A Straightforward Guide to the Single Code of Practice
The Single Code of Practice was launched in January 2021 by The Pension Regulator and deals with the governance and administration of pension schemes. It has replaced 15 existing codes of practice into one easy to manage code whilst also taking the opportunity to introduce new topics such as remuneration, stewardship and climate change. The intention behind this change was to ensure the Single Code made compliance simpler for everyone.
The Single Code sets out TPR’s expectations for compliance, although legally it is not binding. However, it is considered so important that compliance is taken into account when deciding whether a statutory requirement has been met within legal proceedings. This suggests that it should be considered a top priority. There are, however, some legally binding aspects of the code that are considered mandatory:
- A Risk Register
- A Statement of Investment Principles
- A Dispute Resolution Procedure
Who does it apply to?
The Single Code applies to governing bodies, trustees and managers of occupational, personal and public service pension schemes. It should be considered that governing bodies retain ultimate responsibility for compliance with their legal obligations and could be called to explain non-compliance. Therefore, even if the tasks of meeting compliance has been delegated to a third-party the governing body is responsible for ensuring the work is compliant.
New additions to the code
The new Single Code takes a module-based approach and currently has 51 topic-based modules grouped into five themes, covering:
- The governing body
- Funding and investment
- Communications and disclosure
- Reporting to TPR
There are also some new modules in addition to the consolidation of the 15 previous codes. These are:
- Remuneration policy
- Own Risk Assessment (ORA)
- Scheme governance
- Investment decision making
- Climate change
- Financial transactions
- Maintenance of IT systems
- Cyber controls
- Resolving contributions
All of these new modules will require certain actions by trustees and governing bodies in order to remain compliant.
What do you need to do to comply with the Single Code of Practice?
To be compliant with the Single Code of Practice you first need to carry out a gap analysis. This will identify the current policies and procedures you have in place and how they stand against the requirements of the Single Code. Once you have identified what is missing it is easy to put a programme in place to ensure compliance. Whilst compliance with the 15 combined codes won’t have changed a huge amount, the new additions require compliancy tasks:
- ESOG – It is essential to have an Effective System of Governance (ESOG) in place, which will need to be ‘proportionate to the size, nature and complexity’ of the scheme and comply with 17 specific modules identified by TPR.
- ORA – The organisation must carry out an Own Risk Assessment (ORA) which investigates how effective the ESOG is as well as looking at how any identified potential risks are currently being managed. This is an annual requirement or sooner if there is a substantial change in the risks facing the scheme or the governance processes. Each ORA should investigate the scheme’s management and decision-making process, especially in relation to how the governing body adapt to changes in risk.
- Remuneration Policy – It’s important to write a new Renumeration Policy which covers the activities of anyone involved in running the scheme, anyone who carries out key functions or anyone who can impact the scheme’s risk assessment. The policy should also include the stages by which the levels of remuneration were arrived at, as well as justification as to their appropriateness. This would ideally be renewed annually, or every three years in the worst-case scenario.
- Appointment of advisors and service providers policy – Pension schemes now require a specific policy outlining their processes when appointing, selecting, managing and replacing advisors and managers for the scheme.
- Climate change in governance systems – Trustees and governing bodies are required to document the processes for identifying and assessing climate change risks and opportunities as well as maintaining any policies and procedures already in place.
- Build robust cyber security systems – As pension schemes are dealing with sensitive (and therefore valuable) data, cyber security has to be considered an important aspect of governance. Therefore, to reduce the risk of cyber security incidents, schemes should implement policies which ensure data is held securely as well as implementing an incident response plan. Additionally due diligence must also be carried out for any third-party administrators ensuring they are also cyber security resilient.
Although these are all requirements to be compliant with the code, the specific systems and controls put in place are to be proportionate to the scheme’s size, nature, scale and complexity. As one size does not fit all, a certain element of discretion is to be applied. If you are unsure of what applies to your scheme in particular speak with a member of the team at Assure UK.
Running a DC Scheme under the Single Code
For governing bodies running Defined Contribution (DC) schemes there are some specific processes which need to be implemented in order to be compliant.
- Statement of Investment Principles (SIP) – A SIP must be prepared for default arrangement(s).
- Choice of arrangements – An appropriate choice of investment arrangements should be offered instead of simply the default arrangement.
- Investment choice information – Information enabling members to make informed choices about where contributions are invested and the opportunities available should be readily provided.
- Up-to-date information – There is an obligation to inform members of any potential changes to investment offerings.
- Options – Should existing investment arrangements change or are replaced, governing bodies should provide members with alternative opportunities, as well as absorbing the transition costs.
- Prompt reporting – Governing bodies must ensure core financial transactions are processed promptly and accurately and are adequately managed as part of the internal controls.
You cannot assume that your existing policy practice or procedures will be compliant with the new code. There will be some changes that you need to make. For advice on what you need to do, or to find out more about how to comply with the Single Code of Practice, contact us on 020 7112 8300 or email us on firstname.lastname@example.org.