The Pensions Regulator's General Code has arrived and will apply from March 27, 2024. In this briefing, we take a step back from the detail. We set out why the General Code really matters and how pension scheme trustees can best make it work for them.
This is a significant moment, five years in the making. For some trustees it may also seem a daunting moment, being faced with 170 pages of expectations and best practice about everything from the role of the chair through stewardship of investments to service providers' cyber controls. But while all trustees will need to act – most particularly, in deciding how they will approach an own-risk assessment – many should find that they are already largely governing their schemes in accordance with expectations.
Content
Why the General Code matters
The Regulator's codes do not create legal obligations and the General Code is no exception. You are not bound to comply with it and the Regulator cannot enforce it (though it does repeat some laws and it should go without saying that you need to comply with those). That means you do not need to get too caught up in its wording, for example telling your "effective system of governance" apart from your "internal controls" or your "policies" from your "processes".
The real legal effect of the General Code is that if something goes wrong and you find yourself before a court, the judge must take it into account where relevant. For example, it could help the judge decide if you were doing enough to deal with a risk that came about. You can think of the General Code as your shield, not the Regulator's sword: you won't be sued if you do not follow it, but if you do follow it that may help show that you have done what the law (and the Regulator) expects.
But of course, the General Code is important for reasons well beyond its legal effects. It can also be a helpful tool that you can use to secure good governance, lowering risks to your scheme. As with all tools, there is a knack to its use.
How to use the General Code
Although the General Code is "modular", we do not think you should come at governance module-by-module, acting on each module in turn. The modules overlap and are a mix of law, expectations, and best practice. Some are about what a system of governance should cover and others are about how a system of governance should be designed. Taking a linear approach to the General Code risks making your system of governance confusing and scrambled rather than effective.
To take a concrete example, you will now be expected to have a remuneration policy for those advisers and service providers you pay for. This is in a standalone module but it does not make sense for this to be a standalone policy, let alone document. Advisers and service providers operate in different markets and you probably want to think about remuneration of each adviser or service provider in the context of your relationship with them, including how they are performing. So what is expected of you in this module is probably best met by having a remuneration section in your policies concerning selection, management, and so on for each adviser or service providers.
To avoid missing the wood for the trees, and to meet the spirit of the General Code, we consider the most efficient approach is to build and improve your governance structures by asking the right set of questions about each area of the scheme's activity. At the highest level, these are:
- What needs to be done?
- Who is to be responsible for doing it?
- When it needs to happen?
- How is it monitored?.
The graphic (found at the link above) is from our recent webinar showing in more detail the type of things you should ask yourself.
Thinking about these questions and writing down answers will end up with you having a governance manual. Building this up manual by thinking about the concrete actions that you need to take in the context of your scheme, you are more likely to come up with something that is proportionate.
Where the General Code really comes into its own is as a comprehensive set of checklists. You can use it to check if there is anything relevant to your scheme that you have not thought about.
How to perform an own-risk assessment
The own-risk assessment, or ORA, is a new and important feature of the regulatory landscape. It technically applies to schemes with 100 or more members, but smaller schemes may also want to think about doing it. With the ORA, you will be assessing how well the various parts of your system of governance work and noting down how you did this and what you concluded. You need to do this for your whole system of governance at least once every three years (although depending on your scheme year and valuation date you may need to have your first ORA done within about two years). To lighten the load, and make sure you give enough attention to all aspects of your system of governance, you might want to split the ORA into small chunks that can be staggered across the whole period.
We would recommend that you come at the ORA by putting something like a document control table at the start of each part of your governance manual. You would set out when the last assessment took place and who did it. You would then (briefly) state and explain your findings and note any changes that you made as a result. Finally, you would set out the date of the next review. Done well, this will give you plenty of opportunities to take a step back and think about what you are doing and why, a good remedy against a tick-box mentality.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
