14 February, 2018
A. BACKGROUND
In spite of the recent success of robo platforms and their enthusiastic use by financial institutions, robo advisory services are not subject to the level of regulation one might expect.
A “robo adviser” is the term typically used to refer to an online and software-based platform, which is capable of providing digital advice through a decision-making process simulating that of a human adviser.
It is usually operated through the use of an automated portfolio construction or model portfolios based on personal circumstances generated by algorithms and other technology.
During recent years, it has become increasingly common for financial institutions to give customers the option of receiving financial advice through a robo adviser. The primary aims are to give customers greater access to financial services, to widen the customer base to include younger and tech-savvy investors, and to enhance efficiency. Commentators have predicted that there could be as many as 95.4 million users of robo advisers by 2021. [1] This is certainly a space to watch.
In Asia, South Korea was a very active market last year, with KClavis and Black Numbers Investment Advisory successfully incorporating Fintech into their investment advisory industry. Other key examples in Asia include: (i) 8 Securities’ “Chloe” (Asia’s first robo adviser released by the Hong Kong-based mobile trading and investing service), (ii) Kakao’s “Finance-bot” service (Korean-based messaging app that provides asset status, investment and product updates), (iii) Thomson Reuter’s “Bambu” (Singapore-based B2B robo advisor which offers digital wealth services), and (iv) Yufeng Financial’s “Youyu” (China-based robo adviser backed by Alibaba to assist users with constructing portfolios using mutual funds).
In the following paragraphs, we examine the key legal and regulatory issues in relation to robo-advisory services, how regulators have responded in Hong Kong, Singapore, China and the United Kingdom, and how financial institutions can deploy the technology in accordance with the relevant guidelines and requirements.
B. LEGAL AND REGULATORY RISKS
Overall, the main concerns of delivering advice digitally relate to its suitability, security and the satisfaction of the customer experience. In particular, the efficiency and speed of providing advice digitally may lead to a number of pitfalls, as we explore in this risks section.
1. Performance risks. To quote Sridhar Chandrasekharan (Chief Executive of HSBC’s asset management business), the question is “whether automated advice can become nuanced enough to offer answers based on personal circumstances, rather than general categories”. [2] The provision of suitable, applicable and personalized advice requires a carefully designed model which is capable of extracting sufficient information in relation to the customer’s risk profile, financial situation and investment objectives. The design should also take into account the preferences of young investors, which may require departure from the tendency of using overly sophisticated and legalistic language. A poorly designed model could lead to performance issues and systemic mis-selling, opening the floodgates to potential claims and liabilities.
2. Contractual/vendor risks. Partnering with Fintech startups may facilitate the technological aspect of designing and implementing a robo advisory mechanism. However, the ultimate regulatory and compliance responsibility rests with the financial institution offering the system and its senior management.
This will require requisite technical expertise on behalf of or within the financial institution to understand and assess the adequacy of the information security restrictions put in place to supervise the design of the underlying algorithm, to regularly review and audit the robo’s performance, and to put in place, maintain and enforce suitable policies, procedures and controls.
3. Cross-border risks. Where the robo advice is provided in a number of jurisdictions, laws and regulations of different jurisdictions may apply. How should a financial institution determine which set of rules apply if a customer can have access to the robo advice anywhere (e.g. should it depend on the location of the robo and/or the location of the customers)? Could a financial institution find itself in a situation whereby it is subject to regulations in jurisdictions which it did not foresee would be applicable? Will any regulation be limited to compliance with marketing and disclosure rules or also require authorisation to carry on the regulated activity of providing advice? Without a unified supervisory body across multiple jurisdictions, it could be challenging for financial institutions to anticipate the applicability of regulations to their new technologies and ensure their compliance with these rules.
4. Cybersecurity and data protection risks. Delivering personalized investment robo advice requires the collection of substantial financial information and personal data from clients. Will robo advisory platforms be subject to more stringent security requirements than other forms of advisory services? There are also issues around data storage, retention and retrieval in the context of cross-border provision of advice and services where privacy laws in more than one jurisdiction may apply.
5. Fraud risks. Financial institutions are subject to stringent anti-money laundering and know-your-client requirements as part of the customer onboarding process. Some Fintech companies have now started to accept a photo ID card or use facial recognition function for the purpose of customer identity verification. How do financial institutions design innovative customer onboarding mechanisms while guarding against the risks of unauthorized access and use? Robo advisory providers should balance the risk of fraud and non-compliance with their AML obligations with the convenience to customers which could potentially be brought by the deployment of new technologies.
6. Reputational risks. Drawing reference from recent reported incidents relating to system outages and stolen customer data in the market, a financial institution that provides robo advisory services is subject to intrinsic reputational risk. This might arise , for example, from the delivery of inaccurate advice, poor cybersecurity governance and/or incident management mechanisms.
C. REGULATORY RESPONSES: A CLOSER LOOK INTO HONG KONG, SINGAPORE, CHINA AND THE UNITED KINGDOM
In terms of global regulatory responses, there is a continued general emphasis over the importance of governance and supervision of the algorithms on which robo-advisory platforms are based. The regulatory response in Hong Kong, Singapore, China and the United Kingdom is summarised below.
1. Hong Kong
In May 2017, the Hong Kong Securities and Futures Commission (“SFC”) published the proposed Guidelines on Online Distribution and Advisory Platform (the “Proposed Guidelines”) for a 12-month consultation period. The Proposed Guidelines are intended to apply to any regulated activities of intermediaries who are registered with or licensed by the SFC, including robo advisory services (and other online distribution and advisory services).
Robo advisers will be subject to specific governance and controls requirements set out in the Proposed Guidelines, covering five areas, namely: (i) disclosure of accurate and sufficient information relating to, for example, limitations and risks of robo advice, the underlying algorithms, the portfolio rebalancing mechanisms and the extent of human involvement; (ii) accurate and personalized client profiling; (iii) effective management and supervision of system design and development; (iv) effective management and supervision of the testing of algorithms; and (v) policies and procedures for the purposes of rebalancing and incident management.
Another key focus of the Proposed Guidelines is the extent to which the suitability requirement (as part of the Code of Conduct) applies in the context of an online platform such as a robo advisory platform. For robo advisory platforms, it has been clarified that the suitability requirement will only be triggered where product-specific materials are not factual, fair and balanced, or where there are other circumstances that may reasonably be expected to influence investors to purchase a specific investment product.
Where a “complex product” is being sold through delivering robo advice, platform operators may be required to ensure additional protective measures depending on the degree of complexity and risk levels exhibited by the product. The Proposed Guidelines provide minimum standards relating to the disclosure of information in relation to “complex products” prior to the point of sale or advice such as key nature, features and risks of a complex product.
2. Singapore
While Singapore authorities are supportive of digital innovation and the promotion of competitiveness in Singapore’s Fintech sector, the Monetary Authority of Singapore (“MAS”) has made it clear that it is the financial institutions’ responsibility to put in place proper due diligence and governance controls. Shortly after the Hong Kong SFC’s publication of the Proposed Guidelines, the MAS published its Consultation Paper on Provision of Digital Advisory Services on 7 June 2017, setting out its proposals to refine licensing and business conduct requirements for digital advisory service providers (“MAS Consultation Paper”).
In the MAS Consultation Paper, financial institutions are reminded of the fiduciary duty they owe to their clients in the provision of suitable investment advice. The MAS Consultation Paper highlights the importance of ensuring governance and supervision of algorithms, and the continued obligation to comply with the Risk Management Guidelines and the Notice and Guidelines on Technology Risk Management previously published by the MAS. Some of the key recommended practices include ensuring sufficiently robust methodology of the algorithm, conducting back-testing and gap analyses, and putting in place policies and procedures for the purpose of cybersecurity incident management.
The MAS is prepared to grant case-by-case exemptions from certain licensing requirements in the context of portfolio management, execution of investment transactions in listed collective investment schemes and client approval of rebalancing services.
3. China
The regulatory authorities in China have shown a positive attitude towards the use of technology in financial services generally. The People’s Bank of China announced in its development plan for China in June 2017, highlighting the importance of enhancing the use of Fintech such as artificial intelligence and blockchain in financial and regulated activities. Financial institutions are welcomed to take innovative steps and make full use of big data and cloud computing.
4. United Kingdom
The Financial Conduct Authority (“FCA”) sees robo advisers as part of its initiatives to “bridge the advice gap”. An Advice Unit was established by the FCA in 2016 to facilitate with the development of robo advisory mechanisms. The Advice Unit provides practical feedback on the regulatory implications of robo business models and assists companies with developing general tools in compliance with the regulatory framework. The regulatory climate is generally in favour of digital advice, fitting with the Financial Advice Market Review’s recommendations of affordability and accessibility.
We anticipate that the FCA will continue to provide further guidance and bespoke regulatory feedback to businesses who plan to offer robo advisory services in the coming year including as part of its 2017/18 business plan. As acknowledged by Bob Ferguson, Head of Strategy & Competition Division of the FCA, in his speech on 2 November 2017, robo models will need to be adapted to the local environment, taking into account suitability, pensions switching and anti-money laundering concerns.
D. CONCLUSION
Robo advisory services will continue to appeal to a wide spectrum of investors such as millennial investors and those who prefer affordable and efficient financial services. In the medium term, we anticipate an increased use of digital capabilities in the development of robo advisory services by financial institutions.
The end product could well be a blend of traditional advisory and robo mechanisms.
The application of robo advisers require ongoing testing and developments. It is expected that there will be more collaboration between Fintech companies and financial institutions, which will maximize the benefits this technology can bring. Depending on their risk appetite, financial institution should be prepared to take advantage of the technological and digital capabilities of Fintech companies. However, in exploring the use and application of these capabilities, financial institutions will need to keep up with the latest regulatory developments, take into account the associated risks, and be prepared to work with the regulators so as to put in place adequate measures and safeguards to protect their customers and ensure regulatory compliance.
1The Statistics Portal, https://www.statista.com/outlook/337/100/robo-advisors/worldwide# accessed on 24 November 2017
2Financial Times, “For HSBC, the future is robo-advice and Asia”, dated 15 January 2017 at https://www.ft.com/content/fb8ea19c-d72c-11e6-944b-e7eb37a6aa8e
Andrew Henderson, Partner, Eversheds
andrewhenderson@eversheds-sutherland.com
