Effective System of Governance (ESOG): governance framework and internal controls

For the fourth blog in our series, we look at the governance framework and internal controls. Links to the previous blogs in this series are here:

1. ESOG and ORA: The new architecture for pension scheme governance
2. ESOG: outsourcing activities, remuneration policies, proportionality and the ORA
3. Effective System of Governance (ESoG): Where do we start?

Gap analysis

Having assessed the effectiveness of the Governing Body (Trustee Board), the next step is to undertake an assessment of your scheme’s governance framework and internal controls. Start with the basic stuff – gap analysis. Gather together all of the trustees’ current scheme policies, practices and procedures. Assess what is fit for purpose, what needs updating and what is absent but is needed.

The original Pensions Act 2004 and Code of Practice 9 introduced Internal controls, which are:

1. arrangements and procedures to be followed in the administration and management of the scheme;
2. systems and arrangements for monitoring that administration and management; and
3. arrangements and procedures to be followed for the safe custody and security of the assets of the scheme.

Some other requirements have also been introduced since,  so the trustees will have had these in place for a number of years and a simple ‘RAG’ (Red Amber Green) analysis can be a cost effective approach here.

The following is an example of what the GDPR section of the trustees’ governance framework may look like:

For all elements of the governance framework, document what is fit for purpose, what is in place but needs improving and what isn’t in place but should be. The next step is to agree how to improve the red and amber items, remembering that SI 2018/1103 states that the system of governance must be proportionate to the size, nature, scale and complexity of the activities of your occupational pension scheme. Each scheme will, therefore, have a bespoke improvement plan.

So what’s new?

It’s not just internal controls anymore.

The Pensions Act 2004 (as updated by SI 2018/1103) requires an Effective System of Governance (ESoG), including internal controls, where trustee boards will need to have appropriate contingency plans in place, be able to evidence the effectiveness of all of this and improve any deficiencies in the system of governance over time. The reality is that operating an ESoG and being able to prove it, is ‘the new normal’, just as we adopted internal controls as the new normal when Code of Practice 9 was first published. All schemes need to operate an ESoG. For schemes with >100 members, trustees will also need to complete a yearly Own Risk Assessment (ORA).

Risk Management Team

SI 2018/1103 introduced three Key Functions: Actuarial, Risk Management and Internal Evaluation. The main functions you are likely to need to concentrate on are in respect of the Risk Management and Internal Evaluation functions.

When selecting who will undertake the Risk Management function, remember that paragraph 8 (c) of SI 2018/1103 requires trustees to include in the ORA how you prevent (not manage) conflicts of interest with the employer, where key functions are outsourced to the same person as the employer, or to any person employed by the employer.

What next?

The Risk Management team will then need to work through the ESoG requirements. One requirement is for the trustee board to ensure continuity and regularity in the performance of its activities, including the development of contingency plans. COVID-19 highlighted one of the operational aspects – what happens if trustees are unable to meet face to face? Trustees needed to implement contingency plans, including checking the Articles of Association for Trustee companies, to ensure that meetings and decisions made therein continue to be valid.

One other example is where trustee boards can often incorporate single person risks. What are your contingency plans? A deputy chair? What about an in-house Pensions Manager or Scheme Secretary? If any one of these individuals were unavailable at short notice and for an extended period of time, what is your plan B to ensure continuity and regularity in the performance of your scheme’s activities? And don’t forget proportionality and to record your rationale for the proportionality applied, which is the subject of the next blog in our series.

Summary

Having completed the governance framework assessment, planned and commenced work on the red and amber items, established the Risk-Management team, assessed the ESoG requirements and established the plan to make the ESoG improvements, you will be well on the way to understanding how effective the trustees’ System of Governance actually is and how to improve it.