DA-1 DA-1 Systems and Controls
DA-1.1 DA-1.1 Oversight and Internal Controls
Board and Senior Management Involvement
DA-1.1.1
Board and senior management of the
licensees providingdigital financial advice must maintain effective oversight and governance of thedigital financial advice process and the client-facing tool. The board and senior management must establish sound policies, procedures, systems, methodologies and tools in relation to the provision ofdigital financial advice . Such policies must be comprehensive and cover the following:(a) System design and system design documentation;(b) Construction of the algorithms, changes and their maintenance;(c) Suspension of the use ofdigital financial advice tool should there be errors;(d) Security and access controls;(e) Updating input parameters on a timely basis, for example, factors such as market changes or changes in law;(f) End to end processes for the advisory service using thedigital financial advice tool;(g) Oversight over the management of the client-facing tool; and(h) Documentation of test strategy explaining scope of testing the algorithms.Added: April 2019Internal Controls and Risks
DA-1.1.2
Licensees must establish adequate internal controls to safeguard their clients from unsuitable advice and effectively manage the operational and other relevant risks arising therefrom.Added: April 2019DA-1.1.3
Licensees must ensure that there are documented measures to protect confidentiality of client data consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.Added: April 2019DA-1.1.4
Licensees providingdigital financial advice must ensure that their overall control framework and the algorithm functionality is evaluated and independently tested by an independent external consultant other than the external auditor:a) initially upon implementation of this Module and prior to launching the digital financial advice to clients;b) when there are any material changes to the systems and controls; andc) at least once every 3 years.Added: April 2019DA-1.1.5
The evaluation requirements referred to in Paragraph DA-1.1.4 should cover at a minimum:
a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice business operation;b) the appropriateness of third-party systems or tools used;c) validation of the underlying models;d) the algorithm's functionality;e) the cyber security policies and controls;f) the completeness and accuracy of client profiling process including the relevant KYC requirements;g) controls on client data protection and confidentiality.Added: April 2019DA-1.1.6
Licensees must ensure that reports of the evaluation referred to in paragraph DA-1.1.4 is provided to the CBB within 2 weeks of completion of the reports, provided however, that the report required under DA-1.1.4 (a) should be submitted for the CBB's review and no-objection prior to launching the digital financial advice to clients.Added: April 2019DA-1.1.7
Licensees must ensure that the requirements relating to enhanced due diligence as required under Module FC are met when the client is assessed as higher risk and also where the client relationship (whether at the time of on-boarding or otherwise) is on a non-face-to-face basis.Added: April 2019DA-1.1.8
Licensees offeringdigital financial advice involving overseas funds must ensure that they comply with the requirements for obtaining authorization, registration and/ or acknowledgement of filing from the CBB under Module ARR of the CBB Rulebook 7: Collective Investment Undertakings).Added: April 2019DA-1.2 DA-1.2 Technology
DA-1.2.1
Licensees providingdigital financial advice must ensure that they maintain an up to date security policy document containing the following information:a) a description of the business IT systems supporting thedigital financial advice tool;b) the logical security measures and mechanisms in place, specifying the control the licensee will have over such access as well as the nature and frequency of such control;c) policies and processes for system monitoring, authentication, confidentiality of communication, intrusion detection, antivirus systems and logs;d) the physical security measures and mechanisms of the premises and the data centre of thelicensee , such as access controls and environmental security; ande) the type of authorised connections from outside, such as with technology partners, service providers and employees working remotely, including the rationale for such connections where applicable.Added: April 2019DA-1.3 DA-1.3 Client On boarding and Profiling
Client Agreements and On boarding
DA-1.3.1
Further to the requirements under BC-2.4 relevant to retail clients, the
licensees providingdigital financial advice must agree in writing theterms of business with their clients and ensure that the following are stipulated:a) the full scope of thedigital financial advice ;b) the basis for providingdigital financial advice including but not limited to methodologies used for the algorithm,c) the fees, charges or commissions relevant to the advice being offered;d) the specific conditions or triggers and the processes relating to suspension or discontinuation of the use of thedigital financial advice client facing tool and possible use or replacement of human judgement;e) changes to the algorithm, the key input parameter, assumptions underlying thedigital financial advice client facing tool;f) the dispute resolution processes are available to the clients if they wish to make a complaint; andg) terms on how clients can withdraw from the arrangement and any associated costs.Added: April 2019DA-1.3.2
The terms of business referred to in Paragraph DA-1.3.1 may be presented in a digital format and customer consent may be obtained in digital format subject to complying with relevant law/s.
Added: April 2019DA-1.3.3
At the time of on boarding clients and prior to the signing of client agreements, the
licensees must:(a) explain the scope of the advice (i.e. what advice is being offered, any restrictions or limitations, and any relevant matters not forming part of the advice);(b) actively demonstrate to the clients that the advice they are seeking is within the scope of what is being offered;(c) explain the methodological approaches to the strategy and the algorithms underlying it;(d) inform clients if the licensee believes that thedigital financial advice is not appropriate to him based on the understanding of the client profile and objectives;(e) inform the clients on the likely benefits and risk resulting from thedigital financial advice ; and(f) ensure that the client understands that any performance numbers presented are hypothetical projections of return and that actual performance of the portfolio may vary from initial projectionsAdded: April 2019DA-1.3.4
Licensees are not required to disclose the detailed methodology itself, but rather the approach utilised in designing the algorithm should be described.
Added: April 2019Client Profiling
DA-1.3.5
Licensees providingdigital financial advice to clients must record the client profile accurately and comprehensively if they are critical and to the extended needed for the algorithms underlying the client facing tool. The licensees must at a minimum:(a) obtain information to understand the clients overall financial situation, including sources of regular income, financial returns objective, time horizon, liquidity, legal issues, taxes and any unique constraints;(b) obtain information to make assessment of both the customers' risk tolerance, capacity and willingness;(c) have a process in place for resolving contradictory or inconsistent responses or advice in a client profiling tool or questionnaire, if any;(d) have a process for assessing whether investing (as opposed to saving or paying off debt) is appropriate for the client individual;(e) establish a process for contacting customers to update changes to their profile, at least annually; and(f) establish appropriate governance and supervisory mechanisms for the client profiling tool.Added: April 2019DA-1.3.6
Due to the nature of digital financial advice tools, much information referred to in the Paragraph DA-1.3.5 will be obtained using questionnaires, which should be comprehensive and fuzzy logic enabled.
Added: April 2019DA-1.3.7
Licensees must obtain a declaration from the client to ensure that he understands the scope and nature of digital financial advice and the associated risks and limitations.Added: April 2019DA-1.3.8
Licensees must disclose in writing any actual or potential conflicts of interest arising from any connection or association with product provider, including any material information or facts that may compromise its objectivity or independence.Added: April 2019DA-1.3.9
Licensees must disclose in writing the full particulates of any arrangement, including basis for commissions, charges or fees, involving related parties including parent, associates, fellow subsidiaries and other connected parties.Added: April 2019DA-1.3.10
Any disclosure of information that requires acceptance by the client should be tracked for an acknowledgement or response from the client confirming receipt thereof.
Added: April 2019
