The US Securities and Exchange Commission recently proposed a new rule and rule amendments that, if adopted as proposed, would require registered investment advisers to meet certain requirements when outsourcing certain services or functions.
On October 26, in a 3-2 vote, the Securities and Exchange Commission (SEC) proposed new Rule 206(4)-11 (the New Proposed Rule) and amendments to Rule 204-2 (the Recordkeeping Rule) and Form ADV under the Investment Advisers Act of 1940 (collectively, the Proposal). The Proposal is designed to address what the SEC called the evolving asset management industry and the increased engagement by registered investment advisers of service providers to perform certain core functions and what the SEC views as potential risks of such outsourcing and a perceived need for advisers to meet minimum requirements prior to and during such outsourcing.
In the Proposal, the SEC recognizes the benefits of outsourcing, including providing access to certain specializations or areas of expertise, reducing the risks of keeping a function in-house that the adviser is not equipped to perform, and offering efficiencies that are not achievable by an adviser alone. However, it also indicates the potential for clients to be significantly harmed when an adviser outsources to a service provider certain core functions without appropriate controls in place. The Proposal did not target all outsourcing but focused on outsourced functions that the SEC views as higher risk.
The SEC purports to mitigate these risks through the New Proposed Rule and amendments under the Investment Advisers Act, which would require advisers to
Background
The Investment Advisers Act establishes a fiduciary duty for investment advisers that comprises a duty of loyalty and a duty of care and is made enforceable by Section 206, otherwise known as the antifraud provisions, of the Investment Advisers Act. Section 206(4) of the Investment Advisers Act makes it unlawful for any investment adviser to engage in any act, practice, or course of business that the SEC, by rule, defines as fraudulent, deceptive, or manipulative.
Section 206(4) further requires the SEC to prescribe means reasonably designed to prevent such conduct. Stating in the Proposal that outsourcing has the potential to defraud, mislead, or deceive clients, the SEC proposed the New Proposed Rule, which would prohibit advisers from outsourcing certain services or functions (Covered Functions) to service providers without first meeting minimum requirements of due diligence and monitoring.
The New Proposed Rule, if adopted as proposed, would apply to advisers registered or required to be registered with the SEC and that outsource any Covered Function to a third party or affiliated service provider (Service Provider). Under the New Proposed Rule, the SEC defines Service Providers as persons or entities that (1) perform one or more Covered Functions and (2) are not a supervised person of the adviser.[1] The New Proposed Rule does not distinguish between third-party providers and affiliated service providers (other than supervised persons) and does not include an exception for Service Providers that are subject to the other provisions of the Investment Advisers Act, including SEC-registered investment advisers, or other federal securities laws.
What Is a Covered Function?
The New Proposed Rule defines a Covered Function as an outsourced function that meets two elements: (1) those functions that are necessary for the adviser to provide its investment advisory services in compliance with federal securities laws and (2) those that, if not performed or if performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or the adviser’s ability to provide investment advisory services. Any clerical, ministerial, utility, and general office functions are explicitly excluded from the New Proposed Rule.
The SEC stated that it would generally consider functions or services that are related to an adviser’s investment decisionmaking process and portfolio management to meet the first element of Covered Function. The SEC cited the following activities as examples covered under the first element: (1) functions relating to providing investment guidelines (including maintaining restricted trading lists), (2) creating and providing models related to investment advice, (3) creating and providing custom indexes, (4) providing investment risk software or services, (5) providing portfolio management or trading services or software, (6) providing portfolio accounting services, and (7) providing investment advisory services to an adviser or the adviser’s clients (sub-advisory services).
However, the SEC stated that whether a function was a Covered Function depends on facts and circumstances and “certain functions may be covered functions for one adviser but not for another adviser.” For example, the SEC further stated, “an adviser may choose to engage an index provider for the purposes of developing an investment strategy for its clients, which would be a [C]overed [F]unction under the [New Proposed Rule], while another may license a widely available index from an index provider to use as a performance hurdle, in which case the [New Proposed Rule] would not apply.” Additionally, the SEC noted that it would not consider functions performed by marketers and solicitors to be Covered Functions, as such services are not used by an adviser to provide investment advice to its clients.
With respect to the second element, the SEC stated that whether a function may have a “material negative impact” if not performed or performed negligently also depends on the facts and circumstances. Nevertheless, it noted that “material negative impact” could include a material financial loss to a client or a material disruption in the adviser’s operations resulting in the inability to effect investment decisions or to do so accurately. When determining what would reasonably be likely to have a material negative impact, the SEC stated that advisers should consider a variety of factors, including, but not limited to (1) the day-to-day operational reliance on the Service Provider, (2) the existence of a robust internal backup process at the adviser, and (3) whether the Service Provider is making or maintaining critical records.
Further, the SEC, in proposing amendments to Form ADV as discussed further below, provided examples of potential Covered Function categories for an adviser to consider:
The SEC noted in the Proposal that outsourcing Covered Functions need not be memorialized in a written agreement to fall under the New Proposed Rule, if adopted as proposed, and whether an adviser has retained a Service Provider to perform a Covered Function again depends on facts and circumstances.
Such a “facts and circumstances” heavy analysis of not only the “what” but also the “when” and “how” a Covered Function exists creates a fair amount of ambiguity and could result in the New Proposed Rule, if adopted, being broadly and inconsistently construed with the benefit of hindsight.
A Prescriptive Due Diligence Requirement
The New Proposed Rule, if adopted as proposed, would require advisers to undertake due diligence before engaging a service provider that is “reasonably tailored to the functions or services that would be outsourced and to the identified Service Provider.” Specifically, the Proposal would require an adviser to reasonably identify and determine that it would be appropriate to outsource the Covered Function, that it would be appropriate to select the Service Provider, and once selected, that it is appropriate to continue to outsource the Covered Function, by complying with the following specific elements:
In spite of the multi-step, multi-element requirements outlined in the New Proposed Rule, the SEC stated that ultimately conducting due diligence under the New Proposed Rule is not a “one size fits all” process. It stated that whether advisers engage in reasonable due diligence of Service Providers depends on the facts and circumstances applicable to the services and the identified Service Provider.
In connection with the due diligence requirement, the Proposal would amend the Recordkeeping Rule to require advisers to make and retain specific records related to their due diligence assessment of a Service Provider. According to the SEC, these records should include (1) a list or other record of Covered Functions the adviser outsourced to a Service Provider, (2) the factors that led to listing it as a Covered Function on Form ADV, and (3) documentation of the due diligence assessment, including any policies or procedures showing how the adviser would mitigate and manage the risks it identifies, both at the Covered Function and Service Provider level.
Additionally, the Proposal revises the Recordkeeping Rule to require that a copy of any written agreement, including any amendments, appendices, exhibits, and attachments, entered into with a Service Provider regarding Covered Functions, be preserved.
Monitoring Requirement
The New Proposed Rule requires an adviser to periodically monitor a Service Provider’s performance of a Covered Function in order to reassess the appropriateness of retaining that Service Provider for the Covered Function, in accordance with the above due diligence requirements. Methods of monitoring cited by the SEC in the Proposal could include, but are not limited to, automated scans or reviews of Service Provider data feeds, periodic meetings with the Service Provider to review service metrics, or contractual obligations to test and approve new systems prior to implementation. Additionally, the SEC stated that an adviser’s monitoring process may include determining whether there has been any change in the risk profile of a Covered Function or Service Provider.
In the Proposal, the SEC left the manner and frequency of monitoring a Service Provider to the reasonable discretion of the adviser. Like the due diligence requirement, the Proposal amends the Recordkeeping Rule to require retention of records documenting the monitoring of a Service Provider of a Covered Function. The SEC stated that, under the Proposal, advisers should generally consider retaining records such as performance reports of the Service Provider, financial, operational, or third-party assessments of a Service Provider, identification of any new or increased Service Provider risks and a summary of how the adviser will mitigate such risks and any written policies and procedures applicable to monitoring. Compliance with these ongoing, prescriptive requirements could prove extremely costly, particularly for smaller advisers who have a need to outsource certain of their functions for quality and efficiency.
In connection with the New Proposed Rule, the SEC also proposed amendments to Form ADV. Specifically, under the Proposal, advisers would be required check the box on Form ADV Part 1A, new Item 7C to indicate whether they have outsourced any Covered Function to a Service Provider.
Additionally, under the Proposal, advisers would be required to report on new Section 7C in Schedule D of Form ADV the identity of Service Providers to which it has outsourced Covered Functions, the location of the office principally responsible for the Covered Functions, the date on which the Service Provider was first engaged to perform the Covered Function, and whether the Service Provider is a related person of the adviser.[2]
Finally, the advisers would be required to report Covered Functions it has outsourced by selecting from the non-exhaustive list of predetermined categories of Covered Functions set forth in the Item, as mentioned above, or to select “Other” and identify the unlisted category.
The SEC noted that collection of such information would serve a variety of purposes, including improving the SEC’s ability to allocate its examination resources efficiently based on the risks it discerns or identifying common business activities from information provided by advisers. The SEC further noted that the staff currently conducts such analyses, but its inputs are limited due to the lack of additional information required under the Proposal, which impedes examination effectiveness.
Noting that the Recordkeeping Rule does not currently prescribe requirements for when an adviser outsources one or more of the required recordkeeping functions, under the Proposal, advisers would be specifically required to perform the due diligence and monitoring requirements under the New Proposed Rule with respect to third-party recordkeepers.
Additionally, under the Proposal, advisers would be required to obtain “reasonable assurances” from the third party that it will meet the following four standards specific to recordkeeping: (1) the third party will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the adviser that meets all of the requirements of the Recordkeeping Rule; (2) the third party will, in practice, make and/or keep records in a manner that will meet all of the requirements of the Recordkeeping Rule; (3) the third party will allow the adviser and the SEC staff to access the records easily through computers or systems during the required retention period; and (4) the third party will ensure the continued availability of records that will meet all of the requirements of the Recordkeeping Rule as applicable in the event the third party ceases operations or its relationship with the adviser has been terminated.
The Proposal comes on the heels of the SEC’s recent request for comment on whether certain “information providers,” specifically index providers, model portfolio providers, and pricing services, conduct activities that meet the definition of “investment adviser” under the Investment Advisers Act and as such may be subject to registration with the SEC under the Investment Advisers Act. It is unclear where the Proposal stands in relation to this prior request for comment, including whether the Proposal reflects a possible compromise by the SEC (the SEC indicated in the Proposal that it is still considering the comments provided in response to the earlier request for comment).
Nevertheless, the Proposal, if adopted, would aid the SEC in gathering information on such information providers through an adviser’s Form ADV. While the Proposal could be a respite from potential regulation for information providers, the Proposal, if adopted, would be greatly impactful to registered investment advisers of any size, particularly in that they will have to expend financial and human resources to comply with the New Proposed Rule, if adopted. In this regard, the Proposal could have a disparate effect on smaller advisory firms, and even could result in barriers to entry.
If the Proposal is adopted, presumably registered investment advisers will need to evaluate and document current Service Provider relationships in compliance with the New Proposed Rule, although the SEC is silent on this topic. Investment advisers will need to decide whether outsourcing relationships they intend to maintain, continue, or renew fall under the New Proposed Rule, and whether such relationships are properly documented, including satisfaction of the six elements of due diligence discussed above.
Complying with such a prescriptive New Proposed Rule could prove difficult for registered investment advisers if Service Providers are unwilling or unable to renegotiate contractual terms, including, in cases such as third-party recordkeepers, consent to being examined by the SEC staff, and submission to a detailed audit of the Service Providers’ books and records by the adviser, as suggested in the Proposal. Any compliance efforts will also likely require additional resources and increased costs for advisers.
Additionally, it is unclear whether such a prescriptive New Proposed Rule solves a problem that currently exists with investment advisers. As the SEC pointed out in its Proposal, advisers cannot waive their fiduciary duty, which is already broad in scope. Prescriptive requirements could run the risk of creating more problems, such as inconsistent applications of the New Proposed Rule by investment advisers.
Further, although the SEC insists in the Proposal whether elements of the New Proposed Rule are met depends on the facts and circumstances, it provides a variety of examples and circumstances that, in its view, are instances of compliance with the New Proposed Rule. Would an investment adviser who does not conduct due diligence or keep records as set forth in the Proposal run the risk of being accused of fraudulent conduct when there is none?
Advisers and service providers will be impacted by the Proposal if adopted as proposed, with both recipients and providers of outsourcing services needing to access the breadth of what constitutes a Covered Function, and how to comply with respect to existing and future engagements.
Public comment is open 60 days from October 26, 2022 (until December 25, 2022) or 30 days after publication in the Federal Register, whichever is later.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following:
[1] “Supervised Person” is defined under the Investment Advisers Act as any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser.
[2] “Related person” is defined as any advisory affiliate and any person that is under common control with an adviser.