ASIC releases guidance on robo-advice

Tuesday, 13 September 2016

ASIC has released guidance on providing digital financial product advice - or "robo-advice" as it's being called.1

Many advisers use some form of software to help prepare and deliver advice to their clients, but the key element of robo-advice is that it is provided without the direct involvement of a human representative.

There are few surprises in the new regulatory guide. It is essentially unchanged from the draft provided along with ASIC's consultation paper CP 254 Regulating digital financial product advice, beyond some additional examples given around "scaled" robo-advice. This is only to be expected, since the new regulatory guide principally deals with a new application of existing legal requirements.

Briefly, the new regulatory guide covers matters such as:

  • some generic remarks on licensing and authorisation options, along with a useful "shopping list" of questions around compliance and support that anyone considering becoming an authorised representative may wish to ask their prospective licensee;
  • ASIC's expectations around human resourcing, including limitations on the scope of possible outsourcing arrangements (ASIC expects robo-advice providers to maintain an understanding of the rationale, risks and rules behind the algorithms underpinning the advice platforms, although not necessarily the specific coding);
  • ASIC's expectations around technological resourcing, including addressing cyber security risks, and guidance for monitoring and testing of algorithms;
  • issues to consider when assessing the adequacy of client compensation arrangements; and
  • ASIC's minimum expectations that should be met when providing substantially scaled advice (with some potentially problematic remarks on "filtering", that is, situations in which the client should be redirected out of the robo-advice platform - more on this below).

Despite this relatively unexceptional content, financial service providers should not underestimate the work that may need to be carried out quickly to meet ASIC's expectations. In particular, financial services providers should give thought to the following:

  • new training requirements for responsible managers - because robo-advice is prepared and delivered without the involvement of a human representative (who would usually need to meet the training standards set out in RG 146 Licensing: Training of financial product advisers), ASIC will instead require licensees who provide robo-advice to have at least one responsible manager who meets the training standards set out in RG 146.

This is a new requirement, and one that seems likely to raise issues for those licensees who have used Option 5 in RG 105 Licensing: organisational competence to demonstrate the competence of responsible managers (the option that focusses on experience, rather than training). This tends to be the case for larger financial institutions, just because their very experienced senior managers often started their long careers in a very different regulatory environment. This new requirement is also likely to raise issues more generally if the government's proposed higher training and education standards for advisers are passed.

ASIC has given existing licensees six months to comply with the new training requirement, which is a very short timeframe for licensees to identify and address training gaps for their responsible managers;

  • specified security standards - in discussing its expectations for the management of cyber risks and information security, ASIC refers to several very specific security frameworks and standards (such as the Australian Government Cyber Security Centre's Cloud computing security for tenants). In our experience, financial services providers tend to use a wide range of security standards, which may differ from those ASIC has referred to. While ASIC has not prescribed the use of any specific frameworks and standards, financial services providers should review their systems (and those of any outsourced services providers) to ensure they at least meet the frameworks and standards that ASIC has referred to;
  • risk management and client compensation - licensees should ensure that their risk management and compensation frameworks cover issues that may arise in relation to robo-advice, and particularly the matters ASIC has addressed in the guide;
  • client filtering - ASIC has stated that robo-advice providers should have robust filtering processes in place to ensure that robo-advice is not provided to any client for which it is "inappropriate". Such filtering processes are not practical for robo-advisers who do not offer an alternative traditional "human" advice channel, and it would seem to be an onerous requirement for a robo-advice provider that only offers a narrow range of advice services, and makes that narrow scope of their services abundantly clear.

Any regulatory guidance issued by ASIC should prompt financial services providers to review their business. You can get in touch with any of our financial services experts below to learn more.

1 RG 255 Providing digital financial product advice to retail clients.

Partner | Sydney
P +61 2 9334 8775
Partner | Melbourne
P +61 3 8644 3519
Partner | Melbourne
P +61 3 8644 3675

For information on our Financial Services and Regulatory group click here.

Important disclaimer: The material contained in this publication is of a general nature only and is based on the law as at 13 September 2016. It is not, nor is intended to be, legal advice. If you wish to take any action based on the content of this publication we recommend that you seek professional advice.