Please note that in case of discrepancy between the Icelandic and English versions of the Risk Policy, the Icelandic version shall prevail.
The defined activities of Gildi Pension Fund are to receive premiums, preserve and accrue interest on them, and pay pensions. Gildi is a long-term investor, and its primary aims are to maximise pension payments to fund members and guarantee them the best possible pension rights according to the Articles of Association through premium returns, risk management, and cost-effective operations.
Gildi’s Board of Directors sets a Risk Policy for the Fund. The Risk Policy covers the operation of Gildi and outsourcing to third parties, both as regards financial risk and operational risk. The Risk Policy defines the risk appetite and risk tolerance of the Fund, and how risk may be analysed, assessed, monitored, and managed. It also defines the role and responsibility of those who implement and supervise risk management and risk control within the Fund. The Fund's investment policy, which is revised at least annually, is a key part of the Fund’s risk management, as it sets out limitations and criteria for the main financial risk factors in its portfolio. The Risk Policy must be reviewed annually, or more often if necessary, for example, if there are significant changes in the Fund's risk profile. The Fund's Board also sets a Risk Management Policy based on the proposal of the person responsible for risk management. The Risk Management Policy covers the implementation of the Fund's risk management and risk control in detail.
The Fund’s Risk Policy is based on Act no. 129/1997 on Obligatory Pension Rights Insurance and Pension Funds Operations, Regulation no. 590/2017 on the Risk Control System of Pension Funds and Regulation no. 916/2009 on Investment Policy and Auditing of the Returns of Pension Funds and Custodians of Private Pension Savings, with subsequent amendments. Risk management within the Fund also takes into account ISO standard 31000 on risk management.
Definition of the term risk in Regulation no. 590/2017 on the Risk Control System of Pension Funds is as follows: “Risk of financial loss resulting from an event that falls under one or more of the risk factors defined by the pension fund.”
Risk management is defined as the priorities, rules, processes, procedures, methodology, and summary of information used to identify, measure, evaluate, control, and monitor risks in the Fund’s portfolio and operations (in a broad context.)
Efforts should be made to have the organisation of the work components related to risk in Gildi’s operations as simple as possible to ensure traceability and in accordance with the Fund’s other values. Gildi’s Risk Policy is intended to support the aim of the Investment Policy of investing the funds of the Fund taking into account the most favourable terms available at any given time in terms of risk.
In general, a prudent approach should be taken when managing the Fund’s risk, and the structure of the portfolio as a whole should take into account indexed obligations in Icelandic króna valued at 3.5% interest towards fund members and the assets of beneficiaries. The aim of risk management is for the Fund’s employees and management to have a good overview of the risk factors present at the Fund and to be able to assess their potential impact on the Fund. In this way, the Fund’s employees are better equipped to manage its risks and, depending on the circumstances, avoid risks, reduce or increase them.
In general, risk control and risk management within Gildi is based on the criteria stated in the Investment Policy and/or Risk Policy. Criteria regarding the performance and risk of the Fund, asset groups and sub-portfolios are defined in Gildi’s Investment Policy and/or Risk Policy In cases where further explanations or definitions are needed, they appear in the Risk Management Policy or other set policies, procedures, and criteria of the Fund.
Risk in Gildi Pension Fund’s operations can be divided into financial risk and operational risk.
Financial risk is related to the Fund’s investment activities, e.g. development of assets and liabilities, as well as cash flow. Financial risks are market risk, counterparty risk, liquidity risk, and liability risk (pension insurance risk.)
The Fund’s operational risk is a risk related to the Fund’s internal operations, which may involve operational elements such as information systems, work processes, or the Fund’s employees. Political risk is part of operational risk, but operational risk also includes other risks related to external events in a pension fund’s operating environment.
Sustainability risk includes risks due to environmental and social issues as well as governance (UFS.) Sustainability risk is related to various risk factors within financial risk and operational risk, i.e. related to the communication, role, and responsibility of the Board, managers, and employees, both internally and towards other stakeholders of the Fund. Gildi has adopted a Sustainable and Responsible Investments Policy and Shareholder Policy, as well as communication rules and a Code of Ethics to frame relations with the Fund’s main stakeholders.
Changes in risk factors can affect assets and liabilities and thus the actuarial position of the mutual pension division and the likelihood of rights being reduced. Thus, changes in risk factors may affect the Fund's ability to conduct its defined activities and to achieve its primary objective, and thus its risk tolerance and risk appetite. The main risk factors within the Fund are discussed below. The nature, extent, implementation of risk management, risk measures and control measures for each risk factor, and the Fund’s attitude towards the risk factor, are described in more detail in the Risk Management Policy.
Market Risk
Market risk is defined as the risk of financial loss on items on and off the balance sheet due to changes in the market value of assets or liabilities, incl. due to changes in currency exchange rates (currency risk,) interest rate level (interest, reinvestment, and repayment risk,) inflation (inflation risk,) the price of shares and bonds and unit share certificates in funds (yield fluctuations,) as well as inconsistency risk and risk due to off-balance-sheet assets and liabilities. The risk level of market risk is assessed using various risk metrics, e.g. VaR, standard deviation, inflation correlation, and average lifespan.
Counterparty Risk
Counterparty risk is the risk of financial loss to the Fund if the issuer of a financial instrument or another counterparty fails to meet its agreed obligations. The Fund's counterparty risk arises primarily from the purchase of securities and the provision of collateralised loans. Counterparty risk is classified into credit risk, consolidation risk, country risk, settlement risk, and custody risk The risk level of counterparty risk is assessed with bond credit rating, expected loss, default analysis, and counterparty concentration.
Liquidity Risk
Liquidity risk is the risk that the Fund cannot fulfil its commitments when they come due. The main objective is that at any given time the Fund has sufficient liquid funds to meet necessary payments and obligations. Liquidity risk is generally not considered a major risk factor in the Fund's operations due to the fact that the expected net inflow into the Fund is considerable in the coming years and a large portion of the portfolio is considered highly liquid. Liquidity risk can be classified into: liquidity risk and cash flow risk. The risk level of liquidity risk is assessed through analysis of future cash flows and asset liquidity, amongst other things.
Pension Insurance Risk (Liability Risk)
Pension insurance risk is the risk within the mutual insurance division that the rights of fund members have to be reduced because assets do not meet long-term liabilities, due to changes in premiums, actuarial settlement requirements (reduction risk,) demographic factors such as life expectancy and the number of disabled persons and disability probability at the fund, as well as environmental, and rights transfer risk, amongst other things. The risk level of pension insurance risk is assessed by actuarial status, pension burden, the demographic composition of fund members and scenario analyses.
Operational Risk
Operational risk is the risk of negative impacts on the Fund due to inadequate or defective internal processes, errors and actions or omissions of employees, fraud, inadequate information systems or due to external events in the Fund's operating environment. Operational risk includes personnel risk, fraud risk, IT risk, facility risk or inadequate security measures, legal risk, information risk, outsourcing risk, reputational risk, and political risk (laws and regulations.) These risk factors are inherent in all of the Fund's operations. The risk level of operational risk is assessed based on the impact and probability of each risk factor.
Sustainability Risk
Risk related to sustainability refers to various risk factors that concern the possibility of companies and institutions to maintain profitable operations and their ability to continue operations in a sustainable manner in the long term. Sustainability risk can be due to the direct or indirect effects of environmental, social, or governance factors (UFS.) If the risk materializes, it may have a negative impact on the value of the pension fund's assets. The main risk of the Fund related to environmental matters (including climate change,) social issues (including human rights,) and governance is if investments are made in companies that do not fulfil their legal and/or ethical obligation, which may lead to losses and/or reputational risk for the Fund. The risk level of sustainability risk is assessed based on the impact and probability of each risk factor.
Risk Appetite
Risk appetite is defined as the risk that the Fund’s Board is willing to take.
Gildi’s risk appetite for the mutual insurance division and private pension schemes with regard to financial risk is defined in the Fund’s Investment Policy, classified by traditional groups of assets, as a gap between tolerance limits in the Investment Policy for each group of assets. It marks the fund’s willingness to spread assets and combine market and counterparty risk down to individual group of assets at any given time, as well as within each type of domestic bond. The tolerance limits are set in addition to the Investment Policy and portfolio tolerance limits by group type A–F (cf. the supporting document for the Fund’s investment methods in the Investment Policy appendix.)
Gildi’s Investment Policy is made with the aim of investing the funds of fund members, taking into account the most favourable terms available at any given time in terms of risk.
When formulating the Investment Policy, factors such as annuity burden, actuarial status, age distribution of fund members and rightsholders, future payment flow, current composition of assets, market conditions, risk metrics, and the Fund’s risk tolerance are examined. All of these are factors that influence the formulation of the Investment Policy and thus the Fund’s risk appetite, which can be increased or decreased based on an assessment of the aforementioned factors that make up the Fund’s risk profile.
The Fund’s risk appetite in terms of market and counterparty risk is also defined in more detail with other limitations and criteria in the Investment Policy. For more information, see section 4.9 for the mutual insurance division and section 5.5 for private pension schemes in the Investment Policy, which deal with other limitations and criteria for the Fund’s investment strategies.
The Fund’s risk appetite with regard to liquidity risk is defined by the appropriate criterion of the percentage of easily marketable assets, in the mutual insurance division and private pension schemes. A more detailed description of the liquidity risk criteria can be found in Appendix 1 of the established Risk Management Policy.
The Fund's risk appetite with regard to operational risk is defined so as to avoid risks that threaten the Fund's ability to carry out its defined activities and to achieve its primary objective.
Other criteria for risk mitigation can be found in the Fund’s Investment Policy and Risk Management Policy. Definitions and the Fund’s attitude towards individual risk factors can also be found in the Risk Management Policy.
Risk Tolerance
The risk tolerance of the Fund’s mutual insurance division and the private pension schemes with regard to financial risk is marked by set tolerances in the Investment Policy, classified according to traditional groups of assets, i.e. maximum and minimum ratios of individual groups of assets together with set tolerances for exchange-rate assets. In case of movement outside the set tolerances, the Fund must take action with appropriate portfolio changes, alongside other actions. A more detailed description of possible actions can be found in the Fund’s Risk Management Policy and procedures.
Also, the long-term risk tolerance of the mutual pension division considers the actuarial status of the division at each time. The fund is legally obliged to take certain measures if an actuarial study reveals a difference greater than 10% between asset items and obligations, or if the difference has stayed over 5% for five consecutive years, cf. Paragraph 2, Article 39 of Act no. 129/1997. Special measures may include changes to the rights of fund members. When assessing which measures are appropriate, consideration is given to looking for long-term solutions and the interests of fund members are the guiding principle. The development of the actuarial situation must be monitored and preventive measures applied if possible. This applies to both assets and liabilities, i.e. of all events that may cause the pension fund to be unable to meet its obligations.
The main risk factors are discussed later in this policy, but risk management, risk metrics, and control measures for individual risk factors are discussed in more detail in the Fund’s Risk Management Policy.
Gildi’s Board of Directors is responsible for formulating and establishing a Risk Policy and Risk Management Policy for the Fund, and the Managing Director is responsible for their implementation, both with regard to financial risk and operational risk.
Through the Risk Policy and Risk Management Policy, Gildi’s Board of Directors gives the Managing Director and others to whom it delegates authority, authority to control and manage risk in the Fund’s activities in accordance with what is stated here and within the authority defined here. The Managing Director and others responsible for risk management and risk control at Gildi regularly inform the Fund’s Board of the results and risks of the operations and decisions regarding risk management and risk control.
In Gildi’s organisational chart, there is a separate division, Risk Management, which reports directly to the Managing Director. Risk Management monitors both financial and operational risks, risk measurement of the Fund’s portfolio of assets and commitments, and is involved in the registration of deviations, and following-up thereof. Risk Management must be able to submit a report to the Board about its findings and appropriate measures without intermediaries. The Director of Risk Management is defined as the person responsible for risk management at the Fund and is therefore responsible for the implementation of risk control tasks in consideration of the Fund's activities. Gildi’s Asset Management is responsible for managing the financial risk of the fund, including decisions regarding purchase and sale of securities, in cooperation with the Managing Director and the Board of the Fund, as appropriate at each time. The Managing Director is responsible for managing the operational risk of the Fund in consultation with its Board with decisions on operations. Thus, a separation is achieved between risk control on the one hand and decisions on managing the Fund's risk in investments and operations on the other hand. The Fund's Board, Managing Director, and Asset Management can request the opinion of Risk Management or an external party when it is relevant.
All employees of the Fund are involved in the implementation of risk management as appropriate and must be aware of the importance of a control system and participate in the implementation of an appropriate risk culture within the Fund. This is done by presenting the Risk Policy and Risk Management Policy in an appropriate way to the employees at all times. Parties involved in decisions related to investment risk familiarise themselves with, and participate in, the formulation of the Risk and Risk Management Policies. In addition, all employees are made aware of the aspects of the policies that relate to their field of work in their job descriptions, the Fund's work processes, and the annual operational risk assessment. Efforts must also be made to ensure that the Fund's control system is set up in a clear and traceable manner, and that work processes and job descriptions reflect the Fund's risk management, control measures, and the control system as a whole.
In general, managers are responsible for ensuring that appropriate risk mitigation measures are implemented according to work procedures. Further responsibility for operational risk factors and associated risk mitigation measures is defined in the Fund's operational risk management system. Owners of operational risk factors are responsible for annual risk assessments of them, assessing whether they are adequately managed, and recording incidents/deviations. Owners of risk mitigation measures are responsible for ensuring that they are implemented and properly recorded in the Fund's operational risk management system and procedures. Risk Management is responsible for following up on operational risk assessments, designing the control system, and providing advice, education, and information regarding operational risk to employees and the Board.
The Fund's senior attorney oversees changes in regulations and laws, as well as monitoring the registration of interests of employees and board members. They are also responsible for anti-money laundering measures, etc.
The internal auditor reports to Gildi’s Board of Directors and examines whether the Fund’s internal control is in accordance with the Fund’s policy and rules. The auditor assesses the Fund’s control system and supervises the implementation of the Fund’s Risk Policy and Risk Management Policy.
The Risk Policy, Risk Management Policy and amendments to them are submitted to Gildi’s Board of Directors for approval after receiving the opinion of the Fund’s Audit Committee, which assesses the effectiveness and organisation of the Risk Policy and Risk Management Policy.
Every year, an own risk assessment of the Fund’s operations shall be carried out, where the Fund’s Board is an active participant by shaping the implementation of the risk assessment, by, amongst other things, reviewing the process, criteria, and results of the assessment. It must also be assessed whether the Risk Policy and Investment Policy are appropriate in accordance with the result of the own risk assessment.
Own risk assessment covers, e.g. analysis of the main risk factors, a description of the actions and criteria of the assessment, the results of control actions with and without risk measures and, when applicable, risk mitigating actions and the actions that Gildi Pension Fund intends to take if a risk materialises. Scenario analyses, sensitivity analyses and stress tests are used in the risk assessment, to assess, amongst other things, how risk taking aligns with the Fund’s obligations and the effectiveness of risk mitigating actions, as appropriate.
In order to determine the importance of risk factors, the Fund evaluates the impact of each risk factor based on the probability that the risk will materialise and the impact on its assets and liabilities. The assessment considers, amongst other things, the risk metrics associated with each risk factor, their development, scenario analyses, stress tests, and other control measures carried out during the year.
It is assumed that the own risk assessment is available three months after the Fund’s Financial Statements are available. Before 30 June each year, a report on own risk assessment is sent to the Financial Supervisory Authority. The results of the own risk assessment are presented to the Fund’s employees, and they are taken into account when making decisions and other actions in the Fund’s daily operations when appropriate.
A more detailed discussion of own risk assessment can be found in the Risk Management Policy and in the report on own risk assessment.
A deviation is defined as an event that has a significant financial or operational impact on the Fund, an IT deviation, a deviation from the set criteria and limits in the Investment, Risk, and Risk Management Policies, or a deviation from compliance with investment authorisations. Possible deviations must be immediately reported to the relevant managers of the Fund, i.e. to the Managing Director and Director of Risk Management, along with the owner of the risk factor to which the incident is related. Subsequently, the respective managers shall evaluate whether it is a confirmed deviation.
All confirmed deviations must be reported to the Board as soon as possible. If there is a confirmed deviation, the Financial Supervisory Authority must also be notified, and this should be done in accordance with the applicable rules and guidelines at each time.
Incident and deviation records shall be maintained in the incident section of the Fund's operational risk system, and the owners of the underlying risk factor are responsible for recording and following up on the incident. Every effort must be made to respond to deviations as quickly as possible and, as the case may be, to minimise the possible damage that may result from them. If deviations have occurred, they are also identified in the quarterly risk management reports to the Board of Directors, and it is reported whether appropriate measures have been taken.
Reykjavík, 8 May 2025