Own risk assessments
8 October 2021

Own risk assessments

Under The Pensions Regulator’s (TPR) new Code of Practice, UK occupational pension schemes with 100 or more members will be legally required to produce an own risk assessment or ORA. The new Code - currently in draft, and expected in 2022 - will provide details about how this duty is to be discharged.

The draft new Code says that schemes will have a year from the date the new Code is finalised to produce their first ORA, and that it will be ‘a substantial process’. Given how quickly a year in pensions passes, I recommend that trustees start to think about their governance systems now, rather than wait for the new Code. So, what can trustees do now? At the most basic level, an ORA is a review of the policies and procedures that make up a scheme’s effective system of governance (ESOG). Trustees will need to describe in their ORA how those policies and procedures meet the ESOG requirements, and how they reduce to a tolerable level the risks which could impact their scheme. This might sound like a simple concept, but it’s less easy to see how to get started. Here is one way.

Prioritise

TPR believes trustees should consider 22 elements as part of their ORA. As a starting point I suggest trustees prioritise these in order of materiality, and tackle the most important first.

It is possible that some of the 22 elements won’t appear in the final Code but if trustees identify something as being important for their scheme then it needs to be addressed regardless of the final content of the new Code.

Determine key risks

The next step is to consider and document key areas of risk for each element. For example, under “Continuity planning” trustees might consider questions such as:

  • What happens if the pensions manager (or other key person) is away unexpectedly?
  • What happens if we cannot form a quorum of trustees?
  • What continuity arrangements do our providers have?

I suggest starting the process with a blank sheet of paper to encourage independent thinking. The results can then be reviewed against the scheme’s existing risk management framework to complete the cycle.

Review and amend

Think about the policies, procedures and controls in place and decide whether they are effective in managing the identified areas of risk and meeting the requirements of the new Code. Any areas of inadequacy can then be addressed.

Document

The new Code says that trustees will need to document how the effectiveness of policies and procedures has been assessed, their conclusions, and why they have reached those conclusions.

I agree with TPR that it will be a substantial process, but doing it right will add significant value and will help to improve risk management for pension schemes.

Notes/Sources

This article was featured in Pensions Aspects magazine October edition.

back to Pensions Aspects Magazine

Last update: 14 October 2021

Sara Cook
Sara Cook
Barnett Waddingham
Principal

Pensions Developer

Salary: £30000 - £45000 pa

Location: Flexible working on offer

Buy In Reconciliation Analyst

Salary: £30000 - £40000 pa

Location: Flexible Working on offer

Pensions Calculations Analyst

Salary: £30000 - £50000 pa

Location: London

You may also like:

Mentee update
15 November 2021

Mentee update

The PMI Mentoring and Development Programme, sponsored by The People’s Pension, is delivered in conjunction with the Institute of Leadership & Management. Hear from our mentees and mentors from our 2021 programme.

Find out More
Spotlight: pension scheme governance specialists
15 November 2021

Spotlight: pension scheme governance specialists

Everyone reading this will be familiar with the role of a pension scheme secretary. It has become a recognised and respected career in its own right. But this is by no means all pension scheme governance specialists do: the range is wide and incudes, for example, trustee executive services and secondments. 

Find out More