After much work, the Pensions Regulator has published its new single code of practice for consultation. The new code is designed to update the Regulator’s expectations of workplace pension schemes and to make those expectations clearer and more accessible. As well as updating existing requirements, the code sets out a number of new requirements, including making clear what schemes must do to put place an “effective system of governance” and to conduct a new annual “own risk assessment”. These new requirements will implement elements of the IORP II Directive not currently reflected in UK pensions regulation.
The consultation closes on 26th May 2021. It is not yet clear how soon after this the new code will come into force.
Why is the Regulator introducing a new single code?
After an assessment of the current COPs the Regulator decided they were no longer fit for purpose and did not align well with the needs of schemes. It also identified multiple areas of duplication in the content between the COPs and the Regulator’s other guidance. The Regulator therefore announced that changes would be made to bring the codes in line with support required for modern scheme governance by consolidating the existing codes and other guidance into a single new document.
The new code is intended to clarify what is expected by the Regulator of different types of pension schemes. Themes from the existing COPs have been broken down into 51 shorter, more topic-focused modules to strengthen and add weight to the guidance being provided, whilst making it much clearer and more user friendly for readers to navigate online.
The draft code incorporates and replaces 10 of the current 15 codes of practice (COPs). It will be updated from time to time and further modules will be added in due course in place of the remaining existing codes.
What are the new requirements?
The new code contains a number of new requirements. Some of these update existing requirements while others reflect the new governance requirements introduced by the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018 (which implement elements of the IORP II Directive in UK law).
Key new requirements include:
1. Effective system of governance
The 2018 Governance Regulations introduced a new requirement for most occupational schemes to have and operate an “effective system of governance”. The new code describes the minimum arrangements that the Regulator expects schemes to have in place to meet this legislative requirement.
These cover a wide range of areas, including:
- the role of the governing body and the Chair
- meetings and decision-making
- investment governance, monitoring and decision-making
- remuneration policy
- dispute resolution procedures
- continuity planning
- managing conflicts of interest, and
- communications and disclosure.
Unless specified otherwise in law or the code, each of these elements should be reviewed according to a timetable established by the governing body. According to the code this should ensure that each element is reviewed at least every three years. Although it is not necessary for all elements to be reviewed at the same time.
The code also sets out options for formal internal audits and external assurance reporting.
2. Own Risk Assessment
Under the code, a new requirement will be introduced for private sector schemes with 100 or more members to produce a so-called “Own Risk Assessment” (ORA). The ORA is an assessment of how well a scheme’s governance systems are working and the way potential risks are managed.
The code warns that the ORA will be “a substantial process” and that schemes may need to expand their risk assessments to fulfil the Regulator’s expectations. At the same time it provides that governing bodies should carry out an ORA that is proportionate to the size, nature and complexity of their scheme.
The areas that will need to be covered by an ORA include:
- the effectiveness and operation of policies to identify and assess risks facing the scheme and of the scheme’s internal control policies and procedures
- the management of potential internal conflicts of interest
- continuity planning for the scheme and, where applicable, how it has performed
- the effectiveness of investment processes, including how the scheme assesses investment risks related to climate change, social risks and regulatory change
- how the scheme assesses funding and sponsor insolvency risk, and
- how the scheme addresses operational and administration risks.
Although many schemes will already have comparable review processes in place some may need to considerably expand them.
Schemes that are required to produce an ORA will have 12 months from the date the new code comes into force to produce their first assessment. The ORA will then become an annual process. A scheme’s ORA should also be reviewed whenever there is a material change in the risks facing the scheme or its governance processes.
3. Cyber security
A subset of internal controls receiving greater attention in the new code is cyber security. The Regulator notes that with most scheme records held digitally, the security and maintenance of scheme data has become a significant issue. However, survey data indicates that cyber security processes are still rare. Therefore, to ensure more schemes address this issue the Regulator has taken the opportunity to reinforce its guidance and place direct expectations on schemes.
4. Stewardship and climate change
In light of the increasing focus on the active stewardship of scheme investments and the effective management of climate-related risks the code contains a module on each of these topics.
In relation to climate change, the Code recognises that all pension schemes face some degree of material risk from climate change. This includes:
- the physical effects of climate change – such as rising temperatures, higher sea levels, droughts, floods and storms, and
- the impact of changes associated with the transition to a low-carbon economy – such as impacts on the strength of any sponsoring employer, new climate policy, disruptive technology, shifting investor sentiment and deteriorating reputation.
Governing bodies aren’t required to align their investment and funding plans with objectives mentioned in the Paris Agreement or other climate change goals such as the net zero emissions by 2050 set by the UK. However, the Regulator suggests that they may want to examine how their governing practices and investment decisions take account of global progress towards those goals.
5. Financial transactions
DC schemes are required by law to maintain processes around core financial transactions. The Regulator believes the principles that apply to DC schemes are equally applicable to all schemes and so it has taken the opportunity to extend their applications to other schemes, even though the specific legal requirements do not cover them.
Status of new code
The new code will have the same status as the existing COPs. As such, in most instances there will be no direct penalty for failing to follow the new code or to meet the expectations set out in it. However, the Regulator may rely on the code in legal proceedings as evidence that a requirement has not been met. Similarly, if the Regulator believes there are grounds to issue an improvement or a compliance notice, they may refer to expectations set out in the new code.
Once the new code comes into force the existing codes which the new code will replace will be revoked in their entirety.
If you wish to discuss how the new codes of practice may impact your scheme or organisation please contact one of our specialists below or speak to your usual Herbert Smith Freehills’ contact.