General Code for pensions: A conversation with Rosanne Corbett

The General Code legislation came into full effect on March 27^th, 2024, carrying significance for many UK businesses. It serves as a foundational framework, setting governance expectations around pension schemes for trustees and governing bodies alike.

The Code will help to establish clear guidelines and standards that organisations must adhere to. On top of this, it will safeguard the interests of pension scheme members by putting accountability measures in place, enhance trust and confidence among these members, mitigate the risks associated with pension scheme management, enhance financial stability/sustainability among businesses, and allow them to demonstrate a commitment to ethical and transparent practices.

By complying, companies can strengthen their pension schemes, uphold industry standards, and build a foundation of trust and reliability within the business community.

Given the clear importance of the Code, we thought it was only right to sit down with an expert to dig a little deeper into its history and the implications it will have for organisations. With this in mind, we recorded a webinar with Rosanne Corbett, Director at Muse Advisory (an independent pension consultancy firm), which you can watch on-demand here.  

So, what was covered in this conversation?

Evolution of the General Code

Rosanne started by giving some background to the General Code, explaining how it originated and what its evolution has looked like. It all started with the Pensions Act 2004, which introduced crucial provisions related to pension and retirement planning, as well as entitlement to bereavement payments. Further down the line, there was the IORPII (Institutions for Occupational Retirement Provision II) which was implemented in 2016. This had a focus on enhancing the oversight of workplace pension schemes.

After this there was the Governance Amendment Regulations of 2018. These regulations aimed to strengthen governance standards, enhance trustee knowledge/understanding, and improve the overall management of pension funds. In more recent times, the introduction of the Draft Single Code in 2021 signalled a consolidation of regulatory guidelines for pension schemes. It didn’t represent a complete departure from prior incarnations, but it brought the best elements of them together and created effective and streamlined guidance for scheme managers.

The 2024 General Code (which has just come into effect) follows on from the Draft Single Code, serving as a finalised incarnation that The Pensions Regulator (TPR) have put in place. This trajectory of pensions legislation in the UK reflects a commitment from TPR to foster a secure retirement landscape. As this complex regulatory world continues to transform, there will be an ongoing importance placed on developing trust and confidence within pension schemes, so that the best interests of members are always kept at heart.

Effective System of Governance (ESOG)

Rosanne then went on to discuss the notion of an Effective System of Governance (ESOG), which is a crucial element of the General Code. The Code mandates that all pension schemes must be able to demonstrate an ESOG as part of their standard operations, with the exception of public sector schemes. Rosanne was keen to make the point that even though it’s not a legal requirement for public sector organisations, it is still considered best practice and should be something they strive towards.

The ESOG can be broken up into a number of components that must be accounted for, including the management of activities, investment considerations, internal control mechanisms, organisational structures, administrative and managerial functions, and the communication/disclosure of protocols. These aspects collectively form the basis of an effective system and align with the overarching requirements placed on businesses by The Pensions Regulator.

One of the core messages to come out of Rosanne’s ESOG section was the fact that “proportionality is key”. This effectively means the scope of your systems of governance will need to be relative to the size of your organisation and pension scheme operation.

Own Risk Assessment (ORA)

Following on from this, the session went on to focus on the concept of an Own Risk Assessment (ORA), which is intrinsically linked to the ESOG. Rosanne explained that the ORA serves as a pivotal evaluation tool to gauge the effectiveness of the ESOG and the overall management of risks within pension schemes.

A crucial aspect to note is that the ORA must be documented in writing and approved by the Trustee Chair, with the initial assessment required by the end of 2026. Subsequent assessments can follow a staggered schedule but are mandatory every three years to ensure ongoing risk management. Importantly, the process should streamline existing procedures without unnecessary duplication, referencing established practices within the ORA framework.

Rosanne extensively covered all the necessary ORA requirements, highlighting that many schemes will likely already be aligned with best practices due to the consolidation of past iterations into the new General Code. By conducting an ORA, schemes seize the opportunity to comprehensively evaluate their operational protocols and refine their strategies based on what they find.

How to approach the Code

In the next part of the webinar, Rosanne highlighted some very helpful tips for how to get started with tackling the Code. She notes that a structured approach is essential when preparing to adhere to this pensions regulation. Conducting a comprehensive gap analysis is key for identifying any discrepancies between your current policies and the Code's requirements.

It's imperative to outline in detail the necessary steps that will be required for you to meet compliance (if you’re not already). Assessing risk ownership and establishing efficient channels for relaying information to the trustee board are critical considerations during this process.

Rosanne helpfully gave some insight into what the ORA process looks like at Muse Advisory. This involves reviewing objectives and strategies, assessing the system of governance, understanding the risk profile, scrutinising the risk management framework, compiling an ORA report, and updating policies accordingly. This methodical approach ensures a thorough evaluation, minimal gaps, and a general enhancement of governance practices.

Next Steps

Once you’ve understood the requirements and developed a detailed plan for how you will achieve compliance, what comes next? It’s essentially all about actioning your strategy, which is what Rosanne went on to describe.

Upon grasping the intricacies of the General Code, the pivotal next steps involve a strategic evaluation of strengths and weaknesses within your current setup. By identifying areas for improvement, you can craft a comprehensive roadmap complete with key timelines and deadlines, instilling accountability and specificity into your governance processes.

Documenting the system of governance is crucial, as this ensures your operations are transparent. Implementing a robust risk management function and conducting a thorough review of risks shouldn’t be overlooked either. To streamline these efforts, Rosanne advises to go ahead and develop an Own Risk Assessment (ORA) work plan promptly, as the two-year timeline will pass in the blink of an eye. Proactivity in addressing these action points will pave the way for enhanced efficiency within your pension scheme compliance efforts.

How can technology help?

OneAdvanced’s governance expert, Paul McSorley, jumped in to assist Rosanne Corbett at this point of the educational session, specifically focusing on the power of technology for assisting with General Code obligations. He provided a short and informative demo of OneAdvanced’s Governance & Risk software, highlighting how its integrated features, seamless user experience, visible data, and instant risk reports make compliance as easy as possible.

By leveraging advanced software solutions like this, pension schemes can streamline their processes, enhance efficiency, and ensure adherence in the most comfortable manner possible. Innovative technology can facilitate effective gap analysis, real-time monitoring of governance practices/risk management activities (including who is accountable), streamlined document management, workflow automation, data analysis, and general reporting proficiency.

With these capabilities, pension scheme managers can ultimately be more agile in the face of constant regulatory changes.

Q&A

In the final part of the webinar, the audience were able to put their questions to Rosanne in order to deepen their understanding of the General Code and tackle anything that had perhaps been missed. The first questioner asked who is most responsible for upholding the Code within organisations. Rosanne’s answer was very clear, trustees. And this is still true even if the pension scheme is administered by a third party.

Another question was with regards to whether the Code is a legal obligation. This can essentially be broken into two aspects, the musts, and the best practices. The musts are legally binding, whereas the best practices are not (although The Pensions Regulator would of course still prefer for companies to carry out these practices).

Rosanne was quizzed on what an example of an internal control might look like (as part of the ESOG). Her response was that a control is anything that mitigates against operations risks, such as processes, policies, etc. The purpose of a control should be analysed thoroughly, as this will help to determine whether it’s necessary as well as who should own it.

In terms of how to get employees to buy into these controls, they may need to be incentivised to uphold them. If they’re given ownership of a particular control, this will form part of their responsibilities, so they’ll ultimately be judged on the success of this control in their recurring performance appraisals.

Learn more

If you’d like to go into even more detail with this topic, be sure to check out our complete guide to the General Code for UK businesses. This informative article includes what the 10 specific codes of practice are, how businesses will be impacted, a compliance checklist, and actionable tips you should execute right away.