Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.

Ignore

This website requires cookies. Your browser currently has cookies disabled.

Risk management function

Code in force: 28 March 2024

This module forms part of our expectations for trustees of those schemes required to operate an effective system of governance, see Systems of governance.

  1. Under section 249A of the Pensions Act 20041, governing bodies of certain schemes must establish and operate an effective system of governance (see Systems of governance) including internal controls (see Internal controls). However, there are certain exemptions2. The system of governance must be proportionate to the size, nature, scale, and complexity of the activities of the scheme3.
  2. Trustees of schemes with 100 members or more4 that are required to operate an effective system of governance should have in place a risk management function.
  3. The risk management function should be proportionate to the size, nature, scale, and complexity of the activities of the scheme. In practice, the degree of separation between the risk management function and the governing body will be influenced by the size and internal organisation of the scheme and participating employer(s).
  4. The risk management function should:
    1. be structured in such a way as to facilitate the functioning of a risk management system for which the governing body should adopt the strategies, processes, and reporting procedures necessary to:
    2. regularly review the key risks, at an individual and aggregated level, to which the scheme is or could be exposed, and the interdependencies of such risks
    3. where members and beneficiaries bear risks, also consider those risks from the perspectives of members and beneficiaries
    4. report to the governing body in a timely manner on the risks identified in relation to the expectations set out above in this paragraph
  5. The written policies regarding the operation of the risk management function should:
    1. only take effect after they have been approved by the governing body, and
    2. be reviewed at least once every three years
  6. The person(s) performing the risk management function may also carry out any other key function5 of the scheme or be involved with the scheme in any other role.
  7. The risk management function is in addition to the requirements on governing bodies to prepare an own risk assessment.

Glossary and legal references

Beneficiary

A person who is in receipt of benefits from the scheme and is also a survivor or dependant of a deceased scheme member

1 Article 226A of The Pensions (Northern Ireland) Order 2005

2 Section 249A(3) of the Pensions Act 2004 [Article 226A (3) of The Pensions (Northern Ireland) Order 2005]

3 Section 249A(3) of the Pensions Act 2004 [Article 226A (3) of The Pensions (Northern Ireland) Order 2005]

4 Section 249A Pensions Act 2004 and Regulations 3(1)(3)(a)(5),(6) and (9) of the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018 (SI 2018/1103)[Article 226A of The Pensions (Northern Ireland) Order 2005 and Regulations 3(1)(3)(a),(5),(6) and (9) of the Occupational Pension Schemes (Governance) (Amendment) Regulations (Northern Ireland) 2018 (SR 2018 No. 214 N.I.)]

5 Regulation 3(3) of the Occupational Pension Schemes (Governance) (Amendment) Regulations 2018 [Regulation 3(3) of The Occupational Pension Schemes (Governance) (Amendment) Regulations (Northern Ireland) 2018]