In November 2017, Finance Norway's executive board decided that FinAut could commence work on studying the possibility of an authorisation scheme for digital solutions. The law firm Schjødt was chosen as project manager for the study, and a project group was appointed consisting of representatives from FinAut's administration and three member companies (DNB, Storebrand and Gjensidige).
The project group started its work in August 2018. As a basis for their assessments, the group studied, among other things, the digital solutions market and its development traits, public law framework conditions and the significance of the authorisation schemes based on the interests of the companies, the industry and consumers. Furthermore, the project group has looked at other Norwegian authorisation schemes within other sectors and schemes in other countries.
Based on the studies, the project group has arrived at a recommended model for an authorisation scheme for digital advising/robot advising. This report presents the basis for the assessments and the proposed model.
Scope of the scheme
Digital customer solutions consist of a broad range of solutions, including information pages, calculators and purchase solutions with and without advice. A key assessment topic in the study is the type of customer solutions that should be included in an authorisation scheme, and whether the scheme should be limited to digital advising/robot advising.
The project group's assessment is that advising is defined in the regulations as "personal recommendation" within FinAut's specialised fields: saving and investing, non-life insurance, personal insurance and credit.
One risk associated with a wide range of activities is that it can be difficult to put a precise authorisation scheme in place. Digital solutions that provide guidance, information and sales can in principle include virtually the entire website of a company. The project group therefore recommends that the scope of the authorisation scheme be digital advising/robot advising, linked to the definition that the European Securities and Markets Authority (ESMA) has adopted for such advising, see below.
In summary, the project group proposes that the authorisation scheme include digital solutions that provide advice (personal recommendation) or active management;
- is fully or partly automated
- is aimed at the customer
The responsibility for assessing the solutions that fall under these criteria, and which are thus covered by the authorisation scheme, should lie with the individual company.
The project group's objective is to propose an authorisation scheme that is easy to join and manage, while at the same time the scheme actually implies quality assurance.
Due to the fact that a considerable set of regulations already exists, the purpose of the project group has not been to come up with new detailed requirements for advising, but to find precise requirements.
The points of departure are that the requirements laid down in connection with the authorisation of digital solutions should aim to ensure that regulations and industry standards are complied with, thereby helping to ensure that the customers will be equally well served by the provision of digital advice compared with ordinary advice.
In summary, the project group proposes the following requirements:
- The company that applies for authorisation of a digital advisory solution must either be a member of an owner organisation or apply for membership of FinAut.
- The project group assumes that all points on the check-list must be met in order for the solution to qualify for authorisation.
- The company that applies for authorisation must establish an appropriate internal development and approval process for the advisory solution that is adapted to their activities.
Employees who are part of the advisory process or provide information about the digital advisory solution must be authorised in accordance with the relevant authorisation scheme for employees.
The project group has studied whether the authorisation should be linked to the individual solution or to the company as such. Following an overall assessment, it is proposed that the authorisation scheme consist of three levels; (i) the company must be a member of FinAut; (ii) the company must be affiliated with the authorisation scheme for digital advisory services; and (iii) each solution must be authorised.
Based on the recommendation from FinAut's board of directors, the project group's starting point is that the company must apply for authorisation. An application model can be designed in several ways, from a simple process with small degree of testing to comprehensive application processing before FinAut evaluates the solutions.
The project group has sought to balance two considerations: on the one hand, the scheme must be easy to join and manage, and on the other hand being authorised shall be a stamp of quality.
This means, in the project group's assessment, that FinAut should carry out a certain amount of quality control in the application process, while at the same time the company's own control functions must also be paramount.
The project group proposes an application process consisting of three parts:
- Application form where the company provides an overall description of certain aspects of the solution
- Confirmation from management that the requirements for being authorised are met
- Confirmation from the internal audit that the requirements to be authorised are met (companies that do not have internal auditing can use an external auditor).
- Proposals have been prepared for the elements that should be included in the application form. The purpose of this is to provide FinAut with a sufficient basis for evaluating the application.
FinAut shall verify that all questions in the application form have been answered, and that confirmation from the management and internal audit has been given in accordance with the established standard format, and shall also assess whether the company's description of further specified conditions provides sufficient assurance for ensuring that the solution complies with good practice and other regulations. FinAut should be permitted to request further information and documentation as needed.
Follow-up and sanctions
The responsibility for ensuring that digital advisory solutions comply with the authorisation requirements will primarily be the responsibility of the member companies. However, FinAut itself should also have the opportunity to follow up the solutions to ensure their necessary legitimacy.
In the group's assessment, FinAut should be able to follow up cases where through complaints from customers, media coverage or in other ways indications have arisen that a digital solution is not functioning satisfactorily, and other cases, for example based on random checks.
The design of the sanction will be based on the application of the authorisation scheme for financial advisers. In addition to warnings and withdrawal of authorisation, FinAut should be able to require the member company to correct a specific matter within a specified deadline.