Most pension scheme trustees look after scheme assets worth millions (and sometimes billions) of pounds. They are also responsible for paying benefits to individuals, often thousands of them. It is not a responsibility to be taken lightly. Trustee decisions have a direct impact on people’s lives.
The big responsibility alone might not be too daunting, but unfortunately:
If something can potentially go wrong, whether due to error, malicious behaviour or just bad luck, it is a risk to the scheme. Such risks are of great concern to The Pensions Regulator as they could result in benefits from a scheme being compromised or even a call being made on the Pension Protection Fund.
To help protect schemes against potential risks, the law requires that “the trustees or managers of an occupational pension scheme must establish and operate internal controls which are adequate for the purpose of securing that the scheme is administered and managed:
Internal controls are not precisely defined but The Pensions Regulator has taken the view that they are “procedures and arrangements relating to the administration and management of the scheme, the monitoring of those items and the safe custody and security of the scheme assets”.
Our view is that all schemes should have a risk register. It is essential that this is kept up to date - the effectiveness of any controls must be monitored and new risks must be added as they arise. It may also be necessary to overhaul the risk register from time to time.
Each risk needs an “owner” who is responsible for its control and/or monitoring. For larger schemes, sub-committees may feed their risks into an overall board risk register.
The following are examples of the policies and documents in addition to the risk register that schemes might have in place to assist with risk management:
This list is by no means exhaustive.
Trustees need to understand what makes up their risk management framework, and ensure that it gets enough time on meeting agendas. Each scheme policy needs to be reviewed on a regular basis. Having policies and registers in place is essential but agreeing them must be much more than a box-ticking exercise. The value of such documents and processes lies in the thought behind them and the challenges they provide. They must be best practice for the scheme.