Buck Bond Group
General code comes into force

General code comes into force

by and Tags:

Volume 2024 | Issue 08

Download this FYI as a printable PDF

It was over three years ago that the first draft of the general code of practice was published by The Pensions Regulator (on 17 March 2021). On 28 March 2024, it finally takes effect after being laid before Parliament in January 2024.

The general code replaces 10 existing codes of practice, with 16 codes becoming seven from the same day.


Our FYI dated 10 January 2024 (The new general code of practice) explains the background, highlights and next steps.

Essentially, the reason for the new code was primarily due to new governance regulations (transposing IORP II into UK legislation) that required the Regulator to change some of the existing codes. The Regulator also acknowledged that several codes were out of date and the content in the codes and guidance was duplicated.

The governance regulations came into force on 13 January 2019 and amended the internal controls provisions in the Pensions Act 2004 to require trustees or managers of occupational pension schemes (referred to as ‘the governing body’ in the code) to establish an effective system of governance which includes internal controls.

The regulations also required the Regulator to include in code(s) of practice, details of the effective system of governance, remuneration policies, and the carrying out and documentation of an own risk assessment of the system of governance (the latter two applying to schemes with 100 members or more).

The general code contains 51 modules, split across five sections, each of which contains one or more modules.

Much of the content was already contained in the existing codes, or other guidance, but some of it is new. For instance:

  • Some of the governing body modules (e.g. meetings and decision-making, remuneration and fee policy, scheme continuity planning, own risk assessment, systems of governance)
  • Most of the investment modules (e.g. stewardship, climate change)
  • Most of the administration modules (e.g. maintenance of IT systems, cyber controls)
  • The audit requirements module from the communications and disclosure section

Next steps

The Regulator says that trustees “should be aware of where they fall short of our expectations and have clear and realistic plans in place to address those shortcomings”.

Trustees are advised to work with their advisers and service providers to:

  • Familiarise themselves with the requirements, particularly the new content
  • Carry out, or revisit, a gap analysis of their governance arrangements against the requirements in the code
  • Develop an action plan for addressing any gaps, ensuring this is proportionate to the size, scale, nature and complexity of the scheme activities
  • Establish a risk management function designed to suit the scheme, the way it’s run and the resources available
  • Understand the timeline for carrying out the first own risk assessment