On September 9, 2024, the Canadian Association of Pension Supervisory Authorities (CAPSA) released two guidelines: Guideline No. 3: Guideline for Capital Accumulation Plans (updating a version from 2004) and new Guideline No. 10: Guideline for Risk Management for Plan Administrators (the "Guideline No. 10"). This is part two of a two-part series that reviews the two recently released CAPSA guidelines. Part 1, which reviewed Guideline No. 3, can be found here.
History
The purpose of Guideline No. 10 is to assist plan administrators with designing an effective risk management program that is capable of identifying both long-term and short-term risks. Guideline No. 10 was initially released as three separate guidelines in June 2022: Cyber Risk for Pension Plans; Environmental, Social and Governance (ESG) Consideration in Pension Plan Management; and Leverage and the Effective Management of Associated Risks.
Following stakeholder consultation in 2023, these directions were consolidated and re-released as a single guideline. The new guideline applies to administrators of defined benefit, defined contribution, pooled registered, target benefit and hybrid pension plans.
Risk management program
Before an administrator implements a risk management program, it must first understand its overall risk appetite. This requires undertaking an assessment of the amount and type of risk that the administrator may accept, while still meeting their fiduciary obligations. Once this assessment is completed, the guideline recommends that administrators undertake the following four-step process.
- Step one: Identify possible risks
The first step is to identify risks. Given the broad nature of this step, administrators are encouraged to seek information from expert sources including actuarial reports, relevant court cases and decisions and publications about external emerging factors that may impact the plan investments. Risks that are identified may be further categorized considering the stakeholders that may be impacted should the risk event materialise, whether the risk event is interconnected with other events and the longevity or severity of the potential impact. The guideline also provides a template risk register, wherein administrators may record risks that are identified, as well as information in respect of controls that are in place to reduce the severity of the risks materialising. It is recommended that the risk register be reviewed and updated annually as risks change and new ones emerge.
- Step two: Evaluate risks
Under the second step, plan administrators are required to develop a process for evaluating and prioritizing risks. The guideline recommends a number of risk assessment strategies including using a heat-map to compare the nature of the risk against the probability of it materialising. Different risk assessment tools may be appropriate considering the nature, size and complexity of the plan.
- Step three: Manage risks
Once a priority is established, administrators are required to develop mitigation strategies to manage risks. Mitigation strategies can include any processes or procedures used to control the severity or likelihood of the occurrence of a risk such as implementing strict financial policies, developing contingency plans, seeking external audits from qualified professionals and/or obtaining insurance. The mitigation strategies which are ultimately adopted should be suitable in each circumstance such that the plan does not exceed its risk appetite.
- Step four: Monitor risks
Ongoing monitoring and evaluation of risks is critical for a successful risk management program. The guideline requires administrators to vigilantly update their risk registers and consider emerging risks as they arise. The framework, including the risks identified and the mitigation strategies implemented, should be reviewed regularly and updated to ensure the administrator meets its fiduciary obligations.
CAPSA also recognizes that implementing the recommendations under Guideline 10 will differ from plan to plan and recommends that plans implement the risk management practices to reflect the investment beliefs, specific circumstance and risks of their specific plan.
Specific risk considerations
Guideline No. 10 also provides specific risk management considerations applicable to specific risk topics including: third-party risk, cyber security, investment governance, environmental, social and governance issues and use of leverage by administrators.
What should plan administrators and sponsors do next?
A review should be conducted by all plan administrators and sponsors of whether there is already a risk management program in place and if not, one should be created. Any existing risk management programs should be reviewed to confirm they comply with Guideline No. 10.
Despite the guideline becoming effective as of September 9, 2024, plan administrators have until January 1, 2026 to implement any process changes that may required.
About Dentons
Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.
