Business doesn’t need to be a risky
Barry Neilson, business development director at Nucleus, outlines why and how a formal risk management framework employed across an adviser firm can help reduce business risk
The industry sea change created by the Retail Distribution Review has encouraged advisory firms to review key parts of their business propositions. Firms continue to go through business model modification, as aspects such as fee models, client segmentation, platform usage and their overall commitment to independence remain under scrutiny.
Added to this, it’s clear that advisory firms are taking greater control of the different elements of the supply chain supporting their client propositions. The days of firms being viewed as a distribution mechanism by the traditional life companies are all but over. All of these factors are leading to a significant amount of new solutions being adopted across the industry.
Many advisers are very optimistic about the future. Amid all of this evolution and optimism, it’s important to pause and consider governance issues and particularly how adviser firms improve their approach to risk management.
As their business models continue to modify to suit the post-RDR landscape, many advisers will need to more closely consider the negative impacts caused to either their clients or their own business as a result of proposition ‘improvements’ not delivering the desired outcome. Increasingly the FSA expect firms to demonstrate more robust processes around how they identify and manage risks resulting from an evolving proposition and, in most cases, this can be done most effectively by the firm adopting a formal risk management framework across their business.
Six reasons why…
Risk management shouldn’t just be viewed as another compliance related chore; if implemented properly it should improve the efficiency of your business and contribute positively to shareholder value. Here are six reasons why advisers should operate a risk framework.
1. Fewer shocks and unwelcome surprises. A greater awareness of risk should reduce the likelihood of failing to identify a problem until it’s too late.
2. Visible accountability. Once clear about the risks that sit within your business, risk can be monitored to ensure it‘s dealt with effectively and responsibly.
3. New revenue opportunities. Identifying and dealing with risks can lead to the discovery of new commercial opportunities and will naturally lead you to explore alternative ways of doing things.
4. Preparation, organisation, discipline! A strong risk framework should support your strategic and business planning to make sure it’s calibrated to the specific needs of your business, clients and also the regulator.
5. Additional shareholder value. The ability to demonstrate embedded corporate governance and greater regulatory adherence.
6. Client confidence. A thorough risk framework demonstrates your commitment to treating customers fairly.
Four key stages
There are many different ways to approach establishing a suitable methodology for your business but most risk management frameworks will contain the following four key elements:
1. Identification of risks.
The initial identification of the risks within a business can be approached in a number of ways. Given that we operate in a highly regulated environment initial consideration should be given to regulatory guidance, especially any recent policy papers.
Interviewing members of staff to understand the key dependences on their ability to achieve their objectives can also be extremely beneficial. Many firms chose to undertake a brainstorming session with all key staff present to provide an initial list of potential negative outcomes. This method also ensures everyone is involved and encouraged, at an early stage, to consider risk as a day-to-day element of their role. This paper provides examples of specific risks that can often be found within financial advisory practices.
2. Assessment of impact.
Once the key risks have been determined it’s normal practice to prioritise those that have the potential to be most damaging to the business and/or display a high likelihood of occurring.
The benefits of creating strategies to deal with the risk are maximised if the solution becomes an integral part of all your organisational processes, and you thoroughly address all uncertainties and assumptions in the delivery of process improvements.
3. Implementation of risk controls. A strong awareness of prevailing risks is a benefit at all levels of the business to ensure the relevant information is cascaded down effectively to all employees. Firms should try to keep the process as simple as possible and ensure any supporting management information is relevant and practically useful. Attempts to embed risk management into the culture of the business can fail if you do not succeed in securing the initial buy-in of stakeholders, which means it’s hugely important to involve them early in the process. Their involvement should be ongoing and all employees should be encouraged to report any emerging risks and be rewarded for suggestions that mitigate or eliminate existing risks.
4. Record, evaluate and monitor. Identifying risks and putting in place initial controls are key steps to embedding a robust risk framework within your business. However, they will almost certainly fail to deliver any long lasting benefit unless they are properly documented and formally reviewed on a regular basis.
Risk controls can be broadly defined into five possible strategies. You may also wish to create a heat map, which is simply a two-dimensional priority of risks from green through amber to red. As you refine your approach to risk management you may wish to consider adding definitions to quantify the terms.
Whether the risks identified are operational, regulatory or client orientated, they affect all aspects of business life. Good risk management focuses on how to manage the risks involved – not only to identify the risks but also to ensure plans are in place to prepare for them and respond should it be necessary.
The FSA has always shown interest in risk management practice among advisory firms, but this focus has intensified as firms face business model modification because of RDR. It is a theme that continues to run through guidance consultations and policy statements and identifying these risks and putting in place initial controls are some of the biggest steps an adviser firm can make to embed a robust risk framework within their business. ●
While risks are by no means limited to the regulatory environment we have summarised some of the recent key themes for regulatory fines imposed during the past 2-3 years.
• Failure in money laundering controls
• Client money protection failures
• Failures in corporate governance arrangements in an authorised and regulated firm
• Failure to manage conflicts of interest
• Failure in client communications and sales processes
• Failure to prevent internal frauds
• Failure to meet DPA requirements
• Failure in clients communications/financial promotions
• Failure in meeting compliance requirements as an authorised/regulated firm or individual
• Failure in systems and controls/failure to establish appropriate systems and controls.