In risk management, there’s a concept called ‘dread risk’ that describes low-probability risks whose potential impact is so profound that they routinely cause people to make poor decisions. Gigerenzer highlighted “September 11” as a dread risk; while the immediate risk of copycat events was small, Americans chose driving instead of flying, and this irrational choice led to numbers of road deaths that exceeded the number of September 11 deaths.
For financial advisers and licensees, ‘regulatory action’ is their dread risk; causing them to embrace conservatism, passivity, formalism and risk-aversion.
As a rule, professional and ethical advisers don’t get banned. Competent and honest businesses don’t have their licenses cancelled. In compliance, a small and isolated error seldom leads to a catastrophic outcome. Despite what your compliance team may assert, an unsigned FSG receipt, for example, is a trivial issue (if not an entirely insignificant one). A Statement of Advice does not have to have 40+ pages to comply with the law.
Unfortunately, for a variety of reasons, our dread of regulatory action has blinded us to the reality that, in the absence of systemic issues, recurring failures or egregious misconduct, the likelihood of regulatory intervention is quite low.
This reality was recently given substance by Quality of Advice Review lead Michelle Levy’s observation that “considerable fear of non-compliance… has resulted in a compliance-driven approach across the industry where the tolerance for regulatory risk is very low”. Even with the heightened level of transparency created by mandatory industry reporting of complaints, breaches and adviser misconduct, the likelihood of regulatory action for competent and ethical participants will still remain moderately-low. Hopefully, her observation in this respect will be reflected in the findings of the advice review.
Make no mistake, there are consequences – and significant consequences at that – for non-compliance, but it’s profound and fundamental failures that attract these sanctions. In reality, competent and ethical businesses avoid, or mitigate, these risks by investing in compliance arrangements that focus on substantive concerns – clients, competency, culture and consistency – rather than theoretical risks. Advisers don’t get banned, or licenses cancelled, for trivial reasons.
Don’t buy into the myth of “single failures”. Whether they want to admit it or not, most regulatory action is the reasonable (but unreasonably slow) response to intentional ignorance, incompetence, or intentional failures.
Our data shows that advisers, as a general rule, are getting better. Despite the increasing compliance burden, they are getting better at reconciling their professional obligations and their commercial interests. Deliberately, and effectively, they’ve subsumed formal legal requirements intent within organic advice processes that focus on engagement, understanding and consent. Licensees, on the other hand, have generally been slower to retreat from legalism.
I appreciate that many advisers (and licensees) find that it’s a scary environment to operate in, but their anxiety is not because of the regulatory framework but their inability to properly assess their regulatory risk. Licensees that invest in compliance, engage appropriate experts, embrace comparison and avoid the alarmism peddled by conflicted parties, make informed decisions and consequently demonstrate little of their peers’ timidity. Those that see more, and embrace systems, information and appropriate controls have little real cause for concern. There may be seemingly disproportionate penalties for non-compliance, but don’t allow the common tendency to over-estimate the likelihood and impact of regulatory and legal risks to push you from prudence to paralysis.
You can never run a risk-free advice business. But, if you’re taking reasonable steps to comply with the law, getting appropriate advice, regularly testing your arrangements and assumptions, and conducting your business efficiently, honestly and fairly, then you’re probably over-estimating your risk of regulatory sanction. Businesses, and people, that make real and legitimate efforts to comply with the law are seldom the object of ASIC’s general deterrence efforts. They’re never the object of specific deterrence.
Don’t succumb to irrational regulatory fear, regardless of how persuasively it’s peddled. If you’re already focused on avoiding recklessness, misconduct, negligence or fraud, then you’re already effectively managing regulatory risks to your business and your reputation.