OSFI’s mandate includes striving to protect the rights and interests of beneficiaries of federally regulated private pension plans. OSFI achieves this objective by conducting risk assessments of plans with a view of understanding the risk of loss to members’ benefits under its purview, and providing timely and effective intervention and feedback. In addition, OSFI contributes to maintaining a balanced and relevant regulatory framework for federal plans, and processes those applications that request the approval of the Superintendent of Financial Institutions as required under the Pension Benefits Standards Act, 1985 (PBSA) and the Pooled Registered Pension Plans Act (PRPPA).
OSFI’s mandate also recognizes that the administrator is ultimately responsible for the plan’s management, and that a pension plan may experience financial and funding difficulties that may result in a loss of members’ benefits. Plans that meet the minimum funding requirements of the PBSA are permitted to operate with a solvency or going concern deficit. In supervising and regulating plans, OSFI acknowledges that plan administrators may need to take reasonable risks, and expects administrators to implement and follow best practices to manage those risks (e.g. as outlined in applicable pension governance guidelines).
In assessing the possible threat of loss to members’ promised benefits, OSFI’s risk assessment of pension plans focuses on:
- early identification of pension plans that may have problems meeting minimum funding requirements, complying with the PBSA, or adopting policies and procedures to control and manage risk,
- prompt communication with plan administrators advising them of material deficiencies and non-compliance issues, and
- implementation of appropriate interventions to compel administrators to take corrective measures to address the deficiencies.
This document describes OSFI’s Risk Assessment Framework (Framework) for federally regulated private pension plans (plans) established in respect of employees engaged in a work, undertaking or business that is subject to federal jurisdiction.
The Framework is sufficiently flexible to deal with a range of issues and plans. A Pooled Registered Pension Plan (subject to the PRPPA) is similar to a defined contribution plan (subject to the PBSA) in that the future retirement income that can be generated from the plan is a function of the value of the accumulated funds, not a promised fixed benefit level. The supervision framework therefore applies to a Pooled Registered Pension Plan (PRPP) in the same manner as for a plan that contains defined contribution provisions. References in the Framework to plans with “capital accumulation accounts” cover plans with defined contribution provisions and PRPPs.
The Framework permits consistency while still requiring judgement to be exercised. The risk assessments performed are based on a balance of the assessor’s judgement of the risks and a consistent application of the Framework.
2. Key Principles
The following key principles form the basis of the effective application of the Framework:
- The Framework is risk-based, meaning that the degree of supervisory activity and the level and frequency of OSFI interventions will generally be commensurate with the net risk in a plan;
- Timely communication with plan administrators regarding OSFI’s concerns about risks facing the plan is essential;
- The work of professionals such as external auditors and actuaries is the basis for establishing the accuracy of financial statements and the valuation of plan liabilities; and
- OSFI expects plan administrators to administer their plans and pension funds in compliance with applicable legislation.
The principal benefits of the Framework are:
- The separate assessment of inherent risks and risk management processes permits more systematic and consistent assessments across plans;
- Timely identification of problems before they escalate, as the process for determining risk and assessing mitigants is forward looking;
- Cost effective use of resources as supervisors focus on higher risk situations; and,
- Consistency with OSFI’s Supervisory Framework for Financial Institutions.
4. Supervisory Process
OSFI continually monitors plans and developments surrounding their employers in order to develop an understanding of how the plan works and to constantly be aware of any issues that may affect the plan’s viability. The illustration below outlines the flow of the key components in the risk assessment process. This process is applied to all plans OSFI supervises, and the components are explained more fully following the illustration.
4.1 Ongoing Monitoring and Initial Review
During the ongoing monitoring and initial review component of the supervisory process, several tools are used to determine which plans may need to receive an in-depth review. Active monitoring of various indicators including media alerts, financial information and other applicable information, permits early identification of potential issues, risks or non-compliance, and increases OSFI’s knowledge of the plan. At any time, issues identified through the ongoing monitoring process may trigger a more in depth review or intervention. Tiered risk indicators, actuarial report reviews and the estimated solvency ratio (ESR) exercise are performed, providing information on areas of potential risk.
4.1.1 Tiered Risk Indicators
A series of indicators are used to detect risks based on information submitted in plan regulatory filings (filings) such as:
- Annual Information Returns (AIR)
- Certified Financial Statements and General Interrogatories (CFS)
- Actuarial Reports
- Plan Amendments
The risk indicators are applied to all plans. These indicators are a cornerstone of the risk-based approach to supervision, as the extent of risk identified determines whether further, more in-depth, assessment is required. OSFI focuses more supervisory resources on plans identified as having higher risks.
The indicators are classified into three Tiers, based on the significance of the risks that the tests capture:
Tier 1 indicators detect issues that require immediate attention and may have a significant impact on both the current state and future risk within the plan. Examples include non-remittance of contributions, contribution holidays in excess of surplus, or a plan employer facing serious financial issues. Any plan where a Tier 1 test is triggered receives immediate attention and an in-depth risk assessment.
Tier 2 indicators identify potential risks with the plan that may lead to more serious issues. These include indicators such as investment returns that do not meet benchmarks, large changes in membership, and a high proportion of liabilities pertaining to retired members. These are less significant than Tier 1 issues, but if a number of the Tier 2 risks arise simultaneously, an in-depth risk assessment is likely to be conducted.
Tier 3 indicators capture situations that may require greater diligence or controls on the part of the administrator, but may not have significant impact on risk within the plan if properly managed. Examples include whether the plan provisions contain benefits that are subject to the plan administrator’s discretion (i.e., consent benefits), or if there has been a history of late filings for the plan.
4.1.2 Actuarial Report Review
Pension plans that contain defined benefit provisions must submit an actuarial report annually, or triennially when the solvency ratio is 1.20 or greater. OSFI reviews actuarial reports in order to confirm that actuarial standards and OSFI requirements including specifications are met, and that there are no potential issues with minimum funding or other items. Actuarial issues are brought to the attention of the plan actuary and the plan administrator.
4.1.3 Estimated Solvency Ratio
The ESR exercise monitors the solvency situation of a defined benefit or combination plan between the filing of actuarial reports. The ESR is OSFI’s estimate of the solvency ratio if the plan is terminated on the ESR date. The main objective of the ESR exercise is to identify plans that may have experienced a significant deterioration in their solvency position, e.g., to monitor
- the plans’ ability to meet significant increases in funding requirements, and
- that contribution holidays are taken prudently.
Intervention stemming from the ESR is risk-based, focusing on pension plans that have an ESR of less than or equal to 1.05.
4.2 In-Depth Review
When the initial review establishes that a plan merits an in-depth review, the inherent risks facing the plan, the quality of risk management, financial indicators and the position of the employer(s) are assessed. An in-depth review will be necessary when the number of tiered risk indicators hits a pre-determined threshold. The assessment is documented in the Risk Assessment Summary (RAS). The RAS reflects the assessor’s judgement of the risks. As a result of this assessment, action plans are developed to address specific risks and concerns. Additionally, this in-depth review could include an examination of the plan.
4.2.1 Risk Assessment Summary
A thorough knowledge of the plan provisions, financials and employer information is essential to an accurate assessment of the risk levels within the plan. The Knowledge of Plan section of a RAS evolves as new financial information, plan amendments and information related to business transactions are received.
The risk assessment process begins with a review of the significant activities within a plan. Significant Activities are essential operations that a pension plan administrator undertakes to administer the plan and the fund in compliance with professional standards and regulatory requirements. The following table describes the four significant activities that capture the operations of a plan. The Actuarial Significant Activity does not apply to plans that only have capital accumulation accounts.
Involves the general administration of the plan. It includes items such as benefit calculations, benefit payments, payment of expenses, regulatory filings, record keeping, and collection and remittance of contributions to the custodian.
Communication to Members
Includes member communications such as website management, notices, annual statements, and member education.
Focuses on managing the plan’s fund, asset/liability management, preparation of special financial or risk management reports, and the establishment of and adherence to a Statement of Investment Policies and Procedures.
Involves actuarial valuation of the plan assets and liabilities, as well as advice, analysis, testing and special reports provided at the request of the administrator.
Each significant activity gives rise to certain inherent risks, as a result of exposure to or uncertainty related to potential future events. The inherent risks of a plan are evaluated by considering the potential effects of an adverse impact on the pension assets, liabilities and/or the plan’s ability to meet minimum funding requirements. The assessment of inherent risk is made without considering the impact of risk mitigation through the plan’s risk management processes and controls. The inherent risk profile of the significant activities of a plan with defined benefit provisions may be very different from the profile of a plan with capital accumulation accounts. The following table describes each inherent risk:
Applies to the plan fund only. This inherent risk takes into account the following risks:
The risk that a counterparty to a plan asset will not pay an amount due as called for in the original agreement, and may eventually default on an obligation.
Arises from changes in market rates or prices. Exposure to this risk can result from activity in markets such as fixed income (due to changes in interest rates), equity, commodity and real estate. Depending on the investment, there may also be exposure to currency risk.
Arises from the plan’s inability to obtain the necessary funds required to meet its pension obligations as they come due without incurring unacceptable losses.
The risk that the methods and assumptions used to estimate the value of plan assets and liabilities will result in values that differ from experience. This risk may increase with a complex benefit design and inappropriate assumptions.
The risk of deficiencies or breakdowns in internal controls or processes, technological failures, human errors, fraud, and natural catastrophes. Exposure to this risk can increase with a complex organizational structure.
Legal and Regulatory
The risk that a plan may not be administered in compliance with the rules, regulations, best practices, or fiduciary standards imposed on the plan in any jurisdiction in which the plan operates.
The risk that arises from a plan’s difficulty or inability to implement appropriate policies or strategies required to address problems or challenges that may arise in the pension plan due to its design or structure.
Mitigation of these risks is assessed through an analysis of the risk management function within the plan. Key aspects of the quality of risk management include controls and oversight. The Controls and Oversight in place should be appropriate for the level of inherent risk. The higher the level of Inherent Risk, the more the Controls and Oversight should be robust.
- The Controls function involves ensuring the appropriate processes are in place to :
- support a plan administrator to effectively carry out its activities/responsibilities;
- mitigate the plan’s inherent risks;
- plan, direct and control the day-to-day operations of a plan ;
- properly inform management of their responsibility for planning and directing activities of the plan;
- support general operations ; and,
- help to achieve the strategic direction defined by the Board of Trustees/ Directors (the Board) or Pension Committee.
The Oversight function provides stewardship and independent oversight for the plan. This includes the following:
- ensuring management is qualified and competent
- reviewing and approving organizational and procedural controls and ensuring that these controls are working as intended
- ensuring that accountabilities are clear and understood,
- ensuring that risks are identified and assessed in a timely manner,
- ensuring that the development of policies and strategies receives appropriate consideration,
- ensuring that there is adequate performance reporting and review.
The Oversight function is generally performed by the Board of Directors, the Board of Trustees or by a Pension Committee.
The Net Risk associated with each significant activity is based on an assessment of how effectively the inherent risks are mitigated by the quality of risk management. The Overall Net Risk is an indication of the aggregate residual risk of the significant activities, taking into account whether risk mitigants implemented by the administrator are sufficient based on the overall level of inherent risk.
In addition to the Overall Net Risk, there are three key ratings that are used to assess the Composite Risk Rating:
The Solvency rating represents the risk to member benefits if the plan were to terminate immediately. Solvency is not rated for plans that only provide capital accumulation accounts. For defined benefit or combination plans, the factors that are considered when rating Solvency include the solvency ratio based on the market value of plan assets and any current or future estimated solvency ratios provided by the plan administrator or calculated by OSFI.
The Ongoing Performance rating reflects the safety of members’ benefits based on a long term horizon. For plans with defined benefit provisions, it represents an estimate of the viability of the plan assuming it continues and funding requirements continue to be met. The ongoing performance rating may take into account items such as the funding ratios, trends and investment performance. For plans that provide capital accumulation accounts only, the Ongoing Performance rating focuses on the investment performance of the fund and its possible impact on members’ benefits.
The Funding rating addresses the plan’s access to future or increased funding from the employer(s). This rating is forward looking, assessing the ability of the plan to meet minimum funding requirements over the short and long term. Factors that influence the rating include the credit ratings and financial performance of the employer(s), the outlook of the employer’s industry, and the funding structure of the plan. For Negotiated Contribution (NC) plans, this rating is also used to assess the adequacy of negotiated contributions. Instances where this may be a concern will have a heavy impact on the final risk rating of the plan. It is important to stress that OSFI is focusing on the ability of the employer(s) to meet future funding requirements.
The Composite Risk Rating (CRR) is an assessment of the overall safety and soundness of the pension plan and the risk that the rights and interests of members may not be met.
The CRR takes into account the Overall Net Risk, Solvency (for plans with defined benefit provisions), Ongoing Performance and Funding ratings. The weighting given to each of these ratings will depend on the level of risk they represent. The CRR will be steered by those factors which represent a greater threat to the loss to members’ promised benefits. OSFI considers these ratings to be a measure of the risk of a material failure of the pension plan to deliver promised benefits or fulfill its responsibilities to plan members.
The Direction of risk represents the expected trend in the Composite Risk Rating, taking into consideration whether there are significant issues that may not have been resolved or are likely to arise.
Plans that do not require a RAS are assumed to have a Moderate and Stable CRR. The CRR of a plan provides an indication of the intervention level OSFI will consider implementing.
4.2.2 Risk Matrix
The Risk Matrix (below), summarizes the Overall Net Risk, as well as the Solvency, Ongoing Performance and Funding ratings used to determine the CRR.
4.2.3 On-site Examinations
Examinations are a tool that is used to assess the quality of controls and oversight, enhance the assessment of the financial situation of an employer and quality of the administration of a plan. The controls and oversight in place are not always known prior to an examination. The higher the level of inherent risks, the more controls OSFI would expect to be in place.
Examinations may involve a desk review of information provided by the plan administrator or an on-site examination where OSFI visits the administrator’s premises. These examinations provide OSFI with an understanding of the plan administrator’s commitment to the proper administration of the plan. On-site examinations further provide the opportunity to meet the individuals involved in plan administration, thereby improving communications between these administrators and OSFI.
4.3 OSFI Intervention
OSFI’s supervisory activities or interventions may include:
- performing an in-depth review of actuarial report,
- conducting an examination of the plan,
- requiring a revised or early filing of an actuarial report,
- requiring additional disclosure of information to plan members,
- requiring a plan administrator to meet with OSFI, plan members or other parties,
- requiring freezing of portability for transfer of benefits from the plan,
- requiring a plan administrator to conduct scenario testing,
- exercising OSFI’s right to bring an action against a plan administrator, employer or any other person,
- issuing a Direction of Compliance,
- removing a plan administrator and appointing a replacement administrator,
- revoking a plan’s registration, or
- terminating a plan.
Consistent with a risk-based approach to supervision, OSFI considers the size of a plan’s deficit and the employer’s capacity to fund it. Pension plans that give rise to serious concerns, due to their financial condition or for other reasons, are placed on a watchlist and are monitored with greater focus. These plans are generally the target of further intervention.