The execution of a pension scheme involves risks. Therefore SSPF has set up a framework for risk management with which the board both identifies and manages risks. This takes into account the long-term objectives of the fund and the internal and external environment. The risk bearing capacity of SSPF is to a large extent determined by the risk tolerance of the sponsor, Shell Petroleum N.V. (SPNV), and its commitment to make additional payments in the event of a funding shortfall. In determining its own risk tolerance, the board has taken the objectives of SSPF as its starting point. The fund distinguishes between financial and non-financial risks. Risks which have a direct impact on the size of the assets, liabilities and results of the fund are classified as financial risks. Non-financial risks include those of a strategic, managerial, operational and/or have to do with our reputation.
The board determines on a quarterly basis whether the net risk (the risk remaining after risk mitigating measures have been taken) still meets the board's risk tolerance. Investment beliefs play an important role in determining our financial risk tolerance. For monitoring its risk tolerance, the board has established a number of standards, including the probability of additional payment, the possibility of indexation, the stability of the coverage ratio and the Solvency Risk Budget. The latter is a risk budget within which SSPF determines its strategic investment policy. With higher coverage ratios, this risk budget decreases, allowing the fund to take back risk in the investment portfolio when the coverage ratio increases. This can be done by reducing investments in marketable securities or by further hedging the interest rate sensitivity of pensions to be paid out. These standards are reported to the board on a quarterly basis.
Gross risk is the risk without taking control measures into account. By implementing control measures, the aim is to reduce the gross risk to an acceptable level. This is the net risk that the fund still incurs despite taking these precautions. The risk of, for example, a cyber attack without any form of protective measures is fairly large (gross risk). By implementing mitigating ICT measures, the risk is reduced (net risk). Every quarter, the board checks whether the net risk is still within the risk tolerance. Should this not be the case, additional measures will be taken.