The new single TPR Code, which is due out in the summer, is expected to introduce the Effective System of Governance (ESoG) and the Own Risk Assessment (ORA).
In its draft form the new Code states that for governing bodies (that is trustees and scheme managers) to have an effective system of governance they must ensure that their scheme processes and procedures are compliant with the system of governance set out in the Code and states: “A system of governance will include anything that can reasonably be considered part of the operation of a pension scheme.”
There are 4 main categories that will need to be addressed in relation to the ESoG, each with several modules requiring various sets of policies to cover the scope of each.
- Management of activities
- Organisational structure
- Investment matters
- Communications and disclosure
Some of the modules are identified as a matter of best practice but others contain separate legal obligations. Even with these discretionary elements it is likely to be a considerable exercise (certainly during the first year) for most governing bodies to address.
In practice some of the processes and procedures may already be followed and some of which will be documented. Most schemes will have a Conflict of Interest Policy and an Internal Disputes Policy in place. Nevertheless, there are new requirements and schemes will have policies missing or not documented, these may include written policies on reviewing your advisers, renumeration, cyber security and investment related policies on decision making and yes climate risk! A good starting point for governing bodies is to dig through the polices already in place and consider “gap analysis” to identify the areas that fall short of this requirement.
ESoG will bring benefits; having an ESoG which is effectively reviewed on a regular basis should help governing bodies ensure their schemes run at lower levels of risks, function smoothly and be ready for action.
However, many may be left wondering how ORA, which will be an annual assessment of the ESoG, fits in with a scheme’s established risk management process and indeed why it is needed at all? After all, we already have Risk Registers and Integrated Risk Management in place, don’t we?
We set our Risk Registers (RR) to identify the risks posed to our schemes and usually assign the risks into categories depending on the severity and probability of the event occurring. You would expect a comprehensive RR to incorporate many scheme governance and operational procedures covering administration, funding, employer covenant and investment and often fraud, mismanagement and errors. But while an RR identifies the separate risks faced by a scheme it doesn’t address the inter-relationships of these risks or whether the mitigation processes set out are actually working.
Integrated Risk Management (IRM) introduced a step towards addressing inter-relationships of risk with a greater focus on the risk posed by employer covenant. Our RR may have indeed identified that global sell-off of equities would pose a risk to the scheme’s funding level. But I’ll admit mine didn’t document that a global sell-off could also impact the employer too, precisely at a time when more reliance would be needed. Most IRM frameworks help us to consider the inter-related nature of these risks and have helped to mitigate risk and monitor that remaining with suitable combinations of predetermined triggers and ongoing covenant assessment.
So, what is the purpose of the ORA? The ORA is a written report identifying the key governance risks and assesses the effectiveness of the governing policies put into place under ESoG Considering the ORA in a similar manner to the way we consider IRM we will be monitoring the processes and procedures that have been put into place on a more proactive basis.
Many of the risks identified in a schemes RR will feature within the written policies and the ORA will assess whether these policies help reduce those risks identified and put systems in place to limit avoidable risks. The findings of the ORA should help governing bodies determine what is working well and what needs to be addressed using a continuous feedback and refine process, a “Control Process”.
However you wish to view the proposed ESoG and ORA they look to be here to stay and early engagement should be embraced without delay.