Texas State Securities Board

The Texas State Securities Board (“TSSB”) is issuing this notice following its review and consideration of the use by investment advisers and their clients of data aggregation services and third-party platforms.

Recently, the TSSB has observed that financial professionals use data aggregators, which combine client data from multiple sources into one usable interface, and third-party platforms to organize and manage clients’ finances, and offer more complete services to clients. Data aggregation can enable an investment adviser’s ability to efficiently view a client’s total financial picture and thereby, expand their scope of services, such as investment management of assets in held-away accounts including the employer-sponsored accounts that are critical to Texans’ financial security.

The TSSB also notes that while investment advisers are more likely to identify potentially useful technologies than their clients, they must do so in a manner consistent with their legal and regulatory obligations. This includes understanding, and disclosing, relevant attributes about the services and service providers and how these services can facilitate the investment adviser’s fulfillment of their obligations to clients. Therefore, the TSSB is issuing the below guidance to support advisers’ efforts to make informed assessments about data aggregation services and more consistently employ best practices.

Securities Commissioner, Travis Iles, notes, “We believe exercising meaningful due diligence, implementing clear disclosures, and ensuring that investment advice measures up to an adviser’s fiduciary duties are essential to utilizing such technology, and we believe that investment advisers in Texas are up to the task.”

*Guidance for Investment Advisers*

As with all technology services used by advisers, if you decide to use a data aggregator or third-party platform, advisers should take necessary steps to ensure they understand these technologies comprehensively and that they provide meaningful information to clients.

* **Due Diligence: *If you choose to offer data aggregation or third-party platform services to your clients, you should conduct thorough due diligence into the following matters related to that service:


* Nature & Scope of Services
* Ensure you understand the functionality of the platform. What specifically does it allow you to do? Is it only to review client information, or are there other capabilities, such as altering information in the client account, rebalancing client portfolios, trading, or initiating transfers or withdrawals?
* What information does the platform collect? Does it only collect information relevant to the service you provide, or does it collect more information?

* Agreements & Policies
* Review the agreements between yourself and the platform. Ensure these agreements align with your expectations of how you will use the technology, and do not confer capabilities you do not intend to have, such as obtaining custody of client assets, or the ability to withdraw or transfer funds.
* Review the agreements between your client and the platform. Ensure these agreements align with your understanding of how the platform interacts with your client’s account.

* Cybersecurity & Privacy
* Review the provider’s relevant cybersecurity documents, such as certifications or other materials.
* Assess whether the provider has experienced any data breaches in the past five years, and how they remedied.
* Assess whether the provider performs a cybersecurity risk assessment or audit on an annual or regular basis.
* If the provider utilizes your client’s credentials, what measures does it take to ensure they are stored securely?
* Assess whether the provider keeps multi-factor authentication active on the client account, to ensure ongoing security for the client.

*  Records
* Ensure you understand the records you will obtain by using this service. Will you rely on this provider to satisfy your obligations to maintain books and records? If so, which ones?
* Can you download directly from the platform records reflecting the investment advice provided to clients?
* Ensure you have an ability to access records following the discontinuance of any services for so long as applicable record retention policies are applicable.

*Disclosures: *Based on their assessment of the provider, the adviser should make sure to disclose their use of data aggregation or third-party tools.


* The TSSB recommends that these disclosures should include references to any potential risks associated with data aggregation or the third-party tool to the client, and what mitigations may be in-place against those risks.
* This includes both general risks regarding these technologies at large, and specific risks associated with their selected provider. Advisers are welcome to review and reference public materials such as FINRA’s Know Before You Share [ [link removed] ], which describes the risks associated with data aggregation and third-party tools.

* The TSSB recommends that advisers review the disclosures made available to their clients by the specific platform.
* These include both the disclosures made to the client in the third-party provider’s user interface, and the agreements to which clients consent before they authorize the provider’s access to their account information.

* The TSSB recommends that advisers disclose to their clients that these authorized third-parties may not have relationships with their clients’ custodians or recordkeepers, and any implications thereof.

*Management of accounts: *As with all clients and accounts, investment advisers must adhere to a fiduciary duty of care in providing investment advice or management of client assets. This is no different for investment advisers that use technology to manage held-away assets. The following are a few key areas in which advisers should ensure they are meeting that standard.


* Advisers must ensure that recommendations of securities, such as rebalancing of retirement plan assets, are suitable for the client.
* Advisers should assess an investment advisory fee that reasonably reflects the services it is providing. If an adviser is only viewing information about client assets, the adviser should take this into account in the type of fee it can assess, if any. If the adviser manages held-away assets, the adviser should compare the services it provides to held-away assets to services otherwise available to the client, such as advice provided by their employer plan or affiliated service providers, and the alternatives to the client, such as the impact of leaving these assets unmanaged.

“We recognize the importance of allowing innovation to foster new opportunities for growth in Texas in the investment advisory industry,” said Securities Commissioner, Travis Iles. “This is especially true as people save more in employer-sponsored accounts, which are held-away from their investment adviser but play an essential role in their financial security.”

As innovation and financial technology offers investment advisers ways to achieve efficiencies and grow their business, they cannot place their own interests ahead of their clients in utilizing these services. The TSSB believes, however, that it is possible for advisers to use data aggregation and similar third-party tools and adhere to their fiduciary duties.

For more information or questions, please contact Deputy Securities Commissioner, Cristi Ramón Ochoa at [email protected].




Stay Connected:   Twitter [ [link removed] ]    

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your *Subscriber Preferences Page [ [link removed] ]*. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit *Subscriber Help [ [link removed] ]*.

________________________________________________________________________

This email was sent to [email protected] using GovDelivery Communications Cloud on behalf of: Texas State Securities Board ·P.O. Box  13167 · Austin, TX 78711-3167 GovDelivery logo [ [link removed] ]