<img alt="" src="https://secure.office-information-24.com/785633.png" style="display:none;">

Claire Hey

One Code to rule them all

On 28 March 2024, the Pension Regulator’s long-awaited and highly anticipated General Code came into force, having spent the previous 40 days languishing in Parliament. This is the culmination of an extensive program of work, to combine and refine ten of the Regulator’s existing codes of practice into one new single (or general) code.

Essentially these codes were an administrator’s and trustee’s bible on how to administer, manage, and govern a pension scheme effectively, covering such topics as knowledge and understanding, reporting breaches of the laws, dispute resolution, and internal controls, with a dedicated code for those responsible for public sector schemes.

While the General Code will look and feel different, many of the requirements and expectations set out already exist within the ten discrete codes. The modular digital format will make it easier for those responsible for scheme governance to interrogate the wealth of information, and to hold themselves to account by asking whether they meet the Regulator’s new and improved expectations.

Conversely, it will also afford the Regulator better opportunity to regulate, by offering clearer definition of responsibilities in the five key areas of: the governing body, funding and investment, administration, communications and disclosure, and reporting, which can then be more easily assessed for compliance.

Interestingly, although the Code itself is not a statement of law, a court or tribunal must take any relevant terms of a code of practice into account, when determining whether legal requirements have been met[1].

A is for Acronym

Perhaps most exciting of all for the pensions industry, the General Code of Practice offers two brand-new acronyms to play with: effective system of governance (ESOG) and own risk assessment (ORA).

Effective system of governance (ESOG)

The legal requirement for certain schemes to operate an ESOG was inserted to the Pensions Act 2004 with effect from 13 January 2019. While the equivalent requirement for Public Service Pension Schemes is to operate internal controls, these are in any case considered to be an essential feature of any system of governance.

What the Code now provides is a framework for schemes to establish the processes and procedures that need to be put in place to ensure compliance, with the modules containing ESOG expectations being clearly demarcated. For schemes that are not subject to the ESOG requirement, the modules pertaining to internal controls are also delineated.

One area of possible ambiguity around these requirements is the Local Government Pension Scheme – while it is a public service scheme and therefore exempt under the 2004 Act, it does not operate on a pay-as-you-go basis, and the modules relating to investment matters will subsequently be of interest, if not obligation.

There are also clearly other areas of overlap, such as member communications and knowledge and understanding.

However, each module sets out if and how the provision applies, and additionally the Code suggests that where a requirement is not imposed on a scheme by law, then it could be considered as a matter of good practice. But that there should be proportionality of the systems and controls put in place by a scheme, in relation to its size and structure.

Own risk assessment (ORA)

For schemes operating an ESOG which have more than 100 members, the Code states that an ORA must be undertaken and documented. Although most schemes will have processes and policies in place as part of existing risk management controls, the ORA is likely to impose additional requirements.

A gap analysis may need to be carried out, to identify any shortfalls in existing processes or documentation, and avoid duplication of effort if some aspects of the ORA are already being undertaken.

Tellingly, TPR highlights that failure to complete an ORA may be considered as a ‘red flag’ of inadequate governance. In previous governance and administration surveys of public sector schemes, research has shown that schemes without documented procedures for assessing and managing risk tend to score more poorly in other areas.

Although the requirement to put an ORA in place applies to schemes which also have an ESOG requirement, TPR suggests that other schemes may wish to carry out an ORA to demonstrate best practice. Given the plethora of risks facing schemes in the current economic and political climate, this could be considered a fair warning. Of note is the following administrative risk, which is of particular current significance to schemes across the public sector:

“Risks posed by legal and regulatory change and court decisions.”

A Code for the 21st Century

Governance, as with society, continues to evolve and this is reflected in the General Code.

Cyber risk

There has been a particular focus on cyber risk in recent years, with several high-profile cyber incidents involving organisations within the pensions industry. Pension schemes themselves are attractive targets to cyber criminals, handling vast quantities of personal and financial data, and in many cases financial assets. The Code sets out that schemes should have appropriate cyber controls in place and outlines the Regulator’s expectations for assessing and managing cyber risk.

Climate impact

The environmental impact of investment decision-making has also been a hot topic, as the material risk of climate change is becoming increasingly evident through extreme weather events and humanitarian disasters.

The Code recognises that environmental factors should be considered in the round as part of a scheme’s investment strategy, that any risks arising from climate change should be reflected in a scheme’s risk assessment, and that where appropriate, schemes must comply with the climate-related governance and reporting requirements set out in the Pension Schemes Act 2021.

Equality, diversity, and inclusion (ED&I)

While there are no specifically defined headings relating to ED&I, it is worth a special mention here based on TPR’s 2021 strategic objective of promoting higher standards of equality, diversion, and inclusion among its regulated community.

The Code recommends that arrangements for trustee nominations could be designed to encourage applications representative of a scheme’s population, and that awareness of diversity and inclusion on investment decisions should form part of a trustee’s working knowledge and understanding. A Statement of Investment Principles should consider the demographic and diversity of scheme members, which may impact on the types of investments desired.

Under general principles for member communications, the Code provides that all communications should be clear, concise and in plain English, and that various alternative methods should be considered to ensure the effectiveness and accessibility of communicated information.


It is clear that schemes should have many of these policies, processes, and procedures in place already – as governance is not a new requirement. However, the implementation of the new General Code should not be taken lightly and should not be seen as a tick-box exercise. It is a process of evolution in the effective administration and governance of pension schemes in the UK and by building these new expectations into business-as-usual proceedings, there is an opportunity to drive forward standards of pension provision and better outcomes for scheme members.


[1] https://www.thepensionsregulator.gov.uk/-/media/thepensionsregulator/files/import/pdf/general-code-laid-january-2024.ashx - Status of the code of practice

How can we help you