TPR’s final code of practice is published: is your scheme prepared?

The ESOG

TPR says the ESOG “is predominately a rebadging of things that the governing bodies of well-run schemes should be doing already. For other schemes, it may highlight aspects of governance that they do not currently meet …”. [Source: TPR final response to new code]

Application

All occupational pension schemes (subject to limited exceptions).

What is a system of governance?

A system of governance covers all parts of a scheme’s operation. All schemes should have systems of governance and internal controls that provide effective operational control of the scheme, include delegated activities and provide comfort that the scheme is being run properly and in line with the law.

What does TPR say is an ESOG?

An ESOG must have documented processes and procedures (and documented review policies) that, as a minimum, comply with 18 modules in the new code (covering management of activities, organisational structure, investments and member communications) and 8 internal control modules.

Existing policies and procedures can form part of the ESOG.

TPR’s expectations are ‘broadly the same’ for all schemes but ‘the standard required to meet’ them will often vary according to scheme type and size.

Proportionate

It should be proportionate to the scheme’s size, scale, nature and complexity.

The role of internal controls

The Regulator believes that internal controls are perhaps the “single most important aspect of establishing” an ESOG. They cover the administration and management of a scheme and how a scheme ensures the safe custody and security of its assets and should operate to give the governing body comfort that the scheme is meeting legal and scheme rule requirements. They are central to both an ESOG and risk management (see below). They will typically cover matters such as governance, investment, funding, employer covenant, regulatory and legal compliance, and administration.

Review requirements

ESOG

• Regular internal review required – review ESOG and policies for reviewing ESOG at least every three years (not every element has to be considered at the same time).
• Can be in line with ORA.
• Can be internal or external review.

Internal controls

• Regularly consider performance as part of maintenance.
• Review in line with ORA requirements and when substantial change occurs or control not working to legislative standard.

THE ORA (100/+ members – other schemes can do as good practice)

TPR “… may consider failure to complete an ORA as an indicator of poor governance.” [Source: TPR]

What is it?

The most noteworthy requirement of the new code, albeit TPR’s initial comment that the ORA will be “a significant piece of work” has been clarified to have been a reference to poorly governed schemes – TPR’s final consultation response refers to the ORA being “a more straightforward project for any well-run scheme.”

The ORA is a documented assessment of how well the ESOG is operating and how risks are being managed. It will work out what the key governance risks are and then how well these are being managed – it is an opportunity to then assess whether changes need to be made.

It should cover: (1) how the governing body has assessed the effectiveness of each policy and procedure covered; (2) whether the policies are working effectively; and (3) why.

Helpfully, the final version of the code confirms that other documents that a scheme already has as regards relevant risk assessment processes can form part of the ORA where these tie in with the timings for the ORA. Seeing what assessments are already carried out and how these comply with the ORA requirements is a sensible first step in the process.

The ORA no longer needs to be provided on request as was suggested in the draft code, but schemes need to decide what they should tell members about their conclusions.

What is covered?

Twenty-two policies are covered relating to: risk assessment and mitigation; governing body and knowledge and understanding; risk management; investment; administration; and payment of benefits.

Proportionate

The ORA should be proportionate to the scheme’s size, nature and complexity.

Timescales

TPR has relaxed the timings of the ORA.

1st ORA

• To be completed within 12 months of the end of the first scheme year after the new code comes into effect (with the potential to extend this to the completion date of the next valuation or the next chair’s statement if this is later).

Subsequent ORAs

• At least every three years. ORA also needed when: (1) ESOG elements or risk management processes are new or updated; and (2) ESOG or risks materially change.

Not all parts of the ORA need to be assessed at the same time – as long as the ORA is finished at least triennially.

So, what are the key compliance steps?

Step 1: Knowledge and understanding

Governing bodies should familiarise themselves with the new code and what it means for their scheme.

Step 2: Audit and gap analysis

Audit current arrangements, policies and procedures to see if they comply with relevant requirements and, where not, determine what action is needed.

Check any previous work done on audit and gap analysis to see if it needs adjusting for any changes in the final iteration of the code.

A useful starting point will be checking that the scheme has an ESOG which will include:

• making sure there are documented policies and procedures for each ESOG element;
• checking that the systems for running the scheme including time spent meeting and on trustee duties are effective;
• evaluating whether the governing body has sufficient knowledge, understanding and skills and relevant records of training and development;
• analysing the systems in place for investments including governance, how decisions are made, monitoring, stewardship and ESG; and
• considering the internal controls of the scheme and risk management (see also Step 3).

Step 3: Risk management

Consider how risk management is presently carried out and whether improvements need to be made. If required, decide who will carry out the risk management function and how this will be undertaken.

Step 4: Implementation

Update the scheme’s governance policies and procedures etc. For example, many 100/+ member schemes may not have a remuneration and fee policy. Note the general emphasis in the code on having documented governance systems which may mean new and/ or updated documents need to be produced on the scheme’s arrangements, in addition to those produced for the core ESOG matters.

Step 5: The ORA

Prepare for the first ORA if required (or if one is to be adopted as good practice). The first ORA deadline will come around pretty quickly and is likely to be a substantial piece of work, so trustees need to make sure that they build in sufficient preparation and implementation time.

Step 6: Review

Undertake regular reviews of the ESOG, the ORA, and other relevant matters, noting timescales and new developments.

Although a lot of the new code reflects existing requirements and good practice, there is still a significant amount which trustees will need to get to grips with. Many schemes will already have systems in place which meet some but most likely not all the new requirements. Others may find compliance more difficult, for example, smaller schemes with resourcing constraints – such schemes will likely need to think carefully about how to comply in a proportionate way.

Whatever stage you are at, please do contact the pensions team at Gateley if you would like further assistance and we can discuss how Gateley can help you comply with the new code.

We are currently in the process of updating our essential guide to the new code to reflect the final version.

Would you like to receive our pensions updates directly to your inbox? 

For more information regarding the latest developments in pensions law, please contact our experts listed below or visit our pensions regulatory support page for more information on the services that we offer. If you would like to receive these updates directly to your inbox, please subscribe below.