As part of a panel this morning on pension risk management in San Francisco for The Pension Bridge 2012, I was happy to get feedback from lots of people who found the session helpful. While an hour is scant time to address such a critical topic, some of the observations from the session are noteworthy.
- Everyone on the panel linked pension risk management to governance, adding that those in charge have to acknowledge the importance of identifying uncertainties and allocating resources accordingly before a robust process can begin.
- An early morning speaker cited risk management as the most important topic being discussed by pension boards today. Yet few in the audience raised their hands when asked how many pension funds had risk management policies and procedures in place.
- Trying to explain the disconnect between perception and reality is tough. Some panelists suggested that the difficulty in trying to define risk is part of the reason why discussions have not yet led to actions.
- I commented that operational risks are not going to be picked up by standard financial metrics yet cannot be ignored.
- My suggestion to the pension fund trustees in the audience was to meet with plan counsel in order to understand their duties and obligations. Inviting a fiduciary liability insurance professional to that same meeting might be helpful in identifying risk governance gaps that could cost a plan more money in premiums. Even better yet would be the hiring of an independent third party to conduct a fiduciary audit of the pension plan's investment processes to discern where internal controls should be improved.
- I disagree with comments made by one of my fellow panelists about the role of the Chief Investment Officer in leading the risk management function. An industry best practice touted by many experts is to have a separate Chief Risk Officer who reports to the Board and who is given sufficient latitude to say "no" to the investment team when they start to take on too much uncompensated risk.
The take away for me from the risk management session today is that many organizations still do not embrace the urgent need to properly identify, measure and manage a large number of financial, operational and fiduciary risks. This is not a good thing. Talking about risk management and the related governance process is a step in the right direction but not enough by far.