Back to listing

17/09/2019

Managing risk in your practice: Effective compliance awareness

Guest post by Alison Curry, Insolvency Support Services

A frequent observation among our clients is how, increasingly, insolvency practice seems to be less about applying the Insolvency Act and rules, and more about meeting other obligations, whether they be anti-money laundering (AML), GDPR, vulnerability awareness, or the ever-evolving expectations of the regulators.

But ensuring you and your team have a good level of awareness of these peripheral aspects of our day-to-day work shouldn’t be seen as a distraction from the real task at hand – it is central to controlling risk presented to your business. And in some cases, such as AML and data protection, it is a legal requirement. Embedding a culture of compliance awareness, that is routinely acted upon throughout the firm within daily tasks, acts to nip potential issues in the bud. So, what can you do to manage risk in your practice?

Effectively managing risk is essential to success

Risk management is defined as the forecasting and evaluation of financial risks, together with the identification of procedures to avoid or minimise their impact. The requirement to assess various forms of risk has become a recurring theme in many areas of law and regulation. While it can all seem somewhat nebulous, getting it wrong can be costly in terms of time, fines and penalties and reputational damage to you and your firm.

Models for managing risk identify four key strategies: avoid, control, accept and transfer. The risk acceptance strategy (i.e. just accept any penalties if and when they arise) isn’t a viable option for a licensed professional, not least given the gravity of the risks we manage and the severity of the potential punishments that can be meted out by the likes of the Information Commissioner’s Office (ICO) or the Financial Conduct Authority (FCA). Given the personal nature of insolvency licensing, the opportunities for risk transference are limited to those that can be insured against, and avoiding risk entirely isn’t likely to result in the acceptance of many appointments. So practically speaking, we are left with the option of controlling the risk we face, as best we can.

Start with the known unknowns

None of us have a crystal ball. The 'unknown unknowns’ (unexpected or unforeseeable conditions) will pose a potentially greater risk simply because they cannot be anticipated based on past experience. Challenging circumstances will necessarily occur from time to time. This is where robust internal policies and procedures come in and the assistance of lawyers and specialist advisers will be called upon.

However, on a daily basis there are ‘known unknowns’ that we can better manage by improving our understanding of what is expected of us and what to look out for. In key compliance areas it isn’t just the licensed professional that needs to be alive to the risks, everyone has a part to play in the risk management process, whether that be in detecting a financial crime, keeping personal data private, meeting the needs of a vulnerable client or maintaining expected professional standards requirements. A chain is only as strong as its weakest link.

Knowledge is power

When it comes to managing risk, you can only really do so if you are aware of the form those risks might take and what is expected in terms of response. Experienced practitioners will have an inherent understanding of the risks in an appointment, built upon their years of experience, and their internal alarm bells will ring when they detect something out of the ordinary. That knowledge is applied almost subconsciously and not always articulated to those around them. We need to share the key elements of that knowledge and experience with the entire team in order to maximise its effectiveness on risk management. Training the team need not be costly, unduly time-consuming nor disruptive to the business, and can yield significant benefits. And we can help you do that.

It’s not entirely optional

The Data Protection Act 2018 and the Money Laundering Regulations 2017 contain mandatory staff training requirements. The FCA is currently consulting on further guidance around the treatment of customers in vulnerable circumstances, which places a strong emphasis on the need to upskill client-facing staff. While FCA regulation has not come to us all just yet, it gives a clear steer on the directions of travel for regulatory expectations when dealing with those in vulnerable circumstances. And that may include directors and employees, not just indebted individuals.

Also sometimes overlooked are the expectations of the Ethics Code, which states up front that: "Although an insolvency appointment will be of the insolvency practitioner personally rather than his practice, he should ensure that the standards set out in the code are applied to all members of the insolvency team." Realistically, the team can only do that if they are equipped with a basic knowledge of what professional standards are expected of insolvency practitioners and why.

  • Alison Curry is a licensed insolvency practitioner at Insolvency Support Services Ltd, with over 20 years of practice experience, including six years as head of regulatory standards at the Insolvency Practitioners Association.

Notes to editors:

  • R3 is the trade body for Insolvency Professionals and represents the UK’s Insolvency Practitioners.

  • R3 comments on a wide variety of personal and corporate insolvency issues. Contact the press office, or see www.r3.org.uk for further information.

  • R3 promotes best practice for professionals working with financially troubled individuals and businesses; all R3 members are regulated by recognised professional bodies
     
  • R3 stands for 'Rescue, Recovery, and Renewal' and is also known as the Association of Business Recovery Professionals.