514 564-9955

Pension Plan Enterprise Risk Management Culture Begins at the Top

December 1, 2015

Pension Plan Enterprise Risk Management Culture Begins at the Top

ERMFor defined benefit (“DB”) pension plans, a strong Enterprise Risk Management (“ERM”) culture goes hand in hand with good governance and can yield two very important benefits: (1) the minimization of overall firm risk, and (2) an increase in firm predictability. ERM is often ignored by executives of leading DB plans when they fail to oversee the implementation of a Risk Management Framework across their organization.

To properly manage risk on behalf of sponsors and their beneficiaries, DB plan executives need to have a conceptual understanding of risk management. For instance, a large loss is not necessarily an indication of risk management failure so long as plan risk managers had prepared for the possibility of such an outcome. In fact, large losses are possible and so contingencies need to be developed as part of sound practices. The reality is that risk management deficiencies result from not correctly assessing, measuring, communicating and monitoring risks. An ERM Framework is defined as the process that puts in place the controls, policies and procedures that are meant to manage risks across an entire organization and in a customized manner.

ERM Provision Required in the Pension Committee Mandate

Presently there are 118 Fortune 500 companies that have DB plans[1]. As with any organization, executives are accountable to the Board (i.e. the Pension Committee (“PC”)).  As such, management is required to share information that allows the PC to meet its mandate. No motivation exists for management to be progressive by volunteering other insight to the PC even if deemed to be in the best interests of all stakeholders. A typical PC mandate may include the following:

  • Review the performance of the pension plan;
  • Review and recommend fund managers;
  • Review manager performance; and
  • Review and approve assumptions used, the funded status and the amendments to any of the plans.

It is understandable why management shies away from implementing ERM best practices as rarely does the following (or a similar) requirement fall under the PC mandate:

  • Review and approve of the plan’s Enterprise Risk Management (“ERM”) process.

By not defining ERM responsibility in the PC mandate, DB plans face an increased likelihood of being side-swept by a variety of factors, many of which can be characterized as “unforeseeable”. Comparing two similar pension funds, one with an ERM program and one without, the former would have lower tail risk and be deemed more valuable ceteris paribus (“with all things being equal”).

Some management teams are unaware that industry complexity (i.e. such as the increases in innovations, derivatives, illiquid asset classes and globalization) has evolved to the degree whereby ERM has emerged as a necessity to achieve best practices. These managers behave as if they are managing beneficiaries’ risk through some undefined self-insurance mechanism. Other management teams do acknowledge the need for ERM but would simply prefer not to present the idea to their PC given the perceived heavy burden to implement organizational change. The fact remains that for sound risk management practices to have a chance at successfully becoming adopted by DB plans, leadership for renewal needs to emanate from the highest echelons and spread throughout the entire organization. The very first step towards implementing a risk management culture is for management to be made accountable for organizational risk management. For this to happen a provision for ERM must exist within the PC mandate.

Management Buy-In

Before a provision for ERM can make its way into the PC mandate, the plan’s senior management must first “buy-in” to the concept. In fact without the commitment from the plan’s leadership, ERM is unlikely to achieve the required results.

In some cases, plan leaders come to recognize on their own the importance of implementing a strong risk culture. In other cases, an internal education process is performed by mid-level executives to plan leadership. Once the plan’s CEO buys-in, an ERM Framework can be presented to the PC along with the recommendation that continuous ERM oversight become a component of the PC mandate. No matter how the inspiration to adopt ERM originates, implementation can create a great deal of cultural change within the firm in question. It can be an uncomfortable period when the collective comes to the realization that internal policies, procedures and processes will change, and likely involve an increment to their workload. During this period ERM must be communicated to be a positive discipline that creates value for all stakeholders over the short, medium and long-term.

What is ERM?

ERM represents the policies, procedures and structures identified to be put into place in order to manage firm risk (i.e. market risk, credit risk or operational risk). Risk is essentially referred to as a measure of uncertainty. When implementing ERM, the very first action required is to identify and name a Chief Risk Officer (CRO) who should report to the CEO and possess the power to make all risk management decisions[2]. He and his group must not be influenced by people with functions in other departments, especially by front office ‎professionals. Ideally, the CRO should possess very good human relations skills as he will be required to interact with many departments[3].

Following the naming of the CRO the firm is positioned to articulate and define company goals, culture and appetite for risk. When it comes to implementing an ERM Framework, one size does not fit all. It is critical to understand, document and continually update what the firm is looking to achieve. ERM is an ongoing process and successful implementation needs to begin small and gradually move to larger projects. An effective ERM program requires that the CRO dynamically document project timing[4].

Risk Management is Holistic

A DB plan has the risk of becoming insolvent and deemed not able to meet its future obligations. This risk along with the associated costs (i.e. bankruptcy, management time etc.) can be eliminated or reduced through proper risk management.

Risks must be managed with the entire organization in mind[5]. Doing so allows for the offset of certain risks that exist across the organization. As such, ERM treats risk holistically and ensures that it is represented as a core concentration at the highest levels of management. This thus entails that the use of ERM works across the entire organization while giving reasonable flexibility to each department (i.e. accounting, information technology, performance, compliance, front end investment management, etc.). Within each department an ongoing process of identifying risks needs to be established. Through gap analysis deficiencies can be identified and then targeted to ensure proper risk management and monitoring.  Ways to transfer and minimize risk include (but are not limited to) the following:

  • Transacting in derivatives
  • Acquiring insurance
  • Creating a disaster recovery plan
  • Implementing a cybersecurity plan
  • Documenting model risk management policy
  • Endorse the process of transferring counterparty collateral to a third, independent party
  • Formally document all policies, procedures and controls across the various departments
  • Assessing and documenting operational processes

Why do DB Plans Avoid ERM?

Clearly, the benefits of implementing ERM across a pension organization are compelling. Given this, how is it that some executives avoid adopting such a virtuous program?

PCs are typically composed of high-profile executives from various industries that – for the most part – possess little to no investment management operations expertise. This puts them at a disadvantage in understanding industry intricacies, particularly given current growing demand for regulatory scrutiny. Most PC members have likely never heard of ERM and are therefore not equipped to inquire.

DB plan executives have a fiduciary duty to know industry best risk practices, and should be forthcoming to educate and promote ERM to their PC. The reality is that many executives simply engage an internal risk department to provide the optics that the risk management function is being addressed. Often times under these circumstances, the risk professional in question is often restricted from implementing policies and procedures that are aligned with best risk practices. In some cases, this person assigned to risk may even lack suitable experience for the position. A reason why many executives are making these sub-optimal decisions is due to their incentive structure, which is based on short-term pension fund performance measures. In order to change management behaviour and align their interests towards risk management best practices, their compensation should have a significant component tied to ongoing risk management improvement.  Another recommendation is that all current executive incentives tied to assets outperforming their benchmark should be eliminated – this method is both antiquated and sub-optimal. In order to get DB plan management properly motivated their bonus should be related to its ability to deliver a targeted long-term, risk-adjusted rate of return all within a pre-defined liquidity requirement.

Increasing Asset Complexity Driving Need for ERM

ERM is especially important within the current context of increasing investment complexity. An ERM program could have pointed many DB plans away from owning non-bank asset backed commercial paper during 2008’s liquidity crisis. Instead, write-downs were taken by several DB plans the result of being greedy for yield at the expense of transparency and the complete understanding of the investments they owned.

Since the financial crisis, Private Equity and Infrastructure assets have both captured an increasing portion of DB plans’ investment capital. Plan executives are attracted to these assets’ liquidity premium and lower pricing volatility. These assets would especially benefit from the implementation of an ERM Framework given their relative short history of ownership (<10 years) by leading DB plans. For such illiquid assets, a stringent investigation process should be implemented around valuation risk and incorporate a process of determining what an acquiring entity would be willing to pay. Consideration should also be given to stress testing interest rate sensitive, illiquid assets. Moreover, proper benchmarking of the different asset classes to provide more realistic relative performance measurement.

Assessing Risk

When analyzing publicly valued securities, statistical analytic models should be used in the selection of an asset mix to optimally achieve the long-term required rate of return[6]. These models are simple, inexpensive and flexible. In contrast, less transparent assets such as private companies should utilize Monte Carlo modeling which is deemed best for complex, harder to value situations. By virtue of incorporating both methods a plan’s required rate of return can emerge that reflects the midpoint of normal probability distribution.

The goal for an ERM Framework is to measure the plan’s overall volatility on an ongoing basis from the perspective of both solvency and performance.

Measures that are used to monitor plan solvency include:

  • Value at risk – Reflects a fund’s loss value threshold for a given level of confidence and period of time.
  • Expected shortfall – Estimates fund loss by averaging a chosen number of value at risk results that correspondent to varying tail probabilities.
  • Extreme value measures – Allow for the measurement of extreme loss that statistically occurs well inside the tail of the distribution (i.e. beyond the value at risk); one such example is the generalized extreme value distribution.

Measures that are used to monitor performance volatility include:

  • Variance – A well-known measure of dispersion that incorporates the squaring of identified values less their collective mean.
  • Standard deviation – The square root of the variance.
  • Below target risk – An expected value of unfavorable deviation of a random variable from a stated target.

In addition, tools exist from which the risk analyst may draw conclusions from and they include:

  • Capital allocation – Assists in the assignment of capital to various business/asset class segments in recognition of their respective risks.
  • Performance measurement – The use of quantitative measures enabling the organization to fully comprehend its risked returns.
    • Jensen’s Alpha – A level of fund return over and above the expected return.
    • Treynor Ratio – A risk-adjusted measure of return that uses fund beta to represent systematic risk.
    • Sharpe – A risk-adjusted measure of return that uses fund standard deviation to represent unsystematic risk.
    • M3 – A ‘volatility-risk- and-correlation-risk’-adjusted-performance return that can provide ex ante guidance on how to structure portfolios with tracking error restrictions (given the stability of distributional characteristics in the future).
  • Contingency planning and crisis management – Having a strong commitment to contingency planning increases the likelihood that extreme vents will be properly managed when they strike.

Final Words

The heightened complexities faced by today’s investment industry mean that assets can no longer be managed without the proper risk management controls. In fact, failing to do so puts plan executives at risk of failing to meet their fiduciary duty towards both beneficiaries and sponsors. Winston S. Churchill once said: “The price of greatness is responsibility.” Within this spirit, pension plan executives that oversee the implementation of a comprehensive ERM Framework are those that are committed to acting responsibly.


[1] Retirement Plan Landscape Stabilizing as Fewer Fortune 500 Companies Shifting Defined Benefit Plans to 401(k)s, Towers Watson Analysis Finds”, by Towers Watson (2014).

[2] “Overview of Enterprise Risk Management”, by the Casualty Actuarial Society, Enterprise Risk Management Committee (2003).

[3] “Enterprise Risk Management,” by Joseph Hanczor, Michelle L. Jacko and J. Christopher Jackson, NSCP National Meeting (2012).

[4] “Overview of Enterprise Risk Management”, by the Casualty Actuarial Society, Enterprise Risk Management Committee (2003).

[5] “Enterprise Risk Management: Theory and Practice,” by Brian W. Nocco and René M. Stulz, John Wiley & Sons, Inc (2006).

[6] “Overview of Enterprise Risk Management”, by the Casualty Actuarial Society, Enterprise Risk Management Committee (2003).

PDF version
  • By David Rowen  0 Comments