The general code of practice was published by The Pensions Regulator (TPR) on 10 January 2024 and replaces 10 of the 15 current codes. With the arrival of the new code, governing bodies (trustees or managers) will need to understand the new practices for reporting to TPR, review existing processes and consider whether new policies need to be implemented.
There are five main requirements for governing bodies to report to TPR: when a scheme is first registered; submission of the annual Scheme Returns; notifiable events; and whistleblowing – reporting breaches of the law. In addition, the late payment of contributions should be reported to TPR within 14 days and members should be notified within 30 days.
The new framework of internal controls set out in the code, referred to as the “effective system of governance” (ESoG) will need to ensure compliance in several reporting areas. Here are some practical aspects for governing bodies to consider.
Reporting breaches of the law
This is one of the codes of practice being replaced. There will be breaches of the law affecting pension schemes which will need to be considered for reporting to TPR – and potentially some new areas to be aware of too.
The decision whether to report requires two key judgements:
1. Is there reasonable cause to believe a legal duty that is relevant to the administration of the scheme is or has not been complied with
2. If so, is the failure to comply likely to be of material significance to TPR in the exercise of its functions?
Note that ‘administration of the scheme’ is interpreted widely by TPR and includes anything that could affect members’ benefits e.g. investment policy and management, custody of assets policy, DB funding or members’ ability to access information. It is not just benefit administration.
Not every breach needs to be reported, but governing bodies should monitor, record and act on any breaches. Failure to comply with the obligations without ‘reasonable excuse’ is a civil offence.
The new code sets out new requirements in 4 key areas the governing bodies should consider in relation to reporting breaches of the law:
- The cause of the breach
- The effect of the breach
- Reaction to the breach
- Wider implications of the breach
The new code also sets out how to report, making a report and who has the duty to report (“any person who has a duty to report a breach of the law”). This includes trustees, scheme managers, employers, service providers, professional advisers and a scheme strategist or scheme funder in a DC master trust.
A key tool to help compliance and monitoring is to set up a ‘breaches log’. This should cover not only breaches that may need to be reported to TPR, but also any General Data Protection Regulation (GDPR) breaches or cyber incidents which may need to be reported to the Information Commissioner’s Office (ICO).
Although scheme administrators and actuaries should have their own breaches logs, governing bodies should also maintain their own separately. Having a single log for all breaches makes it easier for governing bodies to monitor. It should be short and easy to review. If not, the scheme is likely to have poor controls and governance.
Notifiable events
The principal purpose of the current notifiable events framework is to give TPR early warning of possible demands on the Pension Protection Fund (PPF) and to reduce the risk of compensation being payable.
Claims for compensation on the PPF will arise when, broadly speaking, an employer becomes insolvent and its DB pension scheme is underfunded. Notifiable events provide an early warning of possible insolvency or underfunding, giving TPR the opportunity to assist or intervene before a claim is made. A consequence of intervention will, in many cases, be to improve the protection of scheme members’ benefits.
Pension trustees and employers (as scheme sponsors) are currently required to notify TPR of certain prescribed events. New regulations were expected to come into force in April 2020 that intended to extend the type of events covered, whilst removing an existing one. Although the draft regulations are not yet in force, this is a key area of governance that needs to be properly monitored and reported to TPR. For good practice, many of our pension trustee boards already table this at every meeting. If you’re not doing this already, we recommend you start doing so as a matter of course.
It’s all in the detail
Although not strictly an area for TPR reporting, another area that comes to mind here is the requirement to post a DC Chair’s statement, statement of investment principles (SIP) and implementation statement on a publicly available website. In our experience, the proportion of members looking at them varies greatly from scheme to scheme and often depends on how effective other member communications are. However, they’ve proved quite useful for the industry as a whole.
This is worth highlighting as they can be another trap that it’s easy to fall foul of if governing bodies don’t have good controls in place. TPR had suggested in the draft code trustee meeting minutes should also be posted publicly. The industry almost universally thought this was a step too far so this requirement has now been dropped from the final version of the code.
In preparation for the publication of the general code, we have created a suite of effective tools and guidance that is available to help our clients and pension trustees meet their obligations under the code and ensure their reporting practices are compliant. Please get in touch if we can help.
