Puzzle piece

Managing pension governance and risks effectively

Risk management report 2020

Puzzle piece

We are pleased to present the fourth edition of our risk management report, which follows on from previous years, looking at the results of our 2020 risk management survey and considering the impact of COVID-19 on pension schemes’ operational activities and strategic plans.

Download the risk management report

The highlights

Cyber IT circle


IT/Cyber is the top ranked risk for DB pension schemes

Inappropriate decision making image


Inappropriate decision making by members at retirement is the top ranked risk for DC pension schemes.

2020 was a year of challenges for Trustees following the impact of COVID-19. It is clear that a significant amount of work has been completed to ensure the operations of pension schemes remained unaffected. However, with the increased risk of cybercrime and fraud together with changes to working practices over the last year, here are six key questions that Trustees should be asking.

  1. What are your administrators doing to counter fraud, especially in the process of putting members’ benefits into payment and how they vet new staff with access to member data?
  2. Are you aware of your cybercrime vulnerabilities and how cyber risks are being managed?
  3. Does your cybercrime breach plan include all the areas it needs to as detailed in the cybercrime and information security section?
  4. How do you utilise risk appetite/tolerance tools to create a framework to deal with emerging risks and unexpected opportunities?
  5. Have you assessed if the systems, controls and processes at the administrator are still fit for purpose due to remote working?
  6. Given the decrease in the use of independent oversight for the assessment of scheme controls, how has assurance been obtained to confirm that they are operating as expected?


Our new webinar discusses the report highlights and the impact this has on the governance of pension schemes, including:

  • the challenges faced by Trustees in 2020
  • fraud and cybercrime – a key risk for both DB and DC pension schemes
  • operational and governance changes that pension schemes should be focusing on.

Register now

Pensions governance

How Crowe can help


A pension scheme’s third party suppliers include those who undertake member administration, pensions payroll, banking and asset management, payment processing, insurance including buy-ins, accounting, actuarial, legal and other support services. Many will hold or have access to sensitive personal data, commercial data and have payment/asset transfer capabilities.

We can help clients to implement an action plan to ensure that the pension scheme has the controls and procedures in place to minimise the threat posed from fraud.

Where a fraud or other financial loss through dishonesty occurs, we can discover what has happened, identify those responsible, prevent further loss (financial and reputational) and recover what has been taken.


We assess the vulnerability of pension organisation to cybercrime, to highlight strengths and weaknesses in protection and, to recommend any improvements. Our cybercrime vulnerability review works with Trustees to consider:

  • Governance and data security policies
  • Data systems including ownership, accessibility and behaviours
  • Protections in place including cyber essentials plus
  • Preparations to respond to cybercrime
  • Plans to recover from a cybercrime attack.

We work with pension scheme Trustees and their advisors to help them better understand the full effects of cybercrime.

Trustee effectiveness

The success of pension schemes in providing the best possible outcomes for members will be enhanced by an effective Trustee Board.

This means that we need to understand what skills, expertise, experience and personalities are on the Trustee board, to enable us to provide you with constructive feedback so that you can drive the scheme forward to meet its objectives.

We also need to understand your structures and processes which support your decision making.

Internal audit/assurance

Our internal audit approach is delivered through co-sourcing, outsourcing or a combination of these approaches.

Our pensions internal audit service provides assurance that appropriate policies, procedures and controls are in place to mitigate key pension scheme risks as part of good scheme governance and supports the latest ‘21st Century Trusteeship’ initiative and Codes of Practice issued by the Pensions Regulator.

Risk assessment

With the expanding regulatory requirements on Trustees to take ownership of risk management of their schemes, having good systems in place is vital to ensure compliance.

We help and support Trustees by evaluating pension scheme governance arrangements, including risk management, policies and practices.

This will lead to good decision making and good member outcomes.

Contact us

At Crowe, we work with employers, Trustees and pensions administrators, helping them to develop robust risk management, internal controls and strategic assurance solutions which add value. We provide audit and advisory services to a wide range of schemes, many with £billions of assets under management, major pensions administrators and master trusts.
The strength and depth of our team combined with our technical excellence means we can provide independent and constructive challenge to deliver beneficial changes to our clients.
Judith Hetherington
Judith Hetherington
Partner, Pensions Funds Group
London & Midlands