Is your robo-advisor GRC ready?
The rise of the robo-advisor for quantitative strategy investing seems inevitable. Seen as an efficient and lower-cost alternative to traditional advisers, it’s hardly surprising that many asset management firms want to move, or are moving, into this space. However, it’s just as important for firms to ensure they have the right governance, risk and compliance (GRC) frameworks in place as it is for them to have the right algorithm.
The rise of the robo-advisor
Robo-advisors are a class of financial advisers that use data algorithms to provide financial advice and investment management with little to no human supervision. To power their investment strategies, asset managers and large banks hire PhDs fresh out of college to create investing algorithms, while FinTech companies are springing up to offer their own algorithms for investing success. Individuals are also creating algorithms and offering these through third-party platforms which provide potential investors with a menu to choose from.
Moving one step beyond this are robo-advisors for those interested in quantitative strategy investing but who are not sophisticated enough to go so far as selecting a specific algorithm. The robo-advisors can, in theory, take information about a client’s investment needs and match this data with a specific quantitative strategy algorithm.
It’s not surprising that the industry is hotly debating whether robo-advisors can really replace humans when it comes to investment decision-making or fund selection. Those in favor argue that returns can be better and costs (and therefore fees) are lower. On the other side, there are questions about whether returns really are better or worse – after all, human beings are the ones writing the algorithms – and concerns about the relative quality of advice that is being offered in an automated way. However, many firms feel that to remain competitive – particularly when it comes to attracting millennial clients – they must offer FinTech-driven investment solutions.
Firms need to make sure that their artificial intelligence (AI) or machine learning (ML)-driven products meet all of the GRC requirements with which any non-FinTech investment program would need to comply. Firms should also expect fresh rules to be enforced in this investment sector over the next couple of years. Regulators are making FinTech a priority – the US Securities and Exchange Commission (SEC) released guidance on robo-advisors in February 2017. A year later, the SEC said it would be looking at robo-advisors as part of its 2018 examination priorities. In particular, the SEC highlighted its focus on “registrants’ compliance programs, including the oversight of computer program algorithms that generate recommendations, marketing materials, investor data protection, and disclosure of conflicts of interest.”
So, a FinTech approach to investment advice or investing is not an excuse for a reduced level of effort when it comes to GRC. In particular, firms should pay attention to:
- Risk management – Making sure that the right risk management processes are in place is essential. Critics of FinTech-led investing say that the judgement of a seasoned trader, investment adviser, or risk management professional cannot be duplicated by a machine and that some FinTech investing approaches do not have the right risk methodologies in place. Those critics often point to events such as the 2007 stock market crash as evidence that poor risk management controls combined with automated investment strategies can have unintended consequences. Whether a firm is offering algo-driven funds or robo-advice, it should make sure that it has robust risk management processes and procedures in place that are well documented and tested.
- Governance – While the term “governance” can often seem people-focused, it is an essential element of the GRC framework needed to properly manage a FinTech-focused investment and advisory program. Governance programs around key elements such as algorithm approval and testing, fund oversight, risk management, compliance and marketing are very important. Senior management and the board should be given information regularly on the evolution of any robo-advisory program.
- Compliance – All compliance policies and procedures needed for a more traditional investment advisory business are also needed for a FinTech-driven approach. It’s important that robo-advisor compliance teams keep up with domestic and global regulatory guidance. Again, all compliance policies and procedures should be documented and tested regularly.
- Communication – The upside of automating fund management and fund selection for many clients is that these processes do not involve engagement with a human being. However, absence of human interaction can be a challenge for the firm offering these solutions. Firms need to make sure that all the traditional elements are in place such as disclosures about fund performance. With these FinTech products, additional disclosures are also essential. For example, the interface with which users engage must be appropriate and contain all of the right information needed for users to make their choices. All of the normal rules around marketing of investment products and advisory services still apply.
- Third–party risk management – When offering a robo-advisory or other FinTech solutions, firms may work with a range of third-parties, some of whom may be small or even start-ups. Small tech counterparties may need additional due diligence or other scrutiny, particularly around IT security and personal data compliance.
In short, it’s very important for asset management firms to ensure that regular GRC processes work in these new and exciting areas of robo-advisory and FinTech-driven investing. To assume that these new approaches are somehow exempt from normal procedures is to open the firm up to considerable compliance, regulatory, business and reputational risk.