In July 2019 the Pensions Regulator (TPR) announced its plans to combine the content of its existing 15 Codes of Practice into a single, shorter Code. As well as consolidating existing content, TPR said it would review its Codes to ensure they cover the new requirements of section 249A of the Pensions Act 2004 (introduced to comply with IORP II), to establish and operate an effective system of governance including internal controls.
Consultation on the first ten Codes closed on 26 May last year and in its interim response published on 24 August, TPR confirmed it does not expect to lay the final version of the Code before Spring 2022, meaning the earliest it will be in force is this summer.
However, the final version of the Code is unlikely to change significantly before the summer and there is a lot to do. Whilst Codes of Practice are not legally binding, they do have evidential weight. More significantly for trustees, whilst a failure to observe a provision of a Code does not of itself render a person liable to legal proceedings, TPR may issue an improvement notice directing a person to comply with a provision. Failure to comply with the improvement notice could result in civil penalties. In practice, therefore, compliance with the Single Code is likely to be seen as essential rather than a nice to have.
Susannah Young and Catrin Young take a look at what is new in the Code and what Burges Salmon can do to help trustees prepare.
What is new?
There are nine new items (or modules). That does not necessarily mean that the Code introduces a new legal requirement, just that the content was not previously in a Code of Practice. Some of the new modules include content previously published as regulatory guidance or in existing legislation e.g. the content of the Cyber controls module is not new – it was previously contained in TPR’s Cyber Security Principles Guidance published in April 2018.
However, those modules introduced to comply with IORP II are completely new. For example, a completely new requirement from IORP II is that trustees must establish a written remuneration policy which sets out the levels and means for remunerating those undertaking activities in relation to the scheme including in-house roles and outsourced service providers. The policy must be published on a scheme website or otherwise made available to members.
The two most significant new modules are those relating to the effective system of governance (ESOG) and the own risk assessment (ORA), both of which are new concepts introduced by IORP II. The ESOG requires trustees to ensure that they have put in place policies and procedures to ensure they comply with designated modules in the Single Code.
Schemes with more than 100 members must prepare an ORA within one year of the Single Code coming into force. This is essentially a risk assessment of how well the trustee board is doing in operating its ESOG. Thereafter, the draft Code provides for a new ORA to be undertaken annually or whenever there is a material change in the risks facing the scheme or its governance processes. This is more frequent than the three yearly obligation imposed under IORP II and was the subject of quite a few consultation responses so may be amended. The ORA must be documented and signed by the Chair of trustees. It does not have to be sent to TPR although they may ask for it as part of their supervisory activity. The Code states that an ORA should be proportionate to the size, nature and complexity of the scheme. There is no standard template. PLSA have asked TPR to produce one although some see the lack of a prescribed format as an advantage as it allows trustees to prepare something that meets the requirements of their individual scheme.
What should trustees do to prepare and how can Burges Salmon help?
First, trustees should familiarise themselves with the content of the Single Code. Whilst it is 148 pages long, it is very readable and serves as a model guide as to how to run an occupational pension scheme. We can offer trustee boards training on the Code and help them devise a plan of action.
Broadly, an implementation plan can be broken down into the following stages:
- Collate the scheme’s current policies and procedures and assess their content against TPR’s requirements. Burges Salmon has prepared a checklist (which we are offering to clients free of charge) which summarises what is required under each module, highlights what is new and the written policies or procedures required under the Code;
- Update or rewrite existing policies to ensure they comply with the Code’s requirements and draft any new required policies. It is vital that policies reflect the circumstances and procedures of each scheme and are not simply “off the shelf products”. There is no point having a policy that no-one follows as, if the trustee board is ever the subject of a regulatory intervention, it will be asked to supply its policies and explain how it has complied with them. Burges Salmon has drafted and reviewed a range of policies and procedures for trustees and can help devise something that works for your scheme;
- Ensure each member of the trustee board and the scheme’s advisers and service providers are familiar with the policies and procedures so that these are followed going forward. Arrange training as required;
- Regularly audit how the trustees’ policies and procedures are being operated in practice and make sure that any changes recommended during the audit process are implemented. Trustees will need to consider who will conduct those regular reviews and whether an external audit may be appropriate. One practical suggestion would be for the risk assessment and management function to be separate from the internal audit function so that the same personnel do not devise the trustees’ risk management processes and check compliance with them. Trustee should consider establishing separate sub-committees for the two functions and involve a mix of trustees, advisers, employers and service providers on each.
If you would like a copy of our free checklist, would like to arrange a training session and/or discuss how we can help you with your Single Code New Year project, please get in touch with your usual pensions team contact.
...whilst a failure to observe a provision of a Code does not of itself render a person liable to legal proceedings, TPR may issue an improvement notice directing a person to comply with a provision. Failure to comply with the improvement notice could result in civil penalties. In practice, therefore, compliance with the Single Code is likely to be seen as essential rather than a nice to have.