Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

New General code of practice for occupational pension schemes

By The ICAS Pensions Panel

27 February 2024

We look at The Pensions Regulator (TPR)’s new General Code of Practice for pension schemes and what it means for ICAS members.

The new General code of practice (the code) for the governing bodies of pension schemes has been launched to assist them in meeting their legal obligations and in ensuring their scheme is well governed.

Employers have a key role to play in raising awareness of the code across occupational pensions schemes of all sizes.

Topics incorporated into the code include: The effectiveness of internal controls; consideration of environmental social and governance factors (ESG) in implementing investment strategies; and cyber security risks.

What are TPR codes of practice?

TPR’s codes of practice set out the regulator’s expectations about the standards of conduct and practice expected of those they apply to. They are also designed to provide practical guidance on compliance with pensions legislation.

Codes of practice apply to those who govern pension schemes. However, they do contain information relevant to the legal duties of professional advisers, including pension scheme auditors.

About the new General code of practice

The new General code of practice, previously known as the Single  code of practice, combines 10 existing codes and introduces obligations not covered by the existing codes. It is intended to improve scheme governance and administration.

TPR is challenging the governing bodies of pension schemes to use the introduction of the code as an opportunity to ensure that their scheme is fit for the 21st century.

This article explores aspects of the new code, including the following:

  • Who must comply with the code?
  • What can ICAS members do to raise awareness of the new code?
  • What’s in the code?
  • What action should schemes be taking to comply with the new code?
  • TPR expectations of smaller schemes
  • When will the new code apply?

Who must comply with the code?

The code applies to the governing bodies of occupational defined benefit (DB) and defined contribution (DC), personal, and public service pension schemes.

Not all elements of the code apply to each type of scheme within its scope, and in this article, we focus on the provisions of the code applying to the governing bodies of occupational pension schemes, which are its pension trustees.

TPR has raised concerns about a lack of awareness of TPR codes of practice including the new code, in particular among smaller schemes.

What can ICAS members do to raise awareness of the new code?

ICAS members have a role to play in raising awareness of the new code and TPR’s expectations around scheme governance and administration, especially among small and micro-schemes (smaller schemes).

If you are the finance director of a sponsoring employer with a small or micro-scheme you can alert the scheme’s trustees to the new code and consider whether now is the time for the sponsoring employer to take decisions about the future of the scheme.

Small and micro-schemes, particularly those without a professional trustee, may also require assistance with accessing the relevant training and gaining access to professional advice about how to achieve code compliance. It is essential the trustees are aware of their legal responsibilities, including the recent changes incorporated into the new code.

Matt Cooper, Chair of the ICAS Pensions Panel said: “The new requirements of the code may nudge sponsoring employers of smaller schemes to consider potential benefits from consolidation vehicles or the appointment of a professional trustee, where only lay trustees are currently in place.”

If you are the auditor of an employer with an occupational trust-based pension scheme you could consider making the employer’s finance director aware of the new code, or if you are a pension scheme auditor you could alert the scheme’s trustees.

What’s in the code?

The code has fifty-one modules corralled under the following five themes:

  • The governing body
  • Funding and investment
  • Administration
  • Communications and disclosure
  • Reporting to TPR

Legal obligations referenced within the code include requirements to establish an effective system of governance (ESOG) and, for those schemes with 100 or more members, to undertake an own risk assessment (ORA). An ORA is an examination of how effectively the ESOG is working, and how any potential risks are being mitigated. This is the first time these legal obligations are referenced within a TPR code of practice, so this is the first time TPR has set out its expectations on the establishment of an ESOG and the conduct of an ORA.

The requirement for an ESOG strengthens the existing requirement for schemes to have an adequate system of governance. It doesn’t apply to master trusts which must meet certain standards of governance to receive authorisation to operate.

These legal obligations arise from the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018.

More about the effective system of governance (ESOG)

Pension schemes must establish and operate an ESOG, including effective internal controls, which:

  • Provides the trustees with oversight of the day-to-day operations of the scheme.
  • Includes any delegated activities for which the trustees remain accountable.
  • Provides assurances that the scheme is operating correctly and in accordance with the law.

The system of governance established must be proportionate to the size, nature, scale, and complexity of the activities of the scheme. As scheme size is only one aspect of proportionality, establishing what is proportionate will require judgement. Pension schemes may wish to seek advice on this aspect of the code.

The section of the code on the ESOG signposts schemes to other code modules which should be complied with in establishing and operating an ESOG. These modules are corralled under the following themes:

  • Management of activities, including modules on the governance of knowledge and understanding, and scheme continuity planning.
  • Organisational structure, including a module on the risk management function.
  • Investment matters, including modules on stewardship and climate change.
  • Communications and disclosures.

The new code’s expectation for the ESOG is a greater emphasis on ESG (environmental, social and governance) investing than current codes of practice, with a strong emphasis on the risks and opportunities associated with climate change.

More about the own risk assessment (ORA)

The ORA is separate from the typical risk assessment process undertaken by pension schemes and is an assessment of how well the ESOG works, and the way potential risks are being managed. The conclusions of each ORA should be part of a scheme’s management and decision-making process, helping it adapt its governance arrangements to the risks it is facing.
For schemes required to prepare an ORA, the first ORA should be completed before the end of the period described in the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018.

Under the 2018 Regulations, the earliest a scheme will need to complete its first ORA is within 12 months after the last day of the scheme year beginning after the new Code is issued by TPR. So if the next scheme year begins on 1 January 2025, the first ORA should be completed by 31 December 2027. If later, the first ORA can be completed within 15 months of the date of the next formal actuarial valuation, or for a scheme required to produce a Chair’s statement, the ORA can be timed with the date of the next statement.

It’s vital that specific advice is taken on the timing of the ORA to ensure schemes don’t miss the deadline for completion. A scheme’s legal adviser or scheme actuary should be able to provide tailored advice to a scheme’s trustees on the timing of completion of its first ORA.

TPR is expected to issue the new code as final on 27 March 2024

It is not necessary for all elements forming the ORA to be assessed at the same time, but an ORA should be completed at least every three years.

TPR may consider failure to complete an ORA as an indicator of poor governance.

Other new obligations under the code

Remuneration and fee policy

A written remuneration and fee policy should set out the basis and means for paying those undertaking activities in relation to the scheme that are paid for by the scheme’s trustees. The characteristics of a remuneration and fee policy are set out in the code.

The policy should:

  • Cover all persons or corporate bodies including service providers, who effectively run the scheme, those who carry out key functions, or whose activities materially impact the scheme’s risk profile.
  • Set out measures to mitigate potential conflicts of interest and focus on ‘in-house’ roles, such as trustees, the trustee secretary, administrators, and sub-committees.
  • Include an explanation of the decision-making process for the levels of remuneration, and why these are considered appropriate.

The policy should be reviewed at least every three years with guidance that it will normally be appropriate to review the policy annually, or immediately following any significant changes to the scheme’s governance arrangements.

Appointment of advisers and service providers

The trustees, rather than the employer, often appoint professional advisers and service providers to their scheme. In some cases, the trustees have a legal requirement to make these appointments. Advisers and service providers may be appointed to carry out specific tasks such as administration. They also provide advice and supplement the skills and knowledge of the scheme’s trustees.
Where trustees appoint advisers and service providers, they remain ultimately accountable for the management and administration of the scheme.

Under the code, the trustees should establish agreed and documented policies for making appointments to the scheme. These should be reviewed at least every three years, and before commencing any procurement or appointment process.

Robust cyber security arrangements

As part of the ESOG, trustees should assess and manage the risk of cyber security incidents. In doing so, trustees should be aware of their obligations under the Data Protection Act 2018 and should have the appropriate policies and controls in place to aid compliance with the 2018 Act.

The code sets out steps trustees should take to assess and manage the risk of cyber security incidents. In managing those risks, the trustees should maintain a cyber incident response plan so that the scheme can safely and swiftly resume operations following a cyber security incident. They should also assess and be satisfied with the cyber resilience of service providers, including third-party administrators.

What action should schemes be taking to comply with the new code?

For well governed schemes there will be some gap analysis to do, for example, checking that an ESOG is in place and that the drafting of policies referred to in the new Code is at an advanced stage. For schemes which already have policies in place, these policies should be anchored in a dynamic system of governance which brings everything together. This will support a good outcome from the scheme’s ORA.

For schemes with less developed governance arrangements there may be more work to do to achieve compliance with the code. Where this is the case, the scheme trustees, with the support of the sponsoring employer, should not wait until the code is issued in its final form before taking action.

The training needs of scheme trustees and staff need to be proportionate to the scheme and where the scheme is in its lifecycle. Schemes should be assessing the knowledge and experience of their trustees and staff in order to identify any training required as a consequence of the new code.

The new code is more prescriptive than the codes of practice it replaces and TPR’s expectations of schemes are high. This needs to be borne in mind by the scheme’s trustees when assessing what they need to do to comply with the new code.

Smaller legacy schemes may need to seek professional advice to comply with the code and should also seek support from the scheme’s administrator. Professional trustees can also assist smaller schemes to improve their governance arrangements.

Engagement with the sponsoring employer on accessing training, professional advice and the expertise of a professional trustee is essential. Pension trustees may need to negotiate an increase in the scheme’s governance budget to meet the costs of further training or the appointment of advisers and/or a professional trustee.

Scheme awareness of TPR codes of practice

Alongside the code, TPR highlighted the results of its 2022 annual survey of trust-based DC pension schemes. The survey gauged trustees’ understanding of key governance responsibilities and the extent to which these had been met. This included asking schemes if they were aware of TPR’s codes of practice. The results showed a stark difference in awareness across DC schemes of different sizes.

Awareness levels by size of DC scheme were as follows:

  • Master trust (100%), multi-employer schemes.
  • Large (98-99%), schemes with 1,000 plus members.
  • Medium (94- 96%), schemes with between 100 and 999 members.
  • Small (74-84%), schemes with between 12 and 99 members.
  • Micro (65-79%), schemes with less than 12 members.

In addition, a significant proportion of smaller schemes were aware of the codes of practice but had never used or consulted them (8-14% of micro and 10-22% of small schemes).

TPR expectations of smaller schemes

TPR has set out its expectations of smaller schemes in relation to compliance with the code.

Trustees of schemes unable to meet TPR’s expectations should consider whether DC savers would be better off in a larger, better-run scheme, and whether DB schemes would see higher standards of governance in a consolidation arrangement.

Without exception all schemes, including smaller schemes, should be aware of where their governance and administration arrangements may be below the required standard. Schemes should be developing a clear and realistic plan to address any areas of non-compliance with the code.

ICAS members in different roles are in a good position to increase awareness of TPR’s new code and to highlight TPR’s expectations regarding compliance.

Aspects of the code relevant to accountancy advisers

Assurance reports on internal controls (page 50 of the code)

The code states that “Assurance reporting may be carried out by resources that the governing body has available in-house or by a participating employer(s). Service providers (for example, scheme administrators) may be able to provide assurance reporting on their own internal controls. It is also possible for the governing body or service providers to commission assurance reporting from independent third parties.”

Own risk assessment (page 61 of the code)

Pension scheme auditors may be approached by schemes for advice on when a scheme’s first ORA should be completed. In such circumstances, scheme auditors should direct the scheme to an appropriate adviser such as the scheme’s legal adviser or scheme actuary.

Audit requirements (page 146 of the code)

The law requires the pension trustees of most occupational pension schemes to obtain the following within seven months of the end of each scheme year, from an independent auditor of the scheme:

  • Audited accounts, prepared in line with the Occupational  pension schemes (requirement to obtain audited accounts and a statement from the auditor) Regulations 1996; and
  • An auditor’s statement, prepared in line with 1996 Regulations, about the payment of contributions made under the scheme.

Reporting to TPR: Whistleblowing – reporting breaches of the law (page 158 of the code)

Professional advisers appointed by the trustees are required to report breaches of the law to TPR when they have a reasonable cause to believe that the failure to comply is likely to be of material significance to TPR in exercising any of its functions.

Professional advisers include scheme actuaries, scheme auditors, reporting accountants, legal advisers, investment managers, and custodians of scheme assets.

Where an individual is appointed to provide the relevant service, the duty to report applies to that individual. Where a firm is appointed to provide services, the duty to report applies to the firm.

When will the new code apply?

The code was laid before the UK parliament on 10 January and is expected to come into force on 27 March.

The Pensions Act 2004 requires TPR codes of practice to be laid before parliament and are considered final if neither the House of Commons nor House of Lords passes a resolution against them.

Once the code comes into force, we expect TPR to publish accompanying guidance, which is common practice for TPR to do alongside codes of practice.

How did ICAS contribute to the development of the code?

The ICAS Pensions Panel commented on TPR’s proposals for a new ‘single’ code of practice back in 2021. There are several aspects of the code relevant to the accountancy profession where we were able to secure changes:

  • In the module on assurance reports on internal controls, it is now clearer who can provide assurance on internal controls and what the assurance is designed to deliver.
  • In the module on who must report (to TPR), there is greater clarity on which third parties are subject to a statutory duty to report matters of material significance to TPR. Pension scheme auditors are specifically referenced among the professional advisers who have a duty to report.
  • In the module on how to report (to TPR), the code material now acknowledges that advisers may have reporting duties to other bodies. While these other reporting duties are not specified, the wording of the code is now designed to ensure that advisers with a duty to report under the Proceeds of Crime Act 2002 don’t inadvertently tip off a money laundering suspect.

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: