What is the General Code

The Pension Regulator’s new General Code is imminent, consolidating 10 of the existing Codes into one web-based Code. It also addresses the governance requirements arising from the UK’s implementation of IORP II which expects trustees to have an “effective system of governance” (“ESOG”), and for schemes with 100 members or more to complete an “own risk assessment” (“ORA”) to assess the ESOG.


The new Code will introduce new pension scheme governance responsibilities. Trustees/governing bodies will need to identify the required changes to their current processes, check current policies and procedures are fit for purpose, and implement changes where necessary.

How can Mercer help?

We expect all scheme Trustees will need to take some action to be compliant with the new Code. The actions required will depend on what governance standards, policies and procedures are currently in place for the pension scheme and how they have been documented to date.


We suggest a three stage process to being compliant with the ESOG and ORA elements of the requirements:


  1. Conduct an ESOG gap analysis to determine what areas you will need to work on to be compliant. We have developed our own gap analysis which covers all required areas and allows trustees to prioritise areas of focus for action.
  2. Document your ESOG. There are many ways you could do this. We have developed our own ESOG inventory to aid you in doing this, including wording to cover off the areas of the Code which may not require a full policy. Our ESOG inventory covers all policies and procedures across the five key areas set out within the Code. Our solution will allow you to tailor your approach in a pragmatic and proportionate way – get in touch to find out more.
  3. Complete your ORA (for schemes with 100 members or more). This is a qualitative assessment of the effectiveness of your ESOG and is expected to be a substantial piece of work in the first instance. We have developed an ORA template which you can use to carry out the assessment and highlight areas of potential improvement and development. 

Being compliant isn’t about “one and done”. TPR’s expectations are that the ESOG and ORA will form part of a continuous feedback loop, with governance evolving over time to improve standards and meet and tackle new challenges and emerging risks. 


A continuous feedback loop diagram showing how governance evolves over time




Upcoming webinar, register your interest

We'll be running a webinar as soon as the new General Code is released to explain the requirements and what you can do to ensure you are compliant in a proportionate way.

Whilst the Code is still draft, Trustees can start taking steps on their journey to ensure they are compliant. These steps include:


  • Training – do you understand the requirements of the new Code?
  • Gap analysis – do you know what areas you will need to work on to be compliant?
  • Review or establish new policies – Review your existing policies alongside the draft Code and consider whether additional policies will be required. Some may be new to you, for example considering climate change or cyber risk. You may need to do more work in these areas with appropriate training alongside.

When the final Code is published, trustees will have to complete the “substantial process” of an Own Risk Assessment which is an assessment of the ESOG and how any potential risks are being mitigated. Trustees should be speaking to their advisers about how they will meet the requirements of the ORA, taking a proportionate approach for their scheme. The ORA is expected to be an annual process. It is expected that the ORA will need to be carried out within 12 months from the date the new Code comes into force and annually thereafter.


Don't forget

Whilst the new Code puts a spotlight on good governance and sets out new requirements, don’t forget the activities and projects that can contribute to best practice and effective governance.


Mercer’s pension scheme governance and scheme management team can help with whatever you need to achieve your aims, including, but not limited to:


Trustee effectiveness reviews icon 


Trustee effectiveness reviews and Trustee Knowledge & Understanding (TKU) support

Trustee training icon 


Trustee training

Trustee board icon


Trustee board and committee advice

Independent trustee icon


Independent/professional trustee role profiles and selection exercises

Scheme advisers icon


Review and appointment of scheme advisers e.g., lawyers, auditors etc. 

Establishment and review of policies icon

Establishment and review of policies and processes, risk register reviews and support with own risk assessments (ORA)

Scheme secretariat services icon  


Scheme secretariat services

E-governance icon


E-governance solutions

project management icon


Project management

Diversity and inclusion considerations icon


Diversity and inclusion considerations

Frequently asked questions around the General Code

  • How do we approach the requirements in a proportionate way?

    It is important that the new requirements are dealt with proportionately, recognising that trustees have other competing requirements for their time and cost budget. For the smallest schemes we recommend a prioritisation approach, with the biggest risk areas tackled first. 

  • How does the ORA interact with our existing risk register and an integrated risk management (IRM) approach?

    The risk register should identify risks and categorise them according to probability and severity. Integrated Risk Management processes should tackle the interdependencies of those risks and mitigations. The ORA is the next step in this, which assesses how effective the procedural operation and policies are in tackling those risks. 

  • What is the difference between a “must” and a “should”?

    In the new code, TPR refers to legal duties using the word ‘must’. TPR’s expectations are referred to using ‘should’. TPR uses ‘need’ where there is no expectation or legal requirement in place, but that process is necessary to allow a scheme to operate. In some modules, TPR highlights expectations as a matter of best practice for certain schemes.  

  • Are schemes compliant if they only adhere to what they “must” do rather than what they “should” do?

    Compliance with the Code, whilst not mandatory, is a very strong and enforceable expectation of TPR, backed up by the legislation. Compliance is likely to be deemed necessary in order to discharge trustees’ statutory duties to have an effective system of governance. However, the legislation acknowledges that systems of governance should not be homogenous across pension schemes, stating that they must be “proportionate to the size, nature, scale and complexity of the activities of the pension scheme”. Therefore it is likely that for larger more sophisticated schemes, TPR would expect them to meet most of the ‘should’ expectations in the Code unless they can demonstrate they are meeting the expectations in an alternative way. For smaller schemes, some of the ‘should’ expectations may be disproportionate, although many are not new and so where they have been in place for some time in the existing codes, then TPR is likely to expect that most schemes will already be meeting those aspects. 

Contact us

Please complete the form below to get in touch with a consultant

*Required Fields