United Kingdom

Risk Management: IORP II requirements

The IORP II requirements place significant focus on improving the risk management function in order to ensure that:

  • own-risk assessments are carried out triennially, or after any significant change in risk profile
  • risk management is integrated into all management processes & decision making
  • risk is considered from the perspective of members and beneficiaries, including the risk of benefit reductions or loss of indexation.

A risk management system is required comprising strategies, processes and procedures, with independent actuarial input where appropriate, to identify, measure, monitor, manage and report risks, including:

  • Underwriting and reserving
  • Asset-liability management
  • Investment, in particular derivatives, securitisations and similar commitments
  • Liquidity and concentration risk management
  • Insurance and other risk-mitigation techniques
  • Environmental, social and governance risks relating to investment assets
  • Operational risks

The own-risk assessment must describe how it is used in the management and decision-making processes, and must include assessment of:

  • preventions of conflicts of interest where the sponsor carries out functions, or where outsourcing in place
  • funding needs, including any recovery plan
  • operational risks in a qualitative manner
  • protection mechanisms (eg guarantees, sponsor covenants, insurance, government/industry protection) in a qualitative manner
  • new and emerging risks, including environmental, and regulatory risks related to investments
  • the overall effectiveness of the risk management system.

Back to main IORP page.

Read more on the IORP requirements around governance and member communication.