The US Securities and Exchange Commission (“SEC”) recently proposed rules for conflicts of interest in the use of predictive data analytics or similar technologies (“PDA-like technologies”) by broker-dealers and investment advisers (the “PDA Conflicts Rules” or “proposed rules”). The proposed rules would generally require broker-dealers and investment advisers to “eliminate or neutralize the effects” of conflicts associated with the use of covered technologies in investor interactions. This goal may appear straightforward on the surface. However, the definition of covered technology is broad, and, if adopted as proposed, the PDA Conflicts Rules could upend existing compliance structures when it comes to many indispensable technologies. Below, we discuss key considerations for broker-dealers and investment advisers covered by the proposed rules (collectively, “firms”) after a brief overview of how firms would trigger application of the PDA Conflicts Rules.
The proposed rules assume that firms may, whether intentionally or unintentionally, use PDA-like technologies to benefit themselves at the expense of "investors" (defined and discussed in point 3 below). This could occur through the use of subtle prompts encouraging investors to buy products that generate more profit for a firm. The SEC also expresses concern about firms prompting investors to trade excessively to generate more commissions, or to use potentially profitable but high-risk investment tactics like margin trading.
A firm would trigger the PDA Conflicts Rules by satisfying two conditions. First, the firm must use a “covered technology” (e.g., predictive data analytics or similar technologies) that optimizes for, predicts, guides, forecasts, or directs investment-related behaviors or outcomes. Covered technologies could range in complexity from artificial intelligence and machine learning to fairly basic spreadsheets.
Second, the firm generally must use a covered technology to interact directly or indirectly with existing or prospective investors. “Investor interactions” would capture most forms of investor engagement or communication, including in-person investor communications and communications through websites, push notifications, text messages, emails, or other means. They would also include any exercise of discretion with respect to an investor’s account, even in the absence of a communication or other interaction with investors at the time of a trade. The proposed rules would not capture covered technology used solely to meet legal or regulatory obligations, or technology used solely to provide clerical, ministerial, or administrative support.
Once triggered, the PDA Conflicts Rules would require firms to identify any existing or reasonably foreseeable conflicts of interest created by the use of covered technology for investor interactions. A conflict of interest requiring assessment would exist where a covered technology considers any information favorable to the firm, or to its associated persons, in an investor interaction. Once confirmed as placing the firm’s interests ahead of an investor’s, each conflict would have to be eliminated or neutralized, even if doing so means foregoing the use of certain technologies. Firms would also need to establish written procedures to govern their identification and mitigation processes, maintain related records, and review and update their mitigation program on a regular and as-needed basis. A summary diagram of these requirements appears in Exhibit A.
Key Comment Period Considerations for Broker-Dealers, Advisers & Technology Providers
The implications of the proposed rules are vast, and firms and technology providers have only until October 2, 2023 to comment. SEC Commissioners Hester Peirce and Mark Uyeda issued well-reasoned dissents to the proposed rules. These dissents are likely to serve as roadmaps for criticism of the proposal throughout the comment period. We are also discussing the more specific questions and concerns below with clients, although the potential issues with the proposed rules are far-reaching, and these are by no means exhaustive:
- ERAs and state-registered advisers are exempt (for now). The PDA Conflicts Rules would apply to SEC-registered broker-dealers and to investment advisers that are registered or required to be registered with the SEC. They would not apply to advisers that are exempt from SEC registration as private fund or venture capital fund advisers (so-called exempt reporting advisers or “ERAs”). State-registered advisers would also be exempt.
- Does the rule apply to all existing and future firm technologies? No, but the broad definition of covered technology may compel firms to assume that any form of new or existing technology accessible to investors should be assessed for conflicts.
The two-part definition of covered technology first requires it to be an “analytical, technological, or computational function, algorithm, model, correlation matrix, or similar method or process . . .” Second, the technology must “optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes.” Both proprietary and third-party technologies would meet the definition. The SEC acknowledges the expansiveness of its definition in the release accompanying the proposed rules (the “proposing release”), noting that covered technology includes even spreadsheets containing “correlation matrices, algorithms, or other computational functions.”
Technically, pages on a website solely displaying an investor’s account balance would not be a covered technology. Chatbots designed solely to provide password reset and other basic customer support functions also would not be included. Practically, the risk that a website banner or other content accompanying the account balance, or certain Chatbot responses, may be deemed to have nudged an investor to make an investment-related decision may cause firms to shy away from exempting any use of investor-facing technology from further analysis.
- Same investor, different treatment? Firms must also use a covered technology in an investor interaction to trigger the PDA Conflicts Rule. Interestingly, the SEC proposes to interpret the term investor differently for broker-dealers and investment advisers, which is likely to create some confusion.
For broker-dealers, footnote 6 of the proposing release states that an investor would be an existing or prospective “retail investor” as such term is used in Regulation Best Interest (“Reg BI”), which defines such an investor as a natural person, or the legal representative of such natural person, who seeks to receive or receives services primarily for personal, family, or household purposes. For advisers, an investor would be all of its clients and prospective clients, as well as investors and prospective investors in the pooled investment vehicles it advises. This means that advisers, unlike broker-dealers, would have to treat their institutional clients and fund investors as investors under the PDA Conflicts Rules.
This disparity could lead to confusion. A company registered as both a broker-dealer and adviser may struggle to determine when an investor interaction was carried out by its broker-dealer vs. the adviser. There could also be an incentive to shift more institutional financial services activity to broker-dealers and away from advisers.
Application of the PDA Conflicts Rules to an adviser’s institutional clients may also have key implications for asset managers who develop and distribute model portfolios to other regulated financial institutions. After adopting Reg BI, the SEC staff issued interpretive guidance in the form of Frequently Asked Questions. A critical FAQ for wholesalers, model portfolio providers, and other advisers interprets the term legal representative in Reg BI’s definition of retail investor to not include regulated financial services industry professionals like broker-dealers, advisers, and their representatives. To date, this guidance has reassured model portfolio providers that they can provide investment models to other regulated financial institutions without being deemed to provide investment advice to, or to have otherwise formed a relationship with, the institution’s ultimate customers.
The proposing release frequently refers to Reg BI, but it fails to discuss or expressly adopt the FAQs above. The proposing release establishes that the proposed rules would apply to the direct use of covered technology by firms for investor interactions (e.g., robo-advisers) and the indirect use of covered technology with investors (e.g., where an adviser representative refers to a third-party model portfolio and then recommends a security to the investor). Despite covering these aspects, the proposal does not address the status of a model portfolio provider or explain whether the provider must treat regulated financial services industry professionals or their end-customers, as its investors.
- Could the proposed rules upend Reg BI and investment advisory compliance structures for covered technologies? As proposed, the PDA Conflicts Rules appear to disregard foundational concepts on which existing conflict of interest compliance structures are based.
First, Reg BI requirements for broker-dealers and existing fiduciary duty requirements for advisers focus on a broker-dealer’s recommendation of a security or investment strategy and an adviser’s provision of investment advice, respectively. For decades, FINRA, the SEC, and US courts have worked to define these concepts. Firms have also worked hard to calibrate their compliance programs to pinpoint when a recommendation or advice is delivered. For covered technologies, the PDA Conflicts Rules would apply in the absence of any recommendation or investment advice. Instead, almost any engagement or communication with an investor through a covered technology would trigger the rules. This means that existing compliance structures built around recommendations and investment advice may no longer suffice for covered technologies.
Second, existing compliance programs rely on historical positions taken by regulators that most conflicts of interest with investors can be addressed with adequate disclosure. As recently as January 2020, the SEC staff issued Reg BI guidance suggesting that the universe of conflicts that disclosure definitively cannot cure is somewhat finite for broker-dealers (e.g., sales contests, sales quotas, bonuses, non-cash compensation, etc.). Guidance issued to advisers around the same time also discussed a “full and fair disclosure” approach to conflicts and did not identify the non-disclosable conflicts above. The SEC states in the release proposing the PDA Conflicts Rules, however, that disclosure alone is insufficient to cure conflicts associated with the use of covered technologies for investor interactions. Its view is that investors would be unable to understand disclosure related to covered technologies due to “the rate of investor interactions, the size of the datasets, the complexity of the algorithms on which the PDA-like technology is based, and the ability of the technology to learn investor preferences or behavior . . . .” This view seems particularly counterintuitive for institutional investors, given prior SEC statements that institutional advisory clients have greater capacity and more resources than retail clients to analyze and understand complex conflicts and their ramifications. The SEC’s newly announced position also suggests that existing disclosure-based conflicts models used by firms may no longer suffice for covered technologies.
Servicing modern-day investors without technological tools is impossible. Combined with how broadly the SEC intends to construe covered technologies, and the SEC’s movement away from the two foundational concepts above, it is difficult to characterize the proposed rules as anything less than a momentous shift in the SEC’s historical approach to regulating conflicts of interest.
- Are the PDA Conflicts Rules only relevant to SEC-registered broker-dealers and investment advisers? No, the proposed rules have significant implications for third-party providers of covered technology, including technologies that firms currently rely on. Indeed, the PDA Conflict Rules, if adopted as proposed, would significantly transform the regulatory landscape for the entire investments sector of the fintech industry.
The proposed rules would require firms to identify, confirm, and eliminate or neutralize all current or reasonably foreseeable investor conflicts related to their use of proprietary or third-party covered technology. As explained in the proposing release, firms must develop a deep understanding of the internal workings and processes of each covered technology, including all of its data inputs, potentially down to its source code. This is because the SEC wants firms to assess whether any input ingested or considered by a covered technology could possibly result in an outcome more favorable to the firm than to one of its investors.
Setting aside the difficulty of assessing all conflicts across an organization and then predicting future events, third-party developers are likely to view the inner workings of their technology as proprietary and strongly resist sharing it — particularly when it comes to source code. The proposed rules do permit firms to examine documentation regarding how the technology functions rather than its source code. The documentation must be sufficiently detailed, however, and the SEC provides no clear guidance on when firms may consider documentation sufficiently detailed.
The PDA Conflicts Rules also impose ongoing monitoring obligations on firms. Each material patch, update, or other change to a third-party product must be monitored for new conflicts on a pre-deployment basis. And what if one is identified? Presumably, a firm must demand that the third-party change its product if the firm cannot eliminate or neutralize the conflict on its own. Failing that, the firm may be forced to stop using current versions of a product, or stop using the product altogether, regardless of any ongoing contractual obligations or prior representations to investors.
Potentially more concerning, the proposed rules may prohibit technologies already in use by firms. The release notes that it may be impossible for a firm to understand all of the data inputs relied on by a particular technology and how the technology weighs them. The SEC specifically identifies as problematic large language models (e.g., ChatGPT) and “black box” algorithms (i.e., algorithms where the input-output relationship is known, but the specific intermediate steps, rules, or logic that led to a result are not easily interpretable or understandable by humans). According to the SEC, both technologies ingest and consider such massive amounts of information that it may not be possible to identify and understand the inputs that lead to specific results or recommendations. Under such circumstances, the proposed rules appear to prohibit the use of such technology in investor interactions.
This potential prohibition takes on special significance in the context of advisers that, as discussed above, would have to treat their institutional clients as investors under the proposed rules. For example, it is unclear if they could continue providing sophisticated institutional investors with certain black box algorithmic trading or portfolio optimization services. The SEC posits that firms may be able to modify such technologies to continue using them. However, firms using third-party technology often do so because they lack the institutional knowledge to create or modify it. The ability of firms to demand changes to the core functionalities of third-party technology is also unclear at best. Thus, some firms may be forced to abandon technology popular with their customers and bear any contractual consequences.
Technological tools have become indispensable to providing investor services, and many of these tools would be covered technologies under the proposed rules. If adopted as proposed, liberally construed, and strictly interpreted, the PDA Conflicts Rules could substantially alter the regulatory landscape for broker-dealers and investment advisers using covered technologies and upend existing compliance structures. Among other things, the proposed rules would: (i) apply even in the absence of a traditional investment recommendation or provision of investment advice; (ii) take the novel approach of requiring detailed evaluation of a conflict of interest when a covered technology serves any firm interest; and (iii) deem disclosure insufficient to address conflicts created by the use of covered technologies. This could impose substantial burdens not only on SEC-regulated firms but also on third-party technology providers. Accordingly, broker-dealers, advisers, and their technology providers should strongly consider submitting comments — whether directly, through industry groups, or both — on the proposed rules to highlight these and other concerns.
|Firms would need to evaluate any current use, or reasonably foreseeable future use, of a “covered technology” in any “investor interaction” to identify any existing or foreseeable conflicts between the interests of the firm or its associated persons and investors. These concepts are discussed extensively in the body of our note. The identification exercise would have to cover all aspects of the firm’s operations and services, including its use of any third-party products. Covered technology would have to be evaluated prior to first use and before any material modification (e.g., when a new functionality is added).|
|After identifying a potential conflict, firms would have to determine if an identified conflict actually places the interest of the firm or an associated person ahead of the interest of investors. This would involve a detailed analysis of the potential conflicts identified and likely require the involvement of legal and compliance teams. Confirmed conflicts of interest would need to be assessed to understand their nature and the potential impact on investors. This analysis would have to include considering the extent to which the conflict could compromise the firm’s fiduciary or other obligations to investors.|
|Neutralization or Elimination of Effect|
|Once a conflict is confirmed, firms would have to promptly develop and implement a strategy to neutralize or eliminate the effects of the conflict. A neutralization strategy could involve, for example, the introduction of “counterweights” designed to neutralize an investment selection bias in a robo-advisory algorithm, training staff on the strategy and its implementation, updating operational procedures to reflect the strategy, and monitoring for the effectiveness of the changes. An elimination strategy may involve terminating a particular business practice or the use of a particular covered technology. A firm that detects a new conflict involving a covered technology currently in use would need to consider how quickly the conflict can be neutralized or eliminated. A conflict that requires a substantial amount of time to address (e.g., extensive recoding) may require the firm to stop using a covered technology until the conflict is addressed.|
|Procedures & Recordkeeping|
|Firms using covered technology that creates a conflict would have to establish detailed written supervisory procedures that are reasonably designed to govern and supervise the identification, determination, and neutralization or elimination process. Firms would also have to review such policies and procedures no less frequently than annually. Detailed records of the entire process would also be required. The SEC staff would likely request and use these records to enforce compliance with the proposed rules.|
|Test, Review & Update|
|Firms would have to monitor and regularly test covered technologies to detect irregularities such as learning model drift or decay. Firms would also have to periodically review and update their policies and procedures. This should involve a regular reassessment of potential conflicts of interest, the effectiveness of existing mitigation strategies, and overall compliance with the predictive data analytics conflicts rules.|