- On November 9, 2021, the SEC released a Risk Alert from the Division of Examinations which provides observations from recent examinations into advisers that offer electronic investment advice. A copy of that Alert can be found HERE.
- In a rather harsh report, the SEC declared that almost every investment adviser examined in this area received a deficiency letter based on the following categories of compliance failures: (1) inadequate compliance programs with an emphasis on policies, procedures and testing; (2) poor portfolio management, including a failure to provide advice that is commensurate with each client’s best interest; and (3) unfair, inaccurate, omitted or misleading marketing/performance advertising.
- Below is a summary of the SEC’s observations as to the compliance failures and its suggestions for ways in which investment advisers can improve in this area.
- Given the ominous nature of the Alert, we recommend that investment advisers heed the SEC’s warnings and seek to button up their compliance programs focusing on these areas.
The number of investment advisers offering automated digital investment advisory services to their clients is on the rise. Accordingly, the SEC recently conducted a series of examinations to assess the compliance programs of “robo-advisory services” under a project called the Electronic Investment Advice Initiative (the “Initiative”). In order to assess a broad base of firms, the SEC selected advisers with differing business models, client types, assets under management and bases for registration with the SEC, including, advisers that: (1) provide robo-advisory services to employer-sponsored retirement plans (“retirement plans”) and/or retail investors; (2) sold, licensed, or otherwise granted interactive, digital platform access to third parties; and/or (3) provided advisory or sub-advisory services to an interactive, digital investment platform. In summary, the results are bleak and the SEC noted observations of compliance deficiencies across the industry.
Frequently Identified Compliance Deficiencies
The SEC noted that most advisers had inadequate compliance programs as a result of either a lack of written policies and procedures, or ones that were insufficient for their business operations. Others had policies that were designed but not implemented or they failed to adequately test those policies to ensure compliance and effectiveness. Other policy and procedure failures included:
1. Electronic Investment Advice.
- Failures to design and implement policies and procedures to ensure algorithms were performing as intended.
- Failures to design and implement policies and procedures to ensure asset allocations and/or rebalancing services were occurring as disclosed to investors.
- Failures to design and implement policies and procedures to ensure that data aggregation services (particularly which provide direct access to client’s credentials) did not endanger the safety of client assets.
- Failures to undertake annual reviews of policies and procedures to assess their adequacy and effectiveness.
- Failures to detect inadequacies or non-compliance with marketing and performance advertising practices.
- Failures to ensure compliance with the Code of Ethics Rule, including the failure to identify access persons and ensure receipt of written acknowledgements.
Portfolio Management Oversight:
- Failures to test and ensure that investment advice generated by automated digital platforms was commensurate with the investor’s investment objectives.
- Failures to collect the appropriate data points from customers in order to insure the resulting investment advice was appropriate for each individual investor.
- Failures to ensure that changes in an investor’s financial circumstances, objectives or risk tolerances were captured and acted upon.
- Failures to test and ensure that algorithms were producing intended and consistent results and that rebalancing and trade orders processed correctly.
- Failures to design and implement policies and procedures for satisfying best execution obligations.
- Failures to conduct periodic tests and reviews to ensure best execution compliance.
Portfolio Management – Disclosures and Conflicts:
- Failures to ensure accurate and complete ADV filings, including adequate disclosures involving conflicts of interest, advisory fees, investment practices, and ownership structures.
- The use of “hedge clauses” or exculpatory language in advisory agreements that did not align with fiduciary duty standards.
- Failures to disclose the relationship and shared fees with third parties.
- Failures to adequately describe how the adviser collects and uses information gathered from investors for the purpose of generating a recommended portfolio.
- Failures to adequately describe when and how rebalancing occurs in portfolios.
- Failures to describe processes for calculating profits and losses from trade errors.
- Failures to remain consistent across advisory disclosures with respect to the calculations of advisory fees.
Performance Advertising and Marketing:
- Failures to remain fair, accurate and balanced with regard to statements published on websites, including:
- The use of vague or unsubstantiated claims that could be misleading;
- Misrepresenting SIPC protections by implying accounts would be protected from market declines.
- The use of press logos (e.g., ABC, CNN, Forbes) without disclosing their relevance.
- Providing references or links to positive third party commentary without disclosing relevance or conflicts of interest.
Cybersecurity and Safeguarding Customer Data:
- Failures to design and implement policies and procedures for protecting an adviser’s systems and responding to breaches upon occurrence.
- Failures to design and implement policies and procedures to detect, prevent and mitigate identity theft.
- Failures to design and implement policies and procedures to ensure compliance with Regulation SP.
- Failures to deliver initial and/or annual privacy notices to investors.
- Nearly half of the advisers claimed reliance on the Internet Adviser Exemption despite ineligibility and many were not otherwise eligible for registration with the SEC even though they made such filings. Examples included:
- Advisers that did not have an interactive website.
- Advisers that supplemented their interactive website by providing advisory personnel for financial planning purposes.
- Some adviser’s affiliates were operating as unregistered investment advisers because they were operationally integrated with their respective advisers and were prohibited under the Advisers Act Rule 203A-2(e)(iii) from relying on their respective adviser’s registration as a basis for their own.
2. Discretionary Investment Advisory Programs
Reliance on the Nonexclusive Safe Harbor Provisions of Rule 3a-4:
- In some instances, advisers indicated a reliance on the Rule 3a-4 safe harbor but did not follow its strict requirements. For example, certain firms provided virtually the same or very similar advice to a large portion or all of their clients without individualizing advice and enabling clients to maintain certain indicia of ownership over securities, both of which are required for application of the safe harbor.
- Failures to claim Rule 3a-4 or any alternative protection thus rendering them unregistered advisers.
Establishing Client Accounts:
- Failures to gather adequate data points from clients, whether from a questionnaire or otherwise, to ensure that generated advice is individually tailored to the investor and within their best interests.
- Failures to permit clients to impose reasonable restrictions on the advice rendered, such as limitation on the types of investments included within their portfolios.
- Failures to disclose to clients that they could impose reasonable restrictions on the advice rendered to them.
- Failures to communicate with clients annually for the purpose of updating client objectives and other relevant data, and to determine if the client wishes to impose any reasonable restrictions, or modify existing restrictions, on the management of a client’s account.
- Failures to communicate with clients at least quarterly for the purpose of soliciting changes to account profile information.
- Failures to adequately notify clients about the management of their accounts and in order to make themselves available to clients for consultation.
- Failures to provide clients with account statements that adequately inform clients regarding their accounts and related performance at least quarterly as required for Rule 3a-4 safe harbor protection.
- Failures to ensure that clients retained certain indicia of ownership with regards to their securities as required for Rule 3a-4 safe harbor protection, including:
- the ability to freely withdraw cash or securities from their accounts;
- the ability to freely vote proxies or delegate such rights for all securities within their accounts;
- the ability to receive legally required documents, such as prospectuses and trade confirmations, for all investments; and
- the ability to pursue legal rights against the issuer of any security contained within their accounts.
In conducting its examinations, the SEC did make some positive observations about compliance programs and offered the following as affirmative ways for firms to improve in this area:
- Adopt, implement, and follow written policies and procedures that are tailored to the adviser’s practice, including provisions for adequate and appropriate client disclosures, marketing, portfolio management, best execution, custody of client assets, maintaining books and records, and operating consistent with a client’s best interests.
- Test algorithms periodically (quarterly is advisable) to ensure they are operating as intended, and consider the following:
- the involvement of representatives from portfolio management, compliance, internal audit and information technology groups.
- adding a degree of independence into the review; and
- the inclusion of exception reports to surveil for anomalies and compliance related issues,
- Safeguard algorithms by limiting code access to prevent unauthorized changes or overrides.
While the topic of electronic advice seems to be a new focus for assessment by the SEC, we anticipate, given the noted widespread compliance failures noted herein, that examiners will continue to focus in this space for the foreseeable future. Transparency, compliance, testing and continuous improvement seem to be overarching SEC themes. Accordingly, those firms offering automated electronic investment advice to clients would be best advised to review their compliance programs to ensure compliance, focus and transparency. If you have questions on this topic or need assistance with securities regulatory or litigation matters, please reach out to us as we would be delighted to help with your needs.