In addition to the requirements set out in section 37, an FSP that provides automated advice must—
| (a) |
have adequate and appropriate human resources that have the required competence to— |
| (i) |
understand the technology and algorithms used to provide the automated advice; |
| (ii) |
understand the methodological approaches, including assumptions, embedded in the algorithms; |
| (iii) |
understand the preferences or biases that exist in the approaches referred to in (ii); |
| (iv) |
understand the risks and rules underpinning the algorithms; |
| (v) |
identify the risks to clients arising from the automated advice; and |
| (vi) |
monitor and review the automated advice generated by algorithms to ensure quality and suitability of the advice and compliance with the Act; |
| (b) |
establish, implement and maintain adequate policies and procedures— |
| (i) |
to monitor, review and test the algorithms and the advice generated by it; |
| (ii) |
to monitor, review and test the filters implemented to ensure clients for whom the automated advice is not suitable are filtered out; and |
| (iii) |
that set out the level of human review that will be undertaken on the advice generated; |
| (c) |
in relation to the monitoring and testing of the algorithms and filters referred to in (b),— |
| (i) |
have appropriate system design documentation that sets out the purpose, scope and design of the algorithms and filters; |
| (ii) |
have a documented test strategy that explains the scope of testing, including test plans, test cases, test results, defect resolution, and final test results; |
| (iii) |
have appropriate processes for managing any changes to an algorithm and filters that include having security arrangements in place to monitor and prevent unauthorised access to the algorithms; |
| (iv) |
be able to control, monitor and reconstruct any changes to algorithms or filters; |
| (v) |
review and update algorithms whenever there are factors that may affect their relevance (such as market changes and changes in the law); |
| (vi) |
have in place controls and processes to suspend the provision of advice if an error within an algorithm or filters is detected; and |
| (vii) |
be able to frequently monitor and supervise the performance of algorithms and filters through an adequate and timely review of the advice provided; |
| (d) |
have adequate and sufficient technological resources to— |
| (i) |
maintain client records and data integrity; |
| (ii) |
protect confidential and other information; and |
| (iii) |
meet current and anticipated operational needs, including in relation to system capacity. |
Protection of Businesses Act, 1978
