← Back To News

Own-risk assessment – Views from a Governance Consultant

From RR, to IRM to ORA…

Line of Duty may have finished but luckily we can depend upon the pension industry for a handy three-letter acronym. Everyone involved in pension scheme governance will be familiar with their Risk Register (RR) generally covering the financial, operational, governance, legislative and administrative risks in relation to the pension scheme.

There is also likely to be an Integrated Risk Management (IRM) framework, focussing on the scheme’s funding, investment and covenant risks and how they interlink. But do you also have an Own Risk Assessment (ORA) framework? No? Well you are soon likely to be required to have one!

Under new proposals published by the Pensions Regulator (TPR), private sector pension schemes with more than 100 members will soon be required to carry out an ORA on an annual basis. The requirement is included in TPR’s consultation on the consolidation of ten of its fifteen Codes of Practice into a single Code.

Once the Code comes into force, which seems likely to be later this year, trustees will have twelve months to carry out their assessment and document the risks facing their schemes. Whilst there does not appear to be a requirement in the proposals for the ORA to be submitted to TPR or made publicly available, it will need to be updated on an annual basis, and whenever there is a material change to the scheme’s risks or governance processes.

We know that the trustee boards with whom we work run well-governed schemes, and already pay a high level of attention to managing their scheme’s related risks, so the transition to an ORA is not likely to be a major change in their scheme management. However, thought will need to be given to ensuring that all of the risk areas proposed by TPR are documented in line with the new ORA prescriptive manner. TPR does stipulate that it will expect the ORA to be proportionate to the size, nature, scale and complexity of the scheme.

We would therefore recommend that trustees build the ORA into their 2022 Business Plans.

The Code also has other interesting governance requirements, for example trustees will need to put remuneration policies in place, which would need to be published on the scheme website or made available to scheme members. So, keeping an eye on the Single Code will be high on many trustee agendas towards the end of 2021.

Lisa Riordan

May 2021

Lisa Riordan leads the Governance Service at Pi Consulting, and is responsible for Pi’s pension adviser reviews. Over the last 17 years, Lisa has led on numerous Third Party Adviser (TPA) evaluation projects, from operational reviews (working to improve TPA service delivery for trustees) to procurement exercises (identifying the right TPA for trustees and ensuring the service transitions successfully).

Have a question?

Contact us on 020 8879 6500 or enquiries@pipg.co.uk