Aug 4, 2020
Business Asset Protection with Jason Popelier
Josh: G’day everyone out there in podcast land. I've got a fantastic guest, he’s going to be talking about asset protection and how to change the model of your business to make sure that you are considering things you have between the items that are bringing you in money, the items that are costing you money are definitely separated, as well as not just from the accounting perspective, but also from a bit of a twist on it, bringing in insurance and all sorts of other things into it. So, I’ve have Jason here from FWO Chartered Accountants. So, Jason, what is the number one reason that you'd want to make sure that you are considering when reviewing the model of your business or making sure that you get a change? When do you go from sole trader to company to then having several companies or a Trust Company to make sure that you have asset protection? How do you know, when's that aha moment?
Learn more about business asset protection at dorksdelivered.com.au
Jason: Good question. The thing that I always start with any of my clients or new clients or potential clients are their goals. To start with, I don't really care what their structure is currently, I start with what they’re trying to achieve? And their current business structure (makeup) currently enable them to achieve that? I ignore what's been set up in the past because there's a lot of businesses out there who have the wrong entities, or have the right entities but they’ve structured it in the wrong way as well.
Imagine a business that has higher risks, let's say the construction industry. Even though most of my clients are professional services, I have quite a few construction clients and they have millions of dollars' worth of equipment. There's a lot of businesses out there who look at the costs of setting up or maintaining two entities and decide to hold all assets all under the same entity, they want to save costs, technically the do but at a cost of increased risk. Realistically, it's not that much more to set up a new entity, especially when you consider the cost if you actually lose everything. These businesses have to maintain a minimum asset level for the licensing rules and the minimum assets are set on their turnover. But you can imagine that if something went wrong, and the business essentially got tanked, and it was out of their control, because they were a subcontractor to a bigger guy who deliberately withheld cash flow, it happens a lot, especially in the construction industry. if withheld for five months, they will essentially have to go into either voluntary liquidation or forced liquidation because they can't pay some of their subcontractors or staff as well. They will lose everything. And the other person just goes, great, one less creditor to pay. If they had structured the situation a little bit differently, let's just say they had a warehouse that held the equipment, they could have that in a separate entity, which is its own legal entity. Those separated assets can be protected in that sense. To cover costs and replacements, the trading entity can have, in normal terms, a cross charge for leasing of those assets and facilities. The difference now is those same assets are not subject to the same risks of the trading business, even if they’re ultimately still commonly owned.
Looking at the types of structures, the reason you would have a proprietary limited (company) scenario versus a sole trader or partnership structure scenario is a sole trader (and partners) are liable to their share or the entire project, depending if they're partners default. Limited, by itself means that there's a limitation on liability. You automatically have less exposure than operating by yourself or in partnership. Then if you use multiple structures that are limited in their own rights, then there might be a further set of layers for protection. I went on a bit of a tangent around protection after what goals they're trying to achieve.
Reviewing a client goals and objectives. If a client wants to retire at 50, actually let's go up to the new norm, retired at 60 because you probably realize the same as myself, by the time we get to retirement age, we'll probably be 75 or 80, so let's be realistic.
Josh: If doctors can increase it, the amount of time we can live, the retirement age would just be 10 years prior to that. Pretty much.
Jason: E xactly, and people will work longer, there's technology we can utilise as well in addition to medical advances. So, it might be a little bit later, but let's just say the goal instead of retiring at 50, is now 60. Because the 60 is the new 50 in terms of retirement age. To get there, we need to decide what that looks like and there is a combination of superannuation in there. We need to protect that in some sense, this may be around your investment strategy, to not be too aggressive or to have a balanced fund, depending, and the closer we get to retirement, the less risk we put into our investments. Talking about risk and protecting that, one of the greatest assets for business owner is the business itself. And it has the highest potential to create the most value out of any asset they are other than themselves, right? So why don’t business owners give more consideration to risks?
We forget that we, as a person are our own greatest asset. No one else can replace us. And a lot of people forget that. You can actually insure that as well. But if you're in control of your own business (instead of being an employee), it's co-related. So there has to be an element of your business, essentially making up that retirement age, and that goal. And we look at that and go, okay, what is your business look like? And how can we de-risk that particular business or set of businesses, as people might have a portfolio of multiple. Referencing an example ... there was client I worked with a couple of years ago. They had about 26 entities that were trading, so you can imagine if they trade in over 26, we're talking the group that was 100 plus entities. Little bit complicated.
We had to slice and dice and put appropriate levels of protection while grouping into pools because of those 26 trading entities, only about six or seven of them were actually making real decent money, but you got to look at each business in its own right, not as a big pool. Breaking down a business, you look as each and challenge, how can we achieve these goals? Start with an element that you've got to focus. Look at what products you have and how you have an advantage in the market, why people want to come and work with you. And this could be around branding and protecting that. Also consider elements through technology, and how do you protect those items or services? This is when cyber security would come into place.
Josh: For me to understand, I guess any of our listeners, I guess that would mean like, if you have a house and you chuck security cameras on the house, and an alarm system is going to reduce your premiums. And similarly, if you have a business that has a bunch of IT equipment, and then you decided to make sure that you had someone else that was taking a level of accountability. Like for instance for us, we charge a set price per month, and then we guarantee their uptime. If they go down, we pay them while they're down. So we guarantee they're up. Now, so that in a sense kind of sounds like an insurance policy, but we make sure they have certain levels of protection, they have certain types of antivirus, they have certain types of networking monitoring. So if you have any of that sort of stuff, that would have to reduce the premium sound when you're looking at cyber insurance, is that right?
Jason: Exactly, there's always an element. But yeah, it's a contributing factor. And if its contributing factor is significantly more, the more risks you have, and the more people you have in your business the change in risks you have to consider. So, you can imagine the risk that are reduced down for a 10-person practice or whatever it might be, versus 100 would be significantly less. And it also depends on the nature of the business and everything else as most insurances would factor in.
Josh: If we look at like toll, toll recently, and in Australia was under a bit of heat with their hack and it came through a phishing email, for anyone out there that doesn't know what that is, is when someone sends an email pretending, they look like someone else. And then they asked for some coin and they sometimes do it, it might not be like, hey, send money to this Bitcoin address, I have your nudes. That's a very common one, but a lot of the time be more like, congratulations, you've just qualified for a business bonus, as long as you just fill out this form, and it comes from your director, your KPIs had being met appropriately, or whatever it is, and it looks quite legitimate if they've been doing something that's been a targeted attack. With toll hack, what could they have done differently? And what can we learn from that? From your perspective, what could they have done differently to remove the immediate problem as well as the overall not being hacked? Or at least having something there to fall back on?
Jason: Good question, and what I’ll do is give you an example for part of that using what I do myself in my own business, because it's easy to explain how you've mitigated your own risks. A lot of businesses aren't taking cyber threats too seriously and that's just ridiculous. Australia is at a high risk in Cyber because of this. In my practice, we started with a quarterly, it's about biannual now, review of the cyber risks and everything that's involved. We've got a cyber risk manual and what's expected. And we also run systematic tests that we don't tell the staff.
Josh: Phishing simulators and stuff like that?
Jason: Exactly, phishing simulators. Exactly. We essentially have sporadic phishing emails sent to staff just to see what they do. And it's disappointing that I would say a high percentage maybe 10% - 20% would actually fail sent phishing but what that enables is a conversation with that person and identifies that they need further education around these risks.
Josh: Do you give training and stuff like that after that's been found? Like you're obviously analyzing and have the data to be able to see this person could done whatever they didn't from there, yeah?
Jason: Exactly. I might do part of the training myself. Some of my team will do part of it. I also educate my staff to obverse how I sound in my communication. If it doesn't sound like how I communicate in my words, isn’t logical in what I'm asking, is what I’m asking out of the business norm and if it is then don’t respond etc. Worst case, if they’re unsure, get on the phone and speak to me or speak to the Practice Manager. And it's about that education. It's about how many steps we can put in place to make sure it doesn't break or fail. So that's something that a larger organization definitely needs to do, they definitely need to assume that their staff will make mistakes because they are human, and test those mistakes to see who is making mistakes and at what levels and where you might need to educate. Because you can imagine a phishing simulator around cyber can globally be applied at a very low cost, at a very low cost compared to the impact.
Josh: Sent to thousands of emails.
Jason: Exactly, exactly. Compared to the impact that that one failure could potentially make. Using a recent example with TOLL. Their huge mistake cost millions upon millions upon millions of dollars. So that would be one of the key cyber takeaways that just gobsmacked me that, a dozen, a dozen major cyber hacks, right, it gobsmacked me actually that an organization like TOLL hasn't implemented something like that. But at the same time, it doesn't surprise me because the larger the organization, the more things get lost and the slower things move. There's also an element of embarrassment as well as it goes up the chain. This kind of embarrassment is actually not as bad as some of the Scandinavian countries which are very chain of command minded where they want to follow suit from the top, and they're not encouraged to identify errors and mistakes, which is why Volkswagen got themselves in a bit of a heat and it's also on.
Josh: This is on the carbon monoxide output on the vehicles.
Jason: Exactly. Which they actually knew about years ago but no one ever explained it because it was going against what the top dog wanted to do. You can even trace this type of mentality to why Nokia phones failed.
Josh: I'm pissed off, I can't change my phone cover anymore. It sucks!
Jason: T he good old Nokia phone that you could throw against the wall and pick it up and put it back together and it still works.
Josh: And last five days on a battery.
Jason: Exactly. But going back to the issues, there's an element that you have to address from a culture perspective. You have to encourage reporting if there are breakages to report. This means people don't get penalized for reporting, if they are then they won't report. that's a key thing. From a cultural perspective, TOLL could have done better. From a systems and operations, TOLL could have done better. How you handle the media, also TOLL could have done better. So, to de-risk a situation, there are specialists who organisations deal with and predominantly PR, but they might have a mix or organisations who help you identify risks of certain conversations and everything else. You know, one of the scenarios that we saw that was highly impacted in Queensland, especially southeast Queensland, was Dreamworld with the impact caused by a lack of maintenance and then everything else that followed.
Josh: You're talking about like three years ago. Yeah, yep. Yep. So anyone else that's listening in overseas that happens to be here, Dreamworld, local theme park that had a bit of an issue with a lack of maintenance and some of the processes, it might have just been a few series of unfortunate events paired with lack of maintenance and lack of training, but there was a rough River Rapids ride that flipped over and it killed four parents, wasn't it? Is that right?
Jason: Yeah, i t killed four people. There was a brother and sister you know, a mother or something and a father. It shouldn't have happened. The ride flip diver and essentially crushed them and it was a very tragic event. Looking back and reflecting from a risk point of view, there were risks everywhere in that scenario. We're talking about a listed company here too. There was a risk where the head of group was essentially bleeding cash out of the business from a daily basis that maintenace wasn’t allowed/maintained. They should have just cut off the couple of failed businesses. They weren't even treating the business itself as a separate business unit. In relation to the media, I know for a fact the PR company that they initially engaged resigned because they (Dreamworld) wouldn't follow their advice. And this is the same risk that TOLL made with the media. They actually engaged but they chose not to listen, and then their PR company decided to eject as fast as they possibly can, because it's a reflection on them as well.
And there was a number of highly critical issues when speaking with the media about certain aspects. Giving themselves a bonus of millions of dollars a week later from the incident, just a bunch of really … really bad decision making. For you and me speaking, Joshua, and all the listeners would just go what? How stupid can you be … and this comes down to a bit of greed. So, there's a range of different factors.
Josh: Do you think they had like a certain level of god-factor like they've put themselves above what they think is the rules and the law and they've sort of put them into god mode? Why do you think that they made the decisions? Because that way in our boat at some stage, if you at the theme part, I don’t know most of our listeners don't know the theme park, but they must have had some level of normalcy in their life, most people to go okay, how do I look at this and understand that it's going to turn to this. Surely, there's got to be a certain time or a spot where you think, okay, this is your shit decision. What happens? Like what do you think through that hit? Obviously, this isn't obviously what you do. You're not a psychologist, but like, what do you think happened?
Jason: I could probably draw on some of my education as well as some of my consulting from corporate finance days where I actually put a value on who (people) to keep in the business from a culture perspective, and this comes back to the business norms. A culture is set by business norms. You (as an owner) might say this is our culture, these are our values, but if you don't practice them, then the people inside the business set business norms. And although we might be very highly surprised these sorts of decisions are made, to them (the culprits), it's only a little incremental difference compared to what their normal it might be. It can explain a lot of things with, you know, some of the famous collapses and really corrupt things in the finance world that occur, including Enron in the US. We kind of look at Enron and go ‘how the hell were these people able to essentially destroy people's lives’ and hold a state (in the USA) ransom for their electricity? This comes back to what their business norms are. If you get encouraged or rewarded for making decisions, that sets a new norm.
Heading back to the Dreamworld accident and lack of any maintenance program. They cut the maintenance program to save some cash. The person who just created some extra cash as a reward, the board gives them some of that cash back and as an addition to this reward, they also get promoted. This now sets a shift in the expectations of the business. And the more this type of action occurs, the more normalised it becomes. And when something serious happens, the review the normal in their heads and say ... well, this is the normal, this is what is expected in my world. Everyone else is in my world. So, the impact is not going to be that great. And then they get surprised that the community essentially smashes them for their behavior. And they're like, but I'm just doing what I've been doing for the last however many years, and I'm entitled to that money. And it's just because these business norms that the culture is so disconnected from the community.
Taking another slight side tangent, as business owners, we need to engage in the community. There's almost an element of obligation, not just for Australian owned businesses, but for businesses and across the globe as well. Businesses actually survive because we (the people) allow them to participate in the business community for particular cultures.
We need to make sure that those types of cultures are engaged with the community and that they’re giving back to the community. The more that you (as a business) shut that window and just focus purely on a couple of variables around money and greed, and other things as well, the more disconnected you’re going to be and the higher risks that will bottle within the business. And that applies across the board. I've seen these issue sit in start-up businesses and they actually have a higher impact on culture and the community when compared to a larger business. If the culture is bad, is actually easier to transform larger businesses culture than a smaller business. And the mid-range businesses have the greatest impact because they're still somewhat nimble, but they can transform. This is just an element of risk in a business itself, and cybersecurity is just another component, while key person risk is another element.
Josh: It’s a big one for me actually. When I first started my business, I was the key person, and getting key person insurance for yourself as a business owner as a fuzzy income, let's call it a fuzzy income. If you're reinvesting your money, you could be earning $10 or $10 million. But if you're reinvesting the whole load into your business, and you have no income, then what are you worth and where do you sit with your insurance, and so it becomes a bit of a fuzzy income. And the key person, you can't really get key person, you can correct me, but you can't really get key person for yourself when you're doing this with your income because you're investing into something that you can see as someone who's going to be working.
Jason: You can actually insure the key person if they are the business owner; you just have to understand what impact they have and what price this equates to. It’s the same for anyone in a business, you can insure any key person … it’s just a matter of cost.
Josh: Okay. So see if I ran a business and I was like a Pty Ltd registered and set up myself as the employee, and I'm just making up a scenario now, but let's say I earned $85,000 a year $80,000 a year just underneath the next tax, that’s $70,000-ish. I mean, I tell everyone, I don't know if that's exactly right now and if you're listening in the future, it might be changed. Anyway so $90,000, if I'm under the $90,000, I say I'm earning that, I'm paying the tax on that but I'm earning nothing, okay, I'm actually earning nothing I'm just able to pay the tax. And then I have some big issue where … and the key person in the business collapses. If the business never actually turned over but paid the tax what is the insurance yet?
Jason: Well, you have essentially lied on your application. In this case you're not actually insured, even though you're paying for insurance, and best case they might just refund you.
Josh: So the insurance is against the money that comes, not the money that you've paid tax on.
Jason: No, no. You have to be truthful on an insurance policy. And if you're not truthful, they can deny the policy itself. if you're not actually earning that, and the business can't pay that about, then your key person insured amount and what you've actually said is a lie. There's an element that if you're taking out insurance, you got to be truthful, because if you're not truthful, they can deny the insurance, and there's no point of taking out insurance in the first place. That's a key thing for the listeners. Separate to that, you've got to define what type of insurance and what risks you're trying to alleviate.
Josh: Yeah, of course.
Jason: Looking at it, there's business disruption insurance, which is if something outside of the norm that disrupts the business, but you've still maintained all the key people, that's business disruption, noting this excludes pandemics. But that's when the government would step in. And we're lucky in Australia that we have a government that can support us versus other countries. .
Josh: Bloody Oath, Mate.
Jason: That's it. That's it. We're just lucky to be Australians.
But separate to that, a key person insurance is if … let's just say, Josh, you run an IT business, right? You run at least at an IT business. You also have other businesses, but let's just focus on your IT business. Your family essentially owns that business with you, right?
Josh: Yep. My emotions are impacted, and their emotions are impacted by my business. So absolutely, we're all together in this.
Jason: That's correct. But there's an element that your family owns that business. What happens tomorrow if you were in a car crash, and you died, unfortunately, what would happen to your family? If you've got life insurance, they'll get the life insurance, but nothing else. That’s a risk in itself, right. Hopefully your insurance will cover everything your family needs to survive without you to some degree. They can't replace you, but they can at least financially survive without you.
Josh: If I'm a workaholic. That's all I am, anyway. So, it's fine.
Jason: Yeah, well that's it, that's it. Imagine now there are other people in the business, right. We’re now talking about other livelihoods, not just yourself, you're just the owner. You could be an employee, but you're the owner. What happens to them? They essentially lose their job.
Josh: Our business right now have 12 employees, for instance.
Jason: Exactly. So, all 12 employees are pretty much stuffed, right?
Jason: To some degree, the business will just completely explode. If you had key person insurance, an element maybe protected depending on how its shaped. The business could survive because it’s protected. But then the issue shifts to who owns the business after. Does the executor of your estate get involved? if it's a sole owner situation, the insurance proceeds inject into the business may help the business survive until they are able to find someone who has similar skill sets. The business may not be able to survive in the same sense, but it has the ability to survive.
Now, imagine the same situation but with two partners. So key person insurance is more to insure the person and business disruption is more to insure for the outside of norm that might happen that's not a pandemic or force of nature or something like that, right? Which is highly unlikely. Except in Australia, apparently, we've had floods, fires, droughts, and Corona Virus. Exactly. All in the last decade.
Josh: Jump into the Old Testament and look at what's going next and read it forward. It's just crazy, isn't it?
Jason: Exactly, exactly.
Jason: I’ve seen in situations after the fact. Not in my case, because I always made sure my clients actually got these sorts of things lined up or else, they won't be clients for too long. And that's just, you know, you either want to follow my advice or you don't.
Josh: You’re there for a reason. If no one's listening, what's the point? It's the same as me, like, people aren't listening to the advice we're giving. What's the point of having us here?
Jason: I’m there for a reason. Exactly. Exactly. Exactly. So where I'm going to lead into is by selling insurance. Let's just say you're still in the business but you bring on another partner, and you are 50∕50. Something happened to that partner, and it's worth money in the business and they're 50%, but their estate essentially holds a 50 percent ownership of the business and you can't legally make decisions to some or some decisions because you need voting rights and there's an equal voting right to make a decision on some instances. Day to day you might be able to still operate, but you might be subject to being shackled for bigger decisions or essentially shaping the business where it needs to go or just continuing to operate. I've seen a scenario where an ex-wife from six years ago and I got involved after the fact of essentially-
Josh: Divorced for six years, done, legally done.
Jason: Legally done. I got involved to essentially sort it out. I'm sorry, I apologise to the listeners, the shit fight that essentially unfolded. An ex-wife who should have been removed from the estate, challenged the estate and essentially tried to control the business to get as much money as she could. If they had proper buy-sell agreements in place, what would happen is the business would be valued at arm's length, then a chunk of money would exit to the estate and the business would just operate without that partner as if they just got ejected from the business. In this scenario, the business could survive, and that is an element of risk when you have business partner, or multi partners. Think about whether something happened to your fellow partner/s, what would the impact be on the business, would it survive? This is your asset as well as their family's asset.
Josh: I can say comfortably, my business has been running, when you pointed it out, it has been running for 13 years. And over the 13 years, I had a partner for a while and then not to my want, that all felt fell apart, as a lot of our listeners already know. And when that happened, did that impact the serviceability of our clients? Absolutely. Did it impact the quality of the return on work? Absolutely. Now, would I have been a better person had it then not happened? Absolutely. It all comes down to what are you doing in your life and how does your life affect the business and when you are a business owner, they can absolutely affect.
If you guys have been interested in this and you've loved it, make sure to jump across to iTunes and leave us some reviews and we'll speak to you soon. Stay good.