The Pensions Regulator laid the long-awaited new general code in parliament yesterday, after a consultation in 2021. The new general code's laying period lasts for 40 days and is expected to come into force on 27 March 2024. Once in force, it will apply to trustees and managers of all occupational, personal and public service pension schemes in the UK (although there are various exemptions for schemes with less than 100 members).

The general code: a reminder

The general code combines and updates ten existing codes of practice that set out the Regulator's expectations on scheme governance and administration. The main focus of the general code remains on the operation of an effective system of scheme governance and administration. It also remains the case that the general code should be applied proportionately depending on the scheme's size, type and the complexities of its activities. The general code is not legally binding and there is no direct penalty for failing to comply with it. That said, the Regulator, the Pensions Ombudsman and the Courts are likely to take into account the expectations set out in the general code when dealing with a scheme.

A number of changes have been made to the general code since the consultation draft. While the majority of these changes are clarificatory and set out existing legal requirements in more detail, there are some elements that are new, for example, in relation to knowledge and understanding, and ensuring schemes have diverse and inclusive governing bodies. Many schemes have already undertaken some work in preparing for the new general code, principally by carrying out an analysis of where gaps exist in their existing governance arrangements. In our experience of helping trustees with this gap analysis, well governed schemes are already meeting most of the Regulator's expectations save for those areas which are completely new under the general code.

Key takeaways

We set out below some of the key areas where we consider further work will be required by most trustee boards to ensure they are meeting the Regulator's expectations.

  • Diversity and inclusion:the Regulator published its equality, diversity and inclusion (EDI) guidance for pension scheme governing bodies and employers in March 2023 and has been promoting diversity and inclusion on trustee boards for some time. The general code has incorporated and reflected some of the Regulator's expectations for developing more diverse and inclusive trustee boards. The Regulator expects trustee boards to be well balanced and diverse, with its members demonstrating varied skills, knowledge and experience. Recruitment practices (for both company and member-nominated trustees) should be regularly reviewed and assessed to ensure they are inclusive and attract a diverse spread of trustees. The Regulator's website has examples of communications for member-nominated-trustee appointments that have been designed to achieve this and which can be used by trustee boards.
  • Knowledge and understanding: the general code lists a number of items that each trustee should have a working knowledge of. These lists are new and include, for example, the key features and processes of investment management, custody arrangements (including monitoring and record keeping) and the nature of financial risk (including the risk/reward profile of each major asset class and basic principles of matching assets). An assessment will need to be carried out by trustee boards to understand whether there are gaps in any of the board members' knowledge. Consideration will also need to be given of how to best help new trustees build their knowledge of the different listed items that are relevant to their scheme.
  • Remuneration and fee policy: the requirement for a remuneration policy featured in the consultation draft and is something that, in our experience, most schemes do not currently have. The policy should set out the basis and means for paying those undertaking activities in relation to the scheme that are paid for by the trustees. This includes trustees, service providers and anyone who effectively runs the scheme, carries out key functions or whose activities materially impact the scheme's risk profile. The consultation draft also required the policy to cover those undertaking activities for the scheme that are paid for by the employer but, helpfully, this has been removed from the final version, as has the expectation that it will be published on the scheme's website. The policy should be aligned with the scheme's long-term interest and help assess the value of the remunerated services, set out the principles for determining pay and the decision-making process for payment levels, be reviewed at least every three years (but in most cases annually will be appropriate), and explain the decision-making process for the levels of remuneration and why these are considered appropriate.
  • Own risk assessment: Trustees should carry out and document their own risk assessment (ORA) as part of the effective system of governance (ESOG) to assess how well the ESOG is working and the way potential risks are managed. The first ORA has to be prepared and documented within 12 months beginning with the last day of the first scheme year that begins after the general code has come into force. The ORA should document the effectiveness of and risks arising from each policy and procedure and should be completed at least every three years. The first ORA is likely to be a substantial piece of work and so trustees should develop a project plan sooner rather than later, particular given the many other demands schemes are facing. The Regulator may consider failure to complete an ORA as an indicator of poor governance.
  • Business continuity plans: Trustees should have a resilient business continuity plan (BCP) that sets out key actions in case of a range of events occurring that impact the scheme's operations. They should also set out roles and responsibilities within the BCP and agree these with service providers, decide which scheme activities will be prioritised in the event of the BCP being triggered, and ensure advisers and service providers also have a BCP in place to maintain services to the scheme. In reality, schemes will be heavily reliant on their third party service providers and, possibly, the sponsoring employer for ensuring the scheme's activities can continue following an adverse event. Trustees will, therefore, need to consider how their policy fits with the continuity plans of these parties.
  • Cyber security:Trustees should assess and manage cyber risks regularly to tackle the ongoing threat posed by cyber criminals. The Regulator expects trustees to assess vulnerability to cyber incidents, consider accessing specialist skills and expertise to understand and manage any cyber risks and receive regular reports from service providers on cyber risks and incidents. The Regulator recently updated its guidance on cyber security principles to request trustees and scheme providers to report significant cyber incidents as soon as reasonably practicable on a voluntary basis even though there is no legal obligation to do so. The Regulator's updated guidance sets out the practical steps trustees can take to meet the expectations in the general code.

The amount of work each scheme will have to do to meet the expectations in the general code will vary, depending on existing governance arrangements and how much work was done following the consultation being issued in 2021. For some it may be little more than addressing the above points and ensuring that their existing arrangements are clearly documented, perhaps in an overarching compliance policy/document (which could simply refer to other policies already in place). For others, it will be a much more substantial piece of work. Indeed, the Regulator commented in its press release that there is a subset of trustees who are disengaged and falling short of the Regulator's expectations. Whether the publication of the general code will have any impact on the way those schemes are run remains to be seen.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.