In January, the Canadian Association of Pension Supervisory Authorities established a new committee with a mandate to develop a risk management guidance.

In the CAPSA’s view, by having an adequate system for managing risks, “plan administrators are better positioned to keep pension assets safe and protect the plan from adverse risks.”

Coinciding with this initiative, the Office of the Superintendent of Financial Institutions released a consultation paper seeking feedback on principles and regulatory expectations for managing pension risk.

Read: CAPSA establishes committee to develop risk management guidelines for pension plans

The feedback, which was released in October, illustrated that, while many large plan sponsors have already incorporated strong risk management practices in their existing pension governance structures, it was generally agreed that an overly prescriptive approach should be avoided and that any guidance from the OSFI should be aligned with other jurisdictions or included as part of the CAPSA’s initiative.

As plan sponsors await the results from the CAPSA’s risk management guideline committee — and pending the implementation of formal plan governance policies as a statutory requirement for both federal and Ontario-registered pension plans — plan administrators should think about revisiting and strengthening their pension fund risk management strategies.

This is because risk management — namely, identifying material risks to the pension plan and establishing internal controls to manage those risks — is expected to be a component of the written governance policy that will be required in those jurisdictions, as is currently the case in Alberta, British Columbia and New Brunswick.

Read: OSFI launching consultation on management of pension investment risk

One of the key messages from the OSFI’s stakeholder consultation was support for a principles-based approach to pension risk management that could be adapted to the individual circumstances of each plan.

For example, rather than having a separate risk officer for all pension plans, respondents suggested the risk oversight function vary depending on the size of the plan and the complexity of the plan’s investment strategy.

While stakeholders emphasized the importance of independent risk oversight, they recommended this function be achieved by outsourcing to a third-party service provider or, in some instances, be considered by the plan’s investment decision-makers if such duties are appropriately segregated.

Many respondents also expressed support for setting risk limits — provided as long as these limits are flexible or take the form of ranges — as well as for risk management tools such as asset-liability modelling and stress testing. They also supported the need for regular reporting on risk metrics and exposures and recognized the value of external audits and asset-liability studies as effective risk management controls. As in many areas of pension governance and oversight, a strong due diligence process is key.

Read: ACPM cautions OSFI against one-size-fits-all approach to risk management

However, there was less consensus among stakeholders on the need for enhanced valuation policies and processes, with differing views on the frequency of audits or secondary valuations for alternative assets. Most respondents suggested annual audits, either internal or external, be done on an ongoing basis to evaluate any alternative asset valuations, noting it’s more important to ensure the valuation process is consistent and reliable than to obtain secondary valuations.

In order to identify any potential shortcomings once the CAPSA’s risk management guideline is released, federal and Ontario plan administrators should consider documenting their existing pension risk management framework and inventorying their existing risk management controls.

The questions plan administrators should be asking include:

  • What are the key areas of material risk to the plan?
  • Have these risks been identified and documented and what processes and controls have been implemented in order to address those risks?
  • What risk management tools — such as asset-liability studies and stress testing — are being utilized and at what frequency?
  • Who has oversight of the pension risk management function? Is this function appropriately segregated from those persons or entities responsible for investment decision-making?
  • If external agents are involved, what reporting and audit procedures are in place to monitor their adherence to risk limits?
  • What controls exist and what diligence has been performed on the process of valuation of pension assets?
  • What role do environmental, social and governance factors play in the risk management framework?
  • Does the risk management framework take cybersecurity risk into account?

Managing investment risk is a constantly evolving and ongoing process, as it must adapt to an ever-changing environment and must also align to the expectations of regulators. Taking steps now to identify and address those risks will place plan administrators ahead of the curve and help to enhance member benefit security, before these requirements become codified in legislation or regulatory guidance.

Read: Risks of cybersecurity breaches top of mind for pension funds