Pension Investment Risk Management

Type of publication: Consultation
Paper Date: March 2022

Table of contents

    1. Introduction

    The Office of the Superintendent of Financial Institutions (OSFI) Canada supervises federally regulated financial institutions and pension plans to determine whether they are in sound financial condition and meeting their requirements.

    OSFI’s consultative processes for regulatory guidance are evolving to promote greater transparency and early engagement from stakeholders. This paper is an opportunity for OSFI to share its thinking and invite feedback from interested stakeholders. In turn, this feedback will guide OSFI in developing more concrete proposals to be presented in subsequent consultative document(s) or revised guidance.

    1.1 Context

    Investment activities carried out by federally regulated pension plans have increased in complexity over the years. Risk management practices of plan administratorsFootnote 1 must continually evolve to remain up to the task.

    Implementing investment risk management best practices is consistent with the requirement for pension plan administrators to invest pension assets prudently and in line with their fiduciary responsibilities to plan members and other beneficiaries (members).Footnote 2

    Good pension plan governance includes elements such as robust processes to identify and manage more complex investment risks, independent oversight of risk-taking activities and appropriate risk controls. These actions and others increase the resilience of pension plans to investment risks and ultimately the security of members’ benefits.

    1.2 Purpose

    In this consultation paper, OSFI is introducing investment risk management principles that we believe are relevant for federally regulated pension plans that are exposed to increased investment risks.

    Some principles and concepts may not be as relevant (for instance, to defined contribution (DC) and certain defined benefit (DB) pension plans that are smaller and less complex). The sophistication of each plan’s investment risk management practices must be commensurate with the investment risks being assumed. Section 6, entitled “Proportionality Considerations,” provides more information and some examples for these plans to potentially address the principles underlying these expectations.

    1.3 Survey of Pension Investment Risk Management Practices

    Market volatility that emerged in the wake of the COVID-19 pandemic led OSFI to prioritize its work to identify best practices for the management of investment risk by pension plans.

    To better understand the investment risk landscape for federally regulated DB pension plans, including the range of investment risk management practices adopted by plan administrators, OSFI surveyed 30 pension plans. Comprising approximately 11 per cent of DB pension plans regulated by OSFI that hold half of the combined assets held by DB pension plans, the survey sample was weighted to plans that invest a higher-than-average proportion of their portfolios in non-traditional assets or pursue more complex investment strategies.

    The survey findings showed a widespread application of traditional pension investment risk management practices, including the use of portfolio limits (e.g., asset class, credit quality), stress testing and asset/liability modelling. For plans that employ more complex investment strategies, widespread use of liquidity management practices were also observed (e.g. tracking of cash flows attributable to: derivatives contracts; capital calls relating to private market investment commitments; leveraged investment strategies; and benefit payments).

    The survey also highlighted the following four areas where, depending on the level of investment risk, management practices could be strengthened, and regulatory guidance could be enhanced:

    • Independent risk oversight function (Section 2)
    • Risk appetite and risk limits (Section 3)
    • Comprehensive portfolio and risk reporting (Section 4)
    • Enhanced valuation policies and processes (Section 5)

    1.4 Objectives and Next Steps

    This consultation paper provides a preview of expectations related to the four areas described above that OSFI may consider including in future risk management guidance for pension plansFootnote 3. Its objective is to seek feedback from plan administrators and other industry stakeholders to inform the development of this guidance. What elements of this consultation paper do you support and why? How could risk management practices be tailored to pension plans with less complex investment strategies? What principles should apply to DC pension plans?

    A series of questions appear throughout the consultation paper. These questions are intended to solicit information related to topics of particular interest to OSFI. However, we welcome feedback regarding any aspect of the consultation paper. Stakeholder feedback received during the consultation period will inform the development of OSFI guidanceFootnote 4; it may also inform Canadian Association of Pension Supervisory Authorities (CAPSA) guidance. OSFI guidance will first be released in draft form for comments prior to being finalized.

    2. Independent Risk Oversight Function

    OSFI proposes that its guidance on investment risk management would expect plan administrators to have in place a risk oversight function that is independent of operational management. The plan’s governance and risk management framework would reflect this structure and define the responsibilities of the individual(s) or group(s) involved.

    2.1 Role

    An independent risk oversight function is one that is separate from the plan’s operational management. Operational management collectively refers to investment managers - including investment fundFootnote 5 managers or other independent service providers that are investing the pension plan’s assets - and internal senior management that make decisions related to the plan’s investment management operations.

    The risk oversight function achieves independence by the plan administrator delegating a separate individual or individuals (e.g., a committee) to perform this function. Separating the risk oversight and operational management functions mitigates the potential for conflicts that could arise if both functions were carried out by the same individual or group.

    For pension plans that pursue more complex investment strategies, it may be appropriate for the plan administrator to include the pension plan’s investment activities within the scope of the review activities performed by their internal audit function. That is, the internal audit function would review the investment risk management processes carried out by the plan’s operational management and independent risk oversight functionsFootnote 6. This structure provides an independent assurance of the effectiveness of the plan’s risk management program.

    2.2 Responsibilities

    An independent risk oversight function provides objective oversight of the quality and adequacy of the plan’s risk management practices. Its key responsibilities could include the following:

    Governance

    • Establish a risk management framework and policies ensuring these are aligned with the risk appetiteFootnote 7 of the plan administrator

    Risk Identification and Assessment

    • Develop approaches to identify and assess investment risks
    • Challenge and approve key inputs, assumptions, and methodologies used by operational management in the assessment of investment risks

    Risk Limits

    • Set and review risk limits (see Section 3)

    Risk Monitoring and Reporting

    • Establish risk monitoring and reporting requirements
    • Implement reporting tools that provide a comprehensive view of the investment portfolio and risks (see Section 4)
    • Review and contribute to the monitoring and reporting of the plan’s investment risks. Escalate material issues to the plan administrator in a timely manner

    2.3 Implementation Considerations

    The risk oversight function would be separate from operational management to maintain its independence and objectivity, reporting directly to the plan administrator (e.g., Board of Directors or Trustees). This structure enables the independent risk oversight function to escalate urgent matters in a timely manner.

    The level of sophistication and resourcing of the plan’s risk oversight function should align with the plan’s risk exposures. Risk oversight personnel would be expected to possess the qualifications, knowledge of the risks being covered, and authority to effectively fulfill their responsibilities. Additional steps that plan administrators can take to reinforce the independence of the risk oversight function could include the following:

    • Implement policies that dissociate compensation of the risk oversight function from the financial performance of the pension fund
    • Ensure operational management plays no role in the performance evaluation and career advancement of the risk oversight function
    • Ensure the risk oversight function plays no role in developing the plan’s investment strategy

    Q.1 How have independent risk oversight functions been successfully implemented by pension plans?

    Q.2 How do pension plans anticipate implementing an independent risk oversight function as outlined in this consultation paper?

    Q.3 OSFI believes that an independent assessment of pension plan investment risk is a sound principle. However, not all plans have the level of risk that would merit an internal independent pension risk expert. How should pension plans with less complex investment strategies achieve the benefits of this principle in an effective way?

    3. Articulated Risk Appetite Statement and Risk Limits

    OSFI proposes that its guidance on investment risk management would expect plan administrators of DB pension plans to:

    • establish the plan’s risk appetite to guide its investment activities; and
    • establish, monitor and review risk limits for material investment risk exposures on a periodic basis.

    3.1 What is Risk Appetite?

    Risk appetite is defined as the amount and type of investment risk that the plan administrator is willing to accept in pursuit of the plan’s objectives. The risk appetite statement will consider factors such as the plan’s objectives and investment philosophy. It should also consider the financial strength of the employer and its capacity to fund the plan under different scenarios.Footnote 8

    The plan’s risk appetite statement should be concrete and measurable. The acceptable degree of volatility of the plan’s solvency ratio or funding requirements are two examples of how a plan administrator of a DB plan may choose to define the plan’s risk appetite. Plan administrators would be expected to document and approve the risk appetite statement. It should be reviewed regularly to ensure that it remains appropriate in light of current market conditions and the circumstances of the plan and the employer.

    3.2 What are Risk Limits?

    Risk limits are established for various risk factors or combination of risk factors. They represent the threshold that should not be exceeded based on the plan’s risk appetite statement. These risk factors may include, among others, interest rates, market returns, currency movements, demands for liquidity and demographic shifts.

    In order to quantify the impact of market shocks to the plan’s key risk factors, plan administrators may use modelling. The financial impact could be measured in terms of the plan’s solvency ratio or funding requirements. For instance, the plan administrator may:

    • perform scenario testing - deterministic or stochastic - that combines a range of hypothetical shocks to the plan’s key market risk factors;
    • shock incremental changes in a risk factor; or
    • use a Value-at-risk (VaR) approach.

    After quantifying the financial impact of market shocks, plan administrators would then identify the maximum shock that the plan can withstand based on the plan’s risk appetite. As the market does not always work as expected, risk limits are included to inform when the risk appetite may be challenged. For instance, it may be determined that investing 50% in equities should allow the plan to operate within its risk appetite. However, with a significant drop in equity returns (say -15%), the potential funding requirements may hit the boundaries of the plan’s risk appetite. That is, a 15% drop in equities is the risk limit upon which the maximum equity investment was based.

    Risk limits are a risk management tool to help characterize the plan’s risk toleranceFootnote 9. By alerting plan administrators to instances where the plan may bump-up against its maximum risk tolerances, risk limits help to ensure these risks are effectively managed and that they align with the plan’s risk appetite. In addition to initiating productive ongoing discussions regarding risk and return, risk limits may lead to adjustments to risk appetite, investment policy or investment strategy.

    3.3 Implementation Considerations

    While the plan’s operational management may be consulted during their development, responsibility for setting risk limits would rest with the plan’s independent risk oversight function.

    Operational management would manage the investment portfolio in accordance with established risk limits. The independent risk oversight function would monitor these activities and verify the plan’s compliance with established risk limits. This ensures that the risks to which the plan is exposed remain within the plan’s overall risk appetite. How frequent and comprehensive is the monitoring should be commensurate with the level of risk and degree of complexity of the investment strategy.

    Breaches of a risk limit should be subject to timely reporting. If appropriate, a breach could be escalated by the independent risk oversight function to the plan administrator in order that timely actions can be taken.

    Q.4 What do you consider to be the key risk limits for pension plans?

    Q.5 How do pension plans anticipate implementing risk limits?

    Q.6 How will the implementation of risk limits impact the investment management activities of pension plans, if applicable?

    Q.7 What are key tasks that a plan administrator should carry out to identify which risk limits should be in place and how often they should be monitored?

    4. Comprehensive Portfolio and Risk Reporting

    OSFI proposes that its guidance on investment risk management would expect that pension plans establish processes to ensure that plan administrators are provided access to timely and comprehensive portfolio and risk reporting.

    Access to timely and comprehensive information assists plan administrators meet their fiduciary and other responsibilities. Reporting that provides a full view of the investment portfolio and all material market, credit and liquidity risks ensures that plan administrators have effective oversight over the plan’s investment operations. Such reporting also provides plan administrators reasonable assurance that pension assets are invested in accordance with the PBSA and plan documents, and that pension assets are being invested prudently and in accordance with the plan’s risk appetite statement.

    4.1 Scope

    Portfolio reporting should include all asset classes and include the following elements, as applicable:

    • Leverage, including both direct and off-balance sheet sources
    • Derivative exposures
    • Foreign exchange exposures

    Disclosures contained in portfolio reporting should provide sufficient detail to be able to identify the holdings of the pension fund and monitor the portfolio against the parameters set out in the statement of investment policies and proceduresFootnote 10. It should also provide sufficient look-through to the underlying holdings of investment funds to permit the plan administrator to understand the plan’s risk exposures.

    Risk reporting would quantify material investment risks to which the pension plan is exposed, including the following categories:

    • Market risks (e.g., asset price, interest rates and foreign exchange)
    • Credit risk (e.g., default, counterparty, credit spread, concentration)
    • Liquidity risk (e.g., investment operations and benefit and expense payments)

    The portfolio’s holdings would be reported against portfolio limits. In addition, the plan administrator would be informed of any portfolio or risk limit breaches, and actions taken or expected to be taken.

    4.2 Implementation Considerations

    Data required to produce portfolio and risk reporting may be held by the plan administrator and third-party service providers, such as investment managers, pension fund custodian, or consultants. Regardless of where the data is held, all plan administrators would be expected to have satisfactory access in order to produce coherent and informative regular and ad-hoc reports.

    Plan administrators that choose to outsource portfolio and risk reporting retain responsibility over these activities. They should ensure that the plan’s independent risk oversight function is able to request the information needed to understand the underlying risks and to verify reporting. When portfolio and risk reporting have been outsourced to a third party, the plan’s governance and risk management frameworks would provide for appropriate controls to mitigate risks associated with the integrity of such reporting. Due diligence performed by the plan administrator when selecting and hiring third-party service providers would include an assessment of the third party’s reporting capabilities.

    Q.8 What controls do plan administrators have in place to ensure that portfolio and risk reporting is comprehensive?

    Q.9 How do plan administrators manage data limitations relating to investment funds?

    5. Enhanced Valuation Policies and Processes

    OSFI proposes that its guidance on investment risk management would expect that plan administrators enhance the documentation of valuation policies and processes to ensure the pension fund’s financial statements record assets and liabilities at their fair value based on current market conditions at the statement date.

    5.1 Implementation Considerations

    Valuation methodology documentation should include sufficient detail to eliminate ambiguity, in particular for assets that are difficult to value. In the case of third-party service providers, the plan administrator should perform due diligence of valuation policies and processes when engaging the service provider and on a periodic basis thereafter.

    5.2 Special Considerations for Alternative Assets

    OSFI has observed that investments in alternative asset classes have increased as a proportion of total pension assets in Canada. These investments present attractive investment characteristics for long-term investors such as enhanced diversification, lower volatility, and the potential for enhanced risk-adjusted returns over the long term. Compared to classes of assets that trade frequently in public markets, private market alternative assets, including real estate and infrastructure, are generally illiquid and inherently more difficult to value. Establishing fair valuations for alternative assets can be challenging due to the limited availability of market data. Valuations may be subject to highly localized market conditions, often requiring specialized expertise. Valuation intervals for alternative assets are typically much longer when compared to public market assets. While plan administrators may prefer the lower volatility associated with private market asset valuations, they may not be reliable.

    OSFI has observed significant variability in the valuation practices of pension plans and their third-party service providers. Plan administrators frequently rely on third parties for the valuation of alternative assets, rolling up these valuations into the plan’s own financial statements. Absent robust controls and processes to establish the sufficiency of third-party asset valuation practices, the value of assets may be unreliable. Further, the risk that assets are not valued correctly increases during periods of financial market volatility.

    Plan administrators should understand the limitations and challenges associated with the valuation of these assets and take steps to compensate for these limitations when required. For example, during periods of market stress, the plan administrator would perform or commission interim valuations of alternative assets sufficient to satisfy itself as to the accuracy of the valuations.

    Q.10 How do plan administrators evaluate third-party valuation processes and procedures?

    Q.11 During periods of market stress, how do plan administrators ensure that third-party valuations (e.g., investment funds) reflect fair market value?

    6. Proportionality Considerations

    Federally regulated pension plans exhibit diverse characteristics. The design of each plan’s risk management structures and practices will vary based on its characteristics and circumstances, the complexity of its investment activities and the risks being assumed.

    As noted in the Introduction to this consultation paper, a priority for OSFI is to ensure that administrators of smaller and less complex pension plans are able to interpret and adapt the risk management principles described in this consultation paper to their own plan’s circumstances. Without limiting the generality of the foregoing sections, described below are some risk management structures and practices that may be appropriate for certain smaller and less complex plans.

    Some of the principles in the consultation paper may not be as relevant for DC pension plans. We have included questions below to get feedback as to how plan administrators of DC pension plans could apply the risk management strategies discussed in this paper.

    Independent Risk Oversight Function

    The principle of separating a plan’s risk oversight and operational management functions offers benefits to all pension plans. The organizational design that separates the risk oversight and operational management functions, however, will vary from one plan to another.

    The risk oversight function may, in some cases, reside within the operational management functional structure, provided controls are in place that mitigate the risk associated with an imperfect separation of these functions. For example, separating responsibility for oversight of the plan’s operational management and risk oversight activities between different members of a Board of Trustees or Pension Committee may provide compensating controls.

    Plan administrators with outsourcing arrangements may choose to rely on elements of the operational management and risk management functions of their third-party service providers (e.g., investment managers, pension fund custodian, external auditor or consultants). For example, smaller and less complex pension plans that invest exclusively in investment funds may choose to rely on elements of the risk oversight activities performed by investment or pension consultant(s). Plan administrators retain fiduciary responsibility and are accountable for tasks delegated to third-parties. Therefore, due diligence is performed to ensure that the plan administrator is satisfied with the third-party service provider’s policies and processes relating to outsourced operational management and risk oversight functions. Outsourcing arrangements should provide for timely access to information necessary for the plan administrator to discharge its fiduciary responsibilities.

    Articulated Risk Appetite Statement and Risk Limits

    Plan administrators that invest in less complex investments should still be aware of the risks associated with their pension plans. For this reason, we believe that plan administrators should be aware when the risks associated with their investments are approaching or exceeding the tolerance level of their risk appetite. OSFI is interested in the risk management practices of plan administrators of less complex plans. That is, how are these plan administrators effectively informed on a timely basis when circumstances result in a challenge to the plan’s risk tolerance?

    Comprehensive Portfolio and Risk Reporting

    All plan administrators - including those of DB and DC pension plans − require access to complete and timely portfolio and risk data to make informed decisions and fulfill their fiduciary obligations to members.

    Smaller and less complex pension plans that invest exclusively in investment funds may rely on portfolio and risk data provided by an external investment manager. Where the services of multiple investment managers are employed, portfolio and risk reporting should be based on consolidated data and methodologies that are compatible and comparable.

    OSFI is interested in hearing how plan administrators of smaller and less complex plans ensure that they receive complete and timely portfolio and risk data.

    Enhanced Valuation Policies and Processes

    Ensuring that pension fund assets are recorded at fair market value is important for all pension plans. Less complex plans that invest in investment funds may choose to rely on the audited financial statements prepared for the investment manager(s) and the records of the pension fund custodian(s). In such cases, administrators would be expected to perform due diligence of the investment managers’ valuation policies and methodologies, particularly in the case of investments that are more difficult to value.

    Q.12 Please describe examples of successful implementation by smaller plans that pursue less complex investment strategies of one or more of the risk management principles described in this consultation paper. What challenges were encountered, if any, and how did plan administrators adapt their approach?

    Q.13 How should smaller plans that pursue less complex investment strategies implement the risk management principles described in this consultation paper?

    Q.14 What controls or practices can be put in place to ensure that plan administrators of smaller and less complex pension plans are kept informed when their pension plan is approaching levels that are outside of their risk tolerance?

    Q.15 What are examples of risk management strategies implemented for defined contribution plans that address the principles described in this consultation paper?

    7. Stakeholder Feedback

    OSFI invites plan administrators and pension industry stakeholders to comment on the proposed regulatory expectations set out in this consultation paper.

    Feedback received in response to this paper will help to ensure that OSFI’s pension investment risk management guidance reflects and accommodates the circumstances of all pension plans, including plans of various sizes, investment approaches and risk profiles.

    Comments on this consultation paper and responses to the discussion questions are requested by May 13, 2022.

    You can send them to pensions@osfi-bsif.gc.ca.

    Footnotes

    Footnote 1

    Subsections 2(1) and 7(1) of the Pension Benefits Standards Act, 1985 (PBSA).

    Return to footnote 1

    Footnote 2

    Subsections 8(3) and 8(4.1) of the PBSA.

    Return to footnote 2

    Footnote 3

    Future guidance will include other widely adopted investment risk management practices beyond the four areas listed in Section 1.3.

    Return to footnote 3

    Footnote 4

    CAPSA is considering developing a risk management guideline for pension plans in its strategic plan.

    Return to footnote 4

    Footnote 5

    An investment fund is defined in subsection 2(1) of the Pension Benefits Standards Regulations, 1985 to mean a fund — established by a corporation, limited partnership or trust — the purpose of which is to invest the moneys of two or more investors and the shares or units of which are allocated to each investor in proportion to the interest of the investor in the assets of the fund.

    Return to footnote 5

    Footnote 6

    This structure provides an independent assurance of the effectiveness of the plan’s risk management program. It is analogous to the three lines of defense structure that OSFI expects banks and insurance companies to implement. Further details regarding the three lines of defense structure can be found in OSFI’s Guideline E21 Operational Risk Management applicable to banks and insurance companies.

    Return to footnote 6

    Footnote 7

    See section 3.1 for the definition of risk appetite.

    Return to footnote 7

    Footnote 8

    Refer to CAPSA’s Guideline No. 7 Pension Plan Funding Policy Guideline.

    Return to footnote 8

    Footnote 9

    Risk tolerance is the acceptable variation in outcomes that the plan can accept per individual risk.

    Return to footnote 9

    Footnote 10

    See section 7.1 of the Pension Benefits Standards Regulations, 1985.

    Return to footnote 10