Legal & trust

Risk Map

Last updated: 18 April 2026

Overview

Transparent risk disclosure matters. This page summarises the principal risks relevant to customers, the controls Adviser IQ has in place, and the residual risk your firm should be aware of. It is maintained by our Risk & Compliance Committee and reviewed quarterly.

Platform availability

Risk: platform outage disrupts your firm's ability to service clients.

Controls: multi-AZ infrastructure, auto-failover, 30-day PITR backups, DR runbook tested quarterly, 99.9% SLA with credits.

Residual risk: low but non-zero. See SLA and Status.

Data breach

Risk: unauthorised access to customer data.

Controls: encryption at rest and in transit, RLS-enforced tenancy isolation, MFA, audit logging, annual pen-testing, incident response plan.

Residual risk: low. See Data Breach Response.

AI output error

Risk: AI-drafted content contains errors or omissions that reach a client.

Controls: every AI output requires explicit adviser approval before client-facing use; AI marked as draft; learning loop captures corrections; disclaimers prominent.

Residual risk: requires discipline from your advisers. See Disclaimers.

Sub-processor failure

Risk: failure of a third-party provider (hosting, AI, email, payments) disrupts service.

Controls: diligence before onboarding, SLA terms, monitoring, contingency vendor identified for each critical role.

Residual risk: medium for non-critical integrations; low for critical path. See Sub-Processors.

Regulatory change

Risk: FCA or ICO rule change requires product adaptation your firm needs immediately.

Controls: quarterly horizon scanning, 90-day implementation target for material changes, customer communication 30 days in advance.

Residual risk: medium — unpredictable regulator timing. Your firm retains accountability.

Supplier insolvency

Risk: Adviser IQ commercial failure affects service continuity.

Controls: well-capitalised; data export available at any time in machine-readable format; escrow arrangement under consideration for IQ Principal tier.

Residual risk: low commercial risk; mitigation: data export on demand.

Data loss

Risk: customer data lost due to corruption or operator error.

Controls: 30-day PITR, daily backups, backup integrity tests, no destructive destructive operations without two-person approval.

Residual risk: very low.

Platform misuse by your firm's users

Risk: a user within your firm misuses the Platform (unauthorised access, data exfiltration).

Controls: RBAC, audit logs, export tracking, alerting on anomalous patterns.

Residual risk: partially your firm's responsibility — principal oversight and Acceptable Use Policy enforcement.

IP disputes (third-party content)

Risk: third-party claims against Platform or content.

Controls: IP indemnity in Terms; careful use of third-party data and trademarks.

Residual risk: low.

Force majeure

Natural disasters, infrastructure-provider regional failure, cyber-warfare events. Mitigated by DR and geographically-diverse backup retention. Excluded from SLA as standard.

Review cycle

Reviewed quarterly by the Risk & Compliance Committee. Next review: July 2026.