22. The SWF should have a framework that identifies, assesses, and manages the risks of its operations.
22.1. The risk management framework should include reliable information and timely reporting systems, which should enable the adequate monitoring and management of relevant risks within acceptable parameters and levels, control and incentive mechanisms, codes of conduct, business continuity planning, and an independent audit function.
22.2. The general approach to the SWF’s risk management framework should be publicly disclosed.
APFC’s Board of Trustees approved risk management framework is detailed in the APFC Investment Policy. The risk management framework covers salient investment risk parameters and thresholds, credit rating risk for fixed income securities, legal risk management, permitted use of leverage, and foreign exchange risk.
APFC’s approach to compliance, monitoring, and reporting of risk measures are also detailed in the risk management framework. Risk dashboards are produced internally on a daily basis, and the Fund’s Chief Risk Officer provides a risk update and overview report to the APFC Board each quarter at the public Board of Trustees meetings. APFC’s investments are regularly reviewed at the portfolio level for historical risk scenarios, stress tests, tracking error, and value at risk among other measures. Individual asset class managers use specific measures for their asset classes to monitor duration, credit risk, etc.
The ethical conduct of APFC staff falls under the Alaska Executive Branch Ethics Act, and APFC-specific statutes require APFC Board members and staff to report personal investments which are also held by the Permanent Fund.
To limit the risk of fraudulent actions, the custodian and APFC have written policies and procedures that must be followed for all asset movements.
APFC’s employees have controlled access rights to the cash transfer system, and all transfers must be created by one employee and authorized by at least one other employee. All cash flows are reconciled daily and monthly by various staff members. The duties of APFC’s investments and accounting sections are kept separate.
The Fund’s information technology network has security procedures and firewalls in place and is regularly backed up.
There is a business continuity plan, and contingency plans are in place for transferring the management of the Fund to other locations or outside managers on a temporary basis.
APFC has system access controls with written policies and procedures, as well as monthly reconciliations. State law requires that an audit be performed annually by an external auditor.
The APFC Board of Trustees regularly discusses its approach to risk management at public meetings, the board packets and minutes of which as well as the Investment Policy Statement are posted at www.apfc.org.