On November 9, 2021, the SEC Division of Examinations issued an investment adviser risk alert on electronic investment advice services also known as robo-adviso
On November 9th, 2021, the Securities and Exchange Commission (“SEC”) Division of Examinations issued a new risk alert discussing the findings from a recent series of examinations of registered investment adviser (“RIA”) firms providing robo-advisory services.
The SEC’s “Electronic Investment Advice Initiative” focused on how advisers adhered to their fiduciary duty to provide clear and adequate disclosures regarding the nature of the advisers’ performance history and services, and how the advisers act in their clients’ best interests. Below we discuss the common compliance deficiencies highlighted in this RIA compliance risk alert along with regulatory compliance best practices for online investment advisers to consider.
In the alert, it was noted that there has been a significant increase in the number of investment advisers serving clients through automated digital services, also known as robo-advisory services. It’s also important to note that many of regulatory compliance deficiency areas highlighted in this latest risk alert were also identified in a previous online robo adviser risk alert issued by the SEC examination staff on February 23, 2017 which should be reviewed as well.
During a recent series of target audits, the SEC Division of Examinations examined a series of RIA firms that rely upon Rule 203A-2(e), commonly referred to as the “Internet adviser exemption.”
Below we provide an overview of some of common cited regulatory compliance deficiencies and specific examples from the risk alert:
- Compliance programs, including policies and procedures and testing The Division staff shared that most observed advisers had inadequate compliance programs. For example, advisers failed to include sufficient details in their disclosures and lacked necessary policies and procedures that were specific to the inherent risks of a robo-advisor business model. In addition, advisers did not conduct sufficient annual reviews to assess the effectiveness of the adviser’s policies and procedures, specifically related to marketing and custody.
- Portfolio management, including fiduciary duty, disclosures and conflicts
During the examinations, Division staff determined deficiencies related to portfolio management were due to a lack of oversight and/or inaccurate or incomplete disclosures in Form ADV filings.The staff observed that advisers either lacked proper written policies and procedures for determining investment advice was in a clients best interest, or the policies and procedures were not followed. Some advisers did not document the review of best execution or appear aware of their fiduciary obligation. There were instances where advisers used limited client data points to formulate investment advice, which the Division staff did not find suitable to determine clients’ initial and/or ongoing objectives. A notable lack of oversight of automated systems was also recorded.
With respect to disclosures, the Division staff observed there was often insufficient information on conflicts of interest, advisory fees, investment practices, and ownership structure.
- Marketing and performance advertising
Over half of the observed advisers had advertising-related deficiencies. These deficiencies included misleading statements and unsubstantiated claims on performance, and misrepresentations on certain protections for market decline. - Cybersecurity and protection of client information
The Division staff found insufficient policies and procedures related to responding to cybersecurity events and protecting clients from identity theft. - Registration
A recurring issue, Division staff noted “nearly half of the advisers claiming reliance on the Internet adviser exemption were ineligible to rely on the exemption, and many were not otherwise eligible for
SEC-registration.” The ineligibility was often due to not meeting requisite conditions, such as having an interactive website.
The Division staff also cautioned discretionary robo-advisers to confirm they’re in compliance with the Internet adviser exemption and meet the requirements to rely on Company Act Rule 3a-4.
Best practices for robo advisers to improve compliance include:
- Adopt, implement, and follow written procedures specific to the adviser’s practice.
- Conduct frequent testing of algorithms.
- Safeguard algorithms from unauthorized changes
- Review portfolio management practices and related disclosures to ensure they are consistent with the Advisers Act as well as federal securities laws, as applicable.
- Review registration eligibility if relying on the Internet adviser exemption.
We strongly encourage the Chief Compliance Officer (“CCO”) for all RIA firms relying on the Internet adviser registration exemption to review this latest risk alert.