Issue - meetings

46.1     The Committee considered a report introduced by Sian Kunert who drew the Committee’s attention to the following risks:

1) Risk G3: Cyber security risk has been heightened to a red risk post mitigation. This is to ensure the Pension Fund reporting is aligned to the wider Council. The National Cyber Security Centre (NCSC) has highlighted the substantial risk to British web infrastructure, with elevated levels of Cyber Crime being reported against all areas of government, particularly in light of the current Ukrainian situation. Cyber attacks are growing more frequent, sophisticated, and damaging when they succeed. The risk mitigation commentary has also been updated to reflect the findings of an extensive review of the systems used by the Pension Team. No material weaknesses were identified with some minor suggestions on improvements that can be made and these recommendations are being acted upon. A standalone meeting on this matter is recommended for the Committee and Board.

2)  Risks G2 and G4: these risks have been reduced in their severity, these risks relate to Governance. In February 2023 the risk scores were increased due to the uncertainty caused by a significant number of expected vacancies on the Pension Board. As these positions are now filled it is recommended the risk levels be returned to previous levels.

3) Risk I4 – Officers recommended the risk level be reduced to an amber risk. There has been progress in relation to ACCESS pool and an Operator has now been put in place.

46.2        The Committee RESOLVED to review and note the Pension Fund Risk Register.