ASIC has reaffirmed its “technology neutral” approach to financial services regulation in a new consultation to address organisational competence, “adequate resources” and risk management issues associated with robo-advice. Unfortunately for the advice industry, only a limited amount of guidance has been provided on the other issues we previously identified with deploying robo-advice in Australia.
Public consultation on issues associated with the likely compliance costs, effect on competition and details of other impacts, costs and benefits of ASIC’s regulatory approach will occur until 16 May 2016. The details are set out in ASIC Consultation Paper 254 Regulating digital financial product adviceand draft regulatory guide Providing digital financial product advice to retail clients. We have extracted some of the key issues in the consultation below.
As robo-advice generates financial product advice through algorithms, for licensing and organisational competence purposes ASIC is proposing to require AFS licensees wishing to give robo-advice to appoint at least one responsible manager who meets the minimum training and competence standards to provide financial product advice to retail clients.
While this is highly significant in its own right, ASIC will also require, if the Government’s proposed reforms to the professional, ethical and educational standards of financial advisers (on which we have previously reported) are implemented, that the responsible manager meets those higher standards.
Financial services licensees are subject to a general obligation to have adequate financial, technological and human resources to provide the financial services covered by the licence. Dependence upon technology in deploying robo-advice creates specific challenges for financial services licensees for having adequate human resources and technological resources.
1. Human Resources
To meet the requirement to have adequate human resources, ASIC proposes that a financial services licensee deploying robo-advice will have people within the business who:
- have an understanding of the technology and algorithms used to provide digital advice; and
- are able to review the digital advice generated by algorithms.
Although ASIC does not expect all digital advice licensees to understand the specific computer coding of an algorithm, it does expect AFS licensees to have people within the business who understand the rationale, risks and rules behind the algorithms underpinning the digital advice. In addition, these human resource requirements appear targeted towards financial services licensees being able to satisfy ASIC’s propose risk management requirements, which we have elaborated upon below.
2. Technological Resources
To meet the technological resource requirements, ASIC proposes that financial services licensees deploying robo-advice will have sufficient technological resources to:
- maintain client records and data integrity;
- protect confidential and other information;
- meet current and anticipated future operational needs, including in relation to system capacity;
- comply with all obligations under the law; and
- have adequate business continuity, backup and disaster recovery plans for any systems that support the delivery of digital advice to clients.
Risk management framework
ASIC expects that AFS licensees deploying robo-advice will, as part of their risk management systems, monitor and test the algorithms underpinning the advice. This will include the regular monitoring and testing of algorithms and periodic and random advice reviews.
As part of meeting this obligation, ASIC has set out an extensive shopping-list of matters it expects to an AFS licensee to take into account when monitoring and testing its robo-advice algorithms. These are to:
- have appropriate system design documentation that clearly sets out the purpose, scope and design of their algorithms;
- have a documented test strategy that explains the scope of their testing of algorithms;
- have appropriate processes for managing any changes to an algorithm. This includes having security arrangements in place to monitor and prevent unauthorised access to the algorithm;
- be able to control, monitor and reconstruct any changes to algorithms over a seven-year timeframe;
- review and update algorithms whenever there are factors that may affect their currency;
- have in place controls and processes to suspend the provision of advice if an error within an algorithm is detected; and
- monitor and supervise the performance of algorithms through an adequate and timely review of the advice provided. ASIC expects frequent reviews of digital advice should be conducted initially, and with heightened scrutiny when any change to an algorithm is made.
Finally, ASIC has confirmed licensees are responsible for any “defective advice” and should have procedures in place to identify and contact clients who have been provided with defective advice. Unfortunately for industry, while ASIC expects digital advice licensees to take immediate steps to rectify defective advice or problems with an algorithm, it has not provided any guidance on when robo-advice, or the algorithms which underlie it, is “defective”.