TPR Tightens the Governance Net in its New Code of Practice
If you were under the impression that the single code of practice would be a consolidation of existing codes, then the content of this blog will come as a surprise!
The Pensions Regulator (TPR) has published a consultation on the first phase of replacing the existing Codes of Practice with a single, online Code of Practice (the New Code). The first phase involves converting 10 of the existing Codes of Practice into 51 shorter, topic-based modules. The remaining five Codes of Practice (in relation to notifiable events, funding defined benefits, modification of subsisting rights, master trusts and the material detriment test) are expected to be added to the New Code in due course. TPR also plans to review its guidance in line with the New Code, starting later in 2021.
TPR decided to introduce the New Code in order to make its material easier to use and understand. The draft New Code also incorporates the new governance requirements set out in the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018 (the Governance Regulations). The New Code is not a straight consolidation of existing Codes of Practice – updates have been made throughout to tighten up on governance requirements and to clarify TPR’s expectations on how standards should be met and how compliance should be evidenced. It is not safe to assume that an existing policy, practice or procedure would meet the standards expected in the New Code.
This blog highlights some of the key points to note from the New Code.
TPR has introduced the term “governing body” instead of specifying the particular stakeholder (such as a trustee or scheme manager) that an obligation applies to. TPR has tried to be clear where the responsibility for each requirement falls – however, if there is any doubt in a scheme as to where a responsibility or accountability lies, the governing body should take steps to establish the position.
Implementation of the Governance Regulations
The Governance Regulations (which broadly apply to private sector schemes with at least 100 members) introduced the requirement for an “effective system of governance”, and the New Code sets out TPR’s expectations for achieving this. In particular, the New Code emphasises the role of internal controls in ensuring effective systems of governance and places a strong emphasis on making sure that policies, processes and procedures are operating appropriately and are subject to regular review. The New Code also focuses on the importance of managing and evaluating risk.
The New Code contains a new module on the management of cyber security and states that the “vulnerability to a cyber incident of the scheme’s key functions, systems and assets (including data assets)” should be assessed and that a cyber incident response plan should be maintained. Scheme managers of public service pension schemes must “establish and operate adequate internal controls” in relation to cyber controls. While it is not clear whether this means that they need to take into account cyber risk, TPR expects them to do so.
The New Code covers TPR’s expectations on meeting the legal requirement for an Own Risk Assessment (ORA). The ORA is a process for the governing body to regularly assess the management of risks. Governing bodies will use it to demonstrate that they have fully considered the various risk management processes that the scheme faces (external, financial and operational). The governing body will need to produce an ORA within 12 months from the date that the New Code comes into force, and will then need to carry out an assessment either annually or whenever there is a material change in risks facing the scheme or its governance. While the ORA does not need to be published or sent to TPR, it must be recorded and produced to TPR if requested. It is clear that the requirement for an ORA will be an onerous task for governing bodies, especially when considered alongside the “scheme governance” module which requires each element of key governance modules to be subject to a three yearly review to assess effectiveness (and the process for reviewing is also subject to review!).
The ʺWorking Knowledge of Pensionsʺ, module states that governing bodies should maintain a list of all items that members of the governing body should be familiar with. This will need to be scheme-specific, but TPR’s suggested list is extensive (to the point of being eye-watering!).
Environmental Social Governance (ESG)
In light of the requirement in the Governance Regulations for pension schemes to take account of ESG factors in investment decisions, the revised code includes two new modules on stewardship and climate change. The module on stewardship states the considerations and governance responsibilities that come with financial investments, such as using investment managers’ stewardship policies as selection criteria, and regularly monitoring and reviewing investment managers’ stewardship practices. For climate change, the governing body is expected to take an active role in understanding how climate change risks and opportunities are built into investment portfolios, and how they are managed.
Governing bodies will be required to have a remuneration policy which applies to all persons and corporate bodies who effectively run the scheme, carry out key functions, and whose activities materially impact the scheme’s risk profile. This could include trustees, administrators, or service providers. The policy should include an explanation of the decision making process for the levels of remuneration and why these are considered appropriate. The policy should be reviewed at least every three years and published on the scheme website (or otherwise made available to scheme members).
TPR’s consultation closes on 26 May 2021, and in due course TPR will publish its response to the consultation, including any revisions to the New Code. The New Code will require parliamentary approval before it comes into force.
The requirement for policies, practices and procedures is a clear theme throughout the New Code, and TPR’s expectations will sometimes lead governing bodies into drawing up such documents (even where TPR does not explicitly state that such a document should exist). We recommend that all schemes, regardless of their size, carry out a review of their policies, practices and procedures against the New Code. While carrying out their review, governing bodies should also consider the “best practice suggestions” in the New Code.
Governing bodies of all schemes will need to assess which aspects of the New Code apply to them. This is particularly important for public service pension schemes and smaller schemes with less than 100 members.
Overall, the format of the New Code is much easier to navigate, and once TPR’s project is complete, it will provide some much needed clarity. TPR intends that guidance and other relevant material will be linked from the code in due course – providing a “spider’s web” of information.