One of the objectives of the IORP II directive is to aim for a clear separation of power in pension schemes. That means that key function holders must be appointed. The independent position of these key function holders must help pension funds to be demonstrably in control of financial, non-financial and strategic risks. In this publication, I will provide concrete tools and measures that pension schemes can take in their design on the key functions.
01 Nov 2018
Existing risk guidelines - the risk management cycle
Integrated risk management is already embedded in Dutch legislation and regulations by means of legislation on good governance and on controlled management and business integrity. The Dutch Central Bank, DNB, has provided guidance on integral risk management and risk classification in the FIRM/FOCUS framework to help pension schemes give more substance on the matter. Most pension funds already use this FIRM/FOCUS risk framework.
Based on DNB's existing supervisory framework, risk management can be defined as a cycle. The cycle starts with the strategy of a pension fund. By defining a strategy, certain risks emerge. The pension fund identifies the risks, assesses the extent of the risks, takes control measures, monitors that the control measures are correctly implemented and are effective, reports on the measures, and evaluates the control framework. This ensures that risks are constantly in view and are controlled.
More concretely, this can be translated into a risk framework in which the cause and effect of risks are identified, and actions are taken to control the risks. The risk framework will have to be reviewed periodically. A common method for this periodic review is a risk self-assessment (RSA).
Figure 1 Integral Risk Management Cycle
In addition to a periodic review of the risk framework, the risk framework may need to be adjusted in the event of strategic changes. After all, the strategy is the starting point of the risk management cycle. Changes in this starting point can have subsequent consequences for other elements of the risk cycle. The possible impact on the risks must therefore be taken into account explicitly with each strategic decision. If necessary, control measures must be adopted as part of the strategic decision.
The risk management key function
IORP II introduces 3 key functions in the pension funds’ governance model, one of which is the risk management key function. The holder of the risk management key function has a direct reporting line to the pension fund trustee board. If the holder of the key function is also a member of the trustee board, the holder also has a reporting duty to the Supervisory Board or the Visitation Committee.
Furthermore, IORP II introduces a reporting obligation for the holder of the key function. The holder of the risk management key function is (just like the other holders of key functions) obliged to report recommendations and any material findings to the fund’s committee. A material finding will generally be on significant errors or risks and on general recommendations to improve business operations. A holder of a key function is also obliged to report to DNB when the fund’s trustee board subsequently fails to take adequate measures on material findings.
The risk management key function in the risk management cycle
The introduction of the risk management key function safeguards the risk management’s independence within pension schemes. In its independent role, the risk management key function will participate in the risk management cycle and report independently on risks and control measures. In this way, the key function is responsible for steps 5, 6 and 7 of the risk management cycle (monitoring, reporting, review). But also in earlier steps of the risk management cycle (risk identification, risk assessment and control measures) the risk manager needs to be involved in order to be able to identify and report material risks at an early stage. The risk manager must be able to provide its independent vision on risks during the periodic risk self-assessment. In addition, he needs to be able to provide an independent view on strategic decisions. The Dutch legislator therefore states in the (draft) Explanatory Memorandum that an independent risk advice is necessary in the event of transitions of the pension administration or asset management and for important investment decisions. Pension funds may also choose to have its risk management key function sit on various managing committees. The risk manager will, however, not have voting rights in these committees, to guarantee independence.
Pyramid structure leads to better information
The reporting obligation of the key function leads to a proven record of risk management: with reports and (written) recommendations by the risk manager, a pension scheme can show it is in control of its risks. The key holder will inform the trustee board and/or the Supervisory Board (or Visitation Committee), with periodic reports, written recommendations for the periodic risk self-assessments (RSAs) and written recommendations on the risks of strategic decisions.
The need for information of periodic reports will be layered. Within the key function, a distinction can be made between the holder and the executors of the key function. The holder of the key function is the person responsible for the function. For the key holder to be able to perform his duties in an objective, honest and independent manner, it is important to provide him with proper and specific risk information. The executors of the risk management key function will therefore have to provide integral risk information to the key holder. The integral risk information covers the entire spectrum of financial, non-financial and strategic risks. The key holder will also have to provide the trustee board with regular integral risk information in order to meet the reporting requirements. The introduction of the key function and the reporting obligation will thus create a pyramid structure for the provision of information. From full details for the key function's executors, to a comprehensive overview for the holder of risk management key function and a summary overview for the executive board.
Be in control of risks
The implementation of the risk management key function must aim to integrate independent risk management into the overall management of the pension fund. Risk management is a continuous process and follows the integrated risk management cycle. The toolkit of the risk management key function includes periodic risk self-assessments (RSAs), independent written advice on strategic decision-making and good integral risk information. The risk management key function thus contributes to the pension fund being demonstrably in control of the risks.