Principles for pension scheme operational risk management

9 downloads 182 Views 230KB Size Report
Principles for pension scheme operational risk management. The Pensions Acts of 2004 and 2008 gave the supervisor of work-based pension schemes, the ...
Principles for pension scheme operational risk management The Pensions Acts of 2004 and 2008 gave the supervisor of work-based pension schemes, the Pensions Regulator (tPR), several specific objectives: • • • •

To protect the benefits of members of work-based pension schemes To promote good administration and improve understanding of work-based pension schemes To reduce the risk of situations arising which may lead to compensation being payable from the Pension Protection Fund (PPF) To maximise employer compliance with employer duties (including the requirement to automatically enrol eligible employees into a qualifying pension provision with a minimum contribution) and with certain employment safeguards

The Pensions Regulator has wide-ranging powers and gathers information about UK pension funds in many different ways. One such example is through the regular surveys of scheme governance. This survey is comprehensive and examines all aspects of the different ways in which pension schemes are governed. One particular survey topic is Risk Management and Internal Controls. This is a relatively new concept for many pension fund trustees and with each successive survey, more information is obtained and the questions posed by tPR become more searching. In May 2011, tPR published its 5th annual survey of governance of occupational pensions schemes. 1 In section 5.6, this report stated “What the 2011 change in wording to this question does reveal is that clearly, there remains much to be done by schemes before they can be completely confident about the controls they have in place in these areas.” The objective of this paper is to help Trustee Boards and scheme sponsors develop a framework of risk management principles with the aim of improving internal controls and helping them to increase their confidence. The banking industry has probably been the leading proponent of operational risk management techniques since the start of this century. Many of the practices and principles that have been developed for the banking world could be readily applied to risk management in other industries including pension funds. The Bank for International Settlements (BIS) published its latest report on operational risk management in June 2011 2. The key principles are re-produced below with minimal editing in order to be applicable to occupational pension funds. The BIS paper provides further details as to how these principles may be applied in practice and interested readers should refer to BIS for further clarification.

1

Occupational pension scheme governance: A report on 2011 (fifth) Scheme Governance survey (May 2011) Principles for the Sound Management of Operational Risk and the Role of Supervision – Bank for International Settlements (June 2011) – Basel Committee on Banking Supervision

2

Fundamental principles Principle 1 The Trustee Board should take the lead in establishing a strong risk management culture. The Trustee Board should establish an approach to risk management and ensure that this is adopted by its own internal staff and external third party advisers. The Trustee Board is responsible for ensuring adherence to this culture.

Principle 2 The Trustee Board should develop, implement and maintain a Framework that is appropriate and proportional to its own particular circumstances. The Framework for any single pension fund will depend on a range of factors including nature, size, complexity and risk profile.

Governance Principle 3 The Trustee Board should establish, approve and periodically review the Framework. The Trustee Board should establish a Risk sub-committee whose objectives are to ensure that the policies, processes and systems are implemented effectively at all decision levels.

Principle 4 The Trustee Board should approve and review a risk appetite and tolerance statement for risk that articulates the nature, types, and levels of risk that the Trustee Board is willing to assume.

Principle 4a The risk appetite and tolerance statement should be agreed with the Principle Employer / Scheme Sponsor.

Risk sub-committee Principle 5 The Risk sub-committee should develop for approval by the Trustee Board a clear, effective and robust governance structure with well defined, transparent and consistent lines of responsibility. The sub-

committee is responsible for implementing, maintaining and monitoring policies, processes and systems used internally and by its external third party advisers.

Risk Management Environment Principle 6 The Risk sub-committee should ensure the identification and assessment of the risk inherent in all activities, processes and systems to ensure that the underlying risks are documented.

Principle 7 The Risk sub-committee should ensure that there is an approval process and risk assessment for all changes and irregular one-off projects undertaken by the Pension Fund.

Monitoring and reporting Principle 8 The Risk sub-committee should implement a regular review process to assess performance and risk exposures. Appropriate reporting mechanisms should be in place including the Trustee Board, the Principle Employer/Scheme Sponsor, internal staff and external third party advisers.

Control and Mitigation Principle 9 Pension funds (including their external third party advisers) should have a strong control environment that utilises policies, processes and systems including appropriate internal controls and risk mitigation.

Business Resiliency and Continuity Principle 10 Pension funds (including their external third party advisers) should have business resiliency and continuity plans in place to ensure an ability to operate on an ongoing basis and limit disruption and potential losses in the event of severe business disruption.

Role of disclosure Principle 11 The Trustees’ annual report and accounts should allow stakeholders to assess their approach to risk management.

Common banking industry practice The BIS report identifies that an increasing number of banks are adopting governance practices relying on three lines of defence. In the pension fund context these practices may be described as follows:Line 1 - Business line management The Risk sub-committee should ensure that all operations of the pension fund identify and manage the key risks that are inherent in their particular role. Line 2 – Reporting The Risk sub-committee should be provided with periodic reports from each operation. The committee’s objectives are to challenge the inputs to and outputs from these operations. The sub- committee will review these reports and report in turn to the Trustee Board. The Trustee Board will share these reports with the Principle Employer/Scheme sponsor. Line 3 – Independent review The risk management framework should be subject to periodic independent review. This review may be undertaken as part of an internal audit function of the Principle Employer/Scheme Sponsor or by external experts.

Key issues for pension funds As noted above, the BIS paper provides further explanation and greater details as to the practical application of the above principles. The key issues for pension funds can be summarised as follows:Key issue 1 The Trustee Board should develop its Risk Framework and ensure that this is applied consistently within the fund and across all external third party advisers. External third party advisers will need to be fully briefed so that they aware of what is expected from them in terms of compliance with the Risk Framework.

Key Issue 2 The Risk Framework documentation should be sufficiently detailed and should be monitored at regular intervals. The Framework could include items such as:(i) (ii) (iii) (iv) (v) (vi) (vii)

Governance structures risk assessment tools risk tolerances and quantification of risk budgets (where applicable) reporting and management information systems a common taxonomy of operational risk terms to ensure consistency allowance for an appropriate independent review allowance for policies to be reviewed whenever there is a material change to the fund’s risk profile or material one-off change.

Key Issue 3 Ideally a risk sub-committee should be formed. The sub-committee will have day-to-day responsibility for all aspects of risk management including overseeing the risk management practices of external third-party advisers. There should be continuous review and reporting to encourage the use of best-practice throughout all aspects of the Fund’s operations. Key Issue 4 The Trustee Board should agree the key principles of the Framework with the Principle Employer / Scheme Sponsor. Any limits or tolerances should be re-assessed and revised from time to time in light of prevailing changes. Key Issue 5 The Risk sub-committee should be responsible for ensuring the accuracy of the data inputs used for reporting. Key Issue 6 The core principles underlying an effective risk management system are (i) risk identification and (ii) risk assessment. There are many “tools” to be used in this process subject to the nature and significance of the extent of any particular risk including:(a) (b) (c) (d) (e) (f)

audits ongoing tracking of the fund’s financial position review against a library of all potential risks (see Risk Self Assessment (RSA) in the BIS paper) process mapping Key Risk Indicators and Key Performance Indicators Scenario analysis

The BIS paper provides further explanation.

Key Issue 7 One-off projects or significant changes can introduce additional risk exposures. The Trustee Board should ensure that the Framework is durable to changing circumstances and that there are policies and procedures for review and approval of any material changes. Key Issue 8 Risk management reports should consider both normal and stressed market conditions. The reporting processes should be analysed periodically with a view to continuously enhancing risk management performance as well as advancing risk management policies, procedures and practices. Key Issue 9 Internal controls should be designed to provide reasonable assurance that the Trustees have efficient and effective operations; safeguard the Fund’s assets; produce reliable financial reports; and comply with the scheme’s governing documents and legislation. An effective control environment also requires appropriate segregation of duties. Assignments that establish conflicting duties for individuals or a team without dual controls or other countermeasures may enable concealment of losses, errors or other inappropriate actions. Effective use and sound implementation of technology can contribute to the control environment. Trustee Boards should have an integrated approach to identifying, measuring, monitoring and managing technology risks. Sound technology risk management uses the same precepts as operational risk management. While outsourcing to external third parties may be essential, it also introduces risks that the Trustee Board should address. The Trustee Board is responsible for understanding the risks associated with outsourcing arrangements and ensuring that effective risk management policies and practices are in place in order to manage the risk inherent in outsourcing activities. Key Issue 10 Trustee Boards should establish business continuity plans commensurate with the nature, size and complexity of their operations. The Trustee Board should periodically review its continuity plans to ensure contingency strategies remain consistent with current operations, risks and threats, resiliency requirements, and recovery priorities. Key Issue 11 The disclosure of risk management information can lead to transparency and help to evolve improved practices over time. Trustee Boards should disclose their Risk Framework in a manner that will allow stakeholders to determine whether the Trustees manage risk effectively.

The content of this document is the property of RiskBusiness International Limited. It is made available on the understanding that no part of it shall be modified, copied, stored in a retrieval system, or transmitted in any form, by any means or supplied to a third party without prior written consent of RiskBusiness. Care and attention has been taken in the preparation of this document but RiskBusiness shall not accept any responsibility for any errors or omissions herein. Any advice given or statements or recommendations made shall not in any circumstances constitute or be deemed to constitute a warranty by RiskBusiness as to the accuracy of such advice, statements or recommendations. The entire content has been derived from publicly reported sources and RiskBusiness cannot vouch for the authenticity or correctness of such reports. Any opinion implied, suggested or provided is the considered view of the publisher only. RiskBusiness shall not be liable for any loss, expense, damage or claim arising out of the advice given or not given or statements made or omitted to be made in connection with this document. RiskBusiness recognises copyright, trademarks, registrations and intellectual property rights of certain third parties whose work is included or may be referred to in this document. The content of this document does not constitute a contractual agreement with RiskBusiness. RiskBusiness accepts no obligations associated with this document except as expressly agreed in writing. The information contained in this document is subject to change. All rights reserved. RiskBusiness International Limited, 2 Claremont Way, Halesowen, West Midlands, B63 4UR, United Kingdom. www.riskbusiness.com.  2011 RiskBusiness International Limited