The Pensions Regulator has published its General Code of Practice, setting out its expectations for good governance in occupational, personal and public service pension schemes. The Code has been laid before Parliament and is expected to take effect on 27 March 2024.

What does the Code cover and how will it be applied?

The Code consolidates and replaces 10 of the Regulator's 16 existing codes of practice into an updated, online version. The Code is also designed to help trustees comply with their duty to establish and operate an effective system of governance, including internal controls (see below). This duty was introduced in UK legislation in January 2019 to implement the second European pensions directive (IORP II) but the Regulator's expectations have not been specified until now.

Some of the content of the Code will only apply to certain schemes. For example, authorised master trusts remain subject to separate governance requirements and only schemes with 100 or more members are required to carry out an own risk assessment.

The Code states that trustees should "use their judgement as to what is a reasonable and suitable method of ensuring compliance for their scheme". Although the Code is not legally binding, it can be used in legal proceedings as evidence in support of a claim of non-compliance with a legal requirement. The Regulator may also cite its expectations, as set out in the Code, when taking enforcement action.

Effective system of governance (ESOG)

In essence, the ESOG consists of the policies and processes that the trustees have in place for governing the scheme. It must be proportionate to the size, nature, scale and complexity of the scheme. The Code does not prescribe what is needed in every case, recognising that different approaches may be appropriate for different schemes.

Own risk assessment (ORA)

The Code sets out how the Regulator expects schemes to carry out and document an "own risk assessment" of their system of governance. This is an internal assessment of the risks the scheme faces, how well the scheme's governance systems are working, and the way risks are managed.

The deadline for completing the first ORA will depend on when a scheme year begins, for example:

Next scheme year end date

Deadline for completing first ORA*

31 March 2024

31 March 2026

30 June 2024

30 June 2026

30 September 2024

30 September 2026


*The deadline may be later than this, depending on the date for submitting the next statutory actuarial valuation or for producing the first annual chair's statement.

What is not in the Code?

Trustees will still need to keep abreast of the five areas not in scope of the Code. For instance, the Code does not replace the Regulator's Codes of Practice concerning notifiable events or funding defined benefits, which are being updated separately to reflect changes to be introduced under the Pension Schemes Act 2021.

Actions for trustee agenda

Trustees of schemes that fall within the scope of the Code should keep the following actions on their agenda:

  • Gap analysis on ESOG: Check whether your ESOG addresses the expectations set out in the Code – e.g. review existing policies and set a plan to address any gaps identified. This should be proportionate to your scheme but ensure that the scheme has written policies addressing new areas included in the Code such as remuneration, cyber security and outsourcing.

  • The first ORA: Prepare and document your first ORA within 12 months after the end of the first scheme year that begins after the Regulator issues the Code (or any later deadline which applies, as set out above).

  • Risk management function: Establish a risk management function appropriate for your scheme and adopt written policies regarding its operation.

  • Future reviews: Ensure that you are equipped to carry out regular reviews (at least every three years) of your ESOG. This can done as part of your ORA, which also must be completed at least every three years. Reviews can be completed in stages over the three year period if appropriate.

  • Member communications: Check that the scheme has made statements and policies available to members as set out in the Code, including online as required. Helpfully, the Regulator has now removed its expectation that trustees should publish their remuneration policy.

  • Trustee knowledge and understanding (TKU): Consider undertaking trustee training on the updated Code and address any gaps in meeting the Regulator's expectations for TKU as set out in the Code.

We will be producing more in-depth articles on the five sections of the Code (the Governing Body, Funding and Investment, Administration, Communications and Disclosure, and Reporting to the Regulator). Please let us know if you would like training on the Code, including on any of these areas.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.