SEC Proposes New Rule Requiring Investment Adviser Oversight of Certain Third Party Service Providers
On October 26, 2022, the Securities and Exchange Commission ("SEC") proposed a new rule under the Investment Advisers Act of 1940 ("Advisers Act") to prohibit registered investment advisers from outsourcing certain services or functions without first meeting minimum requirements (the "Proposal"). Comments on the Proposal are due 30 days after the Proposing Release is published in the Federal Register or December 27, 2022, whichever is later.
Under the Proposal, advisers would be required to:
- Conduct due diligence on a service provider who is performing certain specific services or functions prior to engaging such service provider; and
- Periodically monitor the performance and reassess the retention of the service provider in accordance with due diligence requirements to reasonably determine that it is appropriate to continue to outsource those services or functions to that service provider.
In addition, the Proposal contains:
- related amendments to the Advisers Act books and records rule;
- amendments to the investment adviser registration form to collect census-type information about the service providers defined in the Proposal.
Proposed Rule 206(4)-11 Under the Advisers Act
In the Proposing Release, the SEC staff notes that Rule 206(4)-11 would establish a set of minimum and consistent due diligence and monitoring obligations for investment advisers who outsource a covered function.
“Covered function” would be defined as: a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services. Clerical, ministerial, utility or general office functions or services are excluded from the definition of a covered function.
For purposes of Rule 206(4)-11, a “service provider” is a person or entity that performs one or more covered functions and is not an adviser’s supervised person as defined in the Adviser’s Act.
The Proposing Release notes that determining whether an investment adviser is retaining a service provider to perform a covered function is based on a facts and circumstances analysis of the situation and that what is a covered function for one adviser may not be a covered function for another. The Proposing Release states that the SEC staff believes, for example, that an investment adviser who engages an index provider for the purposes of developing an investment strategy for its clients, would be a covered function under the Proposal; whereas an adviser who licenses a widely available index from an index provider to use as a performance hurdle would not be a covered function. Another example given in the Proposing Release is that if an adviser’s investment decision-making process relies on artificial intelligence or software as a service, then that technology may be a covered function under the Proposal. The Proposing Release also notes that determining what is a material negative impact for purposes of the covered definition is additionally a facts and circumstances analysis. Some examples provided are: a material financial loss to a client or a material disruption to the adviser’s operations resulting in the inability to effect investment decisions or do so accurately.
Before an investment adviser could engage a service provider to perform a covered function, whether it is an affiliated or unaffiliated service provider, the adviser would have to reasonably identify and determine through due diligence that it would be appropriate to outsource that covered function, and that it would be appropriate to select that service provider. In performing the due diligence, the investment adviser would have to comply with six specific elements.
- Identify the nature and scope of the covered function the service provider is to perform;
- Identify and determine how it would mitigate and manage the potential risks to clients or to the investment adviser’s ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to performed the covered function;
- Determine that the service provider has the competence, capacity and resources necessary to perform the covered function in a timely and effective manner;
- Determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the adviser’s ability to perform its advisory services in light of any such subcontracting arrangement;
- Obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws; and
- Obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function
While the Proposal does not include additional written policies and procedures specific to service provider oversight, investment advisers would be required under Rule 206(4)-7 to have policies and procedures reasonably designed to prevent violations of the Adviser’s Act.
Rule 206(4)-11 would also require that the investment adviser periodically monitor the service provider’s performance and reassess its selection of that service provider under the due diligence requirement of the Rule.
The Proposal also includes a provision that would require each adviser that relies on a third party to make and/or keep any books and records required by the recordkeeping rule (“recordkeeping function”) to comply with a comprehensive oversight framework, consisting of due diligence, monitoring and recordkeeping elements. Specifically, the adviser will have to perform the same due diligence and periodic monitoring with respect to the recordkeeping function as it does for a service provider providing a covered function. Additionally, an adviser relying on a third party for such recordkeeping function would also be required to obtain:
- reasonable assurance that the third party will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the requirements of the recordkeeping rule;
- reasonable assurance that, when making and/or keeping records on behalf of the adviser, the third party will, in practice, actually make and/or keep records in a manner that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser;
- with respect to electronic records, reasonable assurance that the third party will allow the investment adviser and SEC staff to access the records easily through computers and/or systems during the required retention period of the recordkeeping rule;
- reasonable assurance that arrangements will be made to ensure the continued availability of records that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser in the event that the third party ceases operations or the relationship with the investment adviser is terminated.
Amendments to the Books and Records Rule under the Advisers Act
Under the Proposal, the books and records rule under the Advisers Act would be amended to require an adviser to make and keep a list or other record of all covered functions that the adviser outsources to a service provider and the name of each service provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a covered function. The adviser will also have to keep a record of its due diligence assessment and periodic monitoring on each service provider that provides a covered function.
Form ADV Amendments
The Proposal includes amendments to Form ADV Part 1A to require investment advisers to:
- identify their service providers that perform covered functions,
- provide the location of the office principally responsible for the covered functions,
- provide the date they were first engaged to provide covered function, and
- state whether they are related persons of the adviser.
Additionally, certain specific information would be required for each service provider that clarifies the services or functions that they provide.
In the Proposing Release, the SEC staff states that this information will help them better understand the material services and functions that advisers outsource and permit them to enhance their assessment of advisers’ reliance on service providers for purposes of targeting examinations. Additionally, the SEC staff states that this information could assist them in identifying advisers’ user of particular service providers that may pose a risk to clients and investors, such as when the SEC learns that a particular service provider is experiencing a significant and ongoing disruption.
The Proposal, if adopted, would have to be complied with starting ten months from its effective date. The SEC staff is currently reviewing certain no-action letters relating to the recordkeeping rules to determine if any should be withdrawn if this Proposal is adopted.
 Release IA-6176, Outsourcing by Investment Advisers (October 26, 2022) at https://www.sec.gov/rules/proposed/2022/ia-6176.pdf (“Proposing Release”).
 Potential covered function categories that the Proposing Release notes an adviser should consider include sub-adviser; client services; cybersecurity; investment guideline; restriction compliance; investment risk; portfolio management (excluding adviser/sub-adviser); portfolio accounting; pricing; reconciliation; regulatory compliance; trading desk; trade communications and allocation; and valuation.