Arguably one of the key focuses for all trustees is to ensure that scheme activities can continue in the event of an emergency or disruption. This is enshrined in The Pensions Regulator’s (TPR) General Code; having an Effective System of Governance (ESoG) is integral to ensuring that the scheme can carry on regardless.  


Trustees need to ensure all their pension scheme’s operations can be maintained in the event of a disruption to scheme activities – this covers a range of risks from key third-party providers to succession planning. 

Planning 

TPR expects trustees to develop and implement plans to ensure their scheme operations can be maintained in the event of a disruption to scheme activities. To do this effectively, trustees need to identify, evaluate and record all risks affecting their scheme’s operational resilience, including where those risks belong to service providers, and make sure key areas of scheme activities, including member data and general scheme administration, are included.

"Priority should be given to the key scheme activities that will need to continue in the event of an emergency or disruption."

So while trustees need to ensure they are satisfied all key businesses related to the scheme have robust plans in place so key functions can be maintained after an emergency or major disruption such as a cyber-attack, fire or flood, this is only one element; trustees need to also ensure their own governance is sufficient to enable all of their key scheme activities to continue.

Priority should be given to the key scheme activities that will need to continue in the event of an emergency or disruption. Examples of these could be receiving and monitoring contributions, pension payments, retirement processing and minimising the risk of pension scams.

Risks to scheme operations

But it shouldn’t just stop there – it’s not just these big-ticket items that can derail your scheme activities. What would happen if your chair (or another key individual) is taken ill just before the main board meeting and is unable to attend, or unexpectedly becomes seriously ill for a substantial period of time? Does any other trustee (or adviser) have the knowledge to carry out the required day-to-day activities? 

Do you have an up-to-date contacts list for all your fellow trustees, company contacts and key advisers? If not, what would you do in the event of an emergency where you are unable to contact the person(s) who retains the contact information? 

It’s Saturday and you are contacted by one of your third parties to advise you about a cyber breach – do you know the process you need to follow and the actions you need to take? Do you have contact details for your other trustees/company contact(s)/legal adviser and is there a specific order in which they should be notified? Could you access this information if you are locked out of your network?

Are your signatory lists, delegations, and authorising procedures up to date so you can act quickly in the event of another LDI crisis or equivalent? 

Is key scheme documentation, including relevant procedures, filed online and accessible? Relying on a sole pensions manager/secretary to manage your scheme processes and retain your scheme documents is risky, and key scheme knowledge can be lost if that individual is unable to work or retires. You need to ensure processes are documented so the scheme can continue to operate in their absence.

"Schemes that are well governed and have processes in place will weather any storm better than those that don’t."

The ability to be able to act quickly can be crucial in many emergency circumstances; some situations have time-critical reporting obligations to regulators that need to be met and you don’t want to lose valuable time trying to work out what needs to be done by who or scrambling around to obtain signatures. Failure to act quickly could also put the payment of members’ benefits, or the funding position of the scheme, at risk. Schemes that are well governed and have processes in place will weather any storm better than those that don’t. 

Remember, governance doesn’t need to be cumbersome and costly – it should be proportionate to the size, nature, scale and complexity of the activities of your scheme and, importantly, add value. You may not need a full-blown policy - a short checklist may suffice, or just more information from your advisers about their processes in the case of an emergency. 

What documentation do I need?

As with all aspects of governance, there isn’t a one size fits all solution; each approach will differ depending on scheme circumstances. However, in terms of the basics, you should consider the following:

  • Key third-party control reports – such as Business Continuity Plans, AAF Reports, Cyber plans. Ensure you have adequate oversight of your key third-party control reports and interrogate these regularly. We suggest at least annually or after any material change/event.
  • Succession planning – outline who will assume responsibility for any key roles, such as the chair and/or scheme secretary (and don’t forget your advisers!) Any deputy chair could also be copied in on day-to-day matters so they can step up at short notice if required.
  • Key contacts list – a list of all trustee, company contacts and key advisers' email addresses and telephone numbers, should be shared with the appropriate group. This should be recirculated following any update, and, where possible, held in accessible locations such as on the trustees’ governance platform, on desktops or hard copy.
  • Escalation plan – document trustee and key contact details, the order in which they should be contacted (if any), and the process to be taken in the event of an emergency. Again, where possible, this should be held in an accessible location such as on the trustees’ governance platform on desktops or hard copy.    
  • (Dis)investments signatory list – schemes with up-to-date signatory lists in place, including authorisation limits where necessary, were generally able to act faster during the 2022 LDI crisis and tended not to be as negatively impacted as those having to rally around and update documents. Don’t forget AVC and annuity policies!
  • Delegations list – document the appropriate process for each type of decision and where the powers for making discretionary decisions (or recommendations) lie, to ensure decisions made are valid. 

Need a hand? Don’t worry, we can help

Completing and documenting the review and actions of your ESoG is one key to making sure trustees have all these areas covered. BW CORE (Calendar, ORA, Risk Register, ESOG) can help you manage your scheme’s governance from ESOG to ORA. Our governance experts can support you with any aspect of demonstrating your compliance with the General Code. Please contact us to find out more.  

Our General Code knowledge centre is a good place to visit for information. This hub is continually being updated with new material as and when available, so keep checking in to avoid missing out on the latest developments. Our online Trustee Meeting Handbook is a great resource for effective meeting management and bringing new trustees up to speed. We’ve had fantastic feedback from trustees since we launched it in 2020 and it’s currently being reviewed to allow for the General Code.

  • Research contribution made by Wendy Round, Senior Pension Management Consultant

The General Code knowledge centre

Our expert insights into TPR's expectations for both ESOGs and Own Risk Assessments (ORAs) in the General Code.

Find out more

General Code webinar

Watch our on-demand webinar which will help trustees on their journey towards compliance with the General Code.

Watch on-demand