Gildi Pension Fund is a long-term investor, and its primary aims are to maximize pension payments to fund members and guarantee them the best possible pension rights according to the Articles of Association through premium returns, risk management, and cost-effective operations. The Risk Management Policy deals with the main components and implementation of the Fund's formal risk management, both in terms of financial risk and operational risk. The aim of the policy is to formalise a working method for analysis, assessment, and management of the Fund’s main risk factors, and thus contribute to increased security in the Fund’s operation and a lower likelihood that the rights of fund members to payment of pensions will be reduced.
Gildi’s Board of Directors sets a Risk Policy for the Fund. The Risk Policy covers the operation of Gildi and outsourcing to third parties, both as regards financial risk and operational risk. The Risk Policy defines the risk appetite and risk tolerance of the Fund, and how risk may be analyzed, assessed, monitored, and managed. It includes the role and responsibility of those who implement and supervise risk management and risk control within the Fund. The Fund's investment policy, which is revised at least annually, is an important part of risk management, as it sets out limitations and criteria for the main financial risk factors. The Risk Policy must be reviewed annually, or more often if necessary, for example, if there are significant changes in the Fund's risk profile. The Fund's Board also sets a Risk Management Policy based on the proposal of the person responsible for risk management. The Risk Management Policy covers the implementation of the Fund's risk management in detail.
The Fund’s Risk Policy is based on Act no. 129/1997 on Obligatory Pension Rights Insurance and Pension Funds Operations, Regulation No. 590/2017 on risk control system of pension funds and Regulation no. 916/2009 on investment policy and auditing of the returns of pension funds and custodians of private pension savings, with subsequent amendments. Risk management within the Fund also takes into account ISO standard 31000 on risk management.
Definition of the term risk in Regulation no. 590/2017 on the risk control system of pension funds is as follows: “Risk of financial loss resulting from an event that falls under one or more of the risk factors defined by the pension fund.”
Risk management is defined as the emphases, rules, processes, procedures, methodology, and summary of information used to identify, measure, evaluate, control, and monitor risks in the Fund’s portfolio and operations (in a broad context.)
Efforts should be made to have the organisation of the work components related to risk in Gildi’s operations as simple as possible to ensure traceability and in accordance with the Fund’s other values. Gildi’s Risk policy is intended to support the aim of the Investment Policy of investing the funds of the Fund taking into account the most favourable terms available at any given time in terms of risk.
In general, a prudent approach should be taken when managing the Fund’s risk, and the structure of the portfolio as a whole should take into account indexed obligations in Icelandic króna valued at 3.5% interest towards fund members and the assets of beneficiaries. The aim of risk management is for the Fund’s employees and management to have a good overview of the risk factors present at the Fund and to be able to assess their potential impact on the Fund. In this way, the Fund’s employees are better equipped to manage its risks and, depending on the circumstances, avoid risks, reduce or increase them.
In general, risk control and risk management within Gildi is based on the criteria stated in the Investment Policy and/or Risk Policy. Criteria regarding the performance and risk of the Fund, asset groups and sub-portfolios are defined in Gildi’s Investment Policy and/or Risk Policy In cases where further explanations or definitions are needed, they appear in the Risk Management Policy or other set policies, procedures, and criteria of the Fund.
Risk in Gildi Pension Fund’s operations can be divided into financial risk and operational risk.
Financial risk is related to the Fund’s investment activities, i.e. development of assets and liabilities, as well as cash flow. Financial risks are market risk, counterparty risk, liquidity risk, and liability risk (pension insurance risk.)
The Fund’s operational risk is a risk related to the Fund’s internal operations, which may involve operational elements such as information systems, work processes, or the Fund’s employees. Political risk is part of operational risk, but operational risk also includes other risks related to external events in a pension fund’s operating environment.
Sustainability risk includes risks due to environmental and social issues as well as governance (UFS.) Sustainability risk is related to various risk factors within financial risk and operational risk, i.e. related to the communication, role, and responsibility of the Board, managers, and employees, both internally and towards other stakeholders of the Fund. Gildi has adopted a Shareholder Policy, a Responsible Investments Policy, as well as communication rules and a Code of Ethics to frame relations with the Fund’s main stakeholders, along with other policies related to sustainability risk.
Changes in risk factors can affect assets and liabilities and thus the actuarial position of the mutual pension division and the likelihood of rights being reduced. Thus, changes in risk factors can affect the Fund’s ability to achieve its main objective (accept premiums, preserve and grow assets appropriately, and pay out pensions,) and thus risk tolerance and risk appetite. The main risk factors within the Fund are discussed below. The nature, extent, implementation of risk management, risk measures and control measures for each risk factor, along with the Fund’s attitude towards the risk factor, are described in more detail in the Risk Management Policy.
Market risk is defined as the risk of financial loss on items on and off the balance sheet due to changes in the market value of assets or liabilities, incl. due to changes in currency exchange rates (currency risk,) interest rates (interest, reinvestment and repayment risk,) inflation (inflation risk,) the price of shares and bonds and unit share certificates in funds (yield fluctuations,) as well as inconsistency risk and risk due to off-balance-sheet assets and liabilities. The risk level of market risk is assessed using various risk metrics, e.g. VaR, standard deviation, inflation correlation, and average lifespan.
Counterparty risk is classified into credit risk, consolidation risk, country risk, settlement risk, and custody risk The risk level of counterparty risk is assessed with bond credit rating, expected loss, default analysis, and counterparty concentration.
Liquidity risk can be divided into two: liquidity risk and cash flow risk. The risk level of liquidity risk is assessed through analysis of future cash flows and asset liquidity, amongst other things.
Pension insurance risk is a risk within the mutual insurance division that the rights of fund members have to be reduced because assets do not meet long-term liabilities, due to changes in premiums, actuarial settlement requirements (reduction risk,) demographic factors such as life expectancy and the number of disabled persons and disability probability at the fund, as well as environmental, and rights transfer risk, amongst other things. The risk level of pension insurance risk is assessed by actuarial status, pension burden, and average age of fund members, amongst other things.
Operational risk is the risk due to loss resulting from insufficient or defective internal work processes, mistakes and actions or inaction by employees, fraud, inadequate information systems, or due to external events in the operational environment of pension funds. Operational risk includes personnel risk, fraud risk, IT risk, facility or inadequate security risk, legal risk, and information risk. Other main risk factors of operational risk are outsourcing risk, reputational risk, and political risk (laws and regulations,) all risk factors underlying all the Fund’s activities. The risk level of operational risk is assessed based on the impact and probability of each risk factor.
Risk related to sustainability refers to various risk factors that concern the possibility of companies and institutions to maintain profitable operations and their ability to continue operations in a sustainable manner in the long term. Sustainability risk can be due to the direct or indirect effects of environmental, social or governance factors (UFS.) If the risk materializes, it may have a significant negative impact on the value of the pension fund's assets. The main risk of the Fund related to environmental matters (including climate change,) social issues (including human rights,) and governance, is if investments are made in companies that do not fulfill their legal and/or ethical obligation, which may lead to losses and result in reputational risk for the Fund. The risk level of sustainability risk is assessed based on the impact and probability of each risk factor.
Risk appetite is defined as the risk that the Fund’s Board is willing to take.
Gildi’s risk appetite for the mutual insurance division and private pension schemes with regard to financial risk is defined in the Fund’s Investment Policy, classified by traditional groups of assets, as a gap between tolerance limits in the Investment Policy for each group of assets. It marks the fund’s willingness to spread assets and combine market and counterparty risk down to individual groups of assets at any given time, as well as within each type of domestic bond. The tolerance limits are set in addition to the Investment Policy and portfolio tolerance limits by group type A–F (cf. the supporting document for the Fund’s investment methods in the Investment Policy appendix.)
Gildi’s Investment Policy is made with the aim of investing the funds of the fund members/rightsholders, taking into account the most favorable terms available at any given time in terms of risk.
When formulating the Investment Policy, factors such as annuity burden, actuarial status, age distribution of fund members and rightsholders, future payment flow, current composition of assets, market conditions, risk metrics, and the Fund’s risk tolerance are examined. All of these are factors that influence the formulation of the Investment Policy and thus the Fund’s risk appetite, which can be increased or decreased based on an assessment of the aforementioned factors that make up the Fund’s risk profile.
The Fund’s risk appetite in terms of market and counterparty risk is also defined in more detail with other limitations and criteria in the Investment Policy. For more information, see section 4.9 for the mutual insurance division and section 5.5 for private pension schemes in the Investment Policy, which deal with other limitations and criteria for the Fund’s investment strategies.
The Fund’s risk appetite with regard to liquidity risk is defined by the appropriate criterion of the percentage of easily marketable assets, in the mutual insurance division and private pension schemes. A more detailed description of the liquidity risk criteria can be found in Appendix 1 of the established Risk Management Policy.
The Fund’s risk appetite with regard to operational risk is defined in such a way that risks that threaten the Fund’s ability to achieve its main goal (accept premiums, preserve and grow assets to maximize pension payments to fund members and pay out pensions) should be prevented.
Other criteria for risk mitigation can be found in the Fund’s Investment Policy and Risk Management Policy. The Fund’s attitude towards individual risk factors can also be found in the Risk Management Policy.
The risk tolerance of the Fund’s mutual insurance division and the private pension schemes with regard to financial risk is marked by set tolerances in the Investment Policy, classified according to traditional groups of assets, i.e. maximum and minimum ratios of individual groups of assets together with set tolerances for exchange-rate assets. In case of movement outside the set tolerances, the Fund must take action with appropriate portfolio changes, alongside other actions. A more detailed description of possible actions can be found in the Fund’s Risk Management Policy and procedures.
Also, the long-term risk tolerance of the mutual pension division considers the actuarial status of the division at each time. The fund is legally obliged to take certain measures if an actuarial study reveals a difference greater than 10% between asset items and obligations, or if the difference has stayed over 5% for five consecutive years, cf. Paragraph 2, Article 39 of Act no. 129/1997. Special measures may include changes to the rights of fund members. When assessing which measures are appropriate, consideration is given to looking for long-term solutions and the interests of fund members are the guiding principle. The development of the actuarial situation must be monitored and preventive measures applied if possible. This applies to both assets and liabilities, i.e. of all events that may cause the pension fund to be unable to meet its obligations.
The main risk factors are discussed later in this policy, but risk management, risk metrics and control measures for individual risk factors are discussed in more detail in the Fund’s Risk Management Policy.
Gildi’s Board of Directors is responsible for formulating and establishing a Risk Policy and Risk Management Policy for the Fund, and the Managing Director is responsible for their implementation, both with regard to financial risk and operational risk.
Through the Risk Policy and Risk Management Policy, Gildi’s Board of Directors gives the Managing Director and others to whom it delegates authority, authority to control and manage risk in the Fund’s activities in accordance with what is stated here and within the authority defined here. The Managing Director and others responsible for risk control and risk management at Gildi regularly inform the Fund’s Board of the results and risks of the operations and decisions regarding risk control and risk management.
In Gildi’s organizational chart, there is a separate division, risk control, which reports directly to the Managing Director. Risk control monitors both financial and operational risks, risk measurement of the Fund’s portfolio of assets, the registration of deviations, and follow-up thereof. Risk control must be able to submit a report to the Board about its findings and appropriate measures without intermediaries. The Director of Risk Control is defined as the person responsible for risk management at the Fund and is therefore responsible for the implementation of risk control tasks in consideration of the Fund's activities. Gildi’s Asset Management is responsible for managing the financial risk of the fund, including decisions regarding purchase and sale of securities, in cooperation with the Managing Director and the Board of the Fund, as appropriate at each time. The Managing Director is responsible for managing the operational risk of the Fund in consultation with its Board with decisions on operations. Thus, a separation is achieved between risk control on the one hand and decisions on managing the Fund's risk in investments and operations on the other hand. The Fund's Board, Managing Director, and Asset Management can request the opinion of risk control or an external party when it is relevant.
All employees of the Fund are involved in the implementation of risk management as appropriate and must be aware of the importance of a control system and participate in the implementation of an appropriate risk culture within the Fund. This is done by presenting the Risk Policy and Risk Management Policy in an appropriate way to the employees at all times. Parties involved in decisions related to investment risk familiarise themselves with, and participate in, the formulation of the Risk and Risk Management Policies. In addition, all employees are made aware of the aspects of the policies that relate to their field of work in their job descriptions, the Fund's work processes, and the annual operational risk assessment. Efforts must also be made to ensure that the Fund's control system is set up in a clear and traceable manner, and that work processes and job descriptions reflect the Fund's risk management, control measures, and the control system as a whole.
The heads of departments and directors of the Fund are responsible for ensuring that the risk-mitigating measures they are assigned to carry out are carried out in accordance with work procedures.
Gildi’s office manager handles, amongst other things, management and control of the day-to-day work of the loan, pension, private pension, and premiums divisions, along with the cashier and reception.
The Fund’s head lawyer also acts as a compliance officer and therefore monitors the registration of interests of employees and Board members. The lawyer provides information and legal advice to the Managing Director, Director of Asset Management and other staff of the Fund on, amongst other things, investments, communication with supervising authorities, and the legal framework within which the Fund operates.
The internal auditor reports to Gildi’s Board of Directors and examines whether the Fund’s internal control is in accordance with the Fund’s policy and rules. The auditor assesses the Fund’s control system and supervises the implementation of the Fund’s Risk Policy and Risk Management Policy.
The Risk Policy, Risk Management Policy and amendments to them are submitted to Gildi’s Board of Directors for approval after receiving the opinion of the Fund’s Audit Committee, which assesses the effectiveness and organisation of the Risk Policy and Risk Management Policy.
Every year, an own risk assessment of the Fund’s operations shall be carried out, where the Fund’s Board is an active participant by shaping the implementation of the risk assessment, by, amongst other things, reviewing the process, criteria, and results of the assessment. It must also be assessed whether the Risk Policy and Investment Policy are appropriate in accordance with the result of the own risk assessment.
Own risk assessment covers, e.g. analysis of the main risk factors, a description of the actions and criteria of the assessment, the results of control actions with and without risk measures and, when applicable, risk mitigating actions and the actions that Gildi Pension Fund intends to take if a risk materialises. Scenario analyses, sensitivity analyses and stress tests are used in the risk assessment, to assess, amongst other things, how risk taking aligns with the Fund’s obligations and the effectiveness of risk-mitigating actions, as appropriate.
In order to determine the importance of risk factors, the Fund evaluates the impact of each risk factor based on the probability that the risk will materialize and the impact on its assets and liabilities. The assessment considers, amongst other things, the risk metrics associated with each risk factor, their development, scenario analyses, stress tests, and other control measures carried out during the year.
It is assumed that the own risk assessment is available three months after the Fund’s Financial Statements are available. Before 30 June each year, a report on own risk assessment is sent to the Financial Supervisory Authority. The results of the own risk assessment are presented to the Fund’s employees, and they are taken into account when making decisions and other actions in the Fund’s daily operations when appropriate.
A more detailed discussion of own risk assessment can be found in the Risk Management Policy and in the report on own risk assessment.
A deviation is defined as an event that has a significant financial or operational impact on the Fund, an IT deviation, a deviation from the set criteria and limits in the Investment, Risk, and Risk Management Policies, or a deviation from compliance with investment authorizations. Possible deviations must be immediately reported to the relevant managers of the Fund, i.e. to the Managing Director and Director of Risk Control, along with the Director of Asset Management, the Director of Information Technology, and/or the Office Manager as appropriate. Subsequently, the respective managers shall evaluate whether it is a confirmed deviation.
All confirmed deviations must be reported to the Board as soon as possible. If there is a confirmed deviation, the Financial Supervisory Authority must also be notified, and this should be done in accordance with the applicable rules and guidelines at each time.
A log of deviations must be maintained and every effort must be made to respond to deviations as quickly as possible and, as the case may be, to minimise the possible damage that may result from them.
Reykjavík, 18 April 2024