www.iopsweb.org
IOPS Toolkit for Risk-based Pensions Supervision
www.iopsweb.org
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Introduction
The International Organisation of Pension Supervisors (IOPS) is an
independent international body representing those involved in the supervision of
private pension arrangements. The Organisation currently has around 80
members and observers, representing over 75 countries worldwide - from
Australia to Zimbabwe - covering all levels of economic development and
bringing together all types of pension and supervisory systems.
The IOPS Toolkit for Risk-based Supervision was officially launched in
December 2010. It is designed to assist IOPS members introducing risk-based
supervision (RBS). The modules provide practical guidance, with the case studies
detailing how RBS is implemented in different countries.
The Toolkit draws upon the existing work of the IOPS and its members,
the OECD Working Party on Private Pensions, the World Bank, the International
Association of Insurance Supervisors (IAIS), the Basel Committee on Banking
Supervision (BCBS), the International Organization of Securities Commissions
(IOSCO), and the Committee of European Insurance and Occupational Pensions
Supervisors (CEIOPS).
The IOPS Toolkit for Risk-based Supervision can be accessed at the following
address: www.iopsweb.org
2
http://www.iopsweb.org/toolkit/
IOPS Toolkit
for Risk-based
Pensions
Supervision
The IOPS Toolkit for Risk-based Pensions Supervision is designed to assist IOPS
members introducing risk-based supervision (RBS).
Risk-based supervision (RBS) is a structured approach which focuses on the
identification of potential risks faced by pension plans or funds and the
assessment of the financial and operational factors in place to minimize and
mitigate those risks. This process then allows the supervisory authority to direct
its resources towards the issues and entities which pose the greatest threat.
The Toolkit is broken down into modules providing practical guidance and
includes comprehensive case studies to illustrate how supervisors have dealt
with the challenges inherent in implementing the concepts and techniques of
risk-based supervision.
Toolkit Modules:
Module 0: Introduction to Risk-based Supervision (RBS): definition and reasons for adopting
RBS, how to apply the approach, challenges and lessons learnt.
Module 1: Preparation for Risk-based Supervision: preparing the legislative background,
supervisory readiness and industry skills.
Module 2: Quantitative Risk Assessment Tools: Quantitative tools for measuring risk in
defined benefit (DB) and defined contribution (DC) pension funds and how to integrate these
in overall risk assessments.
Module 3: Identifying Risks: individual entity risk focus, factors and indicators and systemic
risk.
Module 4: Risk Mitigants and Risk Scoring: assessing risk on a net basis, weighting in risk
scoring models and consistency of scores.
Module 5: Supervisory Response: supervisory response matrix, communicating risk
assessments and escalation of supervisory response
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Modules 1 and 2 attempt to step back and look at issues which pension supervisory authorities may wish to
consider as they plan and prepare for the introduction of a risk-based supervisory approach. Module 1
provides a checklist for pension supervisory authorities to consider whether a supportive legislative
environment is in place, whether the pension supervisory authority has the necessary powers and
information to undertake risk-based supervision, and how ready the authority itself and the industry it
oversees are to make the move to risk-based supervision, which in turn will determine the planning and pace
of change. Module 2 looks at the types of quantitative tools which can be integrated into a risk-based system,
with worked examples of each provided.
Modules 3, 4 and 5 look at the risk-based process in more detail.
4
http://www.iopsweb.org/toolkit/
Module 0: Introduction to Risk-based Supervision
Definition
The introduction to RBS discusses how RBS can be
combined with a more traditional, 'rules-based'
approach and how these should be blended
according to the nature of the pension system, the
capacity of the supervisory authority, and the level of
development of the pension industry.
Why Adopt?
RBS has the advantages of maximizing the use of
scare resources, increasing the possibility of spotting
significant problems before they arise and
encouraging pension funds to improve their own risk
management. It has been adopted by IOPS members
to improve efficiency and adapt to changes with the
supervisory structure, the pensions industry and the
financial system in general.
Application
Applying RBS consists of the following steps – which
will need to be adapted to county specific
circumstances.
1. Establishing the objectives of the pension
supervisory authority and consequently its
risk focus
2. Identifying the risks faced by individual
funds and the pension industry that bear on
the pension supervisory authority's
objectives
3. Establishing a methodology for mapping and
weighting risks faced to the authority's
objectives
4. Establishing a quality assurance process
5. Establishing a methodology for allocating
supervisory resources based on the risk
assessments
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Steps in Risk-based Supervision Process
Lessons Learnt
The introduction to the Toolkit finishes by
summarising IOPS members' experiences when
introducing RBS, outlining the challenges they
encountered (from gathering the right information,
to how to look at systemic as well as individual
pension fund risk, to changing the culture of the
supervisory authority), and the lessons they have
learnt – the most important being that RBS is worth
doing.
6
http://www.iopsweb.org/toolkit/
Module 1: Preparation for Risk-based Supervision
Moving to RBS involves changes at both the pension
supervisory authority and the pension industry it
oversees. Against this background, this first module
in the IOPS Toolkit discusses some of the
foundational issues of RBS. It outlines some of the
issues that should be considered before embarking
on the implementation of RBS, notably relating to the
legislative environment and the readiness of the
pension supervisory authority and the pension
industry. The module is accompanied by a
questionnaire to help assess preparedness and to
identify the critical path for implementation and the
pace at which RBS can be rolled out.
Section 1 of Module 1 discusses the legislative
background needed for RBS. RBS requires a legal
foundation that both enables it to be undertaken and
provides the pension supervisory authority with the
appropriate powers to implement it. Changes to
pension legislation may be required to ensure that
the regulatory environment and the powers and
duties of the supervisory authority allow for such a
new approach to be adopted.
This section looks at:
Legislative Approach required for RBS –
including a discussion of prudential
regulation and the prudent person rule;
Legislative support required for RBS –
including setting supervisory objectives and
enhancing risk-based supervisory powers;
Risk-based legislation itself.
Section 2 considers supervisory readiness and the
preparation which pension supervisory authorities
need to undertake whilst moving towards a risk-
based approach. RBS impacts on the internal
structure of the pension supervisory authority as
well as on management/leadership demands. Staff
reorganisation and training will be required –
sometimes extensive. In addition the pension
supervisory authority will need to assess its
information collection to determine whether this is
appropriate for RBS.
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
This section looks at:
Organisational alignment and strategic
planning;
Supervisory skills and culture;
Number and mix of staff - including the
organization structure of the authority
Information collection and processing –
examining information required for RBS,
sources of information and the organization
of information collection
Section 3 considers industry skills and readiness.
RBS not only requires changes in terms of the skills
and culture of the pension supervisory authority, but
also new practices to be adopted by the pension
industry. Under RBS, the various participants in the
pension fund management process are required to
make their own judgments, to implement
appropriate risk management practices, and to be
responsible for their decisions. RBS is a journey that
should be shared by all parties involved and requires
significant communication and guidance from the
supervisory authority.
This section looks at:
Communication and guidance by the
supervisory authority towards industry
practitioners
Quality of supporting professionals
Capital market development
8
http://www.iopsweb.org/toolkit/
Module 2: Quantitative Risk Assessment
Module 2 of the IOPS Toolkit deals with the tools that
can be used by a pension supervisory authority in the
quantitative assessment of risk. Such quantitative
assessments can play an important part in the overall
risk-assessment process which is at the heart of risk-
based supervision. Poor results from these
quantitative tests imply higher levels of residual risk
at the entity which is being analyzed, which the
supervisory authority would then factor into its
overall risk analysis or risk score.
Section 1 looks at the quantitative regulatory
requirements that provide the foundation for the
quantitative assessment of risk.
For Defined Benefit funds these include:
valuation requirements; minimum funding
requirements; factor-based solvency
margins; and stress-related solvency
margins.
For Defined Contribution funds these are:
investment limits: minimum return limits
(guarantees): value at risk limits: and target-
based risk measures.
Risk-based supervision can incorporate these
quantitative regulations into the overall risk-
assessment process in the following three ways:
combining a 'rules-based' and a 'risk-based'
approach – compliance with quantitative
restrictions is checked, and if not met a lower
score would be factored into the overall risk
assessment of the fund;
quantitative requirements can be made more
'risk-based' by testing whether compliance
would still hold in adverse circumstances (i.e.
by stress testing) - the results of these stress-
tests would then be incorporated in the
overall risk score;
where the quantitative regulations are
already risk-based, compliance with these
risk-based regulations would be fed into the
overall risk score.
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Section 2 discusses the following techniques for the
quantitative assessment of risk:
comparison of valuation assumptions
analysis of surplus
roll-forward calculations
duration analysis
sensitivity testing
deterministic stress testing
stochastic stress testing
value at risk (VaR) calculations
Section 3 goes on to discuss integrating
quantitative tools into risk assessments– stressing
that qualitative judgment is also required to assess
the results of these quantitative tests effectively, and
as some factors and issues do not easily lend
themselves to qualitative analysis.
10
http://www.iopsweb.org/toolkit/
Module 3: Identifying Risks
Having collected a range of data (see Module 1),
including the results of quantitative tests (see
Module 2), the pension supervisory authority needs
to develop a method for organising and analysing
this information in order to establish which risks
pose the greatest threat to the supervisory authority
meeting its goals. The pension supervisory authority
needs to first decide which areas to focus on – based
on its objectives and resources - and then identify the
main risks in those areas, as well as indicators which
can help detect if the risk will materialize. Risk has to
be considered on an individual entity and systemic
basis.
This module is designed to help supervisory
authorities move towards risk-based supervision in
order to identify the appropriate risks. The Module
provides suggestions of risks which may be
considered – mapping a supervisory authority's
objectives and risk focus fit together with the risk
factors and risk indicators to be followed. Details of
these steps will be provided in this module, including
examples from IOPS members who are already
employing a risk-based approach.
Section 1 discusses the risk focus of the pension
supervisory authority, as, given limited resources,
supervisors must establish their main areas of focus
before risks can be identified and managed. This
section goes on to discuss how the risk focus will be
driven by:
supervisory objectives;
nature of pension system (whether
Defined Benefit or Defined
Contribution);
risk appetite.
Section 2 looks at individual entity risk factors that
could lead to failure to meet the supervisory
authority's objectives. These are usually classified in
terms of the conventional risks that pension funds
face: market risk, credit risk, actuarial risk,
operational risk, compliance risk, governance risk,
financial crime risk, outsourcing risk, and so on. Risk
indicators are also discussed – i.e. those activities or
events that are likely to result in the risk
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
materializing. This section discusses how indicators
can be quantitative and qualitative in nature.
Section 3 then discusses systemic risk – i.e. risk that
affects all or most supervised entities. Risks can be
identified and assessed on two levels, on a 'micro'
and a 'macro' basis – taking a 'bottom up' approach
and attempting to identify risks at the level of
individual supervised entities, or a 'top down'
approach looking a risk on a sector or thematic basis.
If all entities of a particular type are subject to this
risk, it is not productive to deal with this particular
risk on a fund by fund basis; it should be dealt with
by improving the entire pension system. This section
discusses:
when systemic risk is important (e.g.
during the early stages of the
development of the pension system,
during times of economic difficulty, or
when a supervisor is trying to oversee
hundreds or even thousands of pension
funds);
how systemic risk can be identified (via
surveys, complaints, early warning
systems etc.) and;
integrating system risk into overall risk
assessments (e.g. via pre-populating risk
scores).
12
http://www.iopsweb.org/toolkit/
Module 4: Risk Mitigants and Risk Scoring
Having identified the major risks to meeting its
supervisory objectives (see Module 3), the pension
supervisory authority needs to consider possible
mitigants and controls so that risk is assessed on a
net rather than a gross basis. The authority then
needs to establish a method for weighting these
risks, according to the probability of their occurrence
and their importance and impact on the goals of the
supervisory authority – i.e. a risk scoring model has
to be devised.
Some pension supervisory authorities derive
individual risk-scores for the entities which they
oversee. However, it may not be feasible for
supervisory authorities to derive an individualized
risk score for every single supervised entity –
particularly in pension systems where many
thousands of funds operate. In such cases, supervised
entities are categorized in a simplified way – usually
in terms of their size or impact of failure– with the
funds which have the greatest 'impact' receiving the
greatest supervisory attention (as described in
Module 5).
This module is designed to help supervisory
authorities who wish to build a risk-scoring model
which will be used to guide their supervisory actions.
Section 1 looks at risk mitigants and how to assess
risk on a net basis. Risks can be managed in a variety
of ways, including good corporate governance, a
capable senior management team, well-documented
procedures, strong internal controls, an independent
internal audit function, effective risk management
processes, strong actuarial and financial analysis
capabilities, and comprehensive external audits. Risk
can also be mitigated on a system-wide basis.
However, the most important factor is a pension
fund's risk-management system.
Section 2 considers the how to build risk scores in
more detail, looking at the following:
Weightings - assigned to different risk
categories and controls, driven by external
factors, the nature of the pension system, as
well as the nature, scale and complexity of
the entity's risk being assessed.
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Probability - the overall riskiness of the fund
is often rated according to the probability of
the assessed risks occurring and the impact
which the fund would have on the pension
system in general should anything go wrong.
These steps can be considered separately or
together. Probability can be assessed in a
quantitative way, or more simply in a
qualitative fashion (i.e. the risk score applied
to each entity equating to the probability of
problems occurring).
Impact – most authorities simply use the size
of the fund or entity to capture the damage
that would be inflicted in the adverse event
occurred.
Section 3 considers consistency of scores – which
are usually checked by a central risk unit within the
pension supervisory authority. One of the key
decisions when building a risk-scoring model is
determining how much influence the individual
supervisor should have in devising risk scores vs.
central units.
14
http://www.iopsweb.org/toolkit/
Module 5: Supervisory Response
A fundamental aspect of RBS is that a logical
connection should be made between the outcome of
any risk analysis undertaken (which is described in
detail in Module 4 of the Toolkit) and the nature of
the subsequent supervisory action taken in response.
Pension supervisory authorities may wish to devise a
response matrix to help determine and organize
their supervisory action.
Once the supervisory authority has determined what
supervisory action it should take in response to the
level of risk identified and that response has been
suitably communicated, the authority needs to
determine how to monitor that any actions required
from supervised entities are followed, how to adapt
its own supervisory response accordingly and how to
increase the supervisory pressure should the level of
risk be seen to escalate. In order to carefully 'pitch'
its initial response to a problem in a proportional and
fair fashion, and then follow up in an appropriate
way, supervisory authorities may wish to develop a
'enforcement pyramid'.
Section 1 discusses supervisory response matrix.
The section examines responses to Individual entity
risks (including examples of how to respond to high,
medium and low risk cases) as well as responses to
systemic risk.
Section 2 considers the communication of risk
assessments, including whether and how much
information on the supervisory assessment should
be made known to the supervised entity, and to the
public at large.
Section 3 considers the escalation of the
supervisory response and how enforcement
pyramids can be used to ensure that the supervisor
adapts its approach appropriately, according to the
level of risk posed and the response of the
supervised entity itself.
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Enforcement Pyramid
16
http://www.iopsweb.org/toolkit/
Case Studies and Resources
Case Studies
Along with the examples included in the Modules,
case studies are provided for a number of IOPS
members which have adopted a risk-based approach.
These provide further detail of how a risk-based
methodology has been developed to fit the unique
circumstances in each country. Short video podcasts
have also been provided during which supervisors
from these countries explain their experiences.
Australia Canada
Chile Germany
Hungary Kenya
Macedonia Mexico
Netherlands South Africa
IOPS Toolkit for Risk-based Pensions Supervision
http://www.iopsweb.org/toolkit/
Resources
The IOPS Toolkit for Risk-based Supervision also
provides many resources for the pension supervisor.
A resources page on the Toolkit website provides
PDF files of each module of the Toolkit to be
downloaded as necessary, and graphics files used to
illustrate examples and models are also available.
PowerPoint presentations are for each Module are
provided along with short video podcasts in which
supervisors explain their experiences in adopting
risk-based supervision.
Contacts
For further information on the IOPS Toolkit for Risk-based Supervision, or on the IOPS in general, please
contact us:
President:
Mr. Edward Odundo – odundo@rba.go.ke
Secretariat:
Secretariat
Ms. Nina Paklina – nina.pakli[email protected]
Secretariat:
Ms. Sally Day – sally.day-hanoti[email protected]
www.iopsweb.org
