PwC Discusses SEC’s Increased Scrutiny of Robo-Advisers

Earlier this year, the Securities and Exchange Commission (SEC) issued guidance regarding “robo-advisers,” automated investment advice tools accessed via web-based or mobile platforms with minimal human interaction.1 The guidance is an important reminder to the industry that robo-advisers are subject to the same regulatory framework as traditional advisers and highlights several unique regulatory considerations stemming from their distinct business model. The SEC also, for the first time, included these considerations as a part of this year’s examination priorities.

The SEC’s sharpened focus on robo-advisers is a response to their dramatic increase in use over the past several years, largely due to their ability to provide investment advice at a lower cost than traditional advisory platforms. The Department of Labor’s fiduciary rule has fueled this trend as firms seek ways to serve smaller accounts without charging commissions.2 Robo-advisers also appeal to millennials, who tend to prefer technology-based solutions over traditional channels.

For now, robo-advisers only represent a relatively small share of the approximately $60 trillion assets under management by wealth advisers and their product coverage is focused primarily on exchange-traded funds. Nevertheless, our recent FinTech survey shows that robo-advisers are a growing segment of the market with 60% of traditional asset and wealth managers expressing concerns of losing their business to robo-adviser startups. We are also beginning to see these traditional firms compete with startups by offering robo-advice themselves.3

In its guidance, the SEC highlights several areas of concern regarding robo-advisers.4 For example, customers may not be fully aware of key aspects of robo-advice programs, including the limitations of the algorithmic investment models as well as the associated costs and fees. Additionally, the SEC has noted that customer investment questionnaires may not be sufficiently thorough without human interaction to review results, possibly resulting in investment advice that may not be appropriately tailored toward the individual customer.

Accordingly, to comply with the SEC’s guidance, robo-advisers should review their investment models, customer questionnaires, and disclosures. Robo-advisers should further ensure that their compliance programs adequately address the unique circumstances associated with robo-advice such as cybersecurity and model governance.

This Regulatory brief examines the SEC’s focus areas for robo-advisers and provides recommendations for developing robo-adviser compliance programs.

What is a robo-adviser?

Robo-advisers provide investment advice through a variety of business models. Generally, an individual’s financial goals, income and other assets, investment horizon, and risk tolerance are gathered through an online questionnaire. The algorithm then uses this information to create and manage an investment portfolio. Robo-advisers also develop portfolio recommendations using additional information than the questionnaire, such as the adviser’s product offerings and the type of account that it manages. Each automated adviser has varying features, including the range of advisory services provided and approaches to investing. The available channels (e.g., phone, in-person, email) and amount of interaction accessible to clients varies by adviser. For example, some programs provide automated and personal advice referred to as “bionic” advice, while others only provide clients with technical support staff.

What does the SEC require and what should robo-advisers be doing?

Robo-advisers are subject to obligations under the SEC’s Investment Advisers Act of 1940 (Advisers Act), which requires all registered investment advisers to assess the unique risks posed by a firm’s business and to adopt a tailored compliance program to address such risks. Given the speed at which a number of large investment management firms are adding robo-advice to their suite of investment products, it is important for these firms to evaluate their compliance policies and protocols, and make necessary adjustments to ensure that unique aspects relevant to robo-advisers are appropriately addressed.

Suitability determinations

The SEC requires that advisers ensure that their investment advice is tailored to the individual client based on the client’s financial situation and investment objectives. Because robo-advisers often provide investment advice predominantly on responses obtained from an online questionnaire, there is often limited opportunity for clients to include additional or contextual information to supplement their responses. Furthermore, the online questionnaires are often not designed to ask follow-up questions or address inconsistencies.

To better tailor their investment advice, robo-advisers should develop a comprehensive questionnaire designed to elicit sufficient information regarding clients’ investment objectives and financial goals in order to provide suitable investment advice. If a client ultimately elects to select a portfolio that may not be suitable, we recommend that robo-advisers consider using pop-up boxes to explain why an alternative portfolio is more appropriate for their investment objectives and risk profile, or have a financial adviser follow up with the client. Firms should also periodically (at least annually) remind clients to update their risk tolerance, investment objectives, time horizons, and other pertinent information from which their account is managed.

The SEC has also cautioned advisers to consider conditions under Rule 3a-4 of the Investment Company Act5 when designing robo-advisory services because such products are commonly managed as wrap programs where multiple client accounts within a strategy are invested identically and as a result could be deemed a mutual fund and therefore subject to more stringent regulatory requirements.


Under the Advisers Act, the SEC requires that advisers provide client disclosures that are clear, comprehensive, and in plain English, informing them of the services they are receiving as well as the associated risks and potential conflicts. The SEC also requires that disclosures are presented in a timely and effective fashion prior to sign-up and not buried in a footnote or appendix.

Although advisers have traditionally relied on providing clients with Part 2 of Form ADV6 to meet their disclosure obligations, we recommend that robo-advisers, due to the limited human interaction, provide disclosures requiring interactive acknowledgment such as pop-up boxes, interactive text, and ability to receive answers to questions online, to enhance the effectiveness of their disclosures. Also, because these disclosures are often made by e-mail or on mobile applications, firms should ensure the ongoing accuracy of client e-mail addresses and monitor undelivered e-mails. We also recommend that robo-advisers consider sending e-mails to clients notifying them when important disclosures are posted and requiring clients to affirmatively acknowledge that they have received and read the disclosures.

Below are some key disclosure considerations for robo-advisers:


The SEC’s guidance calls for robo-advisers to inform customers that algorithms are used to manage accounts and include a description of how the algorithms are used. The disclosures should include the risks associated with the use of algorithms to assess and select investments – for example, the algorithms may (a) not address prolonged changes in market conditions, (b) rebalance client accounts on a more frequent basis than the client might expect, or (c) contain coding errors that hinder their performance. Finally, the disclosures should also include the circumstances under which the robo-adviser would override the algorithms used to manage accounts.

Fees, costs, and conflicts

As with any advisory relationship, it is important for clients to clearly understand the fees and indirect costs associated with the management of an account.7 Many robo-advisers recommend products that have separate fees, such as mutual funds and exchange traded funds (ETFs), as part of their investment portfolios. Accordingly, robo-advisers should be clear, prior to sign up, about which product fees will be charged over and above the cost of any advisory fees.

Where robo-advice includes trading in individual securities, the SEC requires that disclosures include any trading expenses that will be charged to the client. Some robo-advisory programs include trading costs within the overall advisory fees while others charge such costs to the client separately. Regardless, disclosures should enable clients to anticipate the expenses associated with transactions, which may vary based on the number of times portfolios are rebalanced and the level of trading in the account.

Finally, robo-advisers may also receive incentives from an affiliate or provider. These incentive structures create one of the most prevalent conflicts associated with robo-advisory service offerings and require clear disclosure. Robo-advisers should also disclose whether certain securities are favored over others and explain the reasoning behind favoring those securities.

Use of hypothetical performance projections

Robo-advisers often use a hypothetical projection of investment returns or hypothetical historical simulations to provide clients a sense of the anticipated growth in assets over a specified time horizon. The SEC views these hypothetical projections with heightened scrutiny, and robo-advisers should clearly inform clients of the limitations of such models and that the projections may not represent actual future returns.

Model governance

In its guidance, the SEC explains that in order to properly address their fiduciary obligations under the Advisers Act, robo-advisers should address the risks of the models and algorithms used to provide investment advice in their compliance program policies and procedures. Specifically, they should implement a supervisory process around model development, validation, and testing to ensure models perform as represented to clients. Prior to deployment, robo-advisers should test these models under various scenarios, including adverse or unpredictable market conditions, to confirm that they are delivering the anticipated results. Controls should also be in place to allow for prompt model adjustments as needed.

Additionally, coding errors in complex investment models may lead to inaccuracies in the implementation of a client portfolio. While rigorous testing will identify many errors, some may not be identified until a later date. Accordingly, robo-advisers should proactively implement policies for the detection, management, escalation, and reporting of programming errors.

Cybersecurity and business continuity

In October, the SEC issued a statement – in the wake of several recent high-profile data breaches – emphasizing that financial institutions must follow existing cyber risk management requirements and hinting at increased enforcement.8 Because robo-advisers collect numerous data points online from customers, they should view cybersecurity as a critical regulatory risk. To mitigate these risks and comply with the SEC’s cyber risk management requirements, robo-advisers should establish tailored cyber policies and procedures as well as perform ongoing testing to ensure their effectiveness. We also recommend that robo-advisers conduct due diligence on the cybersecurity controls of third-party service providers that have access to client information.9

In addition, robo-advisers should educate their clients on how to best protect themselves from cyber breaches and fraud, including cautioning them to keep their computers and account information such as passwords and security questions secure to prevent unauthorized access. This includes educating clients to be vigilant for phishing attacks and providing tips on how to protect themselves from such attacks.10

Finally, robo-advisers should implement business continuity planning procedures to enable them to continue operating in the event of system outages or cyber attacks. We recommend that firms clearly define roles and responsibilities – including who is ultimately accountable and responsible for the restoration of services – for these critical events. Additionally, it is essential that robo-advisers have a clear understanding of their external dependencies and develop contingency plans for situations where those dependencies are unavailable. For example, during system outages robo-advisers may be unable to obtain certain third-party data that models rely on to generate investment recommendations.

Referral programs

Many robo-advisers offer financial incentives such as waiver of fees or referral bonuses to existing clients who refer family and friends to the robo-adviser. We recommend that robo-advisers not only disclose such arrangements but also evaluate whether the payment of referral bonuses could trigger a requirement to comply with the solicitation rule under the Investment Advisers Act of 1940. The solicitation rule includes specific contractual and disclosure obligations which may be onerous for many robo-advisers to comply with, especially considering that referral bonuses are often paid with minimal interaction with the individuals receiving the bonuses.

What’s next?

The rapid growth of robo-advisers and the SEC’s inclusion of robo-advice in its examinations priorities means that regulatory scrutiny will increase. As such, investment management firms should have the ability to show how their compliance programs, including policies, procedures and monitoring processes, are tailored to address the risks posed by digital advice. Additionally, the SEC is considering adopting a version of the Department of Labor’s “fiduciary rule,” which would require that registered financial advisers act in the “best interest” of their clients. This rule would place additional scrutiny on the requirements to tailor advice to individual client needs, disclose conflicts, and have model governance programs in place.


  1. For additional information on robo-advisers generally, see PwC’s Beyond automated advice: How FinTech is shaping asset & wealth management (July 2016).
  2. For additional information on the fiduciary rule, see PwC’s Regulatory brief, DOL fiduciary rule: Beyond the headlines
    (February 2017).
  3. For additional information on our survey, see the publication cited in note 1.
  4. In addition to the SEC, the Financial Industry Regulatory Authority has also offered guidance, including a joint letter with the SEC, highlighting similar concerns around robo-advice.
  5. Rule 3a-4 provides a safe harbor from being designated as operating a mutual fund to advisers that manage discretionary investment advisory programs, subject to additional rules and reporting requirements. In order to rely on the safe harbor, among other factors, clients should have the ability to tailor their investments based on individual objectives.
  6. Part 2 of Form ADV is the SEC’s standard disclosure form for investment advisers. Even if robo-advisers opt to use interactive disclosures, they will still need to provide Part 2 of Form ADV to meet regulatory requirements.
  7. Fees and costs associated with an account may include management fees, brokerage fees, fees associated with underlying investments and fees or penalties associated with transferring, closing or withdrawing an investment.
  8. For additional information on recent high-profile data breaches, see PwC’s Financial crimes observer, Cyber and fraud: How to mitigate and prevent the next data breach (September 2017).
  9. For additional information on third-party risk management best practices, see PwC’s Financial crimes observer, Outsourcing: You’re still on the hook (November 2016).
  10. For additional information on phishing attacks, see PwC’s Financial crimes observer, Fraud: Email compromise on the rise (February 2016).

This post comes to us from PwC. It is based on the firm’s regulatory brief, “Robo-advisers: SEC steps up scrutiny,” dated October 2017 and available here.