Risk management function for IORPs
IORP II requirements
The IORP II (Institutions for Occupational Retirement Provision) directive aims to provide a robust risk management framework for institutions for occupational retirement provision (IORPs). Part of these requirements include the creation of a new risk management function within IORPs.
- Scope of the Risk Management Function for IORPs
- Own risk assessment (ORA)
- Innovative out of the box solutions
- ORA process
- Bespoke requirements
“It is essential that IORPs improve their risk management while taking into account the aim of having an equitable spread of risks and benefits between generations in occupational retirement provision, so that potential vulnerabilities in relation to the sustainability of pension schemes can be properly understood and discussed with the relevant competent authorities.”
Paragraph 57 of the IORP II Directive
Scope of the Risk Management Function for IORPs
Full ORA process, including ORA policy, exercise and report
- Continuity, outsourcing, integrity, reputation, strategic, political and regulatory risks
- IT and data (eg GDPR, privacy and cyber risks)
- Investment risks, including: market, ALM, credit, liquidity and inflation
- Actuarial risks, covering: solvency, model, financing, selection and insurance
- ESG risks relating to the investment portfolio and their management
“Drawing up an effective and relevant ORA policy is a very important exercise to which IORPs must devote sufficient time.”
FSMA communication – Transposition of IORP II
Own risk assessment (ORA)
The own-risk assessment is an exercise that must be performed at least every three years (or sooner following any significant change in the risk profile of the IORP). The full process consists of 3 parts:
- ORA policy. This covers the objectives of the ORA, the decision making process, timeline and ORA frequency. The ORA policy must be approved by the board of directors of the IORP.
- ORA exercise. This should include the analysis of the risks detailed, centered around actuarial, investment and operational risk. The effectiveness of risk management systems should also be considered, as well as the total financing needs of the IORP.
- ORA reporting. The results of the ORA exercise should be summarized in a report, providing an overall assessment of the risk management processes in place. The ORA report should be submitted to the board of directors, approved by them and then sent to the FSMA.
“Ensuring an effective system of governance is therefore essential for the adequate management of risk and the protection of members and beneficiaries.”
Paragraph 52 of the IORP II Directive
A tailored solution
Innovative out of the box solutions
We have extensive experience in risk modelling and can offer a range of best-in-class solutions. Our approach includes:
- Risk identification, including classification, prioritization and evaluation
- Risk reconciliation, agreeing the risks identified with the relevant stakeholders
- Risk allocation, ensuring the allocation and related accountability to the appropriate parties
- Determining residual risk and specifying the compensating controls in place
- Risk assessment and measurement, including reporting processes
Full support on all stages of the ORA process including: ORA policy / governance, ORA exercise, ORA reporting, meetings with stakeholders and submission to the FSMA.
In addition to our base set of solutions, we propose an approach tailored to your specific requirements. Examples of these include:
- Coordination with other functions (e.g. the actuary / actuarial function, internal auditor, compliance officer, chief risk officer)
- Integration with a multidisciplinary model approach, allowing for comparison with other functions such as non-financial risk, including operational and data risks
- Dedicated bespoke support within risk committee meetings, including in-depth analysis of any entity specific risks
- In-depth scenario and stress testing, focusing carefully on the entity specific risks identified
- Focus on specific operational risks facing pension funds, including:
- Business continuity
- Outsourcing and integrity
- Reputation and strategy
- Political and regulatory
- IT and data
In order to provide a complete risk management solution, we have established a team specialized in offering risk advisory services to pension funds.
Our specialist risk management team consists of over 100 dynamic and talented professionals with a broad range of experience covering actuarial, financial and operational risk projects. This range of experience allows us to bring a holistic view to the risk management function, considering the overall risk profile from multiple perspectives and viewpoints.
In addition to our specific team, we also collaborate closely with other Deloitte specialists across the firm, leveraging the knowledge of Deloitte’s more than 4,000 professionals across Belgium.