A risk management programme exists to provide assurance to key stakeholders (i.e. trustees, members, sponsor and regulator) that the pension arrangement is being managed professionally with appropriate checks and balances in place to manage both planned and unplanned risks. Many pension arrangements' risk management programmes (particularly those not reviewed for some time) can give the perception that risks are being managed effectively but in reality, this may not be the case.
Example reasons why risk management may not be working:
Managing pension risks can be a value-added activity for trustees. However, to achieve this, their approach to managing pension risks must change going forward (as described in the table below).
The Pensions Regulator's Integrated Risk Management model goes someway to addressing some of the points listed earlier but it focuses almost exclusively on financial risks – we need to apply these principles to all risks including operational risks, fraud, data protection, communication and interaction with the sponsor.
Trustees will have an effective value-driven risk management programme if they are managing risks proactively, strategically, holistically and professionally.
If they cannot answer these questions comfortably, then they may not get the value they need from their pension risk management programme.
This article first appeared in Pensions Age in May 2017.