The Canadian Association of Pension Supervisory Authorities’ new risk management guideline allows for additional flexibility amid evolving issues such as cybersecurity and environmental, social and governance considerations, said David Bartucci, head of pension regulations and regulatory effectiveness at the Financial Services Regulatory Authority of Ontario and a member of the CAPSA’s risk management committee, during a webinar hosted by the CAPSA.

“The way that the guideline is written, the fundamentals of risk management are up front and then there are special topics [in risk management]. Our thinking around this was that we would have an ability in the future to update just those specific sections and add or remove them over time as appropriate. We appreciate some of these risks and the dialogue on them can evolve quickly and rather than redraft the whole guideline, I think we have an opportunity to just [update] those handful of pages that constitute the special section.”

Read: CIA advising CAPSA to consider pension plan liabilities, climate disclosure in ESG risk management guideline

On the issue of cybersecurity, the guideline emphasizes the importance of resources, skills and expertise to manage and monitor this risk effectively, he said, adding cyber risks overlap with the issue of third-party outsourcing roles and responsibilities being clearly defined.

“[Pension plan] administrators of all sizes should plan and think about a strategy for what they would do in the event of a cyber incident both in terms of who needs to be notified and a protocol for thinking through that.”

Also speaking during the webinar, James Hoffner, chief pension risk officer at the FSRA and a member of the CAPSA’s risk management committee, said the latest draft guideline expands the definition of ESG risks beyond climate change.

“Although climate risk is prominent, we stayed with an ESG focus. It’s the lens that we think best captures the range of issues that institutional investors are faced with. . . . One point that is worth emphasizing is the matter of proportionality. As regulators, we know that plan characteristics and circumstances vary, including investment beliefs, so we expect therefore to see different approaches to ESG.

Read: What does the Thames Water debacle mean for investment risk management?

“Pension plans are long-term investors and rely on a variety of investment strategies and vehicles to ultimately produce [income for members’] retirement,” he continued. “The use of ESG information needs to make sense in this context, for each plan aligns with an administrator’s fiduciary responsibility and the need to develop proportionate governance and risk management practices.”

The matter of proportionality is also reflected in the risk management committee’s overall goal of creating a guideline that could be applicable to any pension plan in Canada, said Bartucci, noting the guideline includes special consideration for targeted pension arrangements.

“Some of the key considerations that we work through and [are] hopefully reflected in the guideline are the issues of proportionality and complexity. We tried to be precise about the nuance between a plan sponsor and a plan administrator and use the appropriate term in context. We tried to strike the right balance between something that could be principles-based and administrators could sort of apply that guideline as appropriate in the context of their plan, without providing a list expectations for all sponsors.”

Read: ACPM advises CAPSA against one-size-fits-all approach to ESG, cybersecurity risk management