Mastering Own Risk Assessment (ORA) in Pension Schemes

Own Risk Assessment (ORA)

The Pensions Regulator’s General Single code of practice has further cranked up the focus on governance systems. The Effective System of Governance (ESoG) has not come alone and the Own Risk Assessment (ORA) (applicable to schemes with over 100 members) is there to assess how well your ESoG is working and where any risks might apply.

The ORA will review all the policies and procedures that the Scheme has in place and assess them for risks. Following that, the Trustee will evaluate those risks to measure the extent of how they affect the Scheme. The Trustee can then put steps in place to mitigate those risks, monitor them and report on them. But what does this mean in practice? And how can schemes ensure they meet the expectations without adding unnecessary complexity?

The scope and scale of these risks could be broad and wide-reaching judging from just some of the policies Trustees might need to consider.

1. Governing Body: Trustee Decision Making,Trustee Discretions,Register of Conflicts,Continuity and Succession planning, Objectives of the Scheme, Roles & Responsibilities.

2. Investments: Monitoring of Investments, Stewardship, insolvency, Climate Change considerations, Investment Governance Processes, Decision Making, Risk Appetit, Responsible Investing.

3. Administration: Risks with Financial Transactions, Record Keeping, Contribution Monitoring, Employer Covenant Strength, Payment of Benefits, Risks to Member Benefits, Member Communications,

Once all the policies have been reviewed, the trustee needs to document how risks are mitigated and integrated into management and decision-making processes.

Mitigated, being the key word here. There is no such thing as zero risk. We cannot even leave our house, run for a bus or bake a cake without an element of risk being involved.  

Mitigation can be broken down into further categories. Can the risk be avoided, reduced, transferred or accepted? Each risk can be evaluated on that basis.

Documenting the ORA

In addition, Trustees need to be aware that Defined Benefit Schemes carry different risks compared to Defined Contribution Schemes, and hybrid schemes need to consider both. Even though the Regulator encourages an integrated approach, the risks will need to be considered separately when preparing the ORA to ensure effective systems are in place and consideration of the effectiveness of the governance systems will also need to be accounted for in the ORA.

So, not only are all the points on a checklist reviewed, the checklist and clipboard itself is assessed for effectiveness.

Once all this is in hand, the ORA needs to be in writing. A live electronic document as a reference point to add, update and amend as needed. The ORA needs to be made available to all members of the governing body in a central location for accessibility. In addition, members of the Scheme can also request a report showing the findings of the ORA. Consideration needs to be given as to what information will be provided to members.

Integrating ORA into Trustee Meetings

The Regulator, however, isn’t worried and has reassured schemes that this should be a straightforward project for well-run schemes and once in place, should be business as usual. This could be helped further by the Regulator not stipulating any standard design for the ORA with schemes able to design their own and even collate current risk assessment documents.

Despite the Regulator’s apparent confidence, we believe that a well-documented ORA is a good way to review your ESoG but there are some amendments we would make to the Regulator’s recommendations.

Much like the Risk Registers and Conflicts of Interest Registers that are reviewed on a regular basis I believe that it would be prudent to integrate a review of the ORA into trustee meetings in a similar way. Maintaining a living, breathing, and evolving ORA will ensure that your ESoG is truly robust.

The ORA allows trustees to spend quality time on governance to ensure better decision making, clearer strategy and better outcomes for members.

Regulatory Expectations and Submission

Similarly, despite the Regulator expecting an ORA to be submitted every 3 years there is no statutory requirement to do so. Failure to complete will be seen as poor governance and will draw focus and more scrutiny from The Pensions Regulator, and don’t forget, possible reputational damage.

The next year will be interesting as trustees complete their first ORA and ensure an Effective System of Governance is in place for their schemes. The focus on governance is taking up a lot of time, however it is an important part of ensuring the Scheme is run effectively.

For many the task of responding to the single code, implementing their ESoG and completing their first ORA will likely be daunting. Especially without a portfolio of schemes and infrastructure of template documents and frameworks to base your reviews.  Luckily, there are independent trustee organisations available to support in house trustee boards and lend a helping hand.

How we support your Schemes through ORA

We take a practical and proportionate approach to the ORA. We work with trustees and scheme sponsors to:

• Demystify Requirements: Breaking down what the regulator expects and how to structure the assessment.

• Streamline the Process: Leveraging existing governance frameworks to minimise duplication of effort.

• Provide Practical Insights: Offering expert analysis to help schemes not just comply, but enhance their governance and risk strategies.

For schemes looking for additional support, we provide end-to-end assistance – from initial ORA design to implementation and ongoing review.

The Bigger Picture: ORA and Pensions Management

The ORA is just one piece of the governance puzzle. Ensuring your scheme has the right structures, processes, and expertise in place is key to managing long-term risk. This is where Dalriada’s Pensions Management service comes in, providing flexible, expert governance support to keep schemes resilient in an evolving regulatory landscape.

Next steps…

If you need support reviewing your Own Risk Assessment to better understand your scheme’s effectiveness for better decision-making, clearer strategies, and improved outcomes, contact us today.