Key Function Holders (KFHs)
Article 21(5) of IORP II requires every IORP to designate holders for four key functions: risk management, internal audit, actuarial (where applicable), and compliance. These functions are transposed in Sections 64AN–64AQ of the Pensions Act 1990 as amended. Key Function Holders are not honorary roles. Each KFH carries statutory responsibility for their function and must be able to demonstrate that it is being discharged effectively. The Pensions Authority expects to see appointment records, fit and proper assessments, and evidence of active function delivery for each KFH.Appointment Process
Regardless of which KFH is being appointed, the process must include:Identify Candidate
The trustee board identifies a proposed KFH — either an individual trustee, a professional service provider, or an outsourced firm. The candidate must have the competence to perform the function.
Fit and Proper Assessment
A formal fit and proper assessment must be completed before appointment. This covers knowledge and experience, fitness (capability), and propriety (good character / no disqualifying factors). Under Article 23 IORP II / Section 64AV Pensions Act, this assessment must be documented.
Formal Appointment
The board resolves to appoint the KFH. The appointment is minuted, and an appointment letter is issued. For outsourced KFHs, the outsourcing agreement must meet the Article 31 IORP II requirements.
Notify the Pensions Authority
The Pensions Authority is notified of the appointment. PensionsPortal.ie generates the notification in the required format.
Risk Management KFH (Article 25 IORP II)
Statutory Responsibility
The Risk Management KFH has statutory responsibility for the risk management function of the scheme under Article 25 IORP II / Section 64AO Pensions Act. This is the most substantive of the four functions: it encompasses the ORA, the risk register, the risk management policy, and the risk appetite framework.Independence Requirement
Where proportionate to the size and complexity of the scheme, the Risk Management KFH must be independent from operational activities that generate the risks they are assessing. This does not require the KFH to be external to the scheme, but it does mean a trustee who is also the scheme administrator should not simultaneously hold the Risk Management KFH role without appropriate governance safeguards.Key Tasks
Own Risk Assessment (ORA) — Lead Responsibility
Own Risk Assessment (ORA) — Lead Responsibility
The Risk Management KFH leads the ORA process. They are responsible for ensuring the ORA is conducted at least every three years (or following a significant change in risk profile), that it covers all required risk categories, and that the completed ORA is presented to the trustee board for review and sign-off. The ORA must be documented and retained as a primary compliance evidence item. ORA detail →
Risk Register Maintenance
Risk Register Maintenance
The KFH maintains a live risk register that captures identified risks, their likelihood and impact, current controls, residual risk levels, and assigned owners. The risk register is reviewed at each trustee board meeting and updated following the ORA cycle.
Risk Management Policy
Risk Management Policy
The KFH owns the risk management policy, ensuring it is current, board-approved, and reviewed at least every three years. The policy must document the risk appetite and risk tolerance of the scheme.
Annual Board Reporting
Annual Board Reporting
The Risk Management KFH must report to the trustee board at least annually on the risk profile of the scheme, the status of the risk register, material risk events, and the adequacy of risk controls.
PensionsPortal.ie: Risk Management
- Risk Register Module: Structured risk register with likelihood/impact scoring, control mapping, and residual risk tracking. Updates are time-stamped and version-controlled.
- ORA Workflow: End-to-end ORA process covering all Pensions Authority-required risk categories, AI-assisted narrative drafting, mandatory human review gate, and board sign-off with digital record.
- Policy Templates: Scheme-specific risk management policy template, pre-populated with scheme data, editable by the KFH, and stored with version history.
Internal Audit KFH (Article 26 IORP II)
Statutory Responsibility
The Internal Audit KFH has statutory responsibility for the internal audit function under Article 26 IORP II / Section 64AP Pensions Act. Internal audit provides independent assurance to the trustee board on the effectiveness of the internal control system.Independence Requirement
The Internal Audit KFH must be functionally independent. This means the KFH cannot audit activities for which they have operational responsibility. For smaller schemes, this frequently means the internal audit function is outsourced to an external firm — which is permitted under IORP II, but trustees retain full accountability for the function.When the internal audit function is outsourced, the outsourcing arrangement must meet the requirements of Article 31 IORP II, and the Pensions Authority must be notified. The trustee board must receive the auditor’s reports directly and must track the remediation of findings.
Key Tasks
Annual Audit Plan
Annual Audit Plan
The KFH produces an annual internal audit plan, approved by the trustee board, covering the scope and schedule of audit work for the year. The plan should be risk-based — prioritising areas of higher risk to member outcomes.
Audit Findings Log
Audit Findings Log
All audit findings — including their severity, recommended actions, and assigned owners — are logged and tracked to completion. Open findings must be reported to the board at each meeting until resolved.
Independence Declarations
Independence Declarations
The KFH (or outsourced auditor) provides an annual independence declaration confirming no conflicts of interest that would impair audit objectivity. This declaration is retained as a compliance evidence item.
Internal Audit Policy
Internal Audit Policy
The KFH owns the internal audit policy, defining the scope, methodology, frequency, and independence standards for the function. The policy is reviewed at least every three years.
PensionsPortal.ie: Internal Audit
- Audit Plan Module: Digital audit plan with scope, schedule, and board approval record.
- Findings Log: Structured log with severity classification, remediation tracking, and escalation to board dashboard where findings remain open.
- Independence Declarations: Digital declaration template with annual reminder workflow.
Actuarial KFH (Article 27 IORP II)
When Required
The Actuarial KFH is required where the scheme:- Provides biometric risk guarantees (e.g. death benefits, disability cover, longevity risk)
- Provides guarantees on investment performance
- Defines the level of retirement benefit (i.e., defined benefit arrangements)
Key Tasks
Annual Contribution Schedule (ACS)
Annual Contribution Schedule (ACS)
The primary deliverable of the actuarial function is the ACS, which certifies that the scheme’s contribution rate is adequate to fund benefits. The ACS must be prepared by a Fellow of the Society of Actuaries in Ireland (or equivalent) and submitted to the Pensions Authority on the prescribed schedule.
Actuarial Assumptions
Actuarial Assumptions
The KFH maintains and documents the actuarial assumptions underlying ACS calculations — mortality tables, discount rates, salary inflation, pension increases — and provides the board with a clear explanation of the impact of assumption changes.
Funding Level Monitoring
Funding Level Monitoring
The KFH monitors the funding level of the scheme against the Minimum Funding Standard and the scheme’s own funding target. Material funding level movements are reported to the board promptly.
Technical Provisions
Technical Provisions
For DB schemes, the KFH calculates and certifies the technical provisions — the assets required to meet current and projected liabilities — on the basis approved in the actuarial policy.
PensionsPortal.ie: Actuarial Function
- ACS Builder: Collaborative workspace for the scheme actuary to prepare, version, and submit the ACS, with trustee review and sign-off workflow.
- Actuary Collaboration Portal: Secure document exchange and communication channel between trustees and the appointed actuary, with full audit trail.
Compliance KFH (Article 24 IORP II)
Statutory Responsibility
The Compliance KFH has statutory responsibility for the compliance function under Article 24 IORP II / Section 64AQ Pensions Act. The compliance function provides oversight of the scheme’s compliance with all applicable regulatory obligations — not just IORP II, but also the Pensions Act more broadly, data protection law, anti-money laundering requirements (where applicable), and any scheme-specific regulatory conditions.Key Tasks
Compliance Monitoring Programme
Compliance Monitoring Programme
The KFH maintains a compliance monitoring programme that maps each regulatory obligation to a control or activity, assigns an owner, and specifies the monitoring frequency. The programme is reviewed at least annually and updated when new regulatory requirements arise.
Regulatory Submissions
Regulatory Submissions
The Compliance KFH tracks all mandatory submissions to the Pensions Authority (annual scheme return, ACS submission, ORA filing where required, KFH notifications) and ensures they are completed accurately and on time.
Pensions Authority Correspondence
Pensions Authority Correspondence
Compliance Dashboard
Compliance Dashboard
The KFH maintains a compliance dashboard that gives the trustee board visibility over the scheme’s compliance status, outstanding submissions, and open compliance issues.
PensionsPortal.ie: Compliance Function
- Compliance Monitoring: Regulatory obligation mapping with control tracking, owner assignment, and automated reminders for monitoring tasks.
- Submission Tracker: Comprehensive calendar of mandatory regulatory submissions with status tracking, reminder workflow, and submission evidence storage.
- Pensions Authority Correspondence Log: Centralised log of all regulatory correspondence with the Pensions Authority, including outbound submissions and inbound communications.
Summary: KFH Obligations at a Glance
| Function | Article | PA Notification | Can Be Outsourced | Applies To |
|---|---|---|---|---|
| Risk Management | Art. 25 | ✅ Required | ✅ Yes | All IORPs |
| Internal Audit | Art. 26 | ✅ Required | ✅ Yes | All IORPs |
| Actuarial | Art. 27 | ✅ Required | ✅ Yes | DB / biometric guarantee schemes |
| Compliance | Art. 24 | ✅ Required | ✅ Yes | All IORPs |
Even where a KFH role is outsourced, the trustee board retains full statutory accountability. The board must actively oversee the outsourced function, receive reports, and evidence this oversight in their meeting minutes.