Post on 06-Mar-2018
3 Development of a risk appetite for Dutch pension funds
3.1 Introduction
This chapter provides practical guidance to develop and implement a risk appetite framework.
First, the theory of risk appetite by the Institute of Risk Management (IRM, 2011) is introduced
in paragraph 3.2, followed by theoretical models from the IRM (2011), COSO (2004) and
Pensioenfederatie (2012) & KPMG (2008) (paragraphs 3.3 to 3.5).
Building upon the theory and (personal) experience, a practical model is developed in
paragraph 3.6 and the remainder of this chapter. This model is dynamic, in the sense that it
serves as a starting point for further discussion. By reflections of Risk Managers, Board
members and other experts and sharing of good practices, the model can be strengthened. To
facilitate the sharing among the pension field, this entire chapter is published on the blog:
http://riskappetitepensionfunds.wordpress.com/2013/05/01/risk-appetite-for-pension-funds/
3.2 Theory of Risk Appetite
The Institute of Risk Management (IRM, 2011) defines the concept risk appetite as the
„willingness to take risks in order to meet strategic objectives‟. To explain this theoretical
concept, the risk appetite is contrasted with the familiar – and sometimes therefore confusing –
subject of risk tolerance. The difference is stated clearly in Figure 3.1, published by the IRM
(2011, p.8).
Figure 3.1: Risk tolerance and risk appetite presented by The Institute of Risk Management (2011, p.8)
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 2
To explain the picture, the IRM states that the expected performance of a company is shown in
Diagram 1. In the case of a pension fund, one might think of the performance of the funding
ratio. Since the performance of a portfolio is uncertain or so to say stochastic, the expected
future outcomes show variability (Diagram 2). The fan of all possible good and bad future
outcomes is shown in Diagram 3, and is called the risk universe (IRM, 2011, p.8). It is assumed
that the risk tolerance of an organization lies within the risk universe. The risk tolerance is
described by the IRM as „the lines in the sand beyond which the organisation will not move
without prior board approval‟ (Diagram 4, IRM, 2011, p.14). In terms of a pension fund, the risk
tolerance can e.g. indicate the maximum loss the fund is willing to take with respect to a certain
asset clas, or the portfolio as a whole. Where risk tolerance is seen as the line a pension fund
must not cross, the risk appetite is seen as the risk the pension funds actually strives for, or
actively decides to get exposed to in order to meet its return proposition. Typically it is assumed
that the risk appetite is smaller than the risk tolerance (Diagram 5, IRM, 2011, p.14). This last
point is in my opinion open for debate. In the recent financial crisis we have seen that Dutch
pension funds crossed the barriers of their risk tolerance. This might have been the result of a
risk appetite which is bigger than the risk tolerance and/or this might have been the
consequence of not explicitly knowing and defining the risk appetite in the first place.
3.3 Theoretical model by the Institute of Risk Management
The Institute of Risk Management has formed risk appetite framework, which will be explained
below in Figure 3.2. The framework is shown as sign of recognition for the thoroughness and
theoretical value. A such, the framework provides inspiration for building a model for the Dutch
pension sector (paragraph 3.6).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 3
Figure 3.2: Building blocks of risk appetite framework by the IRM (IRM, 2011, p.16).
Working from outside-in, several characteristics of the model – which will be used to developing
a model for Dutch pension funds – are summarized below.
The model recognizes the importance of risk capacity (the ability to carry risks) and the
risk maturity of an organization. The IRM stresses that a risk appetite is not „one size fits
all‟ (IRM, 2011, p.17) and that there is no use in developing a sophisticated risk appetite
when the organizational maturity to manage the risk appetite is low.
The IRM states that risk management maturity can be measured on four dimensions: the
business context, processes, systems and culture (IRM, 2011, p.19). The dynamics of
risk maturity imply an equal dynamic nature of the risk appetite.
From the inner building blocks it is shown that risk appetite is set at strategic, tactical
and operational levels (IRM, 2011, p17), and it indicates that embedding risk appetite
throughout the organization is one of the bigger challenges.
The IRM stresses the importance of measuring the risk appetite. This is the only way to
give meaning to the concept risk appetite. The IRM states that risk measurement will
predominantly take place at operational level, where risk taking decisions are set at the
strategic level (IRM, 2011, p.17).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 4
3.4 Enterprise Risk Management model by COSO
A very well-known Enterprise Risk Management model is developed by the Committee of
Sponsoring Organizations of the Treadway Commission (COSO, 2004). The COSO cube is
presented in Figure 3.3.
Figure 3.3: The COSO cube (COSO, 2004)
COSO forms the basis of Risk Management for many Dutch pension funds (Pensioenfederatie,
2012). Although, in practice the pension funds have started building their risk management
bottom-up, by identifying risks, assessing risks, controls, and implementing monitoring &
reporting activities. The missing link between current risk management in practice and future
risk management is at the top of the pyramid: strategy/setting risk appetite, linking the
operational risk management frameworks to strategy. This is a key level in the COSO-cube
shown in Figure 3.3, marked as „internal environment‟. According to COSO (2004), the tone of
the organization is determined in the internal environment and here the risk appetite is set.
3.5 Clover Leaf model of Atos and Integral Risk Management by Pensioenfederatie/KPMG
The models of the IRM (2011) and COSO (2004) put emphasis on embedding the risk appetite
throughout the organization, and draw the attention to setting a risk appetite at the strategic
level. In addition to these models it is worthwhile to mention two models of organizational
effectiveness, which focus on the relation between strategic goals and operational design
(Figures 3.4 and 3.5).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 5
Figure 3.4 Clover Leaf from Atos Consulting (Atos Consulting, 2007, p.6)
Figure 3.5: Integrated Risk Management model by the Pensioenfederatie (2012, p.11) based on the model
from KPMG (2008, p.54)
Both models emphasis that organizational effectiveness or effectiveness of an Integrated Risk
Management approach can only be achieved with the right people and culture (mensen),
management & organization (governance), infrastructure (middelen/infrastructuur), processes
and –mentioned as a separate category by the Pensioenfederatie/KPMG – reporting
(rapportage).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 6
3.6 Building and implementing a Risk Appetite model for Dutch pension funds
3.6.1 Introduction and assumptions
The frameworks discussed in the former paragraph provide input for building and implementing
a model for the Dutch pension funds sector. Especially the Risk Appetite model by the IRM
(2011) and the Enterprise Risk Model by COSO (2004) provide building bricks for the
connection between the strategic-tactic-operational levels. Before the model is shown in Figure
3.6, it is stated the model should meet certain conditions. The model should be:
Practical and non-complicated, it should be one picture which can be explained in 1 or 2
minutes (it should speak for itself).
It should incorporate all the learning the pension sector has gone through in the past
years. I.e. it should incorporate insights from experiences with risk assessments under
FIRM (De Nederlandsche Bank, 2005) and ALM-studies.
It should incorporate both theoretical insights and practical learning of organizations like
COSO (2004) and the IRM (2011), Pensioenfederatie (2012)/KPMG (2008), instead of
reinventing theory.
It should be serve as a guidance to implementation. Therefore, both the theoretical
building bricks and implementation guidelines from the IRM, the pension field and own
(practical and theoretical) experiences are incorporated.
The model should be tested in the pension sector. Therefore the model and text of this
chapter will be published on a blog, which will be announced to risk managers/Board
members of pension funds. The model will then serve as a start for the further interview
with experts in the field, sharing best practices.
The former bullets implicate that the model is dynamic and built upon shared and ever
growing knowledge from theory and practice.
It should be stated that creating a risk appetite model, as with all models, rests on
assumptions and is therefore subject to model risk (paragraph 3.11).
The proposed model is presented in Figure 3.6 and will be explained in detail in the following
subparagraph.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 7
Figure 3.6: A practical model to determine and implement a risk appetite for pension funds
3.6.2 Overview of the model
From Figure 3.6 the following observations are made:
The Risk Appetite is embedded in the organization, at strategic, tactic and operational
level. At strategic level, the focus is more on setting a risk appetite and on operational
level it is more concerned with monitoring/reporting, conform the theoretical model of the
IRM (2011).
As stated before, the learning the pension field has gone through with respect to ALM-
studies and risk assessments is taken into account when developing a risk appetite
(input).
A necessary and integral part of forming a risk appetite – or more general to implement a
successful (Risk Management) strategy – is the organizational culture. This is a two-way
process. The tone at the top and cascading of the organizational culture ánd bottom-up
signaling contribute to (reform of) the organizational culture.
The link between forming and implementing a risk appetite and financial/economic
outcomes (e.g. losses; performance indicators) and technical outcomes (e.g. adequacy
of systems and procedures) is explicitly shown in the model. The measurements of
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 8
financial/economic and technical outcomes provide feedback to the setting and
implementation of the risk appetite at strategic-tactic-operational levels.
These feedback loops indicate that setting and implementing a risk appetite is a
continuous and context specific process. This statement is comparable with the IRM
framework, that place the organization in the ever changing environment (IRM, 2011,
p.16).
The bits and pieces of the model will be discussed in the remainder of this chapter.
3.7 Strategic level: developing a risk appetite
The risk appetite is developed at the strategic level. Input to set the risk appetite can come from
guidance from the IRM (2011), and past experience from the pension field with developing risk
assessment frameworks and ALM-studies.
3.7.1 Guidance from the IRM to facilitate a strategic discussion of the risk appetite
In their guidance paper Risk Appetite and Tolerance, the IRM (2011) provides a list of 25
practical questions to discuss with the Board (IRM, 2011, p.10). These questions cover:
The background of the risk appetite: which risks does the Board want to take/to avoid?
Are the strategic objectives of the organization clearly defined (IRM, 2011, p.10).
Designing a risk appetite: does the Board have insight in the capabilities, risk maturity
and risk culture of the organization (IRM, 2011, p.10). This will be discussed further in
paragraph 3.10.
Constructing a risk appetite: is the Board addressing all relevant risks (IRM, 2011, p.10).
The recommendations 2 to 5 (paragraph 3.7) show how to detect relevant risks and how
to discuss them with the Board.
Implementing a risk appetite: one of the questions is, whether the views of external
stakeholders are taken into account (IRM, 2011, p.10). The important relation between
the Board and its subcontractors will be discussed in paragraph 3.8.
Governing a risk appetite: an important question here is whether the Board has a risk
committee to oversee the development and monitoring of the risk appetite framework
(IRM, 2011, p.10). This will be discussed further 3.12 (the role of the risk manager).
Final thoughts: Here the question is addressed what the Board should do/change in the
future, hereby stressing the ongoing dynamic character of the risk appetite (IRM, 2011,
p.10).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 9
The former questions are not limitative. It is worthwhile to read the guidance paper by the IRM
(2011) in depth to get inspired.
Recommendation 1: When developing a risk appetite, guidance questions by e.g. the IRM
(2011) facilitate the Board discussions.
3.7.2 Build on experience with risk assessment frameworks
In this report, it might be suggested that pension funds are not that far with implementing a risk
appetite. It is true that many funds are in the early days of developing an appetite (chapters 1
and 2). On the other hand, pension funds have spend an enormous amount of time to develop a
risk assessment framework (chapters 1 and 2). The risk assessment and risk
measurement/monitoring phase the funds have gone through can be seen as the first and most
important step to develop a risk appetite later on. First of all, from no risk management to
implementing a risk assessment framework requires that „the tone at the top‟ has changed
already towards risk mindedness. Assessing the risks, means that pension funds at least have
developed a feeling about the most important financial and non-financial risks. Getting from the
assessment framework to a risk appetite, in my opinion only requires two extra steps. First, the
risk tolerance boundaries per assets class and on portfolio level should be set (see Figure 3.1,
IRM, 2011). Funds now know which risks they take, and in some extent they discuss the
desirability of these risks. They determine whether they avoid, transfer, mitigate, reinsure
certain risks. And they make qualitative and quantitative impact analyses (see chapters 1 and
2). The extra mile is, to translate the chance*impact analyses – which is descriptive – into the
perceived ability of the fund to bear the risk. The second step is then to discuss, which risk is
actively desired – taking into account the tolerance levels.
Recommendation 2: Use the risk assessment framework – qualitative and/or quantitative
chance*impact analysis of risk categories – to discuss the ability and desirability to bear risks.
3.7.3 Build on experience with ALM-studies:
When taking into account financial risks the former advice is already followed by many pension
funds. When pension fund Boards discuss the feasibility of the (new) pension contract, they use
ALM-studies as a forecasting tool. The (personal) experience is that performing ALM-studies
and interpreting output from ALM-studies can be quite a technical exercise. Pension fund
Boards typically hire ALM-consultants to perform ALM-studies upon the Board‟s request.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 10
ALM-consultants are merely specialists in quantitative risk management and typically have a
background in econometrics/mathematics/physics. The typical Board member of a pension
funds might struggle to consume this technical information and has an even more difficult task
to challenge the consultants. Since being „in control‟ and acting as a „countervailing‟ party are
important requirements a modern Board member should meet (e.g. De Nederlandsche Bank,
2011), practical knowledge of ALM-studies – especially where this contributes to forming an
opinion about the risk appetite – is a necessity.
To give the Board guidance when using ALM-studies as an instrument for developing a risk
appetite, two practical advices can be given. First of all, the right questions – which relate risk-
return decisions to the strategic goals – should be asked. ALM-consultants, or risk managers
directly working for the Board can guide an ALM-session. Fiduciary asset managers who have
their own ALM-departments can contribute from a technical point of view. However, the Board
should always take into account that they are in charge, and should assure itself that it can
operate independent and „countervailing‟ towards advising parties.
Typical questions an ALM-session should cover, could be:
What is the desired pension outcome the Board pursues. Which nominal or real pension
would they guarantee with xx% certainty? Which is the minimum pension outcome which
is still acceptable? This question gives insight in the risk tolerance (IRM, 2011).
What may be the maximum loss (in funding ratio or Euro‟s) the Board is willing to take?
This question also gives some insight in the risk tolerance (IRM, 2011).
What is the variability in pension outcomes that the Board accepts/pursues? It is better
to have a lower – but almost certain – pension outcome? Or is it better to have a high
pension outcome with a reasonable chance, and a very low pension outcome with some
chance? This question provides insight in the risk appetite (IRM, 2011).
What is the sensitivity of pension outcomes due to economic/demographic risks in
normal and stressed economies? This question provides insight in the effects of
changing parameters and create awareness of the power and limitations of models.
Another method, to make pension fund Boards aware of the effect of risk-return decisions on
the height and variability of pension outcomes, are ALM-simulations or ALM-games. Several
pension funds or academic researchers have developed these games. An easy way to develop
a relative simple ALM-model is @Risk, a build-in statistical tool for Microsoft Excel (see e.g.
Albright and Wilson, 2012 for access to @Risk). A stylistic picture of @Risk, representing a
funding ratio of a pension fund experiencing two shocks due to increasing life expectancy
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 11
(which is no longer applicable in the future new pension contract, where liabilities will be
adjusted for increasing life expectancy), is shown in Figure 3.7.
Figure 3.7: A stylistic example of modeling shocks in life expectancy with @Risk.
From this paragraph, two recommendations are derived:
Recommendation 3: Actively involve pension fund Boards when discussing ALM-studies, ask
open and concrete questions to discover the boundaries of the risks a pension fund can absorb
(risk tolerance) and as next step try to find a an optimum of the desired variability and expected
height of pension outcomes (developing a risk appetite).
Recommendation 4: Actively involve pension fund Board in developing ALM-studies, to increase
awareness of risk-return characteristics and the relation between risk-return profiles and the
desirability to take risk (set the risk appetite)
3.7.4 Stress tests en (stress) scenario’s and Emerging Risks
ALM-studies form an important tool to give insights in risk-return profiles and show differences
in risk-return patterns in different economies. In addition to these insights, pension funds should
focus on (adverse) outcomes of stress test and stress scenarios on the funding ratio. The
search for stress tests and stress scenarios should capture both financial and non-financial
events. Several articles proclaim the need for focusing on new – emerging risks – instead of
what is already known (e.g. PwC, 2009).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 12
A handy tool to improve scenario thinking can be found in books on Strategic Management, e.g.
Johnson et al. (2011). To summarize some of the insights, a first step in developing a strategy
could be, to focus on expected external developments (risks) regarding economics, politics,
social/demography, ecological, technological and law/regulations, which may affect pension
funds. This structured approach is known as a PESTEL or PESTLE analysis (e.g. Johnson et
al., 2011; Hopkin, 2012; Andersen, 2007). Practical guidance to decide on relevant emerging
risks can be found in publications of the World Economic Forum (2012). After a first assessment
of many risks (long list), the pension fund Board can decide to rank a short list of risk scenario‟s,
which could be quantified (impact analysis).
After the PESTEL-session – focusing on the unknown risks rather than sticking to the known
risks – the pension fund Board can summarize which threats and opportunities it foresees and
which risks it is willing to take to achieve the funds‟ objectives. This analysis (SWOT, e.g.
Johnson et al., 2011; Andersen, 2007) is an important exercise to decide on the future strategy
on the fund – in which the risk appetite should be embedded.
Recommendation 5: when discussing future risks, pension fund Board should focus on multiple
angles (PESTEL), and search for unknown risk scenario‟s. A number of scenario‟s should be
ranked by the Board, and the impact of these scenarios should be quantified and serve as input
to the SWOT and future strategy (e.g. Andersen, 2007; Johson et al., 2011; Hopkin, 2012).
3.8 Tactic and operational level: implementing systems and procedures and monitoring/reporting
To form a risk appetite an organization should at least be able to identify risks, measure risks,
monitor risks and report about risks (IRM, 2011, p.19). This implies a certain quality of the
processes, systems, people/culture and governance in the organization. The willingness to take
risk should be reflected in the strategic decisions, operations management and culture of the
organization. This was shown in the Clover Leaf Model in Figure 3.4 (Atos Consulting, 2007)
and the Pensioenfederatie (2012)/KPMG (2008) model in Figure 3.5. It is exactly along these
angles, that risk maturity of organizations can be measured (IRM, 2011, p.19). The importance
of an organizational culture – within the Board and within subcontractors – is discussed in
paragraph 3.10. The essence of governance and organization & management at the strategic
level was covered in paragraph 3.6. In this eight paragraph, the focus will be on the relation
between systems & processes in relation to the organizational strategy.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 13
And precisely in that important aspect, the situation of a pension fund differs from most
organizations. In most organizations, the implementing/monitoring is part of the primary
process. Dutch pension funds have a different structure, where the pension fund Board is
actively in charge of the strategy/setting the risk appetite. The implementation of the day-to-day
processes and systems is generally outsourced to subcontractors, on behalf of the pension fund
Board. In managing a risk appetite, which should be embedded in the strategic-tactic-
operational levels, this structure can be quite a challenge. The pension fund Board should guide
that the subcontractor manages/oversees the implementation of the risk appetite and provides
feedback on a regular base. Formally, the Board has an Service Level Agreement (SLA) with its
subcontractor(s). As part of the service agreement the Board receives regular information about
e.g. development of the asset portfolio and liabilities, reports regarding the expected economic
developments and developments of financial and non-financial risk factors, risk monitoring
(financial & non financial), information about breaches, incidents and compliance issues. And
the pension fund Board generally receives assurance reports on controls (ISAE3402 reports)
from its subcontractor(s). For a discussion, how „to stay in control‟, see e.g. Bisschop et al.
(2011).
Since for most pension funds, there is a division between Board and subcontractor, and the risk
appetite should be embedded throughout all organizational levels, the connection between
strategy and tactic/operations level with respect to the risk appetite is crucial. Pension funds
Boards and contractors should take time to discuss the risk appetite set by the Board. And they
should both be convinced that the desired risk appetite can be implemented and monitored.
Otherwise a feedback loop in the model of Figure 3.6 indicates that either processes should be
adapted, either the risk appetite should be (slightly) altered.
Recommendation 6: Pension fund Boards and subcontractors should discuss the risk appetite
set by the Board. The Board should convince itself that the risk appetite is implemented and
monitored conform their specifications and the Board should regularly get feedback on risk
measures, risk developments, and the quality of systems & processes managed by the
subcontractor(s).
3.9 Financial outcomes
Financial outcomes of an organization should be related to strategic goals and operations. An
embedded risk appetite implies, that (financial) outcomes should also be related to the risk
management framework of an organization. The IRM (2011, p.28) shows several examples,
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 14
how risk management and risk measurement could be connected to shareholder value (Figure
3.8).
Figure 3.8: An example of shareholder value presented by the IRM (IRM, 2011, p.28)
Shareholder value is assumed to equal the free cash flows from an organization‟s operations,
discounted by the Weighted Average Cost of Capital (WACC), less the current value of the
company debt (IRM, 2011, p.28). This is a common way to present shareholders value for
companies, see e.g. Hillier et al. (2010).
Although pension funds generally use other measures to indicate their value - most funds will
see the funding position (assets divided by liabilities) as the key indicator for performance - the
idea of the IRM (2011) is very useful. If the impact of events is consequently linked to the
funding ratio and for each event the (mis)fit within the boundaries of the risk appetite is
measured, the pension fund Board could adapt the strategy/reconsider the risk appetite very
quickly. As shown in the first and second chapter of this report, these impact measurements,
and the relation between impact and the funding ratio, is partly available for financial risks which
are incorporated in the Financial Assessment Framework (De Nederlandsche Bank, 2007). The
quantitative impact analysis of non-financial risks and the linkages between impact
measurements, financial outcomes and the risk appetite, might be a worthwhile journey yet to
be made.
Recommendation 7: Pension fund Boards and subcontractors should link the impact of financial
an non-financial events to the risk appetite. A direct link between financial impact of events and
the risk appetite may provide valuable feedback and enables the Board to reconsider the
strategy/risk appetite quickly.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 15
3.10 Risk culture
3.10.1 Observations from the Dutch pension field
The aspect of „risk culture‟ is very important when developing a proper risk appetite. Some
years ago, a study by Frijns (2010) had a massive impact in pension funds Board rooms. The
study concluded that Board Members of pension funds fail to take into account all stakeholders‟
interest when taking investment decisions. Instead of focusing on risk-return profiles, their
primary concern is expected returns (Frijns et al., 2010). An „asset only‟ view was accepted in a
pre-crisis environment. The post-crisis „risk-return‟ view – which requires a sudden and massive
reform of the organizational culture - still has to take root. Pension funds‟ Board
members/investors have to change their world view and adapt their behavior. Changing a risk
culture is a huge project, which requires Board time (and willingness!) and resources (IRM,
2012). In terms of Organizational Behavior, it is expected that the current corporate culture of
pension funds probably tends to be competitive and low emphasis on social responsibility, or
“aggressive” (McShane and Von Glinow, 2010, p. 419) and that an effective corporate culture to
implement a risk appetite probably is more oriented towards achieving stability, or more “rule-
oriented” (McShane and VonGlinow,2010, p.419)1.
3.10.2 Guidance on measuring Risk Culture by the IRM
The IRM stresses the importance of risk culture, as one of the four angles which measures the
risk maturity of the organization (IRM, 2011, p.19). The IRM defines the risk culture as „the
extent to which the board (and its relevant committees), management, staff and relevant
regulators understand and embrace the risk management systems and processes of the
organisation‟ (IRM, 2011, p.19). It states that the tone of the risk culture should be set from the
top of the organization, since behavior of top management will cascade through the
organization (IRM, 2011, p.19).
Both in the guidance paper regarding Risk Appetite and Risk Tolerance (IRM, 2011) and in a
separate paper on Risk Culture (2012), the IRM introduces the model by Hindson (2010)
(Figure 3.9).
1 McShane and Von Glinow refer to information they used from C.A. O‟Reilly III, J. Chatman, D.F. Caldwell, People and
Organizational Culture: a profile comparison approach to assessing person-organization fit. In: Academy of Management Journal 34, no. 3 (1991), pp. 487-518.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 16
Figure 3.9: The IRM Risk Culture Aspects Model derived from Hindson (2010) (IRM, 2012, p.14)
The cultural health of the organization is measured on four subjects: the tone at the top,
governance, decisions and competency (Figure 3,9. IRM 2012, p.14). The IRM developed
Board room questions for each of the subjects.
The tone at the top deals with expectations set by the senior management and the level of
transparency with regard to risk management information (IRM, 2011, p.22). A key question
regarding governance is, whether accountability for risk management is clearly defined in role
descriptions throughout the organization (IRM, 2011, p.22). The incorporation of risk
management knowledge as part of the decision process is captured in the subject decision
making (IRM, 2011, p.22). Competency deals with the way the organization supports the
dissemination of risk knowledge (IRM, 2011, p.22).
The IRM acknowledges, conform the observations in paragraph 3.10.1, that cultural changes
are massive and should be dealt with like a change management project (IRM, 2012, p.13).
This implicates that implementing a risk appetite requires time, and several mental barriers have
to be overcome in order to achieve the desired behavior (see e.g. Kotter and Cohen, 2002, for
an excellent overview of these phases).
Recommendation 8: Cultural change starts with the „tone at the top‟. Before assessing the risk
appetite, the organization should have an idea about the current culture – in order to determine
the maturity level of the organization from this angle. The desired culture should be embedded
in the whole organization. Achieving a cultural change is like any change management project,
and will take time and mental barriers have to be crossed (e.g. IRM 2011; IRM 2012; Kotter and
Cohen 2002).
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 17
3.11 A critical not on the boundaries of a model: model risk
The different parts of the model are discussed in the former paragraphs. To conclude this
chapter, two comments are made with respect to model risk (this paragraph) and the role of the
Risk Manager (paragraph 3.12).
By definition, using a model – and a risk appetite framework even consists of multiple models at
strategic and operational level and leads to the development of many more models and
(quantitative) tools – induces model risk. Wrong assumptions or failures in
econometric/mathematical formulas can lead to misspecification and misinterpretation of risks.
Boards should be aware of model risks. And companies like pension funds should have
independent departments or hire independent consultancy firms to regularly validate the
models. As shown in figure 3.10, model risk forms an outer shell of the risk assessment
framework.
Figure 3.10: Model risk as part of a risk framework for a pension fund (Van den Berg, 2011)
Recommendation 9: Regularly discuss model risk and use an independent source to validate
models.
3.12 The roles of the Risk Manager
In this chapter it is discussed at several points that the Board might benefit from using a
facilitator to discuss the risk appetite. A facilitator can be an external consultant, like an ALM-
specialist, a Risk Management consultant, Actuary or change manager (when discussing
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 18
culture and maturity of the organization). A Risk Manager, working directly for the Board could
also facilitate and guide discussions regarding risk management. In all instances, there is one
golden rule. The Board can be facilitated, however the Board must ensure that it is in charge,
i.e. it is „countervailing‟ against the external or internal advisors (e.g. De Nederlandsche Bank,
2011).
When discussing the practical, operational side of implementing a risk management framework,
it was already stated that the bulk of the job is probably done at the subcontractor‟s. The Board
should be countervailing towards the subcontractor. As shown in paragraph 3.8, the Board and
the subcontractor have a professional relation, recorded in e.g. a Fiduciary Management
agreement. The service provided by the subcontractor is covered in the Service Level
Agreement (SLA).
However, the pension fund Board should not only be countervailing towards the subcontractor,
they should also guarantee/gather proof, that the Risk Management department within the
subcontractor‟s organization (second line of defense) is independent from the Line Managers,
who are responsible for the daily risk management activities (first line of defense) (see e.g. the
position paper of the Institute of Internal Auditors, 2013).
Recommendation 10: Besides being countervailing towards the subcontractor(s), the Board
should convince itself, that countervailing power is embedded in the subcontractor‟s
organization by means of the three lines of defense model (e.g. Institute of Internal Auditors,
2013).
3.13 Conclusion
In this chapter, a model for developing and implementing a risk appetite for Dutch pension funds
is introduced. As stated in the introduction, this model is preliminary, in the sense that it is built
on theoretical knowledge and some (personal) practical insights. The model should develop
over time through contributions and experience from Board members, Risk Managers,
Consultants and other experts in the field of pensions.
This chapter will be shared on a blog, which is especially created to reach this goal.
http://riskappetitepensionfunds.wordpress.com/2013/05/01/risk-appetite-for-pension-funds/
The author cordially invites the field to actively add, amend and criticize the model in Figure 3.6
and share best practices.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 19
Literature Chapter 3:
Albright, S.C. and W.L. Winston (2012). Management Science Modeling (4th edition). Canada:
South-Western, Cengage Learning.
Andersen, T.J. (2007). Strategic Risk Management: Outlining the Countours of the ‘New Risk
Management’ paradigm. In: Public Forrum, May 2007.
Atos Consulting (2007). Transformaties in de verzekeringsmarkt. Een onderzoek naar de
toekomstige verzekeraar en zijn consument. White paper. Atos Consulting, Utrecht. Available
at:http://www.gertjanschop.com/sitebuildercontent/sitebuilderfiles/modelklaverbladmodelartikelat
os.pdf (accessed 2 May 2013).
Bisschop, O. et al. (2011). Uitbesteding ‘in control’. In: Gids voor uitbesteding, onder redactie
van F. Klopper et al. Pensioen Bestuur & Management dossierreeks nr. 6. Epse: Petersen
Consult B.V..
COSO (2004). Enterprise Risk Management. Integrated framework. Executive summary.
Available at: http://www.coso.org/documents/coso_erm_executivesummary.pdf (accessed 19
February 2013).
De Nederlandsche Bank (2005). Handboek FIRM. Amsterdam: De Nederlandsche Bank.
Available at: http://www.edmondhalley.nl/resources/images/Handboek%20FIRM.pdf (accessed
18 February 2013).
De Nederlandsche Bank (2007). Financieel Toetsingskader voor Pensioenfondsen. Amsterdam:
De Nederlandsche Bank. Available at: http://www.toezicht.dnb.nl/2/2/50-202556.jsp (accessed
18 February 2013).
De Nederlandsche Bank (2011). Resultaten beleggingsonderzoeken 2010. Amsterdam: De
Nederlandsche Bank. Available at:
http://www.dnb.nl/binaries/DNB%20beleggingsonderzoek%202010_tcm46-251479.pdf
(accessed 18 February 2013).
Frijns, J.M.G., J.A. Nijssen en L.J.R. Sholtens (2010). Pensioen: “onzekere zekerheid”. Een
analyse van het beleggingsbeleid en het risicobeheer van de Nederlandse pensioenfondsen.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 20
Eindhoven/‟s Gravenhage/Winsum: Commissie beleggingsbeleid en risicobeheer. Available at:
http://docs.minszw.nl/pdf/129/2010/129_2010_3_13883.pdf (accessed 18 February 2013).
Hillier, D., S.A. Ross, R.W. Westerfield, J. Jaffe and B.J. Jordan (2010). Corporate Finance
(First European Edition). Berkshire: McGraw-Hill.
Hindson, A. (2010). Developing a risk culture. In: Risk Management Professional, December
2010.
Hopkin, P. (2012). Fundamentals of Risk Management. Understanding, evaluating and
implementing effective risk management. London: the Institute of Risk Management.
Institute of Internal Auditors (2013). The Three Lines of Defense in Effective Risk Management
and Control. IIA position paper. Florida: Institute of Internal Auditors. Available at:
https://na.theiia.org/standards-
guidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20E
ffective%20Risk%20Management%20and%20Control.pdf (Accessed 3 May 2013).
Institute of Risk Management (2011). Risk appetite & tolerance guidance paper. Published by
the Institute of Risk Management, London. Available online at:
http://theirm.org/publications/documents/IRMRiskAppetiteFullweb.pdf (accessed 29 January
2013).
Institute of Risk Management (2012). Risk Culture. Under the microscope guidance for Boards.
Published by the Insitute of Risk Management, London. Available online at:
http://www.theirm.org/documents/Risk_Culture_A5_WEB15_Oct_2012.pdf (accessed 31
January 2013).
Johnson, G., R. Whittington and K. Scholes (2011). Exploring Strategy, text & cases (9th
Edition). UK: Pearson Education Limited.
KPMG (2008). De pensioenwereld in 2009. Published by KMPG Advisory N.V.
Available at: http://dev.omvleewordwide.nl/wp-
content/uploads/2013/01/Pensioenwereld_2009.pdf (Accessed 3 May 2013).
Kotter, J.P. and D.S. Cohen (2002). The Heart of Change. Real-life stories of how people
change their organizations. Boston: Harvard Business Review Press.
Developing a risk appetite for Dutch pension funds, In company Project EMBA13, Muriël van den Berg Page 21
McShane, S.L. and M.A. Von Glinow, 2010 (5th edition). Organizational Behavior. New York,
McGraw-Hill.
Pensioenfederatie (2012). Integraal risicomanagement. Handreiking integraal
risicomanagement voor pensioenfondsen. Den Haag: Pensioenfederatie. Available at:
http://www.pensioenfederatie.nl/Document/Publicaties/Servicedocumenten/Risicomanagement_
DEF.pdf (accessed 18 February 2013).
PwC (2009 ). Exploring emerging risks. Published by PwC.
Available at: http://www.pwc.com/gx/en/research-publications/pdf/pwcglobalriskserm.pdf
(accessed 2 May 2013).
Van den Berg, M.N. (2011). Effectief risicomanagement bij pensioenfondsen: een mix van tools
en soft skills. In: De Actuaris, november 2011.
World Economic Forum (2012). Global Risks 2012 (seventh edition), an initiative of the risk
response network. Geneva: World Economic Forum.