The Occupational Pension Schemes (Governance) (Amendment) Regulations 2018 – to improve governance and risk management
The Regulations came into effect in January 2019 and implement an EU directive to require trustees to 'establish and operate an effective system of governance, including internal controls'. The system of governance must be proportionate to the size, nature, scale and complexity of the activities of the scheme.
Flowing from the Regulations will be a Code of Practice (CoP) which should be issued by the Regulator in the next nine months – the CoP which will add detail of how schemes can comply with the Directive and Regulations. Schemes with less than 100 members will not be covered by the CoP although they still need to have an effective system of governance under the Regulations.
What does it mean for pension funds?
The CoP should provide clarity on:
- How Trustees can demonstrate an effective system of governance.
- Written policies on ‘Key Functions’ and outsourcing of activities which schemes must have in place, reviewed every 3 years.
- Remuneration policies of trustees.
- Documenting an own-risk assessment of the system of governance, required every 3 years.
Under this guidance, amongst other requirements, trustees will need a ‘function which internally evaluates the adequacy and effectiveness of the system of governance’.
This is similar to an Internal Audit Function, and the EU Directive actually requires pension schemes to have an independent ‘internal audit’ function, although the Regulations are softened with the requirement to have an ‘effective system of governance, including internal controls proportionate to the nature of the scheme’.
What should we do?
So does this mean that as well as having statutory auditors, all pension schemes need to appoint an independent internal auditor too? In short, no.
Our view is that if you are a ‘large scheme’ – which we would define as over £1bn of assets, please read and consider the guidance and decide whether you should be appointing an independent internal auditor.
For others, it is likely that schemes will need to have written policies in place for this ‘key function’ - the DWP considers the Regulations to be aligned with the expectations set out by the Pension Regulator in its 21st Century Trusteeship programme – so the new Regulations may not mean significant scheme changes depending on how closely your governance aligns to the 21st century trusteeship guidance.
What is internal audit?
Your statutory auditor provides an opinion that your accounts show a ‘true and fair view of the financial transactions’ and that contributions have been paid in accordance with the schedule of contributions. Internal audit can have a significantly wider scope than the statutory audit and cover non-financial processes and controls, eg over governance, IT security, administration, business continuity, data protection procedures and member reporting. A bespoke tailored scope can be agreed between the internal auditor and the Trustee which ‘deep dives’ into areas which the statutory audit would not cover, although value can be derived if the internal audit work can be dovetailed with the statutory audit work.
For more information, please contact Gary Grewal.