The Pensions Regulator issues draft single Code of Practice – what does this mean for trustees?

• United Kingdom

• Pensions

19-03-2021

The Pensions Regulator has now issued its long promised single Code of Practice for consultation.

It does not make for easy bed-time reading but at 149 pages it is considerably shorter than the Codes of Practice it consolidates. It is not just a consolidation though and there is a lot that those running schemes need to be aware of in order to start planning for implementation.

The new Code will apply to occupational DB and DC schemes, personal and public service pension schemes, although not all of the obligations in it apply to all types of scheme. We have used the term "trustees" as shorthand to refer to all types of governing bodies and focus on the obligations that apply to occupational pension schemes.

The draft single Code of Practice: speedy summary

• the new Code will initially consolidate 10 of the existing 15 Codes of Practice into one document. It comprises 51 modules and is the first phase of the transition to one ‘super’ Code of Practice
• the consultation recognises the existing Codes of Practice do not meet the current needs of schemes and some are out of date
• this is not just consolidation. Even though the UK is no longer within the EU, the Code implements a number of new governance provisions required by the second European Pensions Directive (IORP II)
• there are new provisions on investment which cover stewardship, climate change and implementation reports
• although some of the new content reflects existing legal requirements, the need to ensure Regulator expectations are met as well as addressing the entirely new provisions of the Code will undoubtedly involve trustees having to put new governance processes in place
• the new requirement for trustees to produce an annual “own risk assessment” will be significant. Trustees should not underestimate the work that will be needed
• trustees cannot wait for the final version of the Code to act; they should be checking their internal systems and governance processes against the requirements of the single Code now

More detail

Requirements to comply with IORP II

In 2018 the Government issued regulations requiring occupational pension schemes with 100 or more members to establish and operate an ‘effective system of governance’ in order to meet the requirements set out in IORP II. The details were to be set out in a code of practice issued by the Pensions Regulator and the draft Code incorporates those requirements.

An “effective system of governance”

All schemes should have systems of governance. The draft Code provides a long list of specific items that should be included in effective governance structures. The content is largely what you would expect but trustees will need to read through it to ensure they capture all of the detail. In particular, trustees will need to:

• ensure there is a balance of knowledge and skills spread across the trustee board
• review how they are meeting the Regulator’s expectations around knowledge and understanding
• ensure there is a process for trustee meetings including who has responsibility for setting the agenda and standing agenda items

Each module in the Code describes what is expected as a minimum from an effective system of governance and each element should be subject to a regular internal review (at least once every three years). There should be policies for such reviews.

Carry out and document an “own risk assessment”

The most significant development in the Code is the requirement for trustees to carry out an ‘own risk assessment’ of the systems of governance that they have in place, looking at how well they are working and the way in which potential risks are managed.

This will need to be done every year with the first assessment being carried out within 1 year of the new single Code coming into force (expected later in 2021 or early 2022).

The Regulator refers to this assessment as a “substantial process” but one that should be proportionate to the size, nature and complexity of the scheme. It will need to be documented and cover how the trustees have assessed the effectiveness of each of their policies and procedures. The Regulator provides a list of things that the assessment should consider.

Although the consultation document states many schemes will already have broadly comparable review processes in place, the ‘own risk assessment’ is far from being a tick box exercise and is likely to require a lot of work by trustees to meet the requirements in the timescales.

Remuneration policy

Trustees should have a written remuneration policy which covers everyone who effectively runs the scheme, carries out key functions or whose activities materially impact the scheme’s risk profile.

The policy should be reviewed at least every three years, but in most cases it should be done annually. It should include an explanation of how the levels of remuneration were decided on and why they are appropriate. The policy will need to be published on the scheme website or otherwise made available to members.

Other provisions to note

Not all of the new provisions flow from IORP II. Some reflect recent legislation and the contents of existing guidance or the Regulator’s experience in recent years.

Key new elements to note include:

Climate change: this does not refer to the new climate change requirements under the Pension Schemes Act 2021, which will initially apply only to the largest schemes. The new Code sets out the Regulator’s expectations for schemes with 100 or more members (there are reduced expectations for smaller schemes).

Schemes will need to include consideration of environmental factors in their governance systems. Trustees should talk to advisers about how climate change is built into their advice and understand what measures are being taken to reflect climate change risk in investment portfolios. They should also consider the possible short, medium and long-term effects of climate change on the scheme and have processes for identifying climate-related risks and opportunities.

Stewardship: trustees should take steps to identify how to exercise the rights and responsibilities relating to the investments held and ensure they are familiar with their investment manager’s stewardship policies.

Data and IT: there is an emphasis on the need to monitor data to ensure it is complete and accurate. Data quality will be particularly important as the dashboards come on line.

Trustees should take steps to reduce the risk of cyber-related incidents occurring, and appropriately manage any incidents that arise. This involves putting in place policies for the use of devices, home and mobile working and having a cyber incident response plan.

There are also new requirements around ensuring IT systems are adequate and fit for purpose.

Knowledge and understanding: this module in the Code is a significant update to the existing Trustee Knowledge and Understanding Code of Practice, reflecting the changing regulatory landscape and increasing complexity of pension schemes. We expect that this will mean significant changes to the trustee toolkit in due course.

Action

The single Code of practice will make it easier for those responsible for managing pension schemes to access Regulator guidance as it will all be in one place.

However, don’t be under any illusion that this is a simple “copy and paste” job – there are new requirements set out in this first phase of the Code. In particular, the requirement for trustees to carry out an ‘own risk assessment’ of their system of governance within one year of the Code coming into force is likely to require a lot of time and resources.

Trustees need to:

• identify all of the governance processes that the new Code requires
• check them against what they do currently
• work out what changes need to be made and
• establish where additional governance processes are required

It is clear that the Regulator’s focus is not just on ensuring governance processes are in place but also on demonstrating and documenting this. Trustee boards will need to ensure that the procedures and assessment of them can stand up to external scrutiny against the requirements of the Code.

The Eversheds Sutherland team is actively engaged in working on a template document that trustees may be able to use to meet some of these new governance requirements. Get in touch with us if you would like more details.

What next?

The document published by the Regulator is only a draft and the first phase of consultation.

Five existing codes are not currently incorporated into the draft, including those dealing with notifiable events, funding and master trusts. The Regulator says that once the new DB funding code is finalised it will be included. Master trust authorisation and supervision will be covered in a future consultation.

This consultation runs until 26 May and it will then take some time to finalise the new Code so it seems unlikely that it will be in force before 2022. Trustees therefore have time to consider the significant volume of governance requirements in the Code and how best to implement them. However, by starting to take steps now, perhaps by delegating responsibility for addressing the Code’s requirements to an appropriate sub-committee, trustees will be able to be on the front foot as the Code develops later in the year.