Advanced Software (return to the homepage)
Understanding the General Code: What it means for UK businesses
Blog //22-03-2024

Understanding the General Code: What it means for UK businesses

by Lauren Campbell, Content Executive

Many businesses may have already heard of the introduction of the General Code. This guide aims to cover what this Code means in practice for pension schemes and for businesses or corporates who sponsor pensions schemes.

We will explore what the General Code is, why it is being introduced now, what are some of the key dates and requirements, and what it may mean for UK businesses.

What is the General Code?

The General Code, previously known as the single code, is a legislation being introduced by The Pensions Regulator (TPR). 

This work started in 2004 with what many people will know as the Pensions Act, which outlined a legal clause to ‘establish and operate internal controls which are accurate’. This evolved to IORP II in 2016 and Governance Amendment Regulations in 2018, before The Pensions Regulator began drafting a Single Code for pensions in 2021. The aim being to determine a more consolidated view on the risk management expectations of pensions, and what we now know as the General Code (2024).

This development will consolidate and update 10 existing codes of practice into one comprehensive web-based code.

The 10 codes of practice are:

  1. Reporting breaches of the law
  2. Early leavers
  3. Late payment of contributions (occupational pension schemes)
  4. Late payment of contributions (personal pension schemes)
  5. Trustee knowledge and understanding
  6. Member nominated trustees/member-nominated directors putting arrangements in place
  7. Internal controls
  8. Dispute resolution reasonable periods
  9. DC code
  10. Public service code

Why is the General Code being introduced now?

The introduction of the General Code is an important and necessary step towards establishing clear, uniform expectations for the governance and administration of pension schemes. It's designed to outline the specific requirements that The Pensions Regulator (TPR) expects from schemes, to ensure they uphold an effective governance system.

TPR is encouraging governing bodies to modernise their systems, ensuring that they are fit for purpose and capable of meeting today's standards.

A revealing study conducted by TPR in July 2023 found that "40% of trustees of small schemes were either unaware of the codes of practice or had never followed them". This highlights a significant gap in compliance and awareness, with many trustees relying on outdated pension management methods, such as spreadsheets. This not only obscures a comprehensive view of the pensions they manage, but also leaves these schemes vulnerable to fraud or human error due to insufficient risk assessments.

TPR has stated that the General Code's new structure aims to simplify their objectives, making it easier for governing bodies to understand what's expected of them. If they find they're not meeting these standards, the question then becomes, what steps must they take to comply?

The core goals of the General Code are to safeguard members' benefits, reduce the risk of demands on the Pension Protection Fund, enhance the understanding and promotion of good work-based pension scheme administration, ensure employer compliance with automatic enrolment duties, and minimise any negative impacts on the sustainable growth of employers (specifically in regard to the regulator's functions under Part 3 of the Pensions Act 2004).

This initiative underscores TPR’s commitment to simplifying the path to compliance and empowering scheme administrators with the knowledge/tools they need to succeed.

What are the key dates and deadlines to consider?

The General Code was laid in Parliament on 10th January 2024, and is expected to come into full effect on 27th March 2024.

Once in action, businesses and pension boards will have to demonstrate an Effective Systems of Governance (ESOG) and complete an Own Risk Assessment (ORA) every 3 years. Unless something significant happens within your organisation, in which case an ORA must be completed sooner and it must be evidenced in writing, signed by your trustee board.

The first ORA must be completed by the end of the first scheme year following introduction of the Code, which signifies as the end of 2026, dependent on when your scheme year is/when it runs to.

After the first ORA is completed, it can be staggered tri-annually to help businesses. Any generalised good governance practices that are already being followed in your business as usual can be pointed to in the ORA, so that there is no duplication of processes needed.

How will UK businesses be impacted by this code?

For UK businesses involved in occupational defined benefit, defined contribution, personal, and public service pension schemes, understanding and adhering to the new General Code will be vital. It represents a shift towards more robust governance and administration standards, ultimately aimed at safeguarding the interests of pension scheme members. The Code is not a statement of law, but there are legal requirements within it. For instance, if a governing body was to find themselves in a court of law and they were found not to be complying with the expectations outlined in the General Code, there is the possibility that this could be found as prejudicial against that board of trustees.

Trustees and governing bodies will be required to check their existing processes and identify where changes need to be made when the General Code comes into play. They need to check current legislation, policies, and regulations to ensure they are compliant. Businesses will also be required to document their current processes and any changes made.

What does this compliance checking process look like for businesses?

  • Firstly, they will be required to carry out an Effective Systems of Governance (ESOG) gap analysis to highlight where there are problem areas in their current processes.

  • They also need to be able to accurately document and demonstrate this ESOG.

  • The ESOG requirements need to be studied and understood in full depth, but they include implications around: management of activities, organisational structure, investment matters, your internal controls, administration & management, and communications & disclosures.

  • For pension schemes with 100+ members, they will be required to complete an Own Risk Assessment (ORA), which is a qualitative assessment on the effectiveness of the ESOG. The aim of the ORA is to integrate good governance and lead better strategic decision making.

  • The ORA requirements cover the effectiveness of: policies for governing bodies, risk management policies, investments, administration, and payment of benefits, where applicable.

Preparing your business for the code: 

To prepare for compliance with the General Code of Practice, trustees and employers can consider the following tips:

  1. Review and understand the Code: take the time to thoroughly review the new code and understand its implications for your specific pension scheme.

  2. Update governance practices: assess and update governance practices to align with the new requirements, ensuring effective system maintenance and compliance with scheme funding.

  3. Training and education: provide training and educational resources to trustees and relevant employees to ensure a comprehensive understanding of the new code and its impact on scheme management.

  4. Engage with professional advisors: seek guidance from professional advisors with expertise in pension scheme management, such as Muse Advisory, and regulatory compliance to navigate the complexities of the new code.

  5. Documentation and reporting: establish robust documentation and reporting processes to track compliance with the new requirements and demonstrate adherence to governance expectations.

  6. Prioritise and organise: What might your gap analysis look like? Make sure that your policies and practices are aligning with the requirements. Also consider what processes and internal practices you could be documenting better already. Often businesses will have silos and some of this vital information around risk procedures and learnings may be kept in the hands of a trusted key employee, but not properly evidenced.

The role that technology can play:

In today's digital age, technology can play a pivotal role in facilitating compliance with regulatory requirements.
Pension schemes can leverage modern technology and digital solutions to enhance governance practices and ensure robust compliance in the following ways:

  1. Data management and reporting:
    Utilise data management tools to streamline reporting processes, ensuring accuracy and timely submission of required documentation to regulatory authorities.

  2. Compliance monitoring:
    Implement technology-driven compliance monitoring systems to track adherence to governance requirements and identify areas for improvement.

  3. Automation of administrative processes:
    Embrace automation technologies to streamline administrative tasks, reducing the margin for human error and enhancing operational efficiency.

  4. Enhanced security measures:
    Invest in strengthening your cybersecurity measures to protect sensitive pension scheme data and mitigate the risk of security breaches or unauthorised access.

  5. Analytical insights:
    Harness the power of data analytics to gain valuable insights into scheme performance, funding dynamics, and governance effectiveness, enabling informed decision-making.

How can Advanced help?

The Pensions Regulator's General Code underscores the importance of maintaining a customer-centric approach to pension scheme governance. By prioritising the needs and perspectives of scheme members, businesses can navigate the evolving regulatory landscape with confidence and assurance, positioning themselves as reliable owners of pension assets. Trustees and employers should prioritise understanding the code, preparing for compliance, and leveraging technology to navigate the regulatory landscape effectively.

With Advanced’s Governance and Risk Management solution, Decision Time, you can easily assess & manage risk across your entire organisation using our Risks and Control tool. This allows you to keep risk and governance control management all in one place, with assigned risk levels and access controls to monitor accountability across your organisation. It also gives you the ability to build out multiple risk registers and run instant risk reports that can be shared with your team or wider stakeholder group, so that transparency and compliance can be maintained within your company.

Here at Advanced, we’re also collaborating with Muse Advisory, a consultancy service who work alongside pensions schemes across the UK and Ireland. They have been offering their expertise on how our customers and prospects should be preparing for the introduction of the General Code. We have a number of upcoming pieces of educational content, so keep your eyes peeled.

For further details and insights on our Governance, Risk and Compliance solutions please visit: Governance and Risk Management | Advanced (

For any further details and specific guidance on compliance with the General Code, it is recommended to consult authoritative sources such as The Pensions Regulator’s official website, legal advisors, and industry professionals.

Lauren Campbell

Lauren Campbell


Content Executive

Lauren has been with OneAdvanced since March 2021, bringing well-built experience in both writing and the marketing landscape. She has been previously responsible for driving the relationships with our strategic technology partners, and now creates insightful and thought-provoking content for Advanced, specialising in our Spend Management and Governance space.

Read published articles