In a new report, Risk Management Trends in Superannuation, KPMG found that the ‘tone at the top’ is the most powerful driver of risk culture within super funds, with 80 per cent of the surveyed respondents making it their first choice.
“Funds have established a risk culture standard/framework which sets out the desired behaviours across the three lines of accountability. However, these frameworks do not outline the vision; approach to perform baseline assessments and mechanisms required to implement, manage and monitor risk culture in accordance with the vision,” the report said.
A majority of funds identified cyber security as their top risk, and 90 per cent of respondents had it in their top five. KPMG said that given recent events, this is unlikely to change. Talent/people, ESG (including responsible investments), legal/compliance and strategic risks were the other top areas that warranted growing focus from management.
Funds remain more confident in managing investment risk as opposed to non-investment risk, with 50 per cent stating that their investment risk reporting was ‘mature’ but 60 per cent believe their non-investment risk reporting needs improvement.
“Investment functions tend to be more mature with access to dedicated Line 1 and 2 risk resources when compared to other business units. However, finance and member operations are showing improvements in risk management,” the report said.
“Most funds considered their reporting to be at least somewhat mature. There is a need to uplift management of risks that are difficult to quantify (such as behaviour and reputation) or where data is scarce (such as cyber and climate).
“Emerging risk reporting also varied in sophistication across industry participants. A lack of rigour in the identification and assessment of emerging risks is evident across most funds.”
KPMG added that the use of data analytics continues to grow, with survey respondents wanting new data-driven insights and faster, more granular reporting.
“There is a lack of maturity in utilising governance, risk management and compliance (GRC) capabilities resulting in limitations and challenges with preparing real-time, data-enabled reporting. Integrating existing GRC systems and data analytics capabilities will generate better insights to further support effective decision-making,” it said.
“Effective risk management is essential for supporting funds to successfully achieve their strategic objectives. While we have seen improvements in risk management, more will need to be done to meet enhanced regulator expectations. Assessing the interconnectedness of material and emerging risks and their impacts across the organisation together with comprehensive scenario analysis is fundamental.”
