Most business owners will have had to deal with occurrences they were not expecting. Examples include the death, disability or departure of colleagues or fellow directors and partners. Others can include legal disputes, IT issues, and legislative and regulatory changes.
Few firms I meet have a detailed risk plan. When they do, it is often too narrowly focused on risks arising from advice and dealings with the FCA and Financial Ombudsman Service, not wider risks affecting the business. So, what do I suggest putting into place?
The starting point is to agree what level of risk the business wants to take — the ‘risk appetite’ it is comfortable with. For example, does it want to be able to advise on defined benefit transfers and esoteric investments? In part, that is also taking a view on being independent versus restricted.
The next — and arguably most important — task is to list the risks that could affect the business and rank them on a probability-multiplied-by-impact matrix.
For completeness, there should also be a mitigation dimension. In other words, once the scale of the risk has been identified, how easy is it to manage, reduce or, better still, eliminate?
Finally, risks should be allocated to individuals to manage and should be reviewed and monitored regularly, typically quarterly. This process should be ‘baked in’ to board or management meetings.
All of this takes time and effort, especially at the outset, but it will pay dividends if done well because when certain events occur there will have been considered forethought. Most firms of external compliance consultants have templates and will be able to provide support.
The following risks are some of the more common ones firms could encounter, and I have briefly highlighted how they might each be mitigated.
Such is the demand for quality advice firms that many of you reading this are likely to have received an approach. How do you assess if it is worthwhile?
My suggestion is that you, as a board, should undertake a periodic exercise to agree whether, and in what circumstances, you might consider selling and what valuation you would place on the business as a minimum.
If you are open to a sale, you should also have a ‘library’ of data and documents you can readily access, which is updated regularly.
Death, disability and long-term illness
This is an exercise in considering what to do if you or one of your key colleagues was to die, become disabled, have to retire early or have to be out of the business for any period.
Insurance alongside ensuring that some roles have people who can step into them are the two main methods of mitigation.
Contractual and employment disputes
The main mitigation here is a combination of insurance and ensuring legal agreements are up to date. In the case of employment, it is very important for adviser contracts to be reviewed periodically and remain in line with prevailing employment law. As a series of high-profile cases in recent years have confirmed, unreasonable clauses are likely to be found unenforceable.
Clear drafting, which is explained to the employees concerned, is likely to reduce the scope for misunderstanding and therefore the potential for disputes in the future.
Covid has demonstrated the difference that having efficient technology makes to the effectiveness with which a business is able to respond to the challenges of working remotely.
Like employment contracts, IT and platform contracts should be reviewed periodically.
Legislative and regulatory changes
The starting point here is to have access to good, updated briefing material, which is readily available from compliance consultants, and accountants and solicitors when needed.
Those firms that have regular dialogue with, and periodic visits from, their external compliance consultants are less likely to be wrongfooted by changes.
In summary, preparation, resilience, insurance, data, documents, advice and resource are key. Or, if a mnemonic may help — PRIDDAR.