Outsourced governance management
By Pedro Ribeiro, Senior Consultant
Following the introduction of Solvency 2, the European Commission and Council have decided to continue their efforts to develop a common regulatory framework for the financial industry to strengthen its governance. On 13th January 2017, the regulators laid down a new milestone in the pensions market with IORP2, the new directive that replaced the existing and much amended directive 2003/41/CE. This new directive had to be transposed into national laws before 13th January 2019.
Institutions for occupational retirement provisions, frequently called pension funds, are financial institutions that manage collective retirement schemes for employers in order to provide a retirement benefit to their employees. The employer, commonly denominated as sponsor, regularly pays a contribution in accordance with a pension scheme to an investment vehicle which invests these contributions on the markets to finally provide a retirement benefit to the employee, commonly denominated as the member, at the retirement age. Occupational pensions are known as the “second pillar” of the pension systems, the “first pillar” being state-based social security pensions and the “third pillar” being non-compulsory private pension savings for persons.
Up to now, IORPs were governed under a variety of national laws more or less following the outlines of the 2003/41/CE directive, which laid down basic requirements for occupational pension funds and their management and framed the rules regarding the investment policies so that IORPs were obliged to invest the assets prudently and in the best interest of members and beneficiaries.
However, considering the economic and market developments since 2003, with, among others, the subprime mortgage crisis in 2008, a significant need for a sound governance of financial institutions has arisen, particularly with regard to providing the necessary information to members and beneficiaries at the same time. Some failures of pension funds in the EU have resulted in shrinkages or curtailments in members and beneficiaries’ rights, which clearly shows a deep need to strengthen governance. This is particularly relevant due to the rise of “defined contributions” pension schemes, where the member bears the investment risk with no guarantee of pay-out, and the decline of “defined benefits” pension schemes that provide a contractual obligation of retirement benefits pay-out. These were the main motivations for the European authorities to draft a relevant amendment to the existing directive.
This resulted in IORPs facing new legal requirements in January 2019 and having to implement a robust risk management framework by ensuring an effective system of governance to protect the final interests of members and beneficiaries.
General governance requirements, management remunerations policies and a fit and proper policy must be implemented to constitute an effective system of governance that can provide sound and prudent management, which drives an adequate and transparent organizational structure and implements an effective internal control system.
Furthermore, the directive implements 3 additional key functions to drive the governance structure of IORPs: risk management, internal audit and actuarial function, to support the board of directors in carrying out their tasks.
These functions will drive the general governance requirements and be responsible for documenting the policies necessary to manage the operational and compliance processes.
Strategies, processes and new reporting procedures should be adapted so that the risks are framed and duly reported to the supervisory board. For outsourced activities, the implemented risk management system shall also cover the risks that can occur in the IORPs or in the undertakings to whom tasks and activities have been outsourced.
This requires that an Own Risk Assessment is regularly performed, framing the different assessments of the risk management system. Among others, an assessment of the effectiveness of the system, a definition of the fund’s risk objectives and tolerance limits, an assessment of the risk exposure measured through stress tests and scenario analyses and a forward looking of risks to be able to meet the IORPs obligations towards its members and beneficiaries must be introduced.
The rules have been defined and enforced concerning the information to be disclosed to members and beneficiaries. The aim is to provide them with all the necessary information concerning the evolution of their future retirement benefits, as well as, if provided, the given coverage of biometrical guarantees.
To be fully compliant, some complementary information must be provided to national and European authorities, for instance the basic annual accounts and annual reports. IORPs also have to provide an Own Risk Assessment, asset and liabilities studies, actuarial valuations and assumptions, as well as a statement of investment policy principles, and statistical reports must be provided to the European central bank and to the EIOPA.
Finally, the aim of the IORP 2 directive is to implement a sturdy risk management framework with 3 key functions in the management process, with the aim of having an equitable spread of risks and benefits between generations, promoting a better diffusion of information to their members and beneficiaries, as well as a better communication with the relevant competent authorities.