Own-risk assessment guidance for trustees
Own-risk assessment guidance for trustees
Date published: October 2023
| Disclaimer The Pensions Authority have made every effort to ensure that this document is correct. However, no liability whatsoever is accepted by the Pensions Authority, its servants or agents for any errors or omissions in the information contained in this document or for any loss occasioned to any person acting or refraining from acting as a result of the information in this document. © Copyright the Pensions Authority. All rights reserved. |
1. Introduction
The purpose of this document is to provide guidance to trustees on how to conduct their scheme’s own-risk assessment (ORA).
The Pensions Authority (the Authority) expects that this guidance will be used to supplement trustees’ existing ORA process and not be used as a starting point. The Authority reminds trustees that the ORA process should not be mechanistic. Further, the ORA process should be sufficiently considered and flexible to work with a scheme’s individual risk profile. The Authority also reminds trustees that the ORA is one of their most important responsibilities and they must dedicate sufficient time and attention to ensuring it is fit for purpose.
A list of ORA considerations for trustees is included in the appendix to this guidance.
2. Purpose of the ORA
The ORA is a periodic, structured, and thorough assessment of the risks a scheme faces by its trustees. The ORA must also identify the actions that are needed to effectively manage and where appropriate mitigate the risks identified. The ORA must provide an objective assessment of risk and not merely a rationalisation of the scheme’s current position. Its overall purpose is to ensure members’ benefits are well protected and that the scheme delivers good member outcomes.
3. Responsibility
The roles of the trustee and the risk management key function holder (KFH), in relation to the ORA, are set out below.
3.1 Trustees
The quality and integrity of the ORA is the responsibility of the trustees. The trustees are also responsible for drawing conclusions from the ORA and agreeing on how to address those conclusions. While trustees may engage professional advice to ensure that the ORA is fit for purpose, the trustees remain responsible for the design of the ORA process and the delivery of the ORA itself. In particular, trustees must take account of the ORA when making strategic decisions in respect of the scheme.
The trustees may appoint the risk management KFH to lead the ORA process but must enable the risk management KFH to do so in an objective, fair and independent manner.
3.2 Risk management key function holder
The risk management KFH must use their knowledge and experience to support the trustees to carry out and document the ORA. The risk management KFH must support the preparation of the ORA in an objective and independent manner. Where appropriate, the risk management KFH must be prepared to challenge a scheme’s risk management and related decision-making processes, and the conclusions and decisions of the trustees.
4. Process
Trustees must have a documented ORA process to identify and assess scheme risks. The ORA process must take account of the scheme’s size, nature, scale, and complexity, and how the ORA has been tailored to suit the specific scheme should be clearly documented.
The ORA process forms part of the scheme’s wider risk management function although it must be run as a stand-alone, time specific task.
5. Timing
Trustees must carry out a full ORA at least once every three years. However, in the event of any significant change to the scheme’s risk profile, an updated ORA should be completed without delay and within three months of the change. Where it is considered appropriate by the trustees, the ORA update may be limited to the assessment of the risks impacted by the change. A ‘significant change’ ORA does not satisfy the requirement to carry out a full ORA, which must continue to be completed at least once every three years.
Significant changes to the scheme’s risk profile may arise from internal factors such as significant changes to scheme rules, procedures or governance, changes to investment policy or employer covenant changes. Significant changes to the scheme’s risk profile may also arise from external factors such as the financial market, international public health events or significant geo-political shocks, changing legislation and regulation, service provider changes or major service issues.
6. Risk identification
As part of the ORA process, the nature of the scheme, including whether it is a defined contribution scheme, a master trust or defined benefit scheme should be considered. Some issues and examples of risks that apply to these schemes for consideration by trustees are set out below. This is not a comprehensive list of risks and trustees should consider all issues and risks that may apply to their scheme.
6.1 Defined contribution schemes
Consideration of investment risk in the ORA should be no less thorough for defined contribution schemes than for defined benefit schemes. Trustees of defined contribution schemes must assess the risks to member outcomes arising from the scheme’s investment. This assessment should be comprehensive and include a review of all member investment options and not be limited to a review of the default investment strategy.
6.2 Master trusts
The assessment of risks for a master trust will include risks that are specific to the running of a multi-employer scheme where administration services involve the collection of contributions and data from multiple employer and member sources.
Master trusts which have close connections with for-profit entities can be exposed to an increased risk of conflicts of interest, which need to be assessed and managed. Potential conflicts of interest can arise from the relationship between the founder of the master trust and the trustees or where the founder acts as a service provider to the master trust.
6.3 Defined benefit schemes
Trustees of defined benefit schemes will need to address funding and solvency requirements, including the implications of issues such as scheme maturity and financial sustainability, and the strength of the employer covenant.
The ORA for a DB scheme must include the trustees’ evidence-based view of the strength of the employer covenant. This evidence will comprise of qualitative and, where available, quantitative data.
The employer’s current ability to pay may change in the future for a variety of reasons, which may include:
- changes in ownership, shareholdings, or corporate structure of the employer,
- significant falls in the employer’s share price or the credit rating of employer issued bonds where available,
- a reduction in the value of any contingent asset made available by the employer to the scheme, and
- any other factors that may indicate a weakened financial position of the employer.
Even where incomplete information is available, trustees must use their judgement to arrive at a view of the employer covenant.
7. Evaluation
The assessment of risk must be supported by the best data available and in relation to investment and solvency matters, that data should be quantitative.
The scheme’s internal audit function will be of assistance in the assessment of operational risk and governance risk. For outsourced services, trustees should be regularly seeking evidence-based information from the service providers about risks and risk mitigation.
The ORA should include an evaluation of each risk identified against specified levels of risk tolerance with a clear quantification or scoring of the risks. For defined benefit schemes, trustees may use a variety of approaches to evaluate financial risks, including the Authority’s defined benefit financial risk measure.
8. Risk mitigation
Based on findings from the ORA, trustees must decide whether to avoid, reduce, transfer, or accept a risk. The trustees must be able to demonstrate to the Authority that the objective of their risk management decisions is to support good member outcomes.
9. Integration into strategic decision making
The ORA results should be considered in the scheme’s strategic decision making and there should be evidence to support this.
10. Documentation and reporting
The ORA should be documented in a comprehensive written report and include:
- a detailed account of how the scheme’s risks were identified, measured, and evaluated,
- what additional mitigations (if any) the trustees have decided to implement to bring any current or emerging material risks adequately under control,
- how the ORA findings will be, or have been, integrated into the risk management system of the scheme, and
- the planned date of the next ORA.
The report should be supported by evidence where available that underpins the findings and decisions by the trustees. Where evidence is unavailable, trustees should document in the report how and why findings have been adopted and how and why decisions have been made as a result of the ORA.
Appendix: Own-risk assessment considerations
|
|
|
1.3 Measurement and evaluation |
|
|
1.4 Risk mitigation |
|
|
1.5 Monitoring and review |
|
|
1.6 Documentation and reporting |
|