• Provide documentation outlining procedures for the scheme management - identifying all stakeholders and service providers, with a clear allocation of tasks and a list of scheme activities to include timeframes for deliverables.
• Provide a data strategy policy outlining the nature, scope and timelines of data needed and how it will be obtained, securely stored and who will have access to it. Trustees will be responsible for ensuring compliance with GDPR. 
• Appoint a secretary and chairperson and establish a procedure for how trustee meetings are run, to include specified agenda items and a minuting procedure for every meeting, covering specified items, which should then be reviewed and approved by the trustees afterwards.
• Provide evidence of decisions, including why decisions were made, actions taken, policies being implemented, and reviews performed.
• Establish a conflicts of interest policy for KFHs and trustees that details how the trustees will identify, monitor and manage conflicts of interest and review this policy annually, documenting the findings.
• Ensure written contracts (including SLAs and other specified items) are in place with all providers of outsourced services, to include descriptions on activity outsourced, the person undertaking it and the process for performance review. Notify PA when changes are made to outsourced activity.
• Establish written procedures for appointment of service providers, covering specified items.
• Provide a written remuneration policy for trustees, KFHs, any outsourced service providers and other personnel employed to cover specified items. 
• Provide a member engagement policy outlining engagement objectives and communications formats, timings and frequency. Policy reviews should include an effectiveness assessment.

• Develop and periodically review an administration policy, covering the purpose and scope of the policy, the roles & responsibilities of the stakeholders involved and the procedures and frequency for data sharing, reporting, monitoring and reviewing the policy.
• Establish a written agreement with the plan sponsor regarding data sharing, which is to be reviewed at least once every three years.
• Ensure written contracts are in place for all outsourced administration activities, to cover management of member queries and complaints, provision of trustee instructions, sharing of legally required documents, interactions with other service providers, complaint resolution and information sharing with the Authority during a risk assessment.  
• Ensure that the administrator’s performance is periodically reviewed as follows:
  • A quarterly assessment to document if they’ve met their obligations and addressed any issues that came up
  • An annual written assessment to review whether overall work is acceptable
  • A performance review every three years to include a value for money assessment, evidence that alternative providers were considered and a rationale for the decision to stay with/change provider. 

• Accounting procedures to record, classify and summarise financial transaction and detail how the plan’s Trustee Annual Reports or Alternative Annual Reports will be prepared.
• A documented risk management policy, which includes the purpose and scope of the policy, the frequency of review and defines the risk management framework, process, principles & responsibilities.
• A documented own risk assessment (ORA) process, which includes the timing and frequency of ORAs and the information to be provided, as well defining the role of the risk management function in the ORA and detailing the processes by which conclusions will be derived and how results will be integrated/actioned. The ORA must include a full, evidence-based review of the plan’s risk position, including challenges and the full range of risks (internal, external and operational incl, potential for KFH conflict of interest) and provide guidance around actions that trustees might take to address and/or mitigate risk.
• Establish an internal audit function and develop an internal audit policy, which includes the purpose and scope, roles and responsibilities of stakeholders, systems for ensuring objectivity and independence and processes for reporting, handling findings and reviewing the policy.
• Develop a key function holder (KFH) policy outlining the procedures for the selection, appointment & removal of KFHs.

• Establish a statement of investment process outlining the investment objective (will define the investment goals and constraints) and the strategy (how these goals will be achieved).  For DC schemes the statement should cover investment objectives, choices, strategy and risk tolerance (of default strategy and other funds), the role of advisors, frequency of review, ESG position, investment management structure and appointment process and performance assessment criteria. To be reviewed at least once every 3 years.
• Devise an implementation strategy (for DC plan) for each investment choice as well as the default, which includes asset mix, investment management and number of investment mandates, which should be proportionate to the scheme’s assets and reflect the plan complexity and range of investment choices. 
• Ensure each mandate includes: objectives, targeted return, acceptable level of risk (over time), level of discretion of the investment managers, a process and criteria for selection of investment managers and their level of oversight once in place.
• Create written contacts for investment managers to include mandates, objectives, performance benchmarks, target returns, risk tolerance, custody arrangements, obligations, fees & expenses, reporting and provisions for subcontracting and replacement/exit.
• Review investment performance and management periodically and document each review:  
  • Investment should be monitored quarterly and reviewed at least annually
  • Critical reviews to decide if management is to be retained (which includes a review of performance against objectives, benchmarks and target returns) should be conducted at least once every three years, with the performance of the management assessed independently against the contract. If management is retained the rationale for this decision must be documented. 
• Devise arrangements for safe keeping and administration of scheme assets. A depositary can be appointed to do this, but in that case, there must be a written contract (which includes scope, roles & responsibilities, performance & risk management) and conflicts of interest must be disclosed. Documented performance reviews should be completed annually, and a critical review be undertaken at least once every three years to decide if depository is to be retained. If retained, the rationale for this decision must be documented.  

Fit

• Trustee board must have a trustee/or director of a sole corporate trustee that has appropriate qualifications, and one that has experience and knowledge (detailed list provided in draft code).
• Each KFH must have appropriate and relevant qualifications, experience and knowledge (detailed list provided in draft code).

Proper

• Each trustee and KFH must be of good repute and integrity
• A detailed list of events or conditions that might negate a person from acting as a trustee or KFH is included in the draft code.

Ongoing fit & proper requirements

• Trustee and/or directors of corporate trustees must review and document compliance with these requirements annually. A list of events conditions that might cause a person to cease to be considered fit is included in the draft code.
• Trustees and directors of corporate trusts must do trustee training and develop a policy to outline how they will continue to meet the fit and proper requirements.

*Trustees of DB plans should also review Chapter 5 of the draft code for more information specifically pertaining to requirements regarding DB plans.