What does IORP II mean for trustees?


EU’s IORP II Directive aims to improve governance and risk management systems across all pension schemes. In particular, it requires that trustees must now:


  • Appoint a “risk management key function holder” (KFH) to oversee schemes’ risk management systems and advise trustees on risk management strategy
  • Carry out a deep dive review of the scheme’s risk management systems every three years.  This is called the “Own Risk Assessment” (ORA). The Pensions Authority recently highlighted the importance of this process, particularly for defined benefit schemes
  • Document their approach to risk management by agreeing a risk management policy and risk appetite statement for the scheme
Created with Sketch.
Schemes must have an effective risk management system that is well-integrated into the organisational structure and in the decision-making processes of the scheme
Created with Sketch.

Tasks for the risk management function


  • Help trustees prepare the scheme’s risk management policy
  • Identify potential controls that help mitigate identified risks
  • Assist the trustees in preparing the schemes’s Own Risk Assessment ("ORA")
  • Attend trustee meetings and advise on risk management
  • Monitor management of identified risks and update trustees on same


What must trustees do next?


The Pensions Authority has set a deadline of the end of 2022 for schemes to fully comply with IORP II, including the new risk management requirements. This means trustees need to have appointed their risk management KFH and agreed their risk management policy and risk appetite statement by that date.


The timeline below sets out some of the key work streams in achieving full compliance.  The most immediate step is for trustees to appoint their risk management KFH.

Compliance, Risk Management, Timeline, IORP II


Who can act as a scheme’s risk management key function holder?


Trustee Due Diligence Requirements

Trustees must have detailed procedures for selecting and appointing their risk management KFH and must carry out due diligence to ensure their proposed risk management KFH meets the “Fit and Proper” requirements set out under the under the Pensions Authority Code of Practice.


The trustees must ascertain the KFH meets the below requirements:


  • is of good repute and integrity
  • holds a qualification that the trustees consider relevant
  • has a minimum of two years’ experience gained in relevant employment, has comprehensive knowledge regarding operation of pension schemes that is sufficient and appropriate to competently support the trustees and
  • has an advanced understanding and capability in one or more of the following areas:
    • actuarial advice on funding, reserving, and solvency for DB schemes
    • investment advice covering investment policy principles, strategic advice, budgeting, and risk-mitigation techniques (hedging and derivative bases structures)
    • asset liability modelling
    • stress tests or scenario analysis
    • operational risk – particularly for DC schemes, and
    • regulatory environment
  • has a clear and comprehensive understanding of the governance, regulatory, and legal environments relating to the risk management key function
  • can demonstrate the ability to manage concurrent responsibilities and ensure capability to discharge all the duties of the role, and is aware of their obligation to identify and report personal conflicts of interest in carrying out their duties


Key components of a risk management system


IORP II is about building on the existing risk management systems that trustees already have in place but within a more formal risk management governance structure.


The risk management KFH is responsible for the scheme’s risk management function and advises the trustees on their risk management strategy, working with them to ensure it is executed effectively.  The graphic below summarises the key elements of a scheme’s risk management system:


Governance, IORP II, Risk Management


1. Risk governance structure

  • A risk management function to operate the scheme’s risk management system, maintain risk management documents, and produce reports and analysis for trustees
  • A key function holder  to oversee the risk function and advise trustees on risk management strategy
  • Some trustees may also consider establishing a Risk Sub-Committee and delegating some fo the risk management work to that committee

2. Risk documentation

  • More formal documentation of risk management procedures, including a risk management policy and risk appetite statement
  • A clear approach to demonstrating how risks are incorporated into trustee decision-making through the risk appetite statement and an increased focus on the risk register

3. Risk work streams

  • Ongoing support from the risk management KFH to help trustees identify, analyse and mitigate risks to which the scheme is exposed
  • The new own risk assessment requirement for a triennial deep-dive review of the risk management system to ensure risk management strategy is appropriate and effective

4. Wider scheme governance

  • The risk management function will also contribute to a wider pension scheme governance and decision making
  • While the wider governance policies, such as conflicts of business continuity planning, have a role to play in reducing and managing risk


How can Mercer help you manage risk?


Mercer has a long-established specialist risk management team in place to support trustees.

We have a deep heritage in risk management and a long history of helping trustees to manage the risks inherent in their pension schemes through our actuarial and investment advice, as well as liability and investment risk management projects.


Our specialist risk management team can guide you through the requirements of IORP II and help you develop an approach to risk management that meets your requirements and is proportionate for your scheme.

Richard Clossick
Richard Clossick
Pension Risk Management Leader, Mercer Ireland

We’re here to help

We’d be happy to set up a free consultation or send you more information to get you started. Simply fill out the form below and we will be in touch. If you are an existing Mercer plan member and have a question about your pension or shares, please contact the JustAsk team via this link.

*Required Fields