PMI Crest
Own risk assessments
8 October 2021

Own risk assessments

Under The Pensions Regulator’s (TPR) new Code of Practice, UK occupational pension schemes with 100 or more members will be legally required to produce an own risk assessment or ORA. The new Code - currently in draft, and expected in 2022 - will provide details about how this duty is to be discharged.

The draft new Code says that schemes will have a year from the date the new Code is finalised to produce their first ORA, and that it will be ‘a substantial process’. Given how quickly a year in pensions passes, I recommend that trustees start to think about their governance systems now, rather than wait for the new Code. So, what can trustees do now? At the most basic level, an ORA is a review of the policies and procedures that make up a scheme’s effective system of governance (ESOG). Trustees will need to describe in their ORA how those policies and procedures meet the ESOG requirements, and how they reduce to a tolerable level the risks which could impact their scheme. This might sound like a simple concept, but it’s less easy to see how to get started. Here is one way.


TPR believes trustees should consider 22 elements as part of their ORA. As a starting point I suggest trustees prioritise these in order of materiality, and tackle the most important first.

It is possible that some of the 22 elements won’t appear in the final Code but if trustees identify something as being important for their scheme then it needs to be addressed regardless of the final content of the new Code.

Determine key risks

The next step is to consider and document key areas of risk for each element. For example, under “Continuity planning” trustees might consider questions such as:

  • What happens if the pensions manager (or other key person) is away unexpectedly?
  • What happens if we cannot form a quorum of trustees?
  • What continuity arrangements do our providers have?

I suggest starting the process with a blank sheet of paper to encourage independent thinking. The results can then be reviewed against the scheme’s existing risk management framework to complete the cycle.

Review and amend

Think about the policies, procedures and controls in place and decide whether they are effective in managing the identified areas of risk and meeting the requirements of the new Code. Any areas of inadequacy can then be addressed.


The new Code says that trustees will need to document how the effectiveness of policies and procedures has been assessed, their conclusions, and why they have reached those conclusions.

I agree with TPR that it will be a substantial process, but doing it right will add significant value and will help to improve risk management for pension schemes.


This article was featured in Pensions Aspects magazine October edition.

back to Pensions Aspects Magazine

Last update: 14 October 2021

Sara Cook
Sara Cook
Barnett Waddingham

Pensions & Benefits In-house Specialist, Global

Salary: £50000 pa

Location: Mix of Office (London or Birmingham, 1-day only) and Home

Pensions Manager

Salary: £50000 - £80000 pa

Location: London (Stratford)

You may also like:

PMI Scotland Seminar - the new normal?
08 October 2021

PMI Scotland Seminar - the new normal?

On 4 August 2021, the PMI Scotland Regional group held a webinar to discuss ‘the new normal’ for the financial services sector in Scotland, in light of the lifting of COVID-19 restrictions. Four panellists lead the discussions.

Read more
A trustee effectiveness review: a tool to help trustees
16 July 2021

A trustee effectiveness review: a tool to help trustees

We know that not everyone finds the idea of a trustee effectiveness review appealing. Many feel such a review will take up time that could be better spent dealing with scheme issues, and the prospect of a list of improvements for busy trustees is not attractive. However, a periodic review of how trustees are operating collectively will be time well-invested and is an essential requirement for a well-run scheme.

Read more