The PRI Board assumes overall accountability for overseeing risks facing the PRI.
The board is supported by the Finance, Audit and Risk Committee, which evaluates the veracity of the financial statements, the efficacy of risk management, the efficacy of compliance controls and the strength and appropriateness of general control and mitigation processes across PRI Association.
Risks – divided into strategic risks and operational risks – are scored by likelihood and impact, and include relevant controls and mitigants.
The PRI and the landscape in which it operates is becoming more complex, requiring our risk framework to develop. Following an organisational effectiveness review, the board has committed to reforming the risk framework over time, including developing a board-agreed formal risk appetite.
Strategic risks are risks to the relevance or efficacy of the organisation in working towards the PRI Mission. They largely arise from external factors in the investment industry and broader political, social and economic trends. Strategic risks are discussed by the board at the start of the strategy period, and as part of any ongoing discussions to which they are relevant.
Strategic risks identified by the board in the most recent strategy include:
- Differing expectations over responsible investment process and real-world outcomes
- Divergent regulatory environment
- Changes in the investment landscape (such as shifts from defined benefit to defined contribution systems, and from active to passive management)
- Varying needs and preferences of a diverse signatory base
- Changes in the responsible investment landscape (such as new organisations or new regulations)
- Failure to adapt to technological developments
- Dysfunctional collaboration with external partners
For more information on these identified risks, see the PRI 2021-24 strategy.
Operational risks are risks to the day-to-day business activities of the organisation, including its governance, finances, operations and human resources. Operational risks are reviewed by the Finance, Audit and Risk Committee alongside the compliance report, at least quarterly, and reported to the board. Key operational risks discussed this year include:
- Delivery of the 2021 Transparency/Assessment Reports and 2023 reporting
- Financial risks, including rising work programme costs, currency fluctuations, rising inflation and lower AUM (impacting fees)
- Reputational risks to the PRI from actions of individual signatories
- Information security and cybersecurity risks
- COVID-19 risks, including implications for PRI in Person 2022