Business owners must manage a multitude of risks, many of which are new and emerging.
The biggest risk, according to the ‘KPMG Keeping us up at night report’, is a cyber attack, followed by talent acquisition and retention, and regulatory change. Rounding out the top five are digital disruption and cost pressures, due to higher interest rates, higher wages and inflation.
Yet, financial advice businesses have traditionally taken a narrow, binary approach to risk. In short, is the advice right or wrong?
A significant amount of time and attention has been spent managing advice risk.
While this has led to significant improvements to advice processes, particularly around documentation, disclosure and transparency, there are many other risks that also need to be considered.
In many ways, advice risk is within a business’ control. It can be effectively managed with robust systems and processes.
It can be mitigated through automation, continuous professional development, and ongoing monitoring and audits.
If there is a breach, professional indemnity insurance provides some protection.
Conversely, KPMG’s top five business risks are largely beyond anyone’s control. They’re also relatively new.
A decade ago, the risk of a cyber incident was low, particularly for advice businesses, because there was less technology dependence and systems connectivity. Restricted travel and migration due to the Covid-19 pandemic, combined with demographic changes, have exacerbated the nation’s skills and talent shortage, and it’s only in the past few years that inflation has spiked.
These risks add to business complexity and require a different set of skills to understand and manage. Advisers and their service providers must evolve to keep up.
Top three risks for advice businesses
Given the potential for risks to disrupt operations, stifle growth and destroy capital value, advice businesses must take a more holistic approach to risk management.
Of all the risks facing advice businesses, three require the most urgent attention. They are:
- Limited capacity
The skilled labour shortage in Australia, coupled with the complex and highly regulated nature of advice, continues to adversely impact business growth.
Businesses must find ways to increase their capacity. New ways of doing business are needed and this requires investment to create leverage.
- Reduced capability
The advice industry has lost thousands of advisers in a relatively short period, due to the introduction of tougher education and training requirements. The impact of this mass exodus has been exacerbated by the lack of new entrants coming through the system.
These headwinds are curbing the ability of advice businesses to enhance their value proposition and grow.
- Cyber threats and data breaches
There is a sense of inevitability that all businesses will have a cyber incident sooner or later.
A cyber event can cause significant business disruption, lost revenue and reputational damage. It can lead to angry clients, legal fees and remediation costs, and the destruction of value.
Advisers must strengthen their security protocols including educating employees, assessing vulnerabilities and actively monitoring of systems. They must also conduct thorough due diligence on third party technology providers or lean on experts to assist.
Unless advice businesses invest more heavily in cyber security they will remain dangerously exposed.
Ever-present, ever-growing
Cyber risk is an obvious risk to call out because it’s a relatively new risk. It is also constantly changing. Every week it seems another major brand has been the target of a cyberattack.
The sudden, indiscriminate and faceless nature of attacks is particularly scary.
Furthermore, unlike other risks which fluctuate depending on the political, economic and regulatory environment, cyber risk will only intensify because of society’s total reliance on technology, and the interdependence and connectivity of systems.
According to economic forecasts in the May Federal Budget, inflation could normalise to the Reserve Bank’s 2 to 3 per cent target by December, reducing cost pressures on businesses and households.
On the regulatory front, the government’s proposed Delivering Better Financial Outcomes package aims to simplify the advice process and reduce the compliance burden, making it easier for advisers to help more people.
Over time, as financial advice gains the benefits of being recognized on as a bona fide profession, there will be more new entrants and supply will improve.
These tailwinds, alongside greater use of technology to automate and streamline processes, will boost business capacity and capability, but it’ll be for nothing if they haven’t taken appropriate action to prevent, and adequately respond to, a cyber threat.
Licensees and other service providers to the industry have a key role to play in ensuring firms understand and effectively manage risks. Evolving models necessitate expertise in a broad and growing number of risks.
This holistic approach to risk management and governance will come at a cost, and that cost is variable because risk is not finite. A business’ exposure to risk varies, depending on a range of factors such as revenue, number of employees and third-party vendors, and volume and complexity of advice. A plan to deal with this and the right support and inputs into getting this right are critical. It can no longer be just about the advice.
Neil Younger is chief executive of Entiteri, the parent company of Fortnum Financial Group.