IORP II obligations and key function holder 

IORP II obligations and key function holder

18 January 2023

The new IORP II legislation

In April 2021, the Minister for Social Protection signed new legislation which officially transposed the Second European Pensions Directive (known as IORP II) into national law. 

The Pensions Authority have now published the final version of a comprehensive new Code of Practice which sets out how they expect trustees to go about meeting these new obligations. 

This new regulatory regime presents a number of challenges for employers and trustees, and introduces a range of processes and requirements that will need to be addressed. 

The Pensions Authority will also have a broadened range of new supervisory powers to ensure that this is happening.

Is your scheme IORP II compliant?

What are the steps you need to take to ensure your scheme is meeting all IORP II requirements?

EU’s IORP II Directive aims to improve governance and risk management systems across all pension schemes. In particular, it requires that trustees must now:

  • Appoint a “risk management key function holder” (KFH) to oversee schemes’ risk management systems and advise trustees on risk management strategy
  • Carry out a deep dive review of the scheme’s risk management systems every three years.  This is called the “Own Risk Assessment” (ORA). The Pensions Authority recently highlighted the importance of this process, particularly for defined benefit schemes
  • Document their approach to risk management by agreeing a risk management policy and risk appetite statement for the scheme

IORP II is about building on the existing risk management systems that trustees already have in place but within a more formal risk management governance structure.

The risk management KFH is responsible for the scheme’s risk management function and advises the trustees on their risk management strategy, working with them to ensure it is executed effectively.  

What are the components of an IORP II compliant risk management system?

  • A risk management function to operate the scheme’s risk management system, maintain risk management documents, and produce reports and analysis for trustees
  • A key function holder  to oversee the risk function and advise trustees on risk management strategy
  • Some trustees may also consider establishing a Risk Sub-Committee and delegating some of the risk management work to that committee

  • More formal documentation of risk management procedures, including a risk management policy and risk appetite statement
  • A clear approach to demonstrating how risks are incorporated into trustee decision-making through the risk appetite statement and an increased focus on the risk register

  • Ongoing support from the risk management KFH to help trustees identify, analyse and mitigate risks to which the scheme is exposed
  • The new own risk assessment requirement for a triennial deep-dive review of the risk management system to ensure risk management strategy is appropriate and effective

  • The risk management function will also contribute to a wider pension scheme governance and decision making
  • While the wider governance policies, such as conflicts of business continuity planning, have a role to play in reducing and managing risk
Assisted by our designated IORP II and risk management teams, Mercer are subject matter experts and we are already helping hundreds of schemes meet the new IORP II requirements
James Campbell

Head of Strategy & Policy, Mercer Ireland

Related insights
Related solutions