General Code 

What is the General Code?

The Pension Regulator’s new General Code has been announced, it consolidates 10 of the existing Codes into one web-based Code. It also addresses the governance requirements arising from the UK’s implementation of IORP II which expects trustees to have an “effective system of governance” (“ESOG”), and for schemes with 100 members or more to complete an “own risk assessment” (“ORA”) to assess the ESOG.

The new Code has introduced new pension scheme governance responsibilities. Trustees/governing bodies will need to identify the required changes to their current processes, check current policies and procedures are fit for purpose, and implement changes where necessary.

How can Mercer help?

We expect all scheme Trustees will need to take some action to be compliant with the new Code. The actions required will depend on what governance standards, policies and procedures are currently in place for the pension scheme and how they have been documented to date.

We suggest a three stage process to being compliant with the ESOG and ORA elements of the requirements:
  1. Conduct an ESOG gap analysis to determine what areas you will need to work on to be compliant.
    We have developed our own gap analysis which covers all required areas and allows trustees to prioritise areas of focus for action.
  2. Document your ESOG.
    There are many ways you could do this. We have developed our own ESOG inventory to aid you in doing this, including wording to cover off the areas of the Code which may not require a full policy. Our ESOG inventory covers all policies and procedures across the five key areas set out within the Code. Our solution will allow you to tailor your approach in a pragmatic and proportionate way – get in touch to find out more.
  3. Complete your ORA (for schemes with 100 members or more). 
    This is a qualitative assessment of the effectiveness of your ESOG and is expected to be a substantial piece of work in the first instance. We have developed an ORA template which you can use to carry out the assessment and highlight areas of potential improvement and development.
Being compliant isn’t about “one and done”. TPR’s expectations are that the ESOG and ORA will form part of a continuous feedback loop, with governance evolving over time to improve standards and meet and tackle new challenges and emerging risks.
Trustees can start taking steps on their journey to ensure they are compliant. These steps include:
  • Training 
    Do you understand the requirements of the new Code?
  • Gap analysis
    Do you know what areas you will need to work on to be compliant?
  • Review or establish new policies
    Review your existing policies alongside the draft Code and consider whether additional policies will be required. Some may be new to you, for example considering climate change or cyber risk. You may need to do more work in these areas with appropriate training alongside.
Now the final Code has been published, Trustees will have to complete the “substantial process” of an Own Risk Assessment which is an assessment of the ESOG and how any potential risks are being mitigated. Trustees should be speaking to their advisers on how they will meet the requirements of the ORA, taking a proportionate approach for your scheme. The timescales for the ORA vary by scheme, but each scheme will have at least two years to complete the first one. Going forward, they will then need to complete an ORA at least every three years. 

Don't forget

Whilst the new Code puts a spotlight on good governance and sets out new requirements, don’t forget the activities and projects that can contribute to best practice and effective governance.

Mercer’s governance team can help with whatever you need to achieve your aims, including, but not limited to:

  • Trustee effectiveness reviews and Trustee Knowledge & Understanding (TKU) support
  • Trustee Training
  • Trustee board and committee advice
  • Independent/professional trustee role profiles and selection exercises
  • Review and appointment of scheme advisers e.g., lawyers, auditors etc.
  • Establishment and review of policies and processes, risk register reviews and support with own risk assessments (ORA)
  •  Scheme secretariat services
  • Outsourced pensions management services
  • E-governance solutions
  • Project management
  • Diversity and inclusion considerations

Frequently asked questions around the General Code

It is important that the new requirements are dealt with proportionately, recognising that trustees have other competing requirements for their time and cost budget. For the smallest schemes we recommend a prioritisation approach, with the biggest risk areas tackled first.

The risk register should identify risks and categorise them according to probability and severity. Integrated Risk Management processes should tackle the interdependencies of those risks and mitigations. The ORA is the next step in this, which assesses how effective the procedural operation and policies are in tackling those risks.

In the new code, TPR refers to legal duties using the word ‘must’. TPR’s expectations are referred to using ‘should’. TPR uses ‘need’ where there is no expectation or legal requirement in place, but that process is necessary to allow a scheme to operate. In some modules, TPR highlights expectations as a matter of best practice for certain schemes. 

Compliance is likely to be deemed necessary in order to discharge trustees’ statutory duties to have an effective system of governance. However, the legislation acknowledges that systems of governance should not be homogenous across pension schemes, stating that they must be “proportionate to the size, nature, scale and complexity of the activities of the pension scheme”.

Therefore it is likely that for larger more sophisticated schemes, TPR would expect them to meet most of the ‘should’ expectations in the Code unless they can demonstrate they are meeting the expectations in an alternative way.

For smaller schemes, some of the ‘should’ expectations may be disproportionate, although many are not new and so where they have been in place for some time in the existing codes, then TPR is likely to expect that most schemes will already be meeting those aspects.


Related solutions
Related insights
Related case studies