Managing Risk


What does TPR say?

TPR says that good risk management is a key characteristic of a well-run scheme and that you should have systems to help identify risks in:

  • The way your scheme is governed and managed;
  • The scheme’s investments;
  • Administration processes;
  • The way you communicate with members.

In particular, you should be vigilant to key risks such as pension scams and cyber security threats. And if you fail to have proper internal controls in place, TPR may act by issuing Improvement Notices or appointing independent trustees.

Read the guidance here.

What do we think?

TPR wants to move away from risk management being done in a vacuum and yet the guidance does not provide a full picture of effective risk governance. Risk appetite, tolerance and a risk register alone will not help a Trustee Board manage their risks effectively. Other than a mention in further information, the guidance is also silent on integrated risk management (IRM), which is odd if one wants and should ensure that risk management is an integral part of a Trustee Board’s business.

So… what’s missing from the picture?

In many cases we have seen, trustees have set their strategic objectives but have either failed to sufficiently articulate them such that all the individuals on a trustee board have a shared and agreed understanding of them or they have lost sight of the fact that the strategic risks they should be focusing on are those events which if they were to occur would prevent them from achieving those strategic objectives. Without this strategic focus, trustees will tend to be process-orientated in their assessment of risks and as a result focus on ‘standard’ risks that could, in theory, apply to any scheme but, in practice, have a hit-and-miss relevance to their own circumstances.

For risk management not to be in a vacuum, it is imperative that any review of risk management is directly linked to strategic objectives, as well as taking into consideration the views of the sponsor and what they can, or will, support. Clearly setting out what one wants to achieve and determining one’s strategy for getting there enables one to consider what events might hinder that journey (were they to occur – they are the strategic risks) and enable one to determine how much risk should be taken or could be taken without being knocked off course (the risk appetite).

In this way, trustees can determine which risks are material and therefore which ones they should focus their attention on, including any that are less tangible but equally impactful, such as reputational and those relating to succession, values and behaviour. This in turn helps trustees to make the right decisions and to prioritise activities with proportionate effort accordingly. Identifying the risks that the board will manage and those that will be owned by others in the governance structure becomes much easier when the board knows what its priorities are.

A savvy board will also know that risks shouldn’t be addressed in isolation of each other. It will want to understand how risks correlate. Take how the covenant underwrites the investment strategy and that, in turn, impacts funding. The risk of not achieving a self-sufficiency target is dependent on these three areas and how they interrelate. Decisions taken on funding should be made in the context of the consequences and impact they will have on the investment strategy and any de-risking in place and whether the covenant can support them. Integrated risk management is a well-known approach in schemes’ financial management but TPR’s guidance on managing risk has not drawn this out.

The overall risk governance is key. Clear delegation of activities and therefore their associated risks is also key. Those managing the scheme on a day-to-day basis will want to align the risks they are running operationally with the trustees’ strategic risks and risk appetite. The pensions team will want to understand the trustees’ risk tolerance; with any activities or changes in status straying close to the limits of what the trustee can withstand being regularly monitored. To ensure the team has clarity about what is acceptable and tolerated, policies serve as both a tool and control. They help the team understand ways of working and provide boundaries within which to operate, and against which to report to the Trustee. It is a delegation of activity, but the Trustee must retain responsibility and oversee risk accordingly.

Understanding the limits that must not be breached and those that are more flexible, allows the team to set triggers for escalation. For example, if a limit is an investment strategy tracking error of 10%, when does the team report that the limit is approaching; when it is hit or getting close at say 7%? To whom does it report – the Investment Committee/ the Trustee Board? And what does it report – just that the limit is approaching, or action being taken to manage the situation and proposals for further action that will need to be approved?

Until recently, many schemes have focused their energies on the risk process; identifying and assessing risks and implementing appropriate controls. Many have fallen into the trap of spending time looking at risk registers, spending valuable meeting time debating why a risk score has changed. The risk process is essential to understanding how material risks are and whether controls remain effective. It should be dynamic and embedded into decision making.

Likewise, risk reporting is varied in its usefulness and doesn’t always tell the Trustees what they need to know. It should do three things:

  1. focus on what is affecting/ might affect the strategic direction;
  2. give trustees confidence that the decisions they are making are right for their members; and
  3. provide assurance that risks owned outside the Trustee Board are being managed effectively.

Risk management should be an integral part of trustee business not something adjunct to it. Schemes should also consider giving their audit and risk committees a role in advising the Trustee Board on strategic risks and the high-level heat map. A good risk management framework will depend on addressing and implementing all of the elements identified above – objectives, strategy, risk appetite, governance, policies and reporting.

A good risk governance framework, once in place, is not onerous to maintain, will retain a sense of proportion, will be an integral part of how business is conducted and will be extremely valuable to the overall trustee decision-making process.

What do others do?

Risk governance

This trustee board felt that their risk management had become “stale” and needed refreshing.

We worked with the board and committees to understand how they managed risk. We facilitated a workshop and mapped out visually how they currently manage risk. It was quite clear that the approach was inefficient and not targeted to what mattered most to the trustees.

Read more

This trustee board felt that their risk management had become “stale” and needed refreshing.

We worked with the board and committees to understand how they managed risk. We facilitated a workshop and mapped out visually how they currently manage risk. It was quite clear that the approach was inefficient and not targeted to what mattered most to the trustees.

We were asked to work with the Audit and Risk Committee to develop a risk framework. To do so, we first needed to understand the board’s objectives and review the scheme’s governance structure and delegations so that we and the board understood what responsibilities and risks it wanted to retain and those it would delegate.

The framework took the board through articulating its risk appetite, agreeing objectives, being clear on risk governance, agreeing a process for managing risk, ensuring policies supported risk management and developing reporting mechanisms to escalate risks/ issues and provide assurance; all in the context of their strategic objectives.

The outcome is a more strategically-focused board that spends time on what matters and prioritises with risks owned at the appropriate level within its governance structure.

Risk workshop

Muse facilitated a workshop for the Audit and Risk Committee of this multi‑billion‑pound scheme as part of the introduction of a new risk framework. We walked the committee through a specific administration example to help them understand what their risks were, what their risk appetite might be, the controls they should have in place, how they would be implemented and by whom and how those controls could be monitored (administrator, trustee executive or internal audit) and reported on to the committee.

Read more

Muse facilitated a workshop for the Audit and Risk Committee of this multi‑billion‑pound scheme as part of the introduction of a new risk framework. We walked the committee through a specific administration example to help them understand what their risks were, what their risk appetite might be, the controls they should have in place, how they would be implemented and by whom and how those controls could be monitored (administrator, trustee executive or internal audit) and reported on to the committee.

This scheme had an objective to deliver a quality, member-focussed service, that was accurate, consistent, efficient and responsive. However, its current administration service was only just improving after a period of under-resourcing, data and calculation errors, breaches and member complaints. A liability management exercise was muted which the trustees knew would impose greater volumes of work on an already fragile team.

Understanding their risk appetite was essential when the trustees subsequently came to making decisions on which projects to undertake. Was the risk of not committing to the liability management exercise on the scheme’s long-term funding position greater than the risk of a poor administration service in the short term? With this knowledge, the trustees were actively able to manage the right risks in the short-term and tweak their strategy to prioritise activities over the medium to long term.

How can we help?

    We can provide independent risk management expertise working with you as trustees, your executive support and your advisers/ providers to help you:

    • Agree and articulate your strategic objectives
    • Set up your risk management framework or align your existing framework with your key objectives
    • Think about risk in the context of your objectives and appetite and how you consider risks in your decision making
    • Articulate your risk appetite and tolerance to develop a Risk Appetite Statement
    • Test that you are managing the material risks only at board level with others owned by committees, trustee executive/ in-house support and providers
    • Review your risks and controls, looking at how you monitor the effectiveness of controls
    • Identify and assess risks and controls
    • Review policies and check if they are aligned with the risk management approach
    • Consider your risk governance and refresh your risk reporting, escalation and issues management processes as appropriate
    • Review risk tools and consider more innovative options for risk information capture and reporting
    • Scope out an oversight and assurance programme and work with you to plan the associated activity.

Who to contact

Image of Lindsay Hawkins

Lindsay Hawkins

My expertise is in Trustee governance and risk management. I help Trustee Boards and sponsoring employers ensure their governance is top-quality.

View Profile

What do you do?

I specialise in outsourced pensions management, trustee governance and effectiveness projects and help Trustees evaluate their executive resource needs.

What is your background?

I’m a Fellow of the Pensions Management Institute and been involved in managing pension funds for almost 20 years. Most recently as Head of Pensions & Benefits for Rexam PLC (a FTSE 100 company recently acquired by a US competitor, Ball Corp). Prior to that I held a pensions management roles in-house for Fujitsu Services and was Pensions Manager for Société Générale Corporate & Investment Bank. Going back even further, I worked in the consulting environment, primarily in outsourced pensions management roles.

What do you bring to Muse?

A lot of practical experience of how to run a pension fund well and get things done. Most of my in-house roles have involved dual aspects being both Head of Pensions/Pensions Manager for the sponsoring employer but also Secretary to the Trustee Board. I therefore understand, in depth, the business drivers for both sides and how to reach solutions which work for everyone. I work best by building good relationships, so enjoy creating teams where everyone understands the pension arrangements’ objectives as well as the strategy for getting there – which really helps Trustee Boards measure success.

What do you do for fun?

It may not be everyone’s idea of fun but my husband and I help out in our local church. Community is important to us both plus it’s great to have lots of friends locally when you lose your keys. Having a desk job means I like to be active whenever I have some free time so I’m a regular at my local gym, I love street dance, weights and yoga - but not all at once. I’ve also been on a lifelong quest to become a wine connoisseur but require much more practice.

Email Lindsay Hawkins
Image of Barry Mack

Barry Mack

I specialise in governance, trustee effectiveness, pension management (including administration) strategy and large change management projects.

View Profile

What do you do?

I am a Director of Muse Advisory and specialise in DB & DC pensions, governance (especially funding, investment and risk management), trustee effectiveness, outsourced pensions management, pension management (including administration) strategy and large pension change management projects. I particularly enjoy facilitating trustees to fully articulate their objectives and beliefs and, consequently, to be as effective as they can be.

What is your background?

I’m an actuary and have worked in governance, administration consulting and DC arenas at Mercer and Hymans Robertson. At Hymans Robertson I was a partner, Head of Governance, Risk Group chairman and DC Governance Committee chairman.

What do you bring to Muse?

More than 30 years of financial, pensions and business experience supported with strategic, technical and commercial skill, and a heavy dose of pragmatism.

What do you do for fun?

Bellringing, photography, Lego! And watching F1 with my two (now grown up) sons.

Email Barry Mack
Image of Julia Land

Julia Land

My expertise is in trustee effectiveness and governance reviews, related work on succession, training, one-to-one feedback and facilitated Trustee workshops e.g. on review actions, on strategic planning. I have worked with over 90 boards in the past few years including many well-known pension schemes and more widely with FTSE companies and non-profit organisations.

View Profile

What do you do?

I’m a Senior Adviser at Muse. I work with boards advising on effectiveness and governance development.  Nowadays I focus on pensions organisations and have been doing this type of work with Muse since 2009, mainly with trustee boards of large, complex schemes.

What is your background?

I’ve been advising boards on effectiveness and board development for about 14 years and I’ve worked with a uniquely wide range of around 90 boards: pensions trustee boards, FTSE 100 and 250 plc boards, investment organisations, complex NHS groups, non-profits.

My earlier career was in investment at Deutsche Asset Management and UBS/Warburgs and in finance at Arthur Andersen & Co, in all those roles working closely with client boards.

I hold the PMI Award in Pensions Trusteeship and I’m an ICAEW Fellow. I’m an experienced coach and qualified on leadership development tools such as Myers Briggs.

What do you bring to Muse?

What I aim to bring is listening skills, proportion and a sense of humour.

What do you do for fun?

Mainly revolves around the outdoors, food and music. 

Email Julia Land
Image of Rosanne Corbett

Rosanne Corbett

I specialise in pensions and benefits governance, trustee effectiveness, workshop facilitation, change projects and risk management.

View Profile

What do you do?

My work is varied; from trustee board effectiveness reviews, implementation and embedding of risk management frameworks, advising on trustee objectives and long-term strategy and providing executive pensions support on an in-house interim or fully outsourced basis to reviews of the DC market and provider selection exercises, including master trusts. I’ve found being able to implement and embed the advice I provide from working in-house as an interim pensions/ governance manager to be challenging yet very enjoyable. I have provided corporate support in periods of change where no in-house pensions expertise existed and have integrated into existing in-house teams to provide hands-on support for business as usual activities and strategic projects. I have managed large-scale change projects on both sides of the fence, giving me a good perspective on trustee and company drivers and what success looks like.

What is your background?

I have worked in pensions and employee benefits since 1999. The majority of my career to date has been spent advising and supporting trustee boards and companies on good governance and how to manage risk. I started my career as an international employee benefits consultant at Mercer, helping multinational companies design and implement benefit structures. From there I moved to corporate strategy and developed a penchant for governance. I have worked with multinationals to introduce global governance frameworks and review how they manage benefit-related financial and operational risk globally.

From global, I moved to local and became heavily involved in UK-specific pensions and trustee governance and board effectiveness as the Pensions Act 2004 came into force. This then led me in 2010 to Muse Advisory. My passion is really about working with people and making things happen, be that trustees understanding their objectives and implementing a strategy to achieve them, to pension teams being able to deliver an excellent service, working in partnership with their trustee boards and advisers.

What do you bring to Muse?

My get up and go. I am quite a driven person and like to learn new things. I like to bring new ideas to my colleagues, clients and Muse. Mostly, I bring energy and passion - I genuinely love what I do.

What do you do for fun?

I love the outdoors, where you'll find me horse riding or walking my dog. My other passions are amateur astronomy and art, but I never seem to have the time to fit everything in.

I've also spent seven years as vice chair of a school governing body. Being a governor has made me appreciate the time and energy that trustees need to commit to do a good job!

Email Rosanne Corbett

Muse Advisory helps trustees and companies to better govern and manage their pension schemes. We believe that good governance leads to improved outcomes for members; through better fund performance, effective and proportionate management of risk, value for money and cost efficiencies and strategic and dynamic decision making.

think independently...act effectively