The FY (Financial Year) 2022/23 began with a sense of normalcy, as businesses prioritised recovery from the impact of Covid-19. However, regional, and international geopolitical dynamics introduced new challenges, slowing down the economic recovery phase and creating a more challenging risk landscape.”
Mr. Edward Senyonjo, Head of Enterprise Risk Management

Risk Landscape

The main factors that have led to the burgeoning risk landscape include:

Russia - Ukraine Conflict
  • The Russia-Ukraine conflict, initially anticipated to be short-lived by many global players, has now evolved into a widespread global conflict. This escalation has significantly disrupted economic activities and triggered the emergence of new international alliances. This conflict is likely to have a lasting impact on the economic, social, and political landscape, intensifying uncertainty in the business environment.
Regional geopolitical dynamics

  • Post-election riots persisted in Kenya, leading to internal political tensions, and worsening of the economic situation.
  • In addition, terrorist activities perpetuated by Al-Shabaab and the Allied Democratic Forces (ADF) in Kenya and Uganda respectively, disrupted economic activities in the region.
  • The unresolved conflict involving the M23 rebels in the Democratic Republic of the Congo (DRC), has escalated tensions between the DRC and the neighbouring countries. This situation has significantly affected trade along the DRC-Uganda border, leading to reduced economic activity in that region.
Key positive developments in the region

  • Trade tensions among the East African countries have greatly reduced, with major borders now open.
  • Uganda and Tanzania are in advanced stages in the exploration and exploitation of oil and gas. The construction of the oil pipeline is anticipated to commence soon, promising to further stimulate economic activities in the region.


In NSSF, just like in any other organisation, understanding and managing the dynamic risk environment is of paramount importance. The risk environment encompasses a mix of internal and external factors that could potentially impact our ability to achieve our objectives and goals. These factors can manifest as opportunities or threats, and their effective assessment and management are critical for ensuring the success and sustainability of our operations.


Our risk management approach and strategy are underpinned by the fact that risk management is an integral party of business strategy. At NSSF, every employee understands and embraces their responsibility for managing risk as an integral aspect of their daily activities. NSSF has continuously improved its risk management practices by incorporating an agile risk management culture through:

At a strategic level, risk assessments are conducted on all key matters, with detailed risk reports highlighting the risks and mitigation measures shared with Management and the Board. The risk assessment reports are key in informing the relevant stakeholders of the risks associated with the matters under consideration, which enhances decision-making.


The risk structured process outlined below enables the Fund to effectively manage risks across different departments.


A well-defined risk reporting structure ensures that risks are communicated from the tactical level to the strategic level. The Board receives quarterly updates on the key risks facing the Fund, along with relevant mitigation measures. The Board, through the Audit and Risk Assurance Committee (ARC), reviews the risks presented and directs management on how to address the risk exposures. It is a two-way (bottom-up and top-down) risk communication.


The Board of Directors is responsible for the overall risk management strategy of the Fund, and executes this mandate by exercising oversight on enterprise risk management activities.

Audit and Risk Assurance Committee (ARC)

The role of ARC is to ensure the integrity of risk reporting, the effectiveness of internal controls with regards to the risk profile of NSSF, as well as policy and regulatory compliance. The Committee scrutinises enterprise risk reports from Management and provides guidance on the appropriateness of the Fund’s risk management response strategy.

Executive Committee (ExCo)

Management is charged with the responsibility for taking appropriate risk within the risk appetite framework approved by the Board to create value. Numerous opportunities and risks exist in the environment, but we determine which risks and opportunities, and the extent thereof, we should take on to attain our strategic objectives. Management is also responsible for ensuring that enterprise risk management is effective in addressing the risk profile of the Fund.

Risk Management Committee (RMC)

The RMC analyses the effectiveness of the enterprise risk management strategy and activities and provides guidance to the Chief Risk Officer on how risk exposures should be addressed.

Enterprise Risk Management (ERM) department

The ERM department plays a key role in coordinating the risk management process in the Fund and conducting risk awareness training and sensitisation fund wide.

Risk owners

Risk owners are the staff who are directly accountable for ensuring risks are managed effectively, by implementing actions required to mitigate risks.

Combined assurance through the three lines of defence

In the Fund, the assurance activities are integrated based on the business model and risk appetite. The 1st line of defence, which is operational management, is responsible for identifying risks and applying the relevant controls to detect and prevent materialisation of risks. The 2nd line of defence (ERM) is responsible for risk policy development, co-ordination of risk management activities, promoting awareness and keeping executive management and the Board abreast of emerging risks and mitigation strategies. The 3rd line of defence (Internal audit) follows a risk-based approach, which is informed by the risks identified and assessed by the ERM department, to provide assurance on the adequacy and effectiveness of the internal controls with regards to the risk profile of the Fund. External auditors review financial statements and provide an independent opinion on the integrity of the financial statements and the strength of the associated controls. This process creates a holistic and strategic approach to risk management, reducing the negative effects of risk exposures, while increasing opportunities in the medium and long term for the benefit of stakeholders.


Operational Management