How to manage employee-benefits-related risk

Risk management strategies should be designed to tackle all manner of organisational risks, be they financial, regulatory, operational or people related, but should they also cover employee benefits?

Wind breaker

If you read nothing else, read this…

  • Employee benefits, such as preventative healthcare programmes, can help to mitigate organisational risks such as sickness absence and workplace stress. 
  • But benefits can bring their own risks to an organisation around cost, health and safety and regulation.
  • Employers must be aware of all the risks associated with offering a benefit to staff to ensure that both the organisation and its employees are protected.

In January, The Pensions Regulator (TPR) reported that by the end of 2014, 169 employers were fined for failing to comply with their workplace pension duties.

While this represents a small proportion of the employers that have now complied with the rules, it highlights just one of the organisational risks that can be created by employee benefits.

Workplace pension schemes, while a highly valued workplace benefit, can pose a number of risks both to an organisation and its employees. This is despite the move from defined benefit (DB) to defined contribution (DC) pension schemes shifting associated risks, such as investment risk, from employers to employees. This is due to a number of organisations still operating DB schemes that are open to future accrual. 

But employers can manage DB scheme risk with the help of their scheme trustees. Lynda Whitney, partner at Aon Hewitt, says: “It is very much about the employer working with trustees. The trustees set the investment strategy in terms of the risk, and it’s very important that they work together to look at the risks of the scheme and how much investment risk is being taken.”

Auto-enrolment risks 

Auto-enrolment also creates its own risks, such as the risk of all eligible employees not being enrolled.

Nick Allen, head of pensions consultancy at Jelf Employee Benefits, says: “[Employers] not taking pensions seriously enough is a risk. [Organisations] are getting to their staging date, but it’s the ongoing piece [that poses a potential problem].”

For example, employers must ensure that they have the technology in place to be able to deal with issues such as staff turnover and temporary workers.

Failing to communicate the intricacies of retirement saving and investment could also pose a potential risk for employers, in terms of their duty of care towards staff. 

“It’s all about the member understanding the benefits they’ve got, and [employers] assisting with overall financial planning. [This is not just about] pensions, but around what people’s expectations are, what they expect to retire on and helping them to understand how much they need,” says Whitney.

Pensions and retirement communication strategies, therefore, need to be ongoing, with key messages repeated so that they are regularly at the forefront of employees’ minds.

Assessing healthcare risks

Of course, pensions are not the only benefits that pose organisational risks for employers. Risks around healthcare and absence management can be numerous.

The top three risk factors that are likely to generate future medical insurance claims for employers in Europe are high blood pressure, poor stress management and high cholesterol, according to Aon Hewitt’s 2015 Global medical trend rate report, published in December 2014.

Health risks for expatriate staff are even more complex. Employers should be particularly aware of any existing medical conditions employees have that could be exacerbated in certain locations. For example, relocating an employee with breathing difficulties to Hong Kong, where air pollution is high, could present a significant risk to their health and the business.

Pre-assignment screening can help to reduce, or mitigate, such health and wellbeing risks.

Global disease management is also a vital aspect of health and wellbeing risk management. Steve Desborough, senior consultant, health and group benefits at Towers Watson, says: “Different diseases hit in different countries on an ongoing basis, so it’s important that an employer has the duty of care and good governance to make sure that employees are looked after at all times, therefore keeping its finger on the pulse.”

Employers can work with their private medical insurance (PMI) providers to identify any challenges or issues in particular geographies, which should involve analysis of PMI claims data.

But there are always going to be risks that employers cannot fully control, particularly when it comes to cost. Marco Bannerman, European sales director at Aetna International, says: “If [an employer] has employees working in China, which is an expensive region, then it has to live with the fact that the risk isn’t on the level of healthcare; it’s going to be the cost of the healthcare.”

Of course, cost should not be the focus of expat risk management strategies.

“[Strategies should be about] ensuring that [an employee] will be safe, they will be managing their chronic conditions, they stay productive at work and they will be taking less time off work,” says Bannerman. ”A happier, healthier employee is a more productive employee.”

Company car scheme risks

Company car schemes can also pose a high level of risk for both organisations and their employees.

Cost is the biggest risk that most employers are grappling with in this area, particularly in relation to the early termination of agreements and issues with absent staff, who are perhaps on parental leave or off because of a long-term illness.

Employers can mitigate such financial risk in two ways, either by creating a slush fund as a contingency that can be used to fund additional scheme costs, or by outsourcing their scheme and its associated risks to a car scheme provider. 

Safety is another key risk for employers with car schemes, with the Corporate Manslaughter and Corporate Homicide Act 2007 requiring organisations to take responsibility for ensuring that the cars their staff drive are fit for purpose, and that employees have a valid driving licence.

Car scheme providers can help employers to manage this risk. Alison Argall, business development director at Tusker, says: “The beauty of car schemes is that the cars are automatically insured for business use, they have an MOT and they are serviced regularly.

“The employer’s obligation is met in terms of them providing facilities to make sure the car is fit for purpose. Most scheme [providers] will also manage licence checking to make sure that an employee has a full and valid licence.”

Mitigating people risk

As part of their risk management efforts, employers should also consider the way in which employee benefits can help to manage other organisational risks, such as workforce management. Benefits can be an essential tool with which to attract and retain key staff and help employers to ensure that their talent pipeline and succession plans run smoothly.

Clare Kelliher, professor of work and organisation at Cranfield School of Management, says: “When an employee, who has sought-after skills, is able to weigh up whether they would want to be with one employer versus another, then under those circumstances the benefits package is likely to be an important [deciding factor].”

Awareness of the risks benefits pose to both the organisation and employees can help employers to create and manage a robust risk management structure, but as with any risk management strategy, employers must ensure that there is a balance between the risks and rewards.

Case study: The Attachmate Group tackles risk management around international staff 

Attachmate group

The Attachmate Group offers its international employees a robust benefits package to help manage organisational risks. 

But ensuring that its perks are fair and competitive can be a challenge, particularly when it comes to ensuring that it remains up to date with legislative changes.

Ian Wright, director, global compensation and benefits, at The Attachmate Group, says: “The main challenges are knowing exactly what benefits are offered and to whom, particularly where we have some legacy benefits arrangements due to acquisitions we’ve made in the past.

“On top of that, we have the challenge of knowing what the statutory requirements are in each country and what the typical market practice is, and then keeping up to date with any legislative changes that might need us to make a change to the benefits.”

The software holding organisation, which owns brands including Attachmate, NetIQ, Novell and SUSE, and has around 3,500 employees working in 30 countries, recognises the importance of ensuring that all employees receive a minimum level of benefits.

“Every country is very different, but we aim to ensure that in each country, as a minimum, our employees have life assurance , access to healthcare and also retirement provision ,” says Wright. 

This may be in the form of workplace or state-funded benefits support.

“In Germany, private medical insurance [PMI] is rare, because there is a good state-run medical scheme,” adds Wright. ”And in Australia there is a mandatory state superannuation retirement plan that employees must contribute to.”

The organisation works with local benefits advisers to ensure that the benefits package offered to staff remains fair and competitive, and to keep it updated about any required statutory changes. “We also buy benefits reports every few years to review our competitiveness,” says Wright. 

It also works with local brokers to ensure it gets the best price for annual benefit scheme renewals. “For some benefits, such as life assurance, it’s all about the price. But for benefits such as PMI, the level of service from the provider is also very important,” Wright adds. 

Differentials by geographic region among the risk factors that are expected to generate future claims

Asia-Pacific Canada Europe Latin America Middle East/Africa

Poor stress management

Physical inactivity

High blood pressure

High blood pressure

High blood pressure

High cholesterol


Poor stress management


High cholesterol

Physical inactivity


High cholesterol

High cholesterol

Physical inactivity

Source: 2015 Global medical trend rate survey report, published by Aon Hewitt, December 2014


Viewpoint: Anna McCaffrey: How to manage bring-your-own-device scheme risks 

Anna McCaffrey

Proponents of bring-your-own-device (BYOD) policies consider that advantages to employers can include higher productivity, increased staff morale and lower overall IT costs. For employees, BYOD can facilitate mobile and flexible working and be a useful tool to promote better work-life balance.

If an organisation has adopted a BYOD policy, it is crucial that appropriate safeguards and procedures are put in place, and clearly communicated to employees, to comply with data protection obligations and to protect the organisation’s confidential information from being disclosed to third parties, whether accidentally or deliberately. 

As part of their BYOD policy, employers should provide guidance to employees on their data protection responsibilities, for example by specifying types of personal data that should not be stored on particular devices, or which can only be stored on devices with high levels of encryption.

They should also make it clear to employees that corporate data can only used for work purposes and should not be disclosed to any third party.

‘Acceptable use’ guidelines should be established to mitigate the risks, such as data leakage, that arise from the use of email and social media on devices that are also utilised to access corporate data.

And technical safeguards, such as strong passwords, data encryption, secure back-up, automatic device locking and the ring-fencing of corporate data, should be implemented by, for example, keeping it within a specific app, and disabling interfaces used to connect to other devices such as printers or storage devices.

Employers should also consider technical measures to protect and delete personal data stored on the device throughout the lifecycle of the device, including after theft or loss of the device; after the employee leaves employment with the organisation; if the device is sold on; or if the device breaks and is returned to the manufacturer.

Sign up to our newsletters

Receive news and guidance on a range of HR issues direct to your inbox

This field is for validation purposes and should be left unchanged.

A clear and effective BYOD policy is the best way for employers to balance the flexibility benefits of BYOD arrangements with managing the security and data protection risks that are inherent in allowing employees to use their own devices. 

Anna McCaffrey is senior associate in the employment practice at Taylor Wessing