In brief
Written by Partner Michelle Levy and Senior Associate Simun Soljo
ASIC is consulting on a new regulatory guide for providers of digital financial product advice, or 'robo-advice'. The regulatory guide is intended to help new entrants and existing Australian financial services licence holders. For new entrants and licensees needing a reminder, there is a nice summary of the differences between information (that they are keen on calling 'factual information') and financial product advice, and between personal advice and general advice. ASIC points out that the law is the same whether or not advice is provided in person or by means of a computer program. We agree. But ASIC seems to forget this from time to time – particularly when the guidance becomes prescriptive. Rather than creating a bunch of conduct and disclosure rules for licensees giving robo-advice, we think a better approach would be to remind providers to keep coming back to the law – while it can be tricky, it is more likely, in our view, to lead to tailored and better advice than is requiring providers to apply boilerplate rules.
The regulatory guide looks at organisational competence and risk management systems for licensees providing robo-advice, and ends with a discussion about the nature of scaled advice and the best interests duty.
Organisational competence
All licensees must have the organisational competence to provide the financial services they are authorised to provide. They do this through their responsible managers. In addition, when a representative of a licensee provides financial product advice to retail clients, the person must meet the training and competence requirements in Regulatory Guide 146. If the Corporations Amendment (Professional Standards of Financial Advisers) Bill is passed, the education standards will require many advisers to hold a degree in a relevant discipline. The draft regulatory guide says that, where advice is provided digitally, at least one responsible manager must meet those training and education standards.
This is not an existing requirement of the law and a transition period of six months is proposed for existing licensees. This might be enough time to hire someone; it won't be enough time to earn a degree.
Risk management system
All licensees must have adequate risk management systems. The draft regulatory guide says that licensees that provide digital advice should monitor and test their algorithms. It then sets out some reasonably prescriptive 'expectations' for how licensees should monitor and test their algorithms. ASIC expects licensees to:
- document the purpose, scope and design of algorithms, including decision trees or decision rules;
- document the test strategy, including its scope;
- have appropriate processes for managing changes to an algorithm;
- be able to control, monitor and reconstruct any changes to algorithms over a seven-year time frame;
- review and update algorithms whenever there are factors that may affect their currency;
- have in place controls and processes to suspend the provision of advice if an error within an algorithm is detected; and
- have in place adequate resources to monitor and supervise the performance of algorithms through an adequate and timely review of the advice provided.
The regulatory guide also says that ASIC expects the quality of advice be tested by a 'human adviser' reviewing samples of the advice for compliance with the law.
Much of this seems to us well designed to assist in an ASIC review, but documentation will also help a licensee defend itself against claims that it has breached its obligations.
The regulatory guide also points to the additional cyber security risks that apply to digital advice, and ASIC expects licensees to use recognised frameworks for mitigating those risks.
All licensees that provide advice to retail clients must have arrangements for compensating clients in the event that they suffer a loss because of a breach by the licensee. ASIC makes the point that where advice is given digitally, there is a greater potential for widespread loss to clients if an algorithm is flawed.
Best interests
The rest of the draft regulatory guide deals with the scaling of advice and the best interests duty.
And here the draft is at its weakest. ASIC opens by saying that 'clients who seek scaled advice expect that the advice will leave them in a better position'. This is possibly true in a very general sense, but it is not a statement of the law.
ASIC then goes on to set out its minimum expectations for digital advice providers offering scaled advice. At a minimum, ASIC says, the licensee should:
- explain to the client at the outset what advice is being offered and what is not;
- require the client to actively demonstrate that they understand the advice they are seeking is within the scope of what is being offered;
- at key points in the advice process, inform the client about the limitations and potential consequences of the scope of the advice;
- filter out clients for whom the advice being offered is not suitable;
- inform the client about the upfront and ongoing costs of the advice;
- inform the client about how they can withdraw from the advice being provided and any associated costs;
- explain the dispute resolution processes available to the client if they wish to complain; and
- explain why the client is likely to be in a better position if they follow the advice.
We think this is a long way from the principles-based regulation ASIC says it adopts. These requirements are longer than some of the robo-advice tools we have seen. For example, think of a simple calculator that recommends life insurance and calculates a sum insured for the user. It would start by saying that the calculator can be used to calculate the amount of life insurance cover a person might need if they want their family to be able to pay off their debts if they die. In that case, the advice that is being offered is pretty plain. It is unlikely to be helpful to say that the calculator will not provide advice about, let's say, home insurance, or retirement savings, or paying off debt.
Most robo-advice we see is free and so we are puzzled about ASIC's focus on informing the client about the costs of the advice. And, of course, we saw red when we read the last requirement – that the licensee should explain why the client is likely to be in a better position if they follow the advice. Again, this is not a legal requirement, and it should not become one by ASIC requiring the provider to make this statement. It is also entirely unclear how it will help the user.
So what should you do when providing robo-advice?
We have reviewed lots of calculators and seen some quite amazing software programs – some of them contain pretty simple calculations and are, often, giving information; others include very sophisticated algorithms, and the advice is presented in really engaging and interesting ways. When we review these programs, we apply the law – we ask whether the content and presentation contains advice and, if so, what kind; we ask whether the user will understand what they will get if they use the calculator and if they will understand its limitations; and we also ask whether any of the content is misleading or deceptive, and whether the advice that is provided is reliable and appropriate. We think this is what ASIC should be asking all licensees who provide advice to do, irrespective of whether they provide advice digitally or in person, rather than trying to prescribe the form and content of an online calculator or robo-advice. It is a matter for the licensees to work out how best to communicate with the users – and we think they do it pretty well. We think, also, there are lots of challenges in providing advice electronically or digitally – identifying the boundaries of the advice is particularly difficult when it is provided digitally. But these questions are not touched on in the guide.