July 26, 2023, the United States Securities and Exchange Commission (SEC) proposed a rule to address risks to investors from conflicts of interest associated with the use of predictive data analytics by broker-dealers and Investment Advisers. Here we will address the proposed requirements and challenges and offer some suggestions to comply with the rule if adopted as proposed.
What is Predictive Data Analysis
First, what is predictive data analytics (PDA), and how is PDA used in advisory firms? The proposal offers a broad definition by referring to “analytical, technological, or computational function algorithm model, correlation matrix, or similar method or process that optimizes for, predicts, guides, forecasts or directs investment-related behaviors or outcomes.” The proposal goes on to state the definition is “designed to capture PDA-like technologies such as Artificial Intelligence (AI), machine learning, or deep learning algorithms, neural networks, NLP, or large language models (including generative pre-trained transformers), as well as other technologies that make use of historical or real-time data, lookup tables, or correlation matrices among others.” In other words, most of the technology sources used by advisory firms to create portfolios, monitor performance, place trades, and provide other resources to their representatives and clients.
A few examples:
Client Relationship Management System (CRM) uses email automation, call logging, and activity tracking. (Examples: Salesforce, RedTail, Wealthbox, Practifi,)
Portfolio Management System (PMS), provides varying levels of asset allocation, performance displays, client billing features. (Examples: Morningstar, Orion, Black Diamond, Tamarac, Advisor 360)
Trade Order Management System (TOM), predict the best time to execute, identify potential risks, monitor compliance such as restrictions on trading, and perform what-if scenarios. (Examples Bloomberg, Moxy, Broadridge Portfolio Master, Limina)
Document Storage System (DOC) provides cloud-based storage to assist with file-sharing, version control and books and records requirements. The PDA helps predict the growth of data over time, helps identify potential risks or anomalies, and helps optimize storage allocation and retention policies. (Examples: Dropbox, Office 365, Sharefile)
Portfolio Risk Measurement System (RISK) provides portfolio risk analysis and visualization to help ensure the portfolio is aligned with the client's risk tolerance. Some can go further and provide comprehensive performance and risk measurement capabilities. (Examples: Riskalyze, Tolerisk, SS&C)
Regulatory Technology (RegTech) provides assistance to ensure regulatory requirements are met and assists with guidance through the use of AI in some cases. (Examples: Avery-RegVerse, RedOak, Comply)
Requirements
Next, what is the rule proposing? The proposal applies to any advisor that uses the “covered technology to interact with investors/clients or prospective investors/clients. The covered technology is defined as “those technologies that optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes.”
Conflicts of Interest and Testing
The proposal discusses the firm's requirements to identify any conflict of interest associated with using a covered technology, determine whether the conflict places the adviser’s interest ahead of the clients, and eliminate or neutralize the effect of such conflict. The proposal also requires the firm to test the covered technology periodically and document the results. Testing the covered technology utilized by a third party will require that the third party provides details related to how the technology works. If the technology was developed and maintained in-house a review of the source code of the technology, a review of documentation regarding how the technology works, and a review of the data considered by the covered technology (as well as how it is weighted), maybe be needed. “ “A firm seeking to evaluate an especially complex covered technology and identify conflicts of interest associated with its use may consider other methods as well. For example, if a firm is concerned that it may not be possible to determine the specific data points that a covered technology relied on when it reached a particular conclusion and how it weighted the information, the firm could build “explainability” features into the technology in order to give the model the capacity to explain why it reached a particular outcome, recommendation, or prediction. By reviewing the output of the explainability features, the firm may be able to identify whether the use of the covered technology is associated with a conflict of Interest.” “Developing this capability would require an understanding of how the model operates and the types of data used to train it.” All the testing should seek to find any conflicts of interest and eliminate or neutralize them.
Firms must be vigilant in monitoring covered technologies, considering changes in use cases and potential unforeseen conflicts as they occur. Overall, the testing process is crucial to ensure that the covered technologies align with the proposed conflicts rules and to safeguard against conflicts of interest that may adversely impact investors.
The proposal discusses some of the potential conflicts of interest that could arise in the adviser's use of PDA, such as:
Influencing Investor Behavior – The PDA could be programmed, even unintentionally, to take certain actions that are more profitable for the firm, such as increasing trading frequency or taking advantage of psychological biases that lead to impulsive or irrational investment decisions.
Proprietary Products – Conflicts may arise if a firm offers or recommends its own products or those of its affiliates, which may generate higher fees or other benefits to the firm.
Account Type – Conflicts may occur when an adviser recommends a certain type of account that may be more profitable to the firm, regardless of whether it is in the best interest of the client, such as advising a client to transfer a 401K to an IRA managed by the advisor.
Algorithm drift – Conflicts may occur when the firm uses PDA-like technologies that change or evolve over time, which may result in advice or recommendations that are inconsistent with the firm’s fiduciary duty or the investor’s preferences, profile, and risk tolerance.
Conflicts related to the complexity and opacity of technologies - When a firm or its associated person uses a covered technology that is difficult for investors to understand or evaluate, such as by using algorithms, models, or data that are not transparent, validated, or disclosed to investors, or by using technologies that can dynamically change or evolve based on new data or feedback.
To understand all the potential conflicts of interest that might be present in the PDA- technology used by your firm, one must fully understand all the technology used by your staff, how it is used, and the capabilities of the technology.
Policies and Procedures Requirements
As with most proposals, the advisor must adopt and implement written policies and procedures reasonably designed to ensure compliance with the rule, including the identification, determination, and elimination or neutralization of conflicts of interest associated with the use of covered technologies. The rule would also require the adviser to review the adequacy and effectiveness of these policies and procedures at least annually.
The proposal also requires the firm's policies and procedures to incorporate a comprehensive written description of the essential features of any covered technology utilized in investor interactions. This includes addressing conflicts of interest linked to the use of such technology. The documentation should be prepared before implementation or significant modifications and periodically updated. The SEC stated concerns arising from the possibility that some firms lack a holistic understanding of the covered technologies they employ, leading to investor interactions based on unknown conflicts of interest. They go on to indicate that this risk is heightened when personnel responsible for compliance are not fully versed in how the technology functions in investor interactions. The proposed written description element aims to mitigate these risks by ensuring firms identify and comprehend conflicts of interest associated with using covered technology, encompassing how it optimizes, predicts, guides, forecasts, or directs investment-related behaviors. Additionally, the description should specify when and how the firm intends to use or could reasonably foresee using the covered technology in investor interactions.
The proposal states that the SEC is “aware that some more complex covered technologies lack explainability as to how they function in practice and how they reach their conclusions.
A lack of explainability is not an excuse for non-compliance with the policies and procedures and conflicts of interest requirements of the rule. The proposal clearly states that “the proposed conflicts rules would apply to these covered technologies, and firms would only be able to continue using them where all requirements of the proposed conflicts rules are met, including the requirements of the evaluation, identification, testing, determination, and elimination or neutralization sections.”
Books and Records
The rule would also amend Rule 204-2 under the Advisers Act by requiring a firm to make and keep certain records related to the use of the covered technologies, such as the policies and procedures, testing results, and any disclosures or notices provided to clients or prospects.
The proposed recordkeeping amendments would also include making and maintaining six specific types of records:
1. Documentation of Covered Technology Evaluation
Maintain written documentation of the evaluation of conflicts associated with covered technology in investor interactions.
Include a list of covered technologies, implementation dates, modification dates, and the firm's assessment of intended vs. actual use.
Record any conflicts identified and steps taken to address them.
Documentation of Covered Technology Testing
Keep documentation of covered technology testing, including completion dates, methods used, conflicts identified, and changes made.
Describe any modifications resulting from testing and reasons behind them.
Include records of research or third-party outreach related to testing.
2. Documentation of Conflict Resolution Determination
Maintain written documentation determining whether conflicts identified prioritize firm or investor interests.
Include rationale for determinations and basis for concluding conflicts impact investor interactions.
3. Documentation of Conflict Elimination or Neutralization
Preserve written documentation of steps taken to eliminate or neutralize conflicts.
Include rationale for changes to covered technology and methodology used for determinations.
4. Maintenance of Policies and Procedures
5. Record of Disclosures on Covered Technologies
Maintain a record of disclosures provided to investors regarding covered technology use.
Include disclosure dates and updates, creating a simple cross-referenced list.
6. Record of Covered Technology Alterations
Keep records of each instance of covered technology alteration, override, or disablement.
Include reasons for actions and dates.
Document instances where investors request alterations or restrictions, aiding in identifying higher-risk technologies.
It is crucial to note that the proposed rules reject a passive approach, emphasizing that the absence of identified conflicts or current use of covered technology does not exempt a firm from the need for policies and procedures. The SEC's stance is clear: every firm, regardless of perceived conflicts or technology usage, is expected to proactively adopt, implement, and maintain these policies and procedures. This proactive approach is essential for preparedness, ensuring that firms are equipped to address any emerging conflicts that may surface in the dynamic landscape of ongoing operations. The intent is to establish a universal standard, urging all firms to have comprehensive policies in place, aligning with the broader goal of safeguarding investor interests and minimizing potential harm before it occurs.
Challenges
In many cases, firms are already required to conduct due diligence on the technologies they use as part of the privacy rules and their fiduciary duties. However, this proposal will require firms to understand how the technology works, which could be challenging. Firms and their staff go through training with the technology companies on how to use the technology, but rarely do they discuss how the technology works in detail, and the firm generally does not have the time to sit through hours of training to understand the details of how the technology was developed and how it is maintained. In lieu of the training, the technology may provide a lengthy document on how it works, which will be a time-consuming task for the advisory firm to read through, let alone try to understand unless they have a data analyst or programmer on staff. Even then, it could still be challenging considering the time it will take them away from their “day job.”
The testing may be problematic for some firms that use internal advanced technologies but do not have the support staff to provide applicable programming language to test the technology, or they have not adequately maintained the technology. Of course, not having the proper updates to any technology provides more issues, even under the current rules. Determining the extent and nature of testing, as well as identifying the responsible party for making these decisions, presents additional challenges.
The CCO and compliance teams are already challenged with the resources and funding to conduct testing for their annual reviews, and the proposed rule will require even more time and costs associated with testing, developing procedures, and monitoring PDA technology.
The CCO may not be the best person to test the technology. In this case, the testing will most likely require both an internal and external team effort, which presents challenges regarding human resources and time management.
The proposal outlines measures for eliminating or neutralizing conflicts of interest, which might be inherently tied to the technology and not directly manageable by the firm. Furthermore, the technology itself may not be under the SEC’s jurisdiction, hence compliance with these measures may not be obligatory by the technology. In a scenario where the firm is forced to stop using the technology due to these conflicts, it could present several concerns for both the client and the firm.
For the client, removing the technology could lead to a decrease in the quality of service. Predictive data analytics often provide personalized insights and recommendations that can be crucial for making informed investment decisions. Without these technologies, clients might not receive the same level of personalized service, which could impact their investment outcomes. For the firm, removing the technology could lead to a significant increase in operational costs. Predictive data analytics can automate many tasks that would otherwise require significant human labor. Without these technologies, firms might need to hire more staff or invest in other resources to maintain the same level of service. This could lead to increased costs, which might be passed on to the clients in the form of higher fees.
Solutions that might work
When I was taking programming in college, one of the main components of any good code was to try to make it break. I spent much time writing code and testing every possible way to make it break. In the case of this proposal, it may not be the adviser's duty to make the technology “break,” but in order to find conflicts of interest built into the technology, one will have to go beyond the “source” code, which can become a time-consuming task. An alternative would be to rely on the technology source to provide a summary of how the system works and annual documentation of their testing of the technology. The firm could do spot tests of output and combine these into a documented review. If the technology provider is willing to disclose detailed information about how their technology operates, there may be copyright and privacy concerns. In such cases, the adviser must reasonably believe in the accuracy of the provided testing and documentation, which should be furnished annually. Despite relying on the technology provider's information, the adviser is still required to conduct periodic spot testing on their own. The proposal does not provide specific testing requirements; however, it does state the following:
“…there are two specific times testing is required. A firm would be required to conduct testing prior to the covered technology being implemented. A firm also would be required to conduct testing before deploying any “material modification” of the technology, such as a modification to add new functionality like expanding the asset classes covered by the technology. We would not generally view minor modifications, such as standard software updates, security or other patches, bug fixes, or minor performance improvements to be a “material modification.” During the time that the material modifications are being tested, a firm could continue to use an older version of the covered technology if the firm’s use of such previous version of the technology complies with the proposed conflicts rules.
Firms are granted flexibility in determining the appropriate testing methodologies based on the nature and complexity of the deployed technologies. Simpler technologies with lower conflict risk may undergo less rigorous testing, while complex technologies require tailored testing protocols. Considerations for testing optimization factors and monitoring historical performance become crucial for more intricate technologies. Additionally, the rules acknowledge the need for periodic retesting without specifying the frequency, leaving firms to determine the optimal timing and manner of retesting based on the characteristics of the covered technologies. This flexibility allows firms to adapt their testing approaches to evolving technology and usage scenarios, ensuring ongoing compliance with the proposed conflicts rules.
Prepare Now
Things you can do now to help prepare, keeping in mind that tweaks will be necessary when and if the rule becomes final:
CCO as Project Manager: The Chief Compliance Officer (CCO) should act as a project manager overseeing the compliance process.
Assemble a Team of Subject Matter Experts: Gather a team of experts who understand the technology and its implications for the firm and its clients.
Create an Inventory of the Technology: Document all PDA- technologies used by the firm, including a description of what each technology does and what it is used for. This inventory should be comprehensive, covering even those aspects of the technology that the firm may not currently use. Remember that the technology may do more than your team is currently using it for, so be sure to understand what it can do.
Understand Who Uses It: Identify all individuals within the firm who use each technology and how they use it.
Find the Disclosures About the Technology: Locate all existing disclosures related to each technology.
Get Documentation From the Technology Provider: Obtain any available documentation from the technology provider on how the technology is used.
Identify Conflicts of Interest: Create a list of potential conflicts of interest associated with each technology. Compare this list with the existing disclosures to identify any gaps.
Evaluate Conflicts of Interest: Discuss how and if identified conflicts of interest can be eliminated or neutralized.
Decide on Technology Use: If a technology presents more of a conflict of interest than is in the best interest of the client, decide whether it should be removed.
Develop Testing Procedures: Develop procedures for how the technology will be tested, who will conduct the testing, and whether outside sources will be involved.
Outline an Update to the Policies: Understand what would need to be updated in the firm’s policies to comply with the rule if adopted.
Outline Staff Training: Prepare to train staff on the updated policies and procedures.
Reach out to the Technology Providers- Review their understanding of the proposals and what their intentions are to help you comply with the rule.
Get quotes for your compliance budget on outside solutions to help with testing, developing policies and procedures, and training on the rule.
Prepare to Provide Ongoing Resources: Ongoing resources will be needed to remind staff about the rule and its implications.
Develop the initial testing for your existing technology and any future technology before implementation.
Prepare to include the testing in the Annual Compliance Review: If the rule is adopted, a process to test and document the results will need to be part of the firm’s Annual
Compliance Review.
Additional steps based on the rule:
Monitor and Adjust: Continuously monitor the use of the technology and make adjustments as necessary to ensure ongoing compliance with the rule.
Client Communication: Communicate with clients about any technology changes and how they impact them, including updating of any disclosures related to conflicts of interest.
Regularly Review Technology Inventory: Regularly review and update the technology inventory to account for any new technologies or changes in how existing technologies are used.
Maintain Records: Maintain records of all steps taken for at least six years, as the rule requires.
Monitor the proposal.
Listen to and read materials from outside resources, such as NSCP, on the rule once it is finalized for further guidance and recommendations on complying.
Conclusion
In conclusion, while the SEC's proposed rule on conflicts of interest associated with predictive data analytics aims to safeguard investors, it introduces substantial compliance challenges for advisors. The intricacies of understanding, testing, and mitigating conflicts associated with covered technologies necessitate a comprehensive approach. Maintaining ongoing communication with compliance teams and technology providers is paramount as the rule evolves. Advisors should stay vigilant, adapt testing methodologies to the nature of their technologies, and be prepared to implement robust procedures to ensure continuous compliance if the rule is adopted. It is advisable to proactively engage with technology providers, seek external solutions, and allocate resources for training and testing, anticipating the potential impact on client service quality and operational costs. Monitoring the rule's progress, seeking industry guidance, and remaining agile in response to finalized regulations will be crucial for advisors navigating the complexities introduced by this proposed rule.
All information provided is for educational purposes and shall not be construed as specific advice. The information does not reflect the view of any regulatory body, State or Federal Agency or Association. All efforts have been made to report true and accurate information. However, the information could become materially inaccurate without warning. Not all information from third-party sources can be thoroughly vetted. Coulter Strategic Services and its staff do NOT provide legal opinions or legal recommendations. Nothing in this material shall be considered as legal advice or opinion.
If you would like specific compliance education, training, and services to help with your compliance program or project, please contact Coulter Strategic Services.
Check out Coulter Strategic Services' growing collection of training resources. Visit today and stay tuned for new training resources.
#RIA #FinancialAdvisors #RegisteredInvestmentAdvisor #SECcompliance #Advisor #regulation #compliance #investmentmanagement #wealthmanagement #regulatoryeducation #proposedrules
Comments