To consider the report

Damien Pantling, Head of Pension Fund, gave a brief overview, explaining that the Fund had a risk management policy in place which defined its approach to managing risks. One of processes in managing risks since 2021 was to take a risk register to the Committee at each yearly quarter for review. At the moment, the risk register had 49 identified risks with various offsetting mitigations. In addition, it identified any material changes to the risk register since the last quarter. He explained that the Committee needed to approve the risk register, the mitigations and any changes since last quarter in line with the approved risk management policy.

Regarding the various risks identified in the report, Councillor Tisi asked what level of assurance the Fund had control over mitigating the critical risks. Damien Pantling replied that the Fund was either doing the mitigations in the risk register or had a clear action plan to meet them.

To explain how the mitigations worked, Aoifinn Devitt, Independent Advisor to the Committee, informed that, for example, to mitigate against increasing investment risks, there was continuous scrutiny with LPPI (Local Pensions Partnership Investments), which managed the Fund’s investments. She added that if the risks increased, so do the mitigations.

Councillor Da Costa asked a series of questions. He first asked if there would be a presentation on the risks. Damien Pantling replied that an annual review of the risks took place in 2022 whereby Committee members, the Advisory Panel, advisors and officers were invited. He had not arranged a review for 2023 until the new Committee members were established, but he had planned to arrange one.

Councillor Da Costa then asked for confirmation that the risks were being managed as well as using internal and external resources and individuals to mitigate them. Damien Pantling answered that the Fund used the Chartered Institute of Public Finance and Accountancies 2018 framework for managing and mitigating risks as it was considered the best practice in the sector. He also confirmed that officers, advisors and third parties were involved in managing the risks.

Councillor Da Costa then asked if there were any other potential risks which could be added to the register, such as climate risk. Damien Pantling replied that climate risk was listed in the register and that the Fund captured material risks on the register as it was always under constant review.

Councillor Da Costa then asked if the Fund had enough staff and resources to manage the Fund going forward. Damien Pantling replied that the Fund was being managed within the boundaries of the budget set by the Committee in April 2023, but the Fund’s resources were constrained in the public sector.

Councillor Da Costa then asked if more resources were possible. Philllip Boyton, Deputy Head of Pension Fund, informed that while there were job vacancies in the Fund, the overall Administration Team (including pension and payroll) was in a good position to deliver the service compared to the Fund’s local neighbours.

Councillor Da Costa then asked about what was being done to improve the privacy and security of the Fund’s systems and data. Phillip Boyton explained that the software provider was Heywood Pension Technologies. As part of each external audit of the Fund, it was required to provide assurance around the securities, whereby the Fund’s data was secured at two sites within the UK, and Heywood Pension Technologies conduct an annual review.

Councillor Da Costa then asked for reassurance that the data was located in more than one or two locations and therefore safe from attack. Phillip Boyton explained that membership data was backed up daily and was held in external sites provided by Heywood Pension Technologies. Internally, the Fund had a two-stage factor authentication which all Pension Team members had to follow as the system worked over the internet.

Councillor Da Costa then asked if there were any issues in which the Committee needed to be aware of. Phillip Boyton replied that, apart from the ongoing project work in the Administration Report, the Fund was well positioned. Alan Cross, Chair of the Pension Board, mentioned that it was noted that the Fund was well managed.

Councillor Tisi requested for a session to explain certain risks, particularly cyber risks and pension payroll risks. He also asked if there were any risks which were out of tolerance and therefore required more work. Damien Pantling replied that the risks would be analysed at a risk review session later in 2023. As for the risks considered outside of tolerance levels, he explained that there was generally nothing particularly concerning as many of the risks were green or amber.

Agreeing with Councillor Tisi, Councillor Da Costa stated that it would be valuable to have a session on reviewing the Pension Fund’s cyber risk and how this was being mitigated.

AGREED: That the Pension Fund Committee notes the report:

i)               Approves the updated risk register for publishing including any changes since the last approval date, suggesting any amendments as required.