Home
Agenda item

Agenda item

Risk Policy & Risk Register

Meeting of Pensions Board, Wednesday 16 March 2022 10.00 am (Item 4.)

Decision:

RESOLVED: To note the updated risk policy and the risk register update for 2021/22

Minutes:

4.1 Rachel Cowburn introduced the updated Pension Fund Risk Policy, which details

· the risk management strategy for the Fund, including:

· the risk philosophy for the management of the Fund, and in particular:

· attitudes to, and appetite for risk how risk management is implemented risk management responsibilities

· the procedures that are adopted in the Fund's risk management process

· the key internal controls operated by the Administering Authority and other parties responsible for the management of the Fund.

4.2 The Policy was last updated in December 2018; this updated version is

presented for noting by the Board in line with the Policy’s regular triennial review process.

4.3 The report also presents the Q3 2021/22 risk register update for the

Board’s review. The register summarises potential significant risks to

which the Fund is exposed

4.4 Rachel Cowburn reported that key changes were to take account of CITFA guidance. Because of a restructure there had been changes to

some job titles and responsibilities. Challenges in regard to the Risk Register centred on presentation with a shift to a dashboard presentation each quarter, submitting the full risk register on an annual basis.

4.5 Rachel Cowburn outlined the highlighted the 4 risks rated as red:

· Governance risk around potential data loss. A cyber specific security policy was in place but it was recognised that a number of actions still need to be put in place;

· The ongoing risk of poor membership data. It was hoped that that risk would reduce to amber over the coming months. The Actuary was largely content with data quality;

· Regulatory changes such as the exit cap and the impact of the McCleod remedy given the high level of associated uncertainty;

4.6 Michael Hartney asked for clarification on the achievability of the target

date of September 2020 for the reduction of red risks on governance.

4.7 Rachel confirmed that the key risk to address related to the use of external systems. A plan was being put in place on the key recommendations of the cyber security policy and it was hoped to

complete the plan by September 2022. It was hoped to make much

progress on knowledge and skills and changes were planned in

relation to recruitment and retention. Data protection changes would be wrapped into the external systems changes. It was accepted that some of the risks were more easy to address than others and there would be process of review of the risks.

4.8 The chair asked for clarification on why the conflict of interest risk was amber.

4.9 Catherine confirmed that the risk was amber because of the presence of new members. Rachel Cowburn the new members would complete conflicts of interest forms and would receive induction training when the risk could be reduced.

4.10 The Chair expressed concern that poor membership data continued to be a red risk.

4.11 Jackie Moylan confirmed that the risk register was cautious and the administration risk was not far off amber as much progress had been made, particularly with the interface work. The risk was expected to reduce by September 2022. Rachel Cowburn confirmed that significant changes had been made with an interface that is ready to go live. Further, Equinity had made some material improvements in terms of meeting KPIs following a period of uncertainty. Some concerns remained.

Supporting documents: