or delays.
Payment of benefits, where applicable
How the governing body assesses operational risks, focusing on the risk to members and beneficiaries relating to record-keeping and payment of benefits.
The governing body’s management of risks relating to circumstances where accrued pension benefits may be reduced, under which conditions and by whom.
The governing body’s management of the risk of member benefits being reduced or altered, including on the insolvency of a sponsoring or participating employer or the cessation of the scheme.
We have also set out below a chart which we hope will help you to navigate this new requirement.
2- Cyber security
Cyber security is a topic already addressed by the Regulator but the single code now places direct expectations on security and maintenance of scheme data.
The expectations will apply only to certain schemes (yet to be determined), but the Regulator strongly encourages all schemes to adopt as many of the expectations as possible.
3- Environmental, social and governance (ESG)
As concern about climate change and social responsibility grow, the new code introduces the following two modules that address matters in these areas:
1- Stewardship focuses on the governance responsibilities that come with financial investments; and
2- climate change and the risks and opportunities it presents.
4- Financial transactions
The new code also introduces a new module on financial transactions which contains expectations that apply to DB, DC, or hybrid schemes.
The new code is not in force yet but, if you want to have a look at the early version, please click here.