A changing world is challenging investment organizations’ established approach to risk management, said Dervish Halil (pictured left), senior managing director and head of credit and capital markets risk at the Ontario Teachers’ Pension Plan, during a panel session at the Canadian Investment Review’s 2025 Risk Management Conference.
“I think one of the challenges is to resist the urge to apply the mindset the industry has traditionally used by focusing on events that have happened in the last 50 years, to what could happen based on longer time horizons. There is a greater need to de-emphasize forecasting . . . and focus more on adapting to new situations that may present themselves.”
Geopolitics ranks as the highest concern in the risk ecosystem for pension funds, according to an annual risk survey conducted by Jorge Cruz Lopez (pictured right), managing director and head of research at the Global Risk Institute. Indeed, he’s identified a dynamic in which multiple crisis events are happening all at the same time, all reinforcing one another.
“In this changing world, relying on the tools that have traditionally been used in risk management — [looking] at the past to inform the future — that becomes less reliable.”
The Ontario Municipal Employees’ Retirement System recently completed a refresh to its risk management framework, which prioritizes a proactive approach designed to be integrated into decision made by the organization. Leeanne Barnes (pictured centre), its senior vice-president of enterprise and operation risks, believes risk management is everyone’s accountability.
The OMERS’ redesigned approach was based on six core pillars: people risks, strategy risks, investment risks, operational risks, governance and legal risks and pension risks. It also incorporates emerging risk in a way that allows the organization to look at risk cases that impact it today, as well as those coming down the pipeline.
Read: Study finds institutional investors are most concerned about geopolitics and inflation
“What we’re trying to do is build the muscle to develop a longer time horizon view — or a three-to-five-year view of the emerging risks,” she said. “It’s those risks that are around the corner that we need to start focusing on now.”
One of the emerging risks the OMERS is focusing on, according to Barnes, is the risks and opportunities from artificial intelligence. Indeed, AI is responsible for evolving the sophistication of cybersecurity attacks, said Halil, noting awareness is key, but the proliferation of AI and deepfakes, altered videos designed to deceive the end user, are putting organizations at increased risk.
“There’s a continuous emphasis on the education and awareness. We have monitoring and detection [going] 24/7. We have advanced threat detectors scanning for any malicious frameworks in the system. We also get resources externally to assess our framework and a third-party review, which we rotate as well to get different perspectives.”
Both the Ontario Teachers’ and the OMERS employ tabletop exercises to practice cybersecurity attack responses as one way to stress test their response protocols and evaluate systems. But even with a gameplan in hand, organizations are increasingly vulnerable to cyber events due to a combination of existing technological vulnerabilities compounded with the introduction of new tools that only increase the existing risk profile, like deepfakes, said Lopez.
Read more coverage of the 2025 Risk Management Conference.