Gildi Pension Fund is a long-term investor and aims to maximise pension payments to fund members and guarantee them the best possible pension rights through premium returns, risk management and cost-effective operations. The Risk Management Policy deals with the main components and implementation of the fund’s formal risk management, both in terms of financial risk and operational risk. The aim of the policy is to formalise a working method for analysis, assessment and management of the fund’s main risk factors and thus contribute to increased security in the fund’s operation and a lower likelihood that the rights of fund members to payment of pensions will be reduced.
Gildi’s Board of Directors sets the Risk Policy for the fund. The Risk Policy covers Gildi’s operations and outsourcing to third parties, both in terms of financial risk and operational risk. The Risk Policy defines the risk appetite and risk tolerance of the fund and how to identify, evaluate, monitor and manage risk. In addition, the roles and responsibilities of those involved in the implementation of risk management and risk control within the fund are stated. The fund’s Investment Policy, which is revised at least annually, is an important part of risk management as it sets forth limitations and criteria for the main financial risk factors. The Risk Policy must be reviewed annually, or more often if necessary, i.a. if there are significant changes in the fund’s risk profile. The fund’s Board also sets a Risk Management Policy based on the proposal of the person responsible for risk management. The Risk Management Policy covers the implementation of the fund’s risk management in detail.
The fund’s Risk Policy is based on Act No. 129/1997 on the Mandatory Insurance of Pension Rights and the Operation of Pension Funds, Regulation 590/2017 on the monitoring system for the risk of pension funds and Regulation no. 916/2009 on investment policy and auditing of the returns of pension funds and custodians of private pension savings, with subsequent amendments. Risk management within the fund also takes into account ISO standard 31000 on risk management.
The definition of the term risk in Regulation No. 590/2017 on the risk control system of pension funds is as follows: “Risk of financial loss resulting from an event that falls under one or more of the risk factors defined by the pension fund.”
Risk management is defined as the emphases, rules, processes, procedures, methodology and summary of information used to identify, measure, evaluate, control and monitor risks in the fund’s portfolio and operations (in a broad context).
Efforts should be made to have the organisation of the work components related to risk in Gildi’s operations as simple as possible to ensure traceability and in accordance with the fund’s other values. Gildi’s Risk Policy is intended to support the goal of the Investment Policy, to invest the funds of the fund taking into account the most favourable terms available at any given time in terms of risk.
In general, a prudent approach should be taken when managing the fund’s risk, and the structure of the portfolio as a whole should take into account indexed obligations in Icelandic króna valued at 3.5% interest towards fund members and the assets of beneficiaries. The aim of risk management is for the fund’s employees and management to have a good overview of the risk factors present at the fund and to be able to assess their potential impact on the fund. In this way, the fund’s employees are better equipped to manage its risks and, depending on the circumstances, avoid risks, reduce or increase them.
In general, risk control and risk management within Gildi is based on the criteria stated in the Investment Policy and/or Risk Policy. Criteria regarding the performance and risk of the fund, asset groups and sub-portfolios are defined in Gildi’s Investment Policy and/or Risk Policy. In cases where further explanations or definitions are needed, they appear in the Risk Management Policy or other set policies, procedures and criteria of the fund.
Gildi Pension Fund’s risk is divided into financial risk and operational risk.
Financial risk is related to the fund’s investment activities, i.e. development of the fund’s assets and liabilities as well as cash flow. Financial risks are market risk, counterparty risk, liquidity risk and liability risk (pension insurance risk).
The fund’s operational risk is a risk related to the fund’s internal operations, which may involve operational elements such as information systems, work processes or the fund’s employees. Political risk is part of operational risk, but operational risk also includes other risks related to external events in a pension fund’s operating environment.
Management and responsible investments (UFS) are related to various aspects of financial risk and operational risk, i.e. related to the communication, role and responsibility of the Board, managers and employees, both internally and towards other stakeholders of the fund. Gildi has adopted a Shareholder Policy, a Responsible Investments Policy (UFS) as well as communication rules and a Code of Ethics to frame relations with the fund’s main stakeholders, along with other policies related to governance. The fund’s Articles of Association set rules for the role, purpose and activities of the fund, the status of fund members and their rights and obligations, the appointment and mandate of the Board and the Annual General Meeting.
Changes in risk factors can affect assets and liabilities and thus the actuarial position of the mutual insurance division and the likelihood of rights being reduced. Thus, changes in risk factors can affect the fund’s ability to achieve its main objective (accept premiums, preserve and grow assets appropriately and pay out pensions) and thus risk tolerance and risk appetite. The main risk factors within the fund are discussed below. The nature, extent, implementation of risk management, risk measures and control measures for each risk factor, together with the fund’s attitude towards the risk factor, are described in more detail in the Risk Management Policy.
Market risk is defined as the risk of financial loss on items on and off the balance sheet due to changes in the market value of assets or liabilities, incl. due to changes in currency exchange rates (currency risk), interest rates (interest, reinvestment and repayment risk), inflation (inflation risk), the price of shares and bonds and unit share certificates in funds (yield fluctuations), as well as inconsistency risk and risk due to off-balance-sheet assets and liabilities. The risk level of market risk is assessed using various risk metrics, e.g. VaR, standard deviation, inflation correlation and average lifespan.
Counterparty risk is classified into credit risk, consolidation risk, country risk, settlement risk and custody risk. The risk level of counterparty risk is i.a. assessed with bond credit rating, expected loss, default analysis and counterparty concentration.
Liquidity risk is divided into two: selling risk and cash flow risk. The risk level of liquidity risk is i.a. assessed through analysis of future cash flows and asset liquidity.
Pension Insurance Risk (Liability Risk)
Pension insurance risk is a risk within the mutual insurance division that the rights of fund members have to be reduced due to changes in the actuarial status of the fund, i.a. due to changes in premiums, actuarial settlement requirements (reduction risk), demographic factors such as life expectancy and the number of disabled persons and disability probability at the fund, as well as environmental and rights transfer risks. The risk level of pension insurance risk is i.a. assessed by actuarial status, pension burden and average age of fund members.
Operational risk is the risk due to loss resulting from insufficient or defective internal work processes, mistakes and actions or inaction by employees, fraud, inadequate information systems or due to external events in the operational environment of pension funds. Operational risk includes personnel risk, fraud risk, IT risk, facility or inadequate security risk, legal risk and information risk. Other main risk factors of operational risk are outsourcing risk, reputational risk and political risk (laws and regulations), all risk factors underlying all the fund’s activities. The risk level of operational risk is assessed based on the impact and probability of each risk factor.
Risk appetite is defined as the risk that the fund’s Board is willing to take.
Gildi’s risk appetite for the mutual insurance division and private pension schemes with regard to financial risk is defined in the fund’s Investment Policy, classified by traditional groups of assets, as a gap between tolerance limits in the Investment Policy for each group of assets. It marks the fund’s willingness to spread assets and combine market and counterparty risk down to individual group of assets at any given time, as well as within each type of domestic bond. The tolerance limits are set in addition to the Investment Policy and portfolio tolerance limits by group type A–F (cf. the supporting document for the fund’s investment methods in the Investment Policy appendix).
Gildi’s Investment Policy is made with the aim of investing the funds of the fund members/rightholders, taking into account the most favourable terms available at any given time in terms of risk.
When formulating the Investment Policy, factors such as annuity burden, actuarial status, age distribution of fund members and rightholders, future payment flow, current composition of assets, market conditions, risk metrics and the fund’s risk tolerance are examined. All of these are factors that influence the formulation of the Investment Policy and thus the fund’s risk appetite, which can be increased or decreased based on an assessment of the aforementioned factors that make up the fund’s risk profile.
The fund’s risk appetite in terms of market and counterparty risk is also defined in more detail with other limitations and criteria in the Investment Policy. For more information, see section 4.9 for the mutual insurance division and section 5.5 for private pension schemes in the Investment Policy, which deal with other limitations and criteria for the fund’s investment strategies.
The fund’s risk appetite with regard to liquidity risk is defined by the appropriate criterion of the percentage of easily marketable assets, in the mutual insurance division and private pension schemes. A more detailed description of the liquidity risk criteria can be found in Appendix 1 of the established Risk Management Policy.
The fund’s risk appetite with regard to operational risk is defined in such a way that risks that threaten the fund’s ability to achieve its main goal (accept premiums, preserve and grow assets to maximise pension payments to fund members and pay out pensions) should be prevented.
Other criteria for risk mitigation can be found in the fund’s Investment Policy and Risk Management Policy. The fund’s attitude towards individual risk factors can also be found in the Risk Management Policy.
Risk tolerance of the fund’s mutual insurance division and the private pension schemes with regard to financial risk is marked by set tolerances in the Investment Policy, classified according to traditional groups of assets, i.e. maximum and minimum ratios of individual groups of assets together with set tolerances for exchange-rate assets. In case of movement outside the set tolerances, the fund must take action, i.a. with appropriate portfolio changes. A more detailed description of possible actions can be found in the fund’s Risk Management Policy and procedures.
In addition, the mutual insurance division’s long-term risk tolerance takes into account the actuarial position of the division at any given time. According to the law, the fund must take special measures if an actuarial examination reveals a greater than 10% difference between assets and liabilities or if the difference has remained greater than 5% continuously for five years, cf. Paragraph 2, Article 39 of Act No. 129/1997. Special measures may include changes to the rights of fund members. When assessing which measures are appropriate, attention is paid to looking for long-term solutions with the interests of fund members as a guiding principle. The development of the actuarial situation must be monitored and preventive measures applied if possible. This applies to both assets and liabilities, i.e. all events that may cause the pension fund to be unable to meet its obligations.
The main risk factors are discussed later in this policy, but risk management, risk metrics and control measures for individual risk factors are discussed in more detail in the fund’s Risk Management Policy.
Gildi’s Board of Directors is responsible for formulating and establishing a Risk Policy and Risk Management Policy for the fund, and the Managing Director is responsible for their implementation, both with regard to financial risk and operational risk.
Through the Risk Policy and Risk Management Policy, Gildi’s Board of Directors gives the Managing Director and others to whom it delegates authority, authority to control and manage risk in the fund’s activities in accordance with what is stated here and within the authority defined here. The Managing Director and others responsible for risk control and risk management at Gildi regularly inform the fund’s Board of the results and risks of the operations and decisions regarding risk control and risk management.
In Gildi’s organisational chart, there is a special division, risk control, which reports directly to the Managing Director. Risk control monitors both financial and operational risks, risk measurements of the fund’s portfolio, registration of deviations and their follow-up. Risk control must be able to submit a direct report to the Board of Directors on its findings and propose appropriate measures regarding investment restrictions. The director of risk control is defined as the person responsible for risk management at the fund. Gildi’s asset management has the role of managing the fund’s financial risk, i.a. with decisions on the purchase and sale of securities, in consultation with the Managing Director and the Board of the fund as appropriate. The Managing Director is responsible for managing the operational risk of the fund in consultation with its Board through decisions on operations. Thus, a separation is achieved between risk control on one hand and decisions on managing the fund’s risk in investments and operations on the other hand. The fund’s Board, Managing Director and asset management can request the opinion of risk control or an external party when it is relevant.
All employees of the fund are involved in the implementation of risk management as appropriate and must be aware of the importance of a control system and participate in the implementation of an appropriate risk culture within the fund. This is done, i.a. by presenting the risk policy and risk management policy to the employees in an appropriate way at all times. Parties involved in decisions related to investment risk familiarise themselves with, and participate in, the formulation of risk and risk management policies. In addition, all employees are made aware of the aspects of the policies that relate to their field of work in their job descriptions, the fund’s work procedures and the annual operational risk assessment. Efforts must also be made to ensure that the fund’s control system is set up in a clear and traceable manner and that work processes and job descriptions reflect the fund’s risk management, control measures and the control system as a whole.
The heads of departments and directors of the fund are responsible for ensuring that the risk mitigating measures they are assigned to carry out are carried out in accordance with work procedures.
Gildi’s office manager handles, i.a. management and control of the day-to-day work of the loan, pension, private pension and premiums divisions, along with the cashier and reception.
The fund’s lawyer also acts as a compliance officer and therefore monitors the registration of interests of employees and Board members. The lawyer provides information and legal advice to the Managing Director, Director of Asset Management and other staff of the fund on, i.a. investments, communication with supervising authorities and the legal framework within which the fund operates.
The internal auditor reports to Gildi’s Board of Directors and examines whether the fund’s internal control is in accordance with the fund’s policy and rules. The auditor, i.a. assesses the fund’s control system and supervises the implementation of the fund’s Risk Policy and Risk Management Policy.
The Risk Policy, Risk Management Policy and amendments to them are submitted to Gildi’s Board of Directors for approval after receiving the opinion of the fund’s Audit Committee, which assesses the effectiveness and organisation of the Risk Policy and Risk Management Policy.
Every year, an own risk assessment of the fund’s operations shall be carried out, where the fund’s Board is an active participant by shaping the implementation of the risk assessment, i.a. by reviewing the process, reviewing the criteria and results of the assessment. It must also be assessed whether the Risk Policy and Investment Policy are appropriate in accordance with the result of the own risk assessment.
Own risk assessment covers, i.a. analysis of the main risk factors, a description of the actions and criteria of the assessment, the results of control actions with and without risk measures and, when applicable, risk mitigating actions and the actions that Gildi Pension Fund intends to take if a risk materialises. Scenario analyses, sensitivity analyses and stress tests are used in the risk assessment, i.a. to assess how risk taking aligns with the fund’s obligations and the effectiveness of risk mitigating actions, as appropriate.
In order to determine the importance of risk factors, the fund evaluates the impact of each risk factor based on the probability that the risk will materialise and the impact on its assets and liabilities. The assessment considers, i.a. the risk metrics associated with each risk factor, their development, scenario analyses, stress tests and other control measures carried out during the year.
It is assumed that the own risk assessment is available three months after the fund’s Financial Statements are available. Before 30 June each year, a report on own risk assessment is sent to the Financial Supervisory Authority. The results of the own risk assessment are presented to the fund’s employees, and they are taken into account when making decisions and other actions in the fund’s daily operations when appropriate.
A more detailed discussion of own risk assessment can be found in the Risk Management Policy and in the report on own risk assessment.
A deviation is defined as an event that has a significant financial or operational impact on the fund, a deviation from the set criteria and limits in the Investment, Risk, and Risk Management Policies or a deviation from compliance with investment authorisations.
The Director of Risk Control shall immediately report to the Managing Director and the Director of Asset Management deviations from the set criteria of the Investment, Risk and Risk Management Policies or investment authorisations, and other cases that could possibly have a significant impact on the fund, related to financial risk.
The Director of Risk Control shall immediately report to the Managing Director and the Office Manager deviations from the set criteria of the Investment, Risk and Risk Management Policies or investment authorisations, and other cases that could possibly have a significant impact on the fund, related to operational risk.
The Board of Directors and the Financial Supervisory Authority (FSA) must be informed of all confirmed deviations as early as possible. In the case of possible deviations, the Managing Director and Director of Risk Control, along with the Director of Asset Management or Office Manager as appropriate, must assess whether there is indeed a deviation and whether the Board and the FSA should be notified of the incident.
If a deviation occurs, as mentioned, it must be reported to the FSA as soon as possible, but no later than within 10 working days, as well as information regarding the fund’s response to the specified deviation. Deviations in the operation of information systems must be reported to the FSA as early as possible, but no later than 4 hours after it has been confirmed that there is a deviation.
A log of deviations must be maintained and every effort must be made to respond to deviations as quickly as possible and, as the case may be, to minimise the possible damage that may result from them.
Reykjavík, 20 April 2022