When is your Risk Register a Risk?

The Pension Regulators (tPR) 21st Century Trusteeship campaign is aimed at driving up the standards of governance on Trustee Boards. This is looking to plug gaps in control processes and improve upon the existing measures.

The majority of Trustee Boards (I hope) have a risk register. I would suspect a large proportion of these may not be fully fit for purpose. In this blog I will look at three key areas I am considering when reviewing new risk registers on my appointments.

Who controls the document?

The provision of a risk register is often part of a full service specification provided by intermediaries (actuaries, consultants and/or administrators). The majority of risks relate to the operational running of the Scheme, the majority of which is likely delegated to the same intermediaries. From a Trustee perspective, is it appropriate for an adviser to mark their own homework? Whilst the provision of a template is helpful, the Trustees must take ownership of the process and question or be able to challenge the output on an informed basis. Delegation does not absolve fiduciary responsibility, a point Trustees must always remember.

When is the risk register updated?

In my experience the risk register is often updated in preparing the papers for each Trustee meeting. Following that meeting, any changes suggested are updated before the next meeting. This means two things:

• The risk register is almost never fully up to date;
• The risk register is not able to consider short term problems or issues that may arise in between the Trustee meeting cycle.

The risk register should be a ‘live’ and working document which is kept up to date throughout the year. If you fail to do this, you will unlikely be using the register to its maximum potential.

Do you have any risks?

I have seen many registers that are a wonderful sea of green with no risks identified. I would be confident without exception that these registers must simply be wrong. As good as a Trustee Board is many risks are completely out with control. If you don’t have any risks, you are either not grading correctly or your register is not detailed enough. Risks will be heightened at different stages in the triennial cycle such as valuations or through investment transitions when you are moving funds. Risks are brought through legislative changes, adviser moves and geo political events. If your register is all green, have a deeper think as I am sure you are missing something.

Summary

The risk register does not need to be overly complicated. If you consider the three points above, you should have a document that is:

1. Controlled at the right level;
2. Updated in real time;
3. Considers the risks appropriately.

With these three simple considerations you should have a register that is fit for purpose and is positive for your scheme governance and not a compliance tick box. I would caution that having a poor risk register is just as dangerous as not having one at all.

If you have any questions about this blog, please get in touch.