1. Home /
  2. About us /
  3. CACEIS Insights /
  4. IORP II provides better risk governance...

IORP II provides better risk governance

In 3 months’ time, the new European directive for pension funds, IORP II, will come into effect. The new directive has many focus areas it aims to improve. One of which is risk management. As one of the best-regulated pension markets in Europe, the Dutch pension market is already extensively regulated and has ample supervision on risk management . Nevertheless, IORP II will tighten Dutch regulations on a number of fronts. This includes the organisation of key functions, an explicit description of risk areas and the introduction of an own risk assessment. In my role as head of Risk Solutions at KAS BANK and as pension fund trustee of KAS BANK Pension Fund, I will explain these three most important commitments IORP II will have on Dutch regulations in this blog.

30 Oct 2018

Share on  

New commitment I: Setting up key functions

In IORP II, each pension fund must have three key functions in place: a risk manager, an internal auditor and an actuary. The new directive sees a distinction between the holder and the executor of a key function. The Dutch (draft) legislation explains the distinction as follows: a holder of a key function is the head responsible, the executor performs the activities that fall under the key function.

According to the Dutch Central Bank (DNB), it is important that a key function holder is a person with sufficient status and authority within a company. DNB says that it would be obvious to place the risk management and audit key holder positions with (two different) members of the board of trustees (DNB assumes that the actuarial key holder will be subcontracted to the certifying actuary). The regulator does not specify only trustee members can be key holders but does indicate that 'in most instances it will not be possible to outsource the risk management and internal audit key holder functions'. Leading from that, it would make sense that these key functions should be invested within the pension fund, via a direct reporting line to the board of trustees. However, pension funds can choose to outsource the activities that fall under the key function.

When outlining the job description of the key positions, one must take the so-called proportionality principle into account. The size and complexity of a pension fund plays a role in the scope and responsibilities of the key positions. To be able to interpret a pension fund’s proportionality, DNB has proposed a proportionality ladder: the existing classification of pension funds into T-classes is taken as the starting point for determining proportionality. The proportionality ladder runs from class 2a (company pension funds and occupational pension funds with assets under management < 1 billion) to class 4 (the top 5 industry pension funds). This ladder can be used as a guideline for the concrete implementation of the key functions. All pension funds must appoint the holders of the key positions. The proportionality principle comes into play in the execution of the risk management activities: setting up a risk committee or not, outsourcing activities to the administrators or under the pension fund's own management, the weight of the execution under its own management (ad hoc or permanent, detail of attention to the various risk areas).

New obligation II: explicit identification of the risk areas

  • The directive explicitly defines a number of risk areas that must be included in the risk management:
  • entering into pension liabilities and creating reserves;
  • aligning management of assets and liabilities;
  • managing investments, in particular derivatives, securitisations and similar investment products;
  • managing liquidity and concentration risk;
  • managing operational risk;
  • insurance and other risk mitigation techniques; and
  • environmental, social and governance risks related to the investment portfolio and its management.

Most of these risk areas are covered by FIRM/FOCUS as formulated by DNB, the risk framework most pension funds already use. But environmental, social and governance risks (ESG) are a new risk area. ESG will therefore require the attention of pension funds. Pension funds will have to draw up policy principles on ESG. These policy choices will then also have to be taken into account in risk management.

New obligation III: the own risk assessment

The latest innovation in the field of risk management brought about by IORP II is the own risk assessment. Pension funds are obliged to carry out an own risk assessment at least once every 3 years. The own risk assessment offers pension funds the possibility of projecting risks to the future and to align those with their strategy. The own risk assessment provides insights into the effectiveness of risk management, including into the taken control measures. The guideline sets various requirements for the content of the own risk assessment. For example, it must include an assessment of the effectiveness of the risk management system, the total financing requirements and the (operational) risks. The own risk assessment also addresses risks outside the standard (Dutch) FTK and FIRM framework and the ALM. The use of extreme scenarios and what-if analyses provide the board of trustees with valuable insight.

IORP II will strengthen governance

When IORP II comes into effect, pension funds will have to deal with key functions in their risk management. Requirements with regard to the determined risk areas and the own risk assessment will then be embedded into law. Under IORP II, the substantive changes in risk management to Dutch law are limited, only ESG risks constitute an entirely new category of risks. However, with the introduction of key functions and the introduction of the own risk assessment, governance will be tightened. In IORP II, demonstrating being in control of the risks will become even more important!

In the following article I will go into more detail about risk management under IORP II. There, I will offer specific guidelines and measures for setting up risk management.

Stay connected, we keep you up-to-date