On Nov. 9, 2021, the SEC Division of Examinations issued a Risk Alert regarding investment advisers providing automated digital investment advisory services to clients (robo-advisory services and robo-advisers). These robo-advisers either exclusively provide online services or supplement their traditional investment advisory services by using proprietary software, third-party software, or a combination thereof.
The Division of Examinations conducted a series of examinations under its Electronic Investment Advice Initiative (the Initiative). The Division of Examinations focused on how robo-advisers were upholding their fiduciary duty to: (i) provide clear and adequate disclosure regarding the nature of the provided robo-advisory services and performance history; and (ii) act in clients’ best interests.
As part of the Initiative, the Division of Examinations examined robo-advisers’:
Compliance programs – to assess whether adopted, implemented, reasonably designed and tested annually.
Formulation of investment advice – to evaluate whether robo-advisers gathered sufficient information from clients to form a reasonable belief that clients were receiving investment advice that was in their best interest based on each client’s financial situation and investment objectives.
Marketing and performance advertising practices.
Data protection practices – including policies and procedures relating to client data protection and cybersecurity practices.
Registration information – to determine whether the robo-advisers were eligible for SEC registration as investment advisers.
In addition, as part of the Initiative, the Division of Enforcement reviewed whether certain discretionary robo-advisory services programs may meet the definition of “investment company” under the Investment Company Act of 1940 (the 40 Act). The Division of Examinations reviewed whether robo-advisory services programs were relying on the Rule 3a-4 safe harbor under the 40 Act and if so, whether the robo-advisory services program was in compliance with Rule 3a-4’s conditions.
Following are the Division of Examinations’ observations from the Initiative.
In regards to compliance programs, the Division of Examinations observed robo-advisers who did not:
Include policies and procedures specific to the robo-advisory services that addressed whether the adviser’s:
Algorithms were performing as intended;
Asset allocation and/or rebalancing services were occurring as disclosed; and
Data aggregation services did not impair the safety of clients’ assets as a result of the robo-adviser having direct or indirect access to client’s credentials (e.g. pins and passwords).
Maintain policies and procedures for the use of third-party-provided white-label platforms ensuring that the platform providers addressed the above-listed issues.
Adequately review their policies and procedures at least annually.
Comply with the Code of Ethics Rule, including failures to identify all access persons.
Portfolio Management – Oversight
Rob-advisers were found to not be testing the investment advice generated by their platforms to clients’ stated platform-determined investment objectives. The Division of Examinations observed robo-advisers who:
Lacked written policies and procedures that would allow the robo-adviser to form a reasonable belief that the investment advice being provided to clients was in each client’s best interest based on the client’s investment objectives. While robo-advisers commonly use questionnaires to collect client data, many firms relied on just a few data points to formulate investment advice. For the Division of Examinations, this raises the concern that the questions did not elicit enough information to allow the robo-adviser to determine that the provided investment advice was suitable for the client based on the client’s financial situation and investment objectives.
Did not periodically evaluate whether accounts were still being managed in accordance with clients’ needs, such as by inquiring about changes in their financial situation or investment objectives or having clients update or retake questionnaires.
Lacked written policies and procedures related to the operation and supervision of their automated platforms – the algorithms producing unintended or inconsistent results due to such things as coding errors or unusual market conditions.
Lacked written policies and procedures related to their duty to seek best execution.
Portfolio Management – Disclosures and Conflicts
The Division of Examinations observed incomplete or inaccurate disclosures in robo-advisers’ Form ADV filings relating to such things a conflicts of interest, advisory fees, investment practices and ownership structure. Also, many robo-advisers included hedge and/or other exculpatory language in their advisory agreements or other documents that were inconsistent with their fiduciary duty.
Performance Advertising and Marketing
The Division of Examinations observed robo-advisers who made misleading or prohibited statements on their websites. Among other things, robo-advisers provided inadequate or insufficient information about “human services” – e.g. whether interactions with live individuals are available, mandatory or restricted; whether they cost extra; or whether the client is assigned a financial professional. Robo-advisers who provide electronic investment advice should disclose their use of algorithms and explain the degree of human involvement in the oversight and management of client accounts.
Cybersecurity and Protection of Client Information
Robo-advisers were found to not be in compliance with Regulation S-ID. In addition, robo-advisers lacked complete Regulation S-P policies and procedures, as well as failed to deliver initial and/or annual privacy notices.
Nearly 50% of the robo-advisers claiming reliance on the internet adviser exemption were found to be ineligible to rely on the exemption. Various robo-advisers were found to (i) not have an interactive website or (ii) provided adviser personnel who could expand on the provided investment advice or otherwise provide investment advice to clients, such as financial planning. The internet adviser registration exemption is available only to an adviser who provides investment advice to clients exclusively through an interactive website, except as otherwise permitted under the de minimis exception. The de minimis exception permits an adviser relying on the internet adviser exemption to advise clients through means other than its interactive website, so long as the adviser had fewer than 15 non-internet-based clients during the preceding 12 months.
Unregistered Investment Company / Rule 3a-4 Reliance
The Division of Examinations additionally reviewed whether robo-advisers relying on Rule 3a-4 of the 40 Act were complying with the requirements of that Rule. Where robo-advisers were not in compliance with Rule 3a-4 or otherwise unable to evidence compliance, the Division of Examinations reviewed whether alternative measures were taken by robo-advisers to address their status under the 40 Act.
Reliance on Rule 3a-4
Many clients in these programs with similar investment objectives received the exact same investment advice and were placed in the same model portfolio and investments as other clients. The Division of Examinations reviewed whether robo-advisers claimed reliance on Rule 3a-4 or were employing alternative measures to address their status under the 40 Act. Many robo-advisers were neither claiming reliance on Rule 3a-4 nor employing an alternative measure.
Robo-advisers relying on the Rule 3a-4 safe harbor should adopt policies and procedures to ensure compliance with the Rule’s requirements. Following is a brief summary of the requirements of Rule 3a-4 and observations of the Division of Examinations.
Establishing Client Accounts
A requirement of Rule 3a-4 is that robo-advisers must obtain information regarding the client’s financial situation and investment objectives and inquire as to whether the client wishes to impose any reasonable restrictions on the management of their account. This information must be obtained at the opening of the account and updated periodically. Following are examples of non-compliance with this requirement by robo-advisers:
Utilizing questionnaires with limited data points, thereby increasing the risk of not providing individualized advice or acting in clients’ best interests.
Not allowing clients to impose reasonable restrictions or placing obstacles to impede the placing of restrictions. Rule 3a-4 allows clients to designate particular securities or types of securities that should not be purchased or that should be sold if held. Various robo-advisers required the selection of a different model portfolio if restrictions were requested or did not disclose that clients were permitted to impose reasonable restrictions.
A robo-adviser relying on Rule 3a-4 must contact clients at least annually to (i) update the client’s financial situation and (ii) determine if the clients wish to impose any reasonable restrictions on the management of their account or modify existing restrictions. Also, robo-advisers are required to contact clients, at least quarterly, with written notification to contact the robo-adviser with any changes to the client’s information. The Division of Examinations observed how robo-advisers failed to provide notices on the required frequency or otherwise failed completely to provide the required notices. Also, robo-advisers provided clients with limited or no access to personnel knowledgeable about the client’s account and its management or limited access to such personnel to clients meeting certain account-size thresholds.
Rule 3a-4 requires that clients be provided a statement at least quarterly. Generally, this is satisfied through the provision of quarterly statements by the qualified custodian for the client accounts.
Rule 3a-4 provides that clients must retain various aspects of ownership for the securities and funds held in the robo-advisory services account. The Division of Examinations noted the following actions by robo-advisers that are contrary to this requirement:
Restrictions on clients’ ability to withdraw cash or securities;
Not allowing clients to vote proxies;
Ensuring that clients were not sent required documents, e.g. trade confirmations, prospectuses; and
Limiting clients’ ability to pursue a legal action against the issuer of a security.
Division of Examinations’ Observations in Ways to Improve Compliance
The Division of Examinations highlighted the following practices that may assist robo-advisers in developing and maintaining effective compliance policies and procedures.
Adopting, implementing, and following written policies and procedures that are tailored to the robo-adviser’s practices.
Testing algorithms to ensure they are operating as expected, including:
Testing processes, including personnel from portfolio management, compliance, audit and information technology rather than solely the robo-advisers’ algorithm designers/software developers;
Compliance-performed independent testing, as well as relying on work performed by others; and
Exception reports were used and reviewed by the appropriate staff.
Safeguarding algorithms to prevent unauthorized changes, such as limiting code access and providing advance notice to compliance staff of any changes.