Three Immediate Risks to Your Firm and How to Manage Them

If you follow financial industry trades or perhaps just skim the headlines, you know the term “risk” is omnipresent. It’s not surprising given the entire investment world is loosely balanced on a grand scale of risk and return.

Not every risk is as quantifiable as market risk, particularly when it comes to the risks facing advisory businesses. Advisors are subject to the whims of the clients they serve, the overseeing regulatory agencies, and dynamic forces such as technology and demographics.

We set out to identify the most pressing and immediate of these risks. Notably absent from the list are well-trod topics such as the rise of the robo-advisor and fee compression. While those threats are real, they’re not as impactful to advisors on a daily basis (for now) as the risks we’ve listed below, among them cybercrime, your clients, and your people.

Cybercrime

As the nation discovered following the 2016 presidential election, cybercrime is on the rise and it is a risk that should be top of mind for financial advisors. According to the SEC, 74 percent of advisors have experienced cyber attacks either directly or through one or more of their vendors. And according to research by IBM, the financial services industry was attacked more than any other industry in 2016. Smaller financial firms are low-hanging fruit for hackers because they typically don’t have the safeguards in place that their bigger competitors do.

The SEC launched a Cyber Unit in late 2017 that focuses on targeting cyber-related misconduct. Commenting on the launch, Enforcement Division Co-Director Stephanie Avakian described “cyber-related threats and misconduct” as “among the greatest risks facing investors and the securities industry.”

Cyberattacks are not only messy and disruptive to businesses, they are also costly. According to Schwab Advisor Services, the total cost resulting from cybercrime is higher for financial services than any other sector.

Yet, a 2016 study by the Journal of Financial Planning found that despite the fact that 8 in 10 advisors identify cybersecurity as a high priority, only 29 percent of advisors completely agree they’re prepared to manage and mitigate the associated risks.

So what should advisors do?

Implement & follow all SEC mandated information security policies, including:

• documenting a plan that outlines your firm’s cybersecurity policies and governance, including an inventory of all sensitive data, information, and vendors with access to that data and information
• reviewing your security infrastructure to make sure it is current and setting up a process for installing software patches and upgrades
• training your entire staff on the concepts and steps in the plan as well as the legal mandate behind it
• sharing your cybersecurity policies and best practices to protect online accounts from fraud with clients to foster a culture of protection across all stakeholders

• revisiting your plan on an annualized basis—some firms find it less cumbersome to spread out the review across the year, with sections divided equally across the calendar quarters

Tap outside resources: The NASAA Cybersecurity Checklist includes 89 assessment areas to help state-registered investment advisors identify cybersecurity vulnerabilities; and to respond to and recover from cyber events. Many custodians, such as Schwab, Fidelity, and TD Ameritrade, also have dedicated groups to assist advisors with cybersecurity and fraud protection.

Lastly, if you already have cybersecurity insurance, ask your carrier for help in a cybersecurity assessment or with conducting a mock attack. If you employ a consultant, TD Ameritrade recommends assigning a member of your management team the role of CIO to oversee the program and maintain awareness among internal employees.

Your Clients

The composition of your client book is also a major source of risk.

For starters, the demographics of your client base shed some light on how their accounts may grow or depreciate over time. This can provide insight into your firm’s current health and future ability to grow revenue. While your business might have grown thanks to one or two tech/entrepreneurial clients, you are doing yourself a disservice if you don’t diversify the income stream of your clients beyond the latest Silicon Valley unicorn. Keep in mind: asset growth from new clients is more than twice that from existing clients for a majority of firms, according to Schwab’s 2018 RIA Benchmarking study.

Here are two strategies for broadening your client base:

• Reconsider your website imagery and language. A prospect will likely conduct a web search before contacting you, even if their referral source is a close friend or family. As Kelly McDonald advises in Crafting the Customer Experience For People Not Like You: How to Delight and Engage the Customers Your Competitors Don’t Understand, if prospective clients don’t see anything on your website and your social media pages that resonates with them, it can be a turnoff.
• While engaging the adult children of existing clients is a tried and true method of intergenerational wealth transfer for older advisors, one trend among younger professionals is to switch the sales pitch around. In today’s investing environment, why should the parents of your clients continue to pay high fees for minimal service with a broker when they could partner with an independent financial advisor who’s flexible, adaptable, and forward-thinking?

A wrong-fit client can also be a high risk to your firm, in terms of service hours and possibly, in litigation. As your advisory firm shifts from the initial growth phase into a more established firm, this presents a prime opportunity to assess whether each of your clients is the right fit for your firm.

As Arlene Moss, an executive coach with the XY Planning Network writes, “Working with someone who isn’t a match for you will only hurt both of you over time, and you always want to do what’s best for your client.”

Your People

Over 70 percent of RIA firms are planning to hire within the next 12 months, according to Schwab’s 2018 RIA Benchmarking Study. Of those, 80 percent plan to hire either a new relationship manager or investment professionals. The impact of any one “bad hire” at an advisory firm, particularly one that is client-facing, is enormous.

Risk management begins with the recruiting process. Almost half of workers (46 percent) polled by staffing firm OfficeTeam in 2017 said they know someone who included false information on a resume. Job experience (76 percent) and duties (55 percent) were cited as the areas that are most embellished.

Verifying the accuracy of a candidate’s background can be as simple as running an internet search, calling their alma mater directly, or using the National Student Clearinghouse. Once you get into the interview process, Glassdoor suggests using the time to conduct impromptu skills testing. For example, an interviewer might ask a question in the language the candidate claims to be fluent in or give an on-the-spot excel quiz.

The wrong hire will also be disruptive to the culture of your firm, which you’ve worked so painstakingly hard to nurture. So take the time to make each hire a priority.

Other Risks On the Horizon

As a business owner, you face myriad dilemmas on a daily basis and you are limited to just one decision at a time. Proactively educating yourself and anticipating the decisions you will have to make is crucial in successfully moving your firm forward. As Ray Dalio put it in Principles: Life and Work, “Time is like a river that carries us forward into encounters with reality that require us to make decisions. We can’t stop our movement down this river and we can’t avoid those encounters. We can only approach them in the best possible way.”