The SEC’s Division of Examinations Published Observations From Their Series of Examinations

This week, the SEC’s Division of Examinations (the “Division”) published observations from their series of examinations assessing the practices of advisers who provide digital investment advisory services (“digital services”). The Division has seen a recent increase in these digital services, which when used well can provide more accessible services for investments and efficiency for advisers. However, the Division also recognized that there are significant risks to the digital services, such as incorrectly identifying client’s risk and using the services to prioritize the interest of the adviser over the client.

Overview of deficiency letters issued by the Division

The Division issued deficiency letters to nearly all advisers whose digital services were examined. The most common deficiencies were:

Common deficiencies in compliance programs

Compliance programs that did not:

• Include written policies specific to their use of the digital services;
• Undertake at least annual reviews to determine accuracy and implementation of their policies;
• Comply with their “Code of Ethics” rules;
• Have accurate oversight policies related to supervision of the platforms, developing accurate investment advice, or seeking best execution;
• Accurately disclose use of the third-party digital software, collection and use of client information, how they address profits and losses from trade errors, or advisory fee calculations;
• Include polices regarding protection of the firm’s system or response to cybersecurity events.
• Advisers operating as unregistered and relying on the digital services registration, which is prohibited under Advisers Act Rule 203A-2(e)(iii).

Non-compliance with Rule 3a-4

Advisers relying on Rule 3a-4, and not accurately following the rule by:

• Using limited questionnaires that potentially increased the risk of providing advice in the clients best interest;
• Inaccurately disclosing or responding to the client’s ability to designate restrictions on securities bought or held;
• Not notifying clients frequently enough about the investment objectives or the clients’ financial situation;
• Limiting client’s communication to technical support or general customer service support;
• Restricted ability to withdraw cash or securities from their accounts;
• Not letting clients vote proxies, or delegate their right;
• Not ensuring clients were sent legally required documents;
• Not allowing clients the legal right to proceed against the issuer of any security in the client’s account.

How to prevent deficiencies in your firm’s digital services

To avoid deficiencies in the digital services your firm provides, the Division recommends:

Adopting and implementing written policies

Written policies establish a clear framework for how digital services should be managed, ensuring consistency, accountability and alignment with industry standards. Firms should tailor policies to their specific needs, addressing data security, user privacy and software updates. The Division recommends that these policies are regularly reviewed and updated to stay aligned with emerging technologies, regulations and evolving business practices.

Testing algorithms periodically

Firms should regularly test algorithms to ensure they function as intended, maintaining security and impartiality. Testing should cover accuracy, fairness, performance and security. A clear testing schedule should be established, with responsibility assigned to a dedicated team or third-party expert. Results should be documented and corrective actions taken when necessary.

Employing safeguards against unauthorized changes

The Division recommends implementing safeguards to prevent unauthorized changes to algorithms that could result in security breaches or service failures. This includes establishing access controls, audit logs and version control to ensure that only authorized personnel can modify algorithms. For additional protection, a formal change management process should be set up to review and approve modifications, alongside regular audits to verify the effectiveness of these safeguards.

Further information

If your firm provides digital investment advisory services read the Division’s “Observations from Examinations of Advisers that Provide Electronic Investment Advice.”