Skip to main content

Key Function Holders (KFHs)

Article 21(5) of IORP II requires every IORP to designate holders for four key functions: risk management, internal audit, actuarial (where applicable), and compliance. These functions are transposed in Sections 64AN–64AQ of the Pensions Act 1990 as amended. Key Function Holders are not honorary roles. Each KFH carries statutory responsibility for their function and must be able to demonstrate that it is being discharged effectively. The Pensions Authority expects to see appointment records, fit and proper assessments, and evidence of active function delivery for each KFH.
KFH appointments must be notified to the Pensions Authority. Under Section 64AN of the Pensions Act 1990, trustees are required to notify the Pensions Authority of the identity of each Key Function Holder. Failure to notify is a compliance breach. When a KFH changes, the Pensions Authority must be notified of both the departure and the new appointment. PensionPortal.ai generates Pensions Authority notification letters as part of the KFH appointment workflow.

Appointment Process

Regardless of which KFH is being appointed, the process must include:
1

Identify Candidate

The trustee board identifies a proposed KFH — either an individual trustee, a professional service provider, or an outsourced firm. The candidate must have the competence to perform the function.
2

Fit and Proper Assessment

A formal fit and proper assessment must be completed before appointment. This covers knowledge and experience, fitness (capability), and propriety (good character / no disqualifying factors). Under Article 23 IORP II / Section 64AV Pensions Act, this assessment must be documented.
3

Formal Appointment

The board resolves to appoint the KFH. The appointment is minuted, and an appointment letter is issued. For outsourced KFHs, the outsourcing agreement must meet the Article 31 IORP II requirements.
4

Notify the Pensions Authority

The Pensions Authority is notified of the appointment. PensionPortal.ai generates the notification in the required format.
5

Establish Reporting Cadence

The KFH and trustee board agree the reporting schedule. At minimum, each KFH should report to the board annually. Reports must be documented and minuted.

Risk Management KFH (Article 25 IORP II)

Statutory Responsibility

The Risk Management KFH has statutory responsibility for the risk management function of the scheme under Article 25 IORP II / Section 64AO Pensions Act. This is the most substantive of the four functions: it encompasses the ORA, the risk register, the risk management policy, and the risk appetite framework.

Independence Requirement

Where proportionate to the size and complexity of the scheme, the Risk Management KFH must be independent from operational activities that generate the risks they are assessing. This does not require the KFH to be external to the scheme, but it does mean a trustee who is also the scheme administrator should not simultaneously hold the Risk Management KFH role without appropriate governance safeguards.

Key Tasks

The Risk Management KFH leads the ORA process. They are responsible for ensuring the ORA is conducted at least every three years (or following a significant change in risk profile), that it covers all required risk categories, and that the completed ORA is presented to the trustee board for review and sign-off. The ORA must be documented and retained as a primary compliance evidence item. ORA detail →
The KFH maintains a live risk register that captures identified risks, their likelihood and impact, current controls, residual risk levels, and assigned owners. The risk register is reviewed at each trustee board meeting and updated following the ORA cycle.
The KFH owns the risk management policy, ensuring it is current, board-approved, and reviewed at least every three years. The policy must document the risk appetite and risk tolerance of the scheme.
The Risk Management KFH must report to the trustee board at least annually on the risk profile of the scheme, the status of the risk register, material risk events, and the adequacy of risk controls.

PensionPortal.ai: Risk Management

  • Risk Register Module: Structured risk register with likelihood/impact scoring, control mapping, and residual risk tracking. Updates are time-stamped and version-controlled.
  • ORA Workflow: End-to-end ORA process covering all Pensions Authority-required risk categories, AI-assisted narrative drafting, mandatory human review gate, and board sign-off with digital record.
  • Policy Templates: Scheme-specific risk management policy template, pre-populated with scheme data, editable by the KFH, and stored with version history.

Internal Audit KFH (Article 26 IORP II)

Statutory Responsibility

The Internal Audit KFH has statutory responsibility for the internal audit function under Article 26 IORP II / Section 64AP Pensions Act. Internal audit provides independent assurance to the trustee board on the effectiveness of the internal control system.

Independence Requirement

The Internal Audit KFH must be functionally independent. This means the KFH cannot audit activities for which they have operational responsibility. For smaller schemes, this frequently means the internal audit function is outsourced to an external firm — which is permitted under IORP II, but trustees retain full accountability for the function.
When the internal audit function is outsourced, the outsourcing arrangement must meet the requirements of Article 31 IORP II, and the Pensions Authority must be notified. The trustee board must receive the auditor’s reports directly and must track the remediation of findings.

Key Tasks

The KFH produces an annual internal audit plan, approved by the trustee board, covering the scope and schedule of audit work for the year. The plan should be risk-based — prioritising areas of higher risk to member outcomes.
All audit findings — including their severity, recommended actions, and assigned owners — are logged and tracked to completion. Open findings must be reported to the board at each meeting until resolved.
The KFH (or outsourced auditor) provides an annual independence declaration confirming no conflicts of interest that would impair audit objectivity. This declaration is retained as a compliance evidence item.
The KFH owns the internal audit policy, defining the scope, methodology, frequency, and independence standards for the function. The policy is reviewed at least every three years.

PensionPortal.ai: Internal Audit

  • Audit Plan Module: Digital audit plan with scope, schedule, and board approval record.
  • Findings Log: Structured log with severity classification, remediation tracking, and escalation to board dashboard where findings remain open.
  • Independence Declarations: Digital declaration template with annual reminder workflow.

Actuarial KFH (Article 27 IORP II)

When Required

The Actuarial KFH is required where the scheme:
  • Provides biometric risk guarantees (e.g. death benefits, disability cover, longevity risk)
  • Provides guarantees on investment performance
  • Defines the level of retirement benefit (i.e., defined benefit arrangements)
Most one-member arrangements that have DB characteristics or provide guaranteed benefits will require an Actuarial KFH. Pure defined contribution schemes with no guarantees may not require this function.

Key Tasks

The primary deliverable of the actuarial function is the ACS, which certifies that the scheme’s contribution rate is adequate to fund benefits. The ACS must be prepared by a Fellow of the Society of Actuaries in Ireland (or equivalent) and submitted to the Pensions Authority on the prescribed schedule.
The KFH maintains and documents the actuarial assumptions underlying ACS calculations — mortality tables, discount rates, salary inflation, pension increases — and provides the board with a clear explanation of the impact of assumption changes.
The KFH monitors the funding level of the scheme against the Minimum Funding Standard and the scheme’s own funding target. Material funding level movements are reported to the board promptly.
For DB schemes, the KFH calculates and certifies the technical provisions — the assets required to meet current and projected liabilities — on the basis approved in the actuarial policy.

PensionPortal.ai: Actuarial Function

  • ACS Builder: Collaborative workspace for the scheme actuary to prepare, version, and submit the ACS, with trustee review and sign-off workflow.
  • Actuary Collaboration Portal: Secure document exchange and communication channel between trustees and the appointed actuary, with full audit trail.

Compliance KFH (Article 24 IORP II)

Statutory Responsibility

The Compliance KFH has statutory responsibility for the compliance function under Article 24 IORP II / Section 64AQ Pensions Act. The compliance function provides oversight of the scheme’s compliance with all applicable regulatory obligations — not just IORP II, but also the Pensions Act more broadly, data protection law, anti-money laundering requirements (where applicable), and any scheme-specific regulatory conditions.

Key Tasks

The KFH maintains a compliance monitoring programme that maps each regulatory obligation to a control or activity, assigns an owner, and specifies the monitoring frequency. The programme is reviewed at least annually and updated when new regulatory requirements arise.
The Compliance KFH tracks all mandatory submissions to the Pensions Authority (annual scheme return, ACS submission, ORA filing where required, KFH notifications) and ensures they are completed accurately and on time.
The KFH manages all correspondence with the Pensions Authority, ensuring timely and accurate responses to information requests, supervisory review queries, and any enforcement correspondence.
The KFH maintains a compliance dashboard that gives the trustee board visibility over the scheme’s compliance status, outstanding submissions, and open compliance issues.

PensionPortal.ai: Compliance Function

  • Compliance Monitoring: Regulatory obligation mapping with control tracking, owner assignment, and automated reminders for monitoring tasks.
  • Submission Tracker: Comprehensive calendar of mandatory regulatory submissions with status tracking, reminder workflow, and submission evidence storage.
  • Pensions Authority Correspondence Log: Centralised log of all regulatory correspondence with the Pensions Authority, including outbound submissions and inbound communications.

Summary: KFH Obligations at a Glance

FunctionArticlePA NotificationCan Be OutsourcedApplies To
Risk ManagementArt. 25✅ Required✅ YesAll IORPs
Internal AuditArt. 26✅ Required✅ YesAll IORPs
ActuarialArt. 27✅ Required✅ YesDB / biometric guarantee schemes
ComplianceArt. 24✅ Required✅ YesAll IORPs
Even where a KFH role is outsourced, the trustee board retains full statutory accountability. The board must actively oversee the outsourced function, receive reports, and evidence this oversight in their meeting minutes.