14 April, 2021



The Pensions Regulator has published its long-awaited consultation on its new single code of practice which consolidates 10 of the existing codes of practice into one web-based code and also addresses the new governance requirements arising from the UK’s implementation of IORP II.

Alongside the consultation, the Regulator has made available the full draft of the new code, a reference document showing from which parts of the existing codes the new modules come and an early version of the web-based code.


Consolidating the existing codes of practice

The Regulator sets out that the consultation on its new single code of practice is the first phase of a significant project aiming to better support modern scheme governance and create consistency and clarity of expectations between different scheme types. It is initially consolidating 10 of the existing codes of practice into one web-based code consisting of 51 topic-focussed modules, largely through removing duplicated and unnecessary text. The table in the Appendix indicates which of the existing codes are currently included and which are not.


The Regulator expects subsequent phases of the project to bring the remaining codes into the new code. This would include the revised DB funding code, which will be the subject of a separate consultation later in the year. Later phases will also cover the new provisions brought in by the Pension Schemes Act 2021.


One of the key stated advantages of the new code is that it will be simpler for the Regulator to update, even though there are no changes to the process that has to be gone through before any changes are made which specifically requires consultation and Parliamentary approval.


The Regulator has taken what it calls “a fresh approach” to setting out its expectations, using lists of legal duties and expectations of how governing bodies should meet them and using standard wording of “must”, “should” and “need” to distinguish between legal duties, its expectations and necessary processes. Despite this approach, the Regulator states that it is not its intention to reduce governance to a tick-box exercise, but rather to provide clarity and prompt discussion and consideration of a scheme’s processes and policies.

New governance aspects of the code

One of the final pieces of EU legislation that the UK had to implement before Brexit was the IORP II Directive, which the government transposed into UK regulations with effect from 13 January 2019. These regulations require the Regulator to introduce new expectations in respect of an “effective system of governance” for all schemes, which is proportionate to the size, nature, scale and complexity of the scheme. They also introduce the requirement for an “own risk assessment” which applies to private sector schemes with 100 or more members.


The draft code addresses the “effective system of governance” requirements through a specific module that sets out the elements that the Regulator considers comprise a minimum effective system (with the elements then linking to other sections of the code), as well as through several other modules that focus on risk management and internal controls. The Regulator has also taken the opportunity to reinforce its guidance and place direct expectations on schemes in relation to some particular internal control processes such as cyber security. In addition, modules specifically addressing stewardship and climate change are newly included in the investment section of the code.


The “own risk assessment” requirement then builds on the above by requiring the governing body to assess on a regular basis the effectiveness and risks of their “effective system of governance”. This is distinct from the normal risk management processes for the scheme. The first such own risk assessment for schemes in scope (which the Regulator acknowledges “may be a significant piece of work”) will be required within 12 months from the date that the new code comes into force and then at least annually thereafter. This assessment needs to be documented and while there is no requirement (currently) for it to be published or submitted to the Regulator, it may be requested as part of the Regulator’s supervisory activity.


Still to come from the Regulator

The consultation is just the start of a significant undertaking for the Regulator of reviewing the majority of its existing codes, guidance and related regulatory material.


  • The consultation closes 26 May 2021. No anticipated commencement date is specified, but given the requirement for Parliamentary approval, the new code is unlikely to become effective before the autumn.
  • The draft DB funding code is expected to be published as part of a consultation in the second half of 2021, and will be in the same style as, and form part of, the new code.
  • A phased review of the Regulator’s existing guidance to bring it in line with the new code is expected to commence later in 2021, although some guidance will always remain outside the scope of this project e.g. automatic enrolment guidance.
  • Further phases will bring in the remaining five codes, as well as add modules reflecting the content of the Pension Schemes Act 2021 and other forthcoming legislation. These updates will be subject to further consultation.


Trustees and other pension scheme governing bodies may wish to respond to the consultation as well as provide any feedback on the design, usability and navigation of the web-based version of the code.


While TPR has stated that the new code is largely a consolidation and re-presentation of the existing codes it replaces, there are some significant new requirements and trustees will also want to start to consider how these will apply to their scheme.



The Regulator has long had a focus on improving standards and consistency of pension scheme governance and it believes that the most recent governance regulations have given it “much greater scope to set expectations around the behaviours of running pension schemes”. The draft code provides an indication of these new expectations and governing bodies will want to start to understand how these might apply proportionately to their scheme’s circumstances. Mercer has developed its own independent own risk assessment approach called Forensic Integrated Risk Management (“FIRM”). This provides schemes with an objective evaluation of their governance structure across 12 key areas crucial to delivering members’ benefits and security. FIRM studies up to 200 scheme-specific data points, producing measurable and objective analytics and benchmarking, as well as providing key insights from subject-matter experts. The assessment offers both trustees and sponsors greater visibility of the effectiveness of their current governance approach and provides specific prioritised actions to make improvements.

Matt Jones

Speak with the consultant

Important Notices


© 2021 Mercer LLC. All rights reserved.


References to Mercer shall be construed to include Mercer LLC.

This contains confidential and proprietary information of Mercer and is intended for the exclusive use of the parties to whom it was provided by Mercer. Its content may not be modified, sold or otherwise provided, in whole or in part, to any other person or entity, without Mercer’s prior written permission.

For the avoidance of doubt, this is not formal investment advice to allow any party to transact. Additional advice will be required in advance of entering into any contract.

The opinions expressed herein are the intellectual property of Mercer and are subject to change without notice. They are not intended to convey any guarantees as to the future performance of the investment products, asset classes or capital markets discussed.  Past performance does not guarantee future results.

Issued in the United Kingdom by Mercer Limited which is authorised and regulated by the Financial Conduct Authority. Registered in England No. 984275. Registered Office: 1 Tower Place West, London, EC3R 5BU