An old proverb says that a bad workman blames his (or her, as the case may be) tools, but do firms really understand some of the tools they use?

As usual, we’ve been doing some file reviews for firms, but one area where issues keep cropping up is attitude to risk. Virtually all of the firms we work with use a risk profiling questionnaire to establish their clients’ attitude to risk, but it’s beyond the RPQ where some of the problems have arisen.

Risk profilers have been around for a long time now and most firms use one within their advice process. There are a lot to choose from (we actually work with some of the providers of these tools and their people are bright, articulate and know their stuff) and each firm has its own preferred provider/questionnaire, but is the score/result sufficient standalone?

Sure, the risk rating helps advisers with asset allocation and fund selection, as do most of the algorithms, but before they reach that point are there potential banana skins lurking for the unwary?

Before we go any further, what do the rules say?

Yes, we’re back to COBS 9 again and COBS 9.2.2R in particular which states that:

(1) A firm must obtain from the client such information as is necessary for the firm to understand the essential facts about him and have a reasonable basis for believing, giving due consideration to the nature and extent of the service provided, that the specific transaction to be recommended, or entered into in the course of managing:

(a) meets his investment objectives;

(b) is such that he is able financially to bear any related investment risks consistent with his investment objectives; and

(c) is such that he has the necessary experience and knowledge in order to understand the risks involved in the transaction or in the management of his portfolio.

(2) The information regarding the investment objectives of a client must include, where relevant, information on the length of time for which he wishes to hold the investment, his preferences regarding risk taking, his risk profile, and the purposes of the investment.

(3) The information regarding the financial situation of a client must include, where relevant, information on the source and extent of his regular income, his assets, including liquid assets, investments and real property, and his regular financial commitments.

You’ll note that there is nothing in there that states that the firm must complete a risk profiling questionnaire but most still do, yet many seemingly don’t look beyond the outputs and just accept the results as being chiseled in stone.

What has the regulator said about risk profiling previously?

Perhaps the most definitive commentary was provided in 2011 (the FSA did produce some stuff that has stood the test of time) within FG11/05 – Assessing suitability – Establishing the risk a customer is willing and able to take and making a suitable investment selection.

Much of the content is probably as relevant now as it was at the time of issue (like FG12/16) and it did flag up some areas that firms may be wise to familiarise, or maybe, re-familiarise themselves with.

In this guidance the FSA clearly stated that it does not prescribe how firms establish ATR, but it did highlight some issues such as:

• Firms not understanding the tools they use
• Poor definitions of ATR
• Inappropriate focus on risk (not considering other areas of need, for example, debt repayment)
• Vague questions that are not easy to interpret
• Clients choosing the middle option
• Lack of client understanding
• Failure to quantify anomalous responses

The providers of RPQs appear to be constantly vetting their inputs and outputs, which is probably a good thing, but we still see firms placing a heavy reliance on the ‘score’ generated as their sole means of establishing ATR.

Computer says…

In many of cases we review, whatever score the RPQ produces on its risk scale translates into the risk level of the portfolio recommended, but just because a client scores say, 6/10, does this necessarily mean that they need to take this level of risk to achieve their objectives? Could they do so by taking less risk?

On the other hand, if the client is aiming for lofty growth, do they need to consider adopting a higher risk outlook to achieve their aims?

Rarely do we see any divergence from the score generated by the RPQ (usually, the only time is when it’s driven by the solution preferred by the adviser), so is it a slam dunk that the score and the portfolio always need to match? More often than not a tacit reliance on the tool’s outputs is what ends up driving the outcome, so if computer says 5 or whatever, that’s where the client ends up.

This is fine if the client fully understands the questions and provides a considered response, but is this always the case?

Clients’ responses

RPQs usually provide clients with a scale of options to choose from in response to each question, but if they don’t understand the question properly, or they have insufficient knowledge and experience, then they frequently choose the middle option, which will generally produce a middle risk outcome. In FG 11/05 the regulator commented specifically on this:

A firm used a set of questions where a number of the questions asked had the option to answer ‘neither yes or no’. Because a middle weighting was attributed to these answers, a customer that chose this answer for all or some of these questions, could be assessed as having a risk profile in the middle of the scale of risk categories. This could have resulted in an inaccurate assessment of the risk the customer is willing to take where the customer’s answer reflected a ‘non-answer’ rather than a willingness to take the level of risk attributed.

Beyond this we often see responses to specific questions that may indicate that the client’s underlying views don’t necessarily correlate to the overall result and just one answer could have a tangible impact on the outcome.

In FG11/05 the FSA also noted that: A customer answers a set of questions in a particular way and is assessed as willing to take a given level of risk. Another customer gives precisely the same answers for all but one of the questions (and it can be any question that is answered differently). The single different answer can result in the customer being allocated a higher-risk category and assessed as willing to take a greater level of risk.

It’s these scenarios that can (and do) cause firms problems. Whether it is fair and objective or not, we’ve seen several examples where the FOS has upheld in favour of the client largely based upon the answers to one or two questions on the RPQ, where the overall risk profile was say, medium, but the responses to one or two questions indicated a far more cautious stance.

Without challenging the client’s views here and documenting their response (in their own words), this one element could hang a case out to dry, yet so often we see these anomalous responses go without any challenge or commentary whatsoever.

And reviews…

Don’t forget that ATR should be revisited here. This doesn’t necessarily mean that a full RPQ needs to be completed every time, but it’s important to make sure that clients’ views haven’t changed  – there tends to be a downward trend in risk profile if markets fall significantly – and reliance on out of date KYC just doesn’t cut it. There’s also (as you’d expect!) a rule covering this – COBS 9.2.5R – which states that: A firm is entitled to rely on the information provided by its clients unless it is aware that the information is manifestly out of date, inaccurate or incomplete.

ATR is only one aspect of course and capacity for loss and knowledge and experience are also key considerations. We’ve covered both of these previously here and here, but get these elements of your advice process wrong and it may not be the client who’s taking the biggest risk.