The general code: creating proportional ESOGs and ORAs

As schemes make their way through building effective systems of governance (ESOGs) it’s important to remember that every scheme has its own view on proportionality. Not everything needs to be gold standard for every scheme; it’s about applying the requirements in practice. Additionally, almost no schemes need to create their whole ESOG from scratch as they will have some documented policies and controls in place already around things like conflicts of interest and the risk register.

Discover

Consider your scheme in context, and what a proportional response to the general code requirements looks like. Depending on the size and make up of your scheme, certain ESOG requirements will need more attention than others, with the risks carried by defined benefit schemes often different to the risks of a defined contribution schemes. Whilst most ESOG requirements need to be covered legally, it’s important to consider which ones will require the most time, effort and money for your scheme.

Complete a gap analysis of what your scheme is currently doing compared to the 80 requirements. It’s likely that you’ll be surprised how many of them you already cover or will only require a small amount of work to become fully compliant with.

Define

There are new items in the general code which are likely to need attention in your ESOG. TPR has solidified requirements around:

•             board effectiveness

•             remuneration policy

•             continuity planning

•             communications

•             management of advisers

•             a risk management function

Where action is required around the ESOG’s requirements, it’s important to make the process of making your scheme compliant as clear and painless as possible. Don’t miss the planning stage, where it can be made clear who is doing what and when to make the scheme compliant.

Design

Many of the 80 requirements will only require the formalisation of policies you already have in place into the ESOG, or the adaptation of an existing policy. Pension schemes can often learn from their sponsors here too, adapting and adopting company policies that have already been designed and implemented elsewhere. The general code’s GDPR requirements are a great example of this, where pension schemes can often adopt their parent company’s existing immediate response plans to help protect against data breaches.

Also, don’t forget that not all pre-existing codes have been combined into the general code, so make room to integrate things like your DB funding code and equity, diversity and inclusion work into your ESOG rather than operating control silos to mitigate risk and maximise your operational resources.

Document

Meanwhile, ESOG requirements around providers are often covered in scheme related documents like the annual AAF reporting, as well as cyber and business continuity firm wide policies, which will be updated from time to time.

Larger schemes are likely to have more organisational layers with more committees in place, potentially an in-house team and/or a trustee executive and greater complexity of investments so more to identify, document and monitor.

Ensuring a clear structure to house your documentation and evidence, and that your trustees have sight of this is really important for the ORA. There is a nice byproduct of an accessible structure for training new trustees too.

Deliver ESOG to ORA hassle free

The natural progression that many pension schemes now face after completing their ESOG their own risk assessment. An ORA is:

‘A documented assessment of how well the ESOG is working and how any potential risks are being mitigated’

With these due within 12 months after the end of the first scheme year that begins after general code was released in March, schemes should practically be thinking about these in 2025. But if your ESOG has been completed and implemented well, there’s no need to panic about your scheme’s ORA.

A fully compliant ORA needs to consider several specific matters including:

  • how the trustees have assessed the effectiveness of each policy contained in their ESOG
  • your scheme’s risk policies which show how risk assessment is integrated into management and decision-making processes
  • your risk management function and policies should your scheme suffer from any of its identified risks
  • your administration processes and controls
  • Investment governance processes and policies

However, none of this should be new information to consider as it will have already formed part of your ESOG. An effective ORA simply builds on the ESOG and determines that the ESOG is working as intended when it was designed. Again, it’s important to think about what a proportional response to the ORA is for your scheme.

Ensuring that your pension scheme is compliant with the general code can seem like a long and difficult task at first. But if you discover what you need to address, define who’s doing what and when, design policies by adapting existing work where possible, document everything is an accessible way, and then show that you deliver on your ORA through your ESOG processes, it doesn’t have to be.

If you have any questions on the above, please contact Claire Barnes

Claire Barnes

Our latest insights

Related insights from our team at Vidett.

Explore all insights

Please provide your email and select type and topics you want to hear about from us.

New Vidett
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.