If you were to ask 10 advisers what risk management meant to them, you would likely get a wide variety of answers. Quite probably 10 different ones.
I am often asked what constitutes a sensible risk strategy for an advice firm. While there will be some aspects tailored to each individual firm’s particular circumstances, there are features common to all which, if followed, will provide a solid basis on which to manage the risks faced.
1. The appropriate documentation
I prefer to work from standard documents, then to adapt them as required. There is little purpose served by starting from scratch as important elements can be missed. Most compliance consultancies will have templates that can be adapted.
The main documents for most firms are likely to be:
- A risk plan: this should set out the firm’s approach to managing risk, in particular the process for assessing risks and managing them on an ongoing basis.
- A risk grid/matrix: this will list the risks and assess them, typically by probability multiplied by impact, to arrive at a score. There should also be an additional dimension – mitigation – clearly showing the activity being taken to manage individual risk.
2. Management commitment and staff involvement
A risk plan and matrix should be drafted and populated with active involvement of the owners/senior management. All those in the business with the requisite experience of different aspects should be involved, too.
This will help ensure all the relevant risks are captured and the ways in which they can be mitigated discussed.
3. Ongoing regular review
A risk plan and matrix are not documents to be locked away in a drawer. Instead, they should be “living” documents that are reviewed and updated regularly. The risk matrix, in particular, should be reviewed no less than quarterly in most advice businesses.
It is vital there is clear ownership and accountability of each risk. Within larger firms, it is usually appropriate to allocate risks among the directors/partners, as well as senior managers on occasion.
5. Prioritising key risks
It is sometimes too easy to get lost in the process and not focus on the risks that matter. Those risks that have the highest probability and impact, and the lowest net scores after adding in mitigation, are the ones to be given most attention.
So, what are the top risks in today’s market? As I have mentioned, they will vary from firm to firm, but here are the most common ones I am currently seeing:
- Human resources: the effective recruitment and retention of both advisers and paraplanners. This risk also encompasses having the appropriate legal contracts.
- Succession: having policies in place that address what would happen if one of the directors/principals was to die, fall ill for a prolonged period of time or leave the business.
- Centralised investment propositions: in particular, documenting it and being able to demonstrate that it is consistently being adhered to.
- Suitability: making sure there are processes in place to ensure consistent and fair outcomes for clients.
- Ongoing reviews: demonstrating that there are effective processes in place that result in clients receiving the contracted level of service and support.
- Platforms and the use of tools: demonstrating that there are robust selection processes in place, as well as effective ongoing management and review processes.
Risk management is an ongoing process. With the right documentation, commitment and resource it is a vital aspect of any business, and should be given the attention it deserves.
Roderic Rennison is director of The Ideas Lab