Integrated Risk Management

Have you implemented the Pension Regulators guidance on Integrated Risk Management?

The Pensions Regulator (TPR) published its guidance on Integrated Risk Management (IRM) in December 2015, and provided a five step guide to aid implementation. The guidance builds on TPR Code of Practice 3: Funding defined benefits (the DB funding code), which provided a principle- based approach on how to comply with the statutory funding requirements of the Pensions Act 2004. The benefits of IRM are better decision making, employer understanding, evidence based risk assessment and more effective use of resources.

Essentially, IRM is a process for managing the risks associated with the scheme funding, including employer covenant risks and investment risks. The process is designed to examine and assess how these three risks interact with each other. As well as the DB funding code, TPR guidance on assessing the employer covenant and Code of Practice 9: Internal controls, (and the supplementary guidance on risk management), provide support for the implementation of IRM.

Many Trustees will already have in place risk assessment and management processes, and some will be able to draw on internal expertise from their internal auditors or risk managers. For others, the IRM can be developed from existing covenant, actuarial and/ or investment reviews. What is key is that the Trustees  take ownership and have a clear plan take ownership and have a clear plan

The guidance suggested that Trustees should introduce IRM wherever the scheme lies within its actuarial valuation cycle, rather than waiting until the next valuation is due. Many Trustees will have now progressed with the development of an IRM process.

The five step guide for implementing an IRM process was supplemented by a series of key principles and key questions for consideration when developing the process and it may be worth reflecting on these themes to determine the effectiveness of your IRM process in supporting the good governance of the scheme.

If you can answer the following questions positively, then you may be reassured that your process is on the right path, or alternatively, you may consider that there remain gaps in your process. Of course in considering these matters, your specific IRM process should remain proportionate to your scheme size and objectives, and those of the employer’s.

Do you know the risk appetite and risk capacity of the scheme and the employers? What is the scheme and employer’s readiness to accept, absorb or support risks?

Risk appetite can be described as the trustees’ or employer’s readiness to accept a given level of risk, whilst risk capacity refers to their ability to absorb or support risks. If the identified risks of the scheme or employer appear greater than the risk appetite, the trustees’, in conjunction with the employers’, must consider if the strategy requires adjustment and / or if the employer has the resources to manage the impact of the risks.

Is there a formal process for identifying, assessing and managing risk? Is the governance process clear and does it include an assessment of the impact and likelihood of funding, covenant and investment risks on an individual, bilateral and collective basis?

The identified covenant, funding and investment risks should be considered, in the first instance, on an individual basis. For each risk, an assessment is undertaken of the likelihood of occurrence and its potential impact. These initial assessments are then considered bilaterally, i.e. the covenant risks considered alongside funding risks and then investments risks, to determine if there are any interdependencies or concentrations of risk that might arise when considered together. The relationship between funding risks and investment risks follows the same path. Finally, all three risk areas should be considered together.

Do your advisors work collaboratively? Do the appointed advisors, (actuarial, covenant and investment), co-ordinate their work and use consistent modelling assumptions in providing advice?

As well as trustees’ working closely with the employers’, where different advisors are appointed to provide actuarial, covenant and investment expertise, it is helpful if they are happy to collaborate as decisions made in one area may impact another. Each advisor should understand the basis of assumptions made by the others to ensure consistency of approach.

Are your risks regularly monitored? Are risks measured against set criteria, limits or indicators and are breached reported to the Trustee?

Frequent monitoring of risks will enable early action to correct movements away from the agreed risk appetites. A process of regular review should be established that can identify such movements, positive and negative, so that opportunities and risks can be appropriately managed. Ideally a suite of measures will be established to inform decision making. The guidance provides examples of such risk indicators including employer profitability and cash flow, investment market movements, inflation, interest rate changes and scheme investment performance.

Is the IRM framework documented? Does the framework clearly outline the overall strategy, assessment process, the advice received, decisions made,  monitoring process and contingency plans?

As a matter of good scheme governance the IRM framework should be clearly documented and understood by the trustees. Whilst documentation will be proportionate to the scheme, it should be sufficient to clearly explain how risks are being managed, how and why decisions are being made and how these are contributing to the schemes strategy and objectives.

Conclusions

Implementing an IRM process should not be considered as a one off exercise, but as continuous process designed to ensure a flexible response to changes in the nature of risks or as a response to new emerging risks. Therefore, once established, Trustees should continue to assess the effectiveness of the process.

Ideally, the IRM process will not be a standalone exercise, but will link with other good practice governance activities that may already be in place,  be it covenant monitoring processes, internal control reporting, internal audit and wider operational risk management structures including the risk or audit committee.

The effectiveness of the IRM and other processes can be assessed by regular internal control reviews, including the maintained of internal control questionnaires designed to evaluate its success and identify any current or emerging gaps in the process.

If you have any further questions, or would like advice on maintaining an effective Integrated Risk Management process or testing your current process against best practice please contact Peter.Ennis@assureuk.co.uk or call 020 7112 8300.