Supplementary Guidance on Digital Investment Management

Supplementary Guidance – Digital Investment Management (VER02.061125)

DIM VER02.061125 i Table of Contents

1. Introduction ................................................................................................................................. 2
2. Objectives..................................................................................................................................... 2
3. Permissions required for Digital Investment Management.......................................................... 3
4. Key controls for Digital Investment Managers ............................................................................. 5

DIM VER02.061125 2 GUIDELINES ON DIGITAL INVESTMENT MANAGER FRAMEWORK

1. Introduction 1.1 This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the Rulebook of the Financial Services Regulatory Authority (“FSRA”) and the Guidance & Policies Manual of the FSRA. 1.2 The Guidance is relevant to an applicant for a Financial Services Permission (“FSP”) to carry on one or more Regulated Activities, as defined in section 19 of FSMR, where the applicant undertakes “digital investment management”, as outlined in Paragraph 2.1 of this Guidance, and is termed a “Digital Investment Manager”. It explains the requirements that applicants must satisfy to be authorised and operate as Digital Investment Managers (within the “Digital Investment Manager Framework” outlined in this Guidance). 1.3 This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its statutory powers and discretions. In discharging its regulatory mandate, the FSRA may impose other specific conditions to address any additional risks posed by the proposed activities of a Digital Investment Manager. 1.4 The FSRA is not bound by this Guidance and may modify the Guidance at its discretion where appropriate. 1.5 Unless otherwise defined or the context otherwise requires, capitalised terms in this Guidance have the same meanings as defined in FSMR and the Glossary Rulebook (GLO).
2. Objectives 2.1 For the purpose of this Guidance, digital investment management refers to the provision of investment management services using algorithm-based tools that require limited/optional human interaction between clients and the provider of digital investment management services1 . It does not include asset management or advisory activities that rely on algorithm-based tools solely for the purposes of back office support services. A digital investment manager refers to the person who provides digital investment management services. 2.2 The digitisation of the financial services industry has provided wealth managers with a cost￾effective and scalable way of providing tailored investment management services to mass￾affluent clients. These clients are generally comfortable with services delivered through digital channels, which also influences their preferences in engaging with service providers, including investment managers. 1 For the purpose of this guidance, algorithm-based tools go beyond deterministic logic or rule-based algorithms to include modern developments in artificial intelligence (AI) such as generative AI tools, large language models, machine learning, etc.

DIM VER02.061125 3 2.3 The wealth management industry has seen a steady rise in assets under the management of Digital Investment Managers that utilise algorithms to provide automated investment management services including suitability assessments, portfolio modelling and account re-balancing. The business models of Digital Investment Managers in the GCC region typically tend to fall within the following categories. a. Fully digital model: little or no human interaction with clients, with the exception of technical support services that may be provided by IT personnel. b. Hybrid model: clients have the option to interact with a human financial adviser to discuss the automated digital investment advice generated by algorithm-based tools. 2.4 A number of firms operating in the GCC region have developed digital investment management technology to white-label or sell to wealth management firms. Firms that operate solely as technology providers are not considered to be Digital Investment Managers and do not require an FSP. 2.5 The scope of this Guidance covers Digital Investment Managers that may be fully digital or hybrid and that provide advice, discretionary investment management, arrange deals in investments, or any combination of these services. 2.6 While these models are scalable and offer greater access to investment management services, they also present different risks than those inherent in traditional investment management business models. The differences are most pronounced in the investment process, use of technology, compliance with suitability requirements and disclosure of key risks. In light of these considerations, the FSRA has created a tailored framework for Digital Investment Managers that applies regulatory safeguards in a manner that is commensurate with the risks they pose, both to clients and the FSRA’s objectives. 3. Permissions required for Digital Investment Management 3.1 This section of the Guidance outlines the permissions that may be required to conduct digital investment management in or from ADGM. Financial Services Permissions requirements 3.2 Digital Investment Managers operating in ADGM will require an FSP to undertake any Regulated Activities as part of their business model. The FSRA has observed that the core services provided by a Digital Investment Manager typically involves the provision of one or more of the following Regulated Activities. a. Advising on Investments or Credit: for example, recommending that a client invest in a portfolio of Financial Instruments, or recommending that a client buy or sell particular Financial Instruments in order to rebalance the client’s portfolio. b. Managing Assets: for example, exercising discretion to rebalance a client’s portfolio by passing instructions to a broker to either buy or sell particular Financial Instruments on the client’s behalf.

DIM VER02.061125 4 c. Arranging Deals in Investments: for example, after recommending that a client invest in a portfolio of Financial Instruments, and with the consent of the client, passing instructions to a broker to buy those Financial Instruments on the client’s behalf. Ancillary activities 3.3 In order to facilitate the investment process, a Digital Investment Manager may choose to hold Client Assets directly (i.e. in a Client Account held with a Third Party Agent as banker or custodian) or may instead arrange for its clients to establish a direct relationship with a regulated Custodian to hold Client Assets. In the latter case, the Digital Investment Manager may require an FSP to carry on the Regulated Activity of Arranging Custody, unless it meets the exclusion criteria2 set out in Paragraph 47 of Schedule 1 of FSMR. 3.4 A Digital Investment Manager holding an FSP to carry on the Regulated Activity of Managing Assets will not require separate permissions for Advising on Investments or Credit and/or Arranging Deals in Investments if it undertakes those Regulated Activities incidentally as part of its investment management activities.3 Prudential capital requirements 3.5 Each one of these Regulated Activities has associated regulatory obligations, including in respect of prudential capital: Table 1: Prudential capital requirements4 Prudential Category Maximum of: Base Capital Requirement Expenditure Based Capital Minimum Managing Assets 3C $250,000 ▪ Holding Client Assets: 18/52nds of Annual Audited Expenditure ▪ Otherwise: 13/52nds of Annual Audited Expenditure Advising on Investments or Credit Arranging Deals in Investments Arranging Custody 4 $50,000 n/a 2 The exclusion criteria set out that a person (the “introducer”) does not Arrange Custody by introducing a person to another person ("the custodian") who is authorised by the FSRA or a Non-Abu Dhabi Global Market Regulator to carry on the activity of providing custody, if the introducer is not connected with the custodian. An introducer is considered to be connected to a custodian if (a) the custodian is a member of the same Group as the introducer or (b) the introducer is remunerated by the custodian or a member of the custodian's Group for making the introduction. 3 If the Digital Investment Manager operates advisory accounts or arranges deals in investments that are separate from, or not incidental to, its discretionary investment management activities, it will have to apply for permission to carry on the Regulated Activities of Arranging Deals in Investments and/or Advising on Investments or Credit as applicable. 4 Note that for a Digital Investment Manager that carries on the Regulated Activity of Managing Assets the applicable Capital Requirement is the higher of the Base Capital Requirement and Expenditure Based Capital Minimum. Where a Digital Investment Manager undertakes a combination of activities, the highest prudential category will apply.

DIM VER02.061125 5 Relief for Digital Investment Managers utilising regulatory technology 3.6 Where any Digital Investment Manager makes use of technology that enables the FSRA to better supervise the Manager’s activities, manage business risks or achieve better regulatory outcomes, the FSRA may also consider modifying or waiving prudential and other regulatory requirements, on a case-by-case basis, under appropriate circumstances acceptable to the FSRA. 4. Key controls for Digital Investment Managers 4.1 This section of the Guidance describes how the FSRA applies particular requirements of the FSRA Rulebook to all Digital Investment Managers. It is not exhaustive, and should be read in conjunction with the Rulebook itself, as well as: a. Chapter 2 of the FSRA’s Guidance and Procedures Manual, which outlines its approach to authorisation for all prospective Digital Investment Managers; b. Supplementary Guidance - Authorisation of Investment Management Activities5 ; c. Information Technology Risk Management Guidance6 ; d. Guidelines for Financial Institutions adopting Enabling Technologies7 ; and e. FSRA Governance Principles and Practices to Mitigate Cyber Threats and Crime8 . 4.2 A critical component of the digital investment management business model is the use of algorithms to automate the investment process. Accordingly, the FSRA sees a need to ensure that Digital Investment Managers have adequate algorithm and technology governance policies and processes in place to address the specific risks arising from such a technology-driven business model, e.g., model poisoning, model drift, adversarial manipulation, etc. The limited human interaction between Digital Investment Managers and their clients necessitates consideration of how suitability assessments are performed and what disclosures are made to clients. 4.3 Additionally, given their heavy dependence on collecting and processing client data and the risks of cyberattacks to their automated and largely digital mode of operations, Digital Investment Managers must also put in place robust data security policies and systems to ensure compliance with all relevant data protection regulations, including the ADGM’s 5 http://adgm.complinet.com/en/display/display_main.html?rbid=4503&element_id=19430 (April 2017). 6 https://en.adgm.thomsonreuters.com/rulebook/information-technology-risk-management-guidance￾20-november-2024 7 https://en.adgm.thomsonreuters.com/rulebook/guidelines-financial-institutions-adopting-enabling￾technologies-15-november-2021 8 https://www.adgm.com/operating-in-adgm/financial-and-cyber-crime-prevention/cybercrime￾prevention#governance-principles-and-practices-to-mitigate-cyber-threats-and-crime

DIM VER02.061125 6 Data Protection Regulations, Cyber Risk Management rules, and, as appropriate, PRU 6.6, 6.7 and 6.8. 9 4.4 It is essential for Digital Investment Managers to remain aware of their broader financial crime compliance responsibilities and the risks that may arise from their digital business models. In particular, they should place strong emphasis on their Anti-Money Laundering and Targeted Financial Sanctions (AML–TFS) obligations, given the potential for misuse of digital platforms for illicit financial activities. 4.5 Digital Investment Managers are expected to adopt a holistic approach to financial crime risk management, ensure full adherence to the FSRA AML Rulebook, and remain aware of, and take into account, all notices issued by the FSRA as well as relevant guidance and guidelines issued by governmental authorities in the UAE. Digital Investment Managers must also establish and maintain effective systems and controls to identify, assess, and mitigate AML–TFS risks arising from their digital business models. Algorithm governance 4.6 Algorithms are at the core of the service offered by Digital Investment Managers. They are used to undertake critical components of the investment management process such as portfolio allocation and rebalancing. Accordingly, the FSRA expects that all Digital Investment Managers will establish internal governance structures that enable its Board and Senior Management to have robust oversight and control over the design, performance, deployment and security of the algorithm.10 The roles and responsibilities of all personnel who oversee the design, performance and integrity of the algorithm must be clearly defined.11 4.7 In assessing the adequacy of oversight and controls that the Digital Investment Manager establishes in relation to the development and deployment of its algorithm, the FSRA will take into account the following considerations.12 a. Qualifications and competency of staff: the Digital Investment Manager must ensure that it has qualified and competent staff to ensure the proper functioning and supervision of the algorithm model (the “Model”) on an ongoing basis. The Digital Investment Manager shall have adequate training and documented manuals in place to address any key-man and business continuity risks.13 b. Developing and testing the Model: the Digital Investment Manager must maintain proper documentation explaining the decision tree or logic of the algorithm to ensure that the outcomes produced by the Model are explainable, traceable and repeatable. The Digital Investment Manager must also ensure the relevance of any data or assumptions upon which the Model is based, and that the client questionnaire takes 9 These sections pertain to information technology systems, information security and outsourcing. 10 Refer to GEN 2.2.3 and 2.2.11. 11 Refer to GEN 3.3.2(1). 12 Sub paragraphs (b), (c) and (d) follow from GEN 2.2.2. 13 Refer to GEN 3.3.33, 3.5 and PRU 6.9.

DIM VER02.061125 7 into account potential behavioural biases that may lower the accuracy of client responses. TheDigital Investment Manager must carry out sufficient and regular testing to demonstrate that its Model meets these principles. Where appropriate (e.g. in the case of a complex Model), the FSRA may require a third party audit to validate the performance outcomes of the Model as purported. c. Managing and maintaining the algorithm: the Digital Investment Manager must establish safeguards, including with respect to access controls and security, to protect the integrity of the algorithm source code. The Digital Investment Manager should maintain the ability and relevant resources to modify the Model in the event that there is a need to stop the algorithm or make changes to it. The FSRA will also require the Digital Investment Manager to demonstrate that it has a clear process for detecting and reporting programming errors and unexpected outcomes. In the event of failure or outage of the Model, the Digital Investment Manager must have contingency plans to ensure that its services to clients are not adversely affected and that the clients’ interests are safeguarded.14 d. Ongoing monitoring and reviews: the Digital Investment Manager must conduct ongoing monitoring and reviews to assess whether the Model effectively achieves its intended objectives and outcomes, and to manage the risks of inaccuracy, bias or exception. The Board and Senior Management should also periodically review the Digital Investment Manager’s internal governance structure and measures to ensure that they remain appropriate and effective. Technology governance 4.4 The Digital Investment Manager must ensure that its systems and controls are adequate and appropriate for the scale and nature of its business.15 This applies in particular to systems and controls concerning: a. the transmission and storage of information; b. the assessment, mitigation and management of risks relating to the provision of digital investment management services, including data security; c. the effecting and monitoring of transactions by the Digital Investment Manager; d. the technical operation of the Digital Investment Manager, including contingency arrangements for disruption to its facilities; e. the operation of its functions relating to the safeguards and protections to investors; and 14 Refer to GEN 3.3.33, 3.5 and PRU 6.9. 15 Refer to GEN 2.2.3 and chapters 3.3, 3.5, PRU 6.6 and 6.7, and other requirements in the Rulebook as applicable.

DIM VER02.061125 8 f. outsourcing. 4.5 In assessing whether the systems and controls used by the Digital Investment Manager are adequate and appropriate for the scale and nature of its business, the FSRA may have regard to the following: a. the distribution of duties and responsibilities among its key individuals; b. the staffing and resources of the Digital Investment Manager; c. the arrangements made to enable key individuals to supervise the operations of the Digital Investment Manager; and d. the arrangements for internal and external audit, including technological audits. Suitability requirements 4.6 Digital Investment Managers must comply with the rules relating to suitability in the FSRA’s Conduct of Business Rulebook (COBS).16 These rules require Digital Investment Managers to have a reasonable basis for considering that any Specified Investments they recommend, or Transactions they execute on a discretionary basis, are suitable for the client.17 In making this determination of suitability, Digital Investment Managers must: a. undertake an appropriate assessment of the particular client's needs, objectives, and financial situation, and also, to the extent relevant, risk tolerance, knowledge, experience and understanding of the risks involved; and b. take into account any other relevant requirements and circumstances of the client of which the Authorised Person is, or ought reasonably to be aware.18 4.7 Given the nature of their business models, Digital Investment Managers typically rely heavily on an online questionnaire to collect the information needed to perform suitability assessments (Risk Profile Questionnaire). When designing a Risk Profile Questionnaire, the FSRA expects that Digital Investment Managers will ensure that: a. The information obtained to assess suitability is proportionate with the complexity and risk of the Specified Investments recommended or transacted through the platform. Digital Investment Managers that offer Specified Investments which are relatively high risk or have complex features will need to undertake more extensive due diligence to form a reasonable basis for assessing that these products are suitable. 16 Digital Investment Managers are also subject to the Principles for Authorised Persons in the General Rulebook. Principle 8 (GEN 2.2.8) requires Authorised Persons to take reasonable care to ensure the suitability of their Advice and discretionary decisions for clients who are entitled to rely upon their judgment. 17 COBS 3.4.2(a). 18 COBS 3.4.2(a). Pursuant to COBS 3.4.2(b) and (e), Digital Investment Managers may limit the extent to which they will consider suitability for Professional Clients.

DIM VER02.061125 9 b. There is a mechanism to exclude clients for whom the Digital Investment Manager’s services would not be suitable, or who require advice that goes beyond the scope of what the Digital Investment Manager can provide. These mechanisms may take the form of ‘knock out’ questions which, for example, reject prospective clients whose investment horizon, liquidity needs or other circumstances are misaligned with the Specified Investments offered through the platform. c. Inconsistencies in the information provided by prospective clients are addressed through follow up questions or engagement with a human advisor who can explain the context of the questions and their purpose. d. Where a client selects a portfolio that is not recommended, information is provided to the client explaining why the recommended portfolio (as opposed to the portfolio selected by the client) is considered suitable in light of the client’s personal circumstances as understood from the client’s responses to the Risk Profile Questionnaire. 4.8 Digital Investment Managers must take reasonable steps to ensure that the client information they hold is accurate, complete and up to date.19 In order to comply with this requirement, the FSRA expects that Digital Investment Managers will periodically prompt clients to update their information. This may be achieved by requiring clients to recomplete the Risk Profile Questionnaire, or by posing a more targeted set of questions to identify any changes in the client’s personal circumstances which may impact the suitability of the clients’ portfolios. Disclosure 4.9 Digital Investment Managers must comply with the disclosure requirements in the FSRA’s Conduct of Business module of the Rulebook.20 The information that must be provided to a client differs according to the particular services provided21 and whether the client is a Retail Client or Professional Client. In all cases, communication between a Digital Investment Manager and a client must be clear, fair and not misleading.22 4.10 In the case of Retail Clients, Digital Investment Managers must provide sufficient details of the service that they will provide.23 In discharging this obligation, the FSRA considers that Digital Investment Managers will need to disclose, among other things, the following information to clients. 19 COBS 3.4.3. 20 The majority of these requirements are contained in Chapter 12 of COBS. 21 Refer to COBS 12.1.3 for the disclosures required for Investment Business and COSB 12.1.4 for the disclosures required for an Investment Manager. 22 GEN 2.2.6, COBS 3.2.1. 23 COBS 12.1.2(a)(v).

DIM VER02.061125 10 a. The nature and scope of the services it offers, including the types of products and how it determines whether these products are suitable to meet the investment objective(s) of the client. b. Details of how the algorithm is relied upon in the investment process. c. The key assumptions and limitations of the algorithm model used by the Digital Investment Manager. d. The degree of human involvement and oversight of the investment process. e. Circumstances where the algorithm may fail to perform as intended or where the Digital Investment Manager may halt (for instance due to volatile markets) or make material adjustments to the algorithm, and how these would impact clients. f. The inherent, material risks arising from the Digital Investment Manager’s business model, for instance the risks arising from automated portfolio rebalancing. 4.11 Digital Investment Managers are also subject to a number of other disclosure requirements including, but not limited to, the following. a. Circumstances where the Digital Investment Manager expects clients to update the information they have provided in their Risk Profile Questionnaire. 24 b. Details of any conflicts of interest. 25 c. Details of the arrangements put in place by the Digital Investment Manager regarding Client Assets.26 The Digital Investment Manager should also describe the specific risks faced by clients where Client Assets are held by: i. a regulated financial institution within the UAE; or ii. a regulated financial institution outside the UAE, which could complicate the process of recovering Client Assets in the event of the financial institution defaulting or becoming insolvent. d. In the case of Retail Clients: i. key particulars of the Digital Investment Manager’s complaints handling procedures.27 24 COBS 3.4.3. 25 COBS 3.5.4 and, in the case of Retail Clients, 12.1.2(vi). 26 Refer to COBS 14.2.10 and 15.7 as applicable. 27 COBS 12.1.2(viii).

DIM VER02.061125 11 ii. details of fees, costs and other charges and the basis upon the Digital Investment Manager will impose them.28 iii. the contents and frequency of the periodic reporting statements that the Digital Investment Manager will issue.29 4.12 In addition to the content of the disclosures, Digital investment Managers should also consider when and how to make the disclosures in order to ensure that they are read and understood by clients (in particular, Retail Clients). 28 COBS 12.1.2(a)(iv). 29 COBS 12.1.3(e).