Final Report: Risk Management Maturity in Large Australian Superannuation Funds
39 Pages Posted: 3 May 2018 Last revised: 17 Sep 2018
Date Written: September 17, 2018
Given the immense importance of the superannuation sector for all Australians, the objective of this study is to investigate risk management maturity in the superannuation sector and identify areas for further improvement. The study focusses on large superannuation funds (i.e. those with assets under management in excess of $10 billion) and coincides with the fifth anniversary of the implementation of the prudential standards for risk management in July 2013. 1. Building on previous research from the safety field, and with input from our panel of subject matter experts, we have developed a 5 level model of risk management maturity. 2. The majority of subject-matter experts interviewed believe that Level 1 would be appropriate and desirable for the sector given the importance of managing retirement savings. While rapidly evolving, most large Australian superannuation funds, have not yet met this risk maturity standard. This is true despite the laudable focus of the industry on member outcomes. A majority of experts believes that most large funds are currently at Level 3, some at Levels 2 and 4, with few if any at Level 1. In other words, many large funds are still working to realise effective risk management systems and frameworks. At this level the focus is on ensuring that risk management systems are well resourced and functioning efficiently (people, IT systems, processes, reporting lines, remuneration and performance measurement); risk management is built into the governance framework; the board takes responsibility for risk management and ensures that the risk appetite is consistent with strategy. This is not surprising given the relatively short time since prudential standards for risk were introduced. A minority of experts had a more positive perception of risk management maturity in the sector, perceiving a number of funds to be at Levels 1 and 2 already. 3. We also developed a list of attributes of organisations with risk management maturity. These attributes should be seen as requirements over and above the implementation of effective risk management systems (Level 3). At Level 1 an organisation should have all, while at Level 2 an organisation should have some of the following attributes: i. Commitment to continuous improvement of the risk management framework. ii. Everyone has accountability for risk management. iii. Risk management viewed as an enabler. iv. Risk communication is effective. v. Right amount of the right risks.
4. Interviews with subject-matter experts highlighted challenges for the industry in all of the maturity attributes, thus confirming that risk management maturity has room for improvement.
5. Staff surveys in five large Australian funds confirm the interview findings in relation to risk management maturity. i. None of the funds we have assessed so far has achieved consistently strong ratings for risk structures, suggesting that there is further work to be done bedding these down. ii. In some funds we observed risk culture scores that were noticeably more favourable than the large Australian banks assessed by the research team in 2014. This suggests that some funds have made significant progress toward the implementation of a culture that prioritises and values risk management. iii. Similar to banks we have assessed, the weakest dimension of risk culture in the super funds was consistently Avoidance (the perception that risk events are ignored, downplayed or excused). Weakness on this dimension is likely to reduce the effectiveness of risk communication and thus the ability of the organisation to resolve issues efficiently. Regression analysis has shown that Avoidance is significantly associated with undesirable risk behaviour such as failure to report risk events, failure to speak up, lack of accountability, overconfidence etc. iv. Survey assessments of risk culture suggest significant variation between and within large superannuation funds. The least favourable risk culture scores were observed in Technology teams. v. Staff accountability for risk management remains an issue with many still perceiving that risk management is the responsibility of specialists. This suggests that implementation of ‘three lines of defence’ and other systems to build staff accountability need further work. vi. The survey assessment of maturity also highlighted that risk management in some funds has too much emphasis on mere compliance (as opposed to thoughtful engagement). Risk managers are also struggling to overcome perceptions that risk management is a drag on performance rather than an enabler for success. vii. An opportunity for improvement exists in relation to reporting of risk events, with between 11% and 41% of survey respondents admitting to under-reporting.
Keywords: risk management, superannuation, pension funds, risk culture
Suggested Citation: Suggested Citation