AGENCY:
Securities and Exchange Commission.
ACTION:
Proposed rule.
SUMMARY:
The Securities and Exchange Commission (“Commission” or “SEC”) is proposing a new rule under the Investment Advisers Act of 1940 (“Advisers Act”) to prohibit registered investment advisers (“advisers”) from outsourcing certain services or functions without first meeting minimum requirements. The proposed rule would require advisers to conduct due diligence prior to engaging a service provider to perform certain services or functions. It would further require advisers to periodically monitor the performance and reassess the retention of the service provider in accordance with due diligence requirements to reasonably determine that it is appropriate to continue to outsource those services or functions to that service provider. We also are proposing corresponding amendments to the investment adviser registration form to collect census-type information about the service providers defined in the proposed rule. In addition, we are proposing related amendments to the Advisers Act books and records rule, including a new provision requiring advisers that rely on a third party to make and/or keep books and records to conduct due diligence and monitoring of that third party and obtain certain reasonable assurances that the third party will meet certain standards.
DATES:
Comments should be received on or before December 27, 2022.
ADDRESSES:
Comments may be submitted by any of the following methods:
Electronic Comments
• Use the Commission's internet comment form ( http://www.sec.gov/rules/submitcomments.htm ); or
• Send an email to rule-comments@sec.gov. Please include File Number S7-25-22 on the subject line.
Paper Comments
- Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number S7-25-22. The file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all comments on the Commission's website ( http://www.sec.gov/rules/proposed.shtml ). Comments are also available for website viewing and printing in the Commission's Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the Commission's Public Reference Room. All comments received will be posted without change. Persons submitting comments are cautioned that the Commission does not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly.
Studies, memoranda, or other substantive items may be added by the Commission or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on the Commission's website. To ensure direct electronic receipt of such notifications, sign up through the “Stay Connected” option at www.sec.gov to receive notifications by email.
FOR FURTHER INFORMATION CONTACT:
Christopher Chase, Senior Counsel; Christian Corkery, Senior Counsel; Juliet Han, Senior Counsel; Mark Stewart, Senior Counsel; Jennifer Porter, Senior Special Counsel; Holly Miller, Senior Financial Analyst; Melissa Roverts Harke, Assistant Director, Investment Adviser Regulation Office, Division of Investment Management, at (202) 551-6787, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-8549.
SUPPLEMENTARY INFORMATION:
The Commission is proposing for public comment 17 CFR 275.206(4)-11 (“proposed rule 206(4)-11”) under the Advisers Act [15 U.S.C. 80b-1 et seq.]; and amendments to 17 CFR 275.204-2 (rule 204-2) and Form ADV [17 CFR 279.1] under the Advisers Act.
Unless otherwise noted, when we refer to the Advisers Act, we are referring to 15 U.S.C. 80b, and when we refer to rules under the Advisers Act, we are referring to title 17, part 275 of the Code of Federal Regulations [17 CFR 275]. In addition, unless otherwise noted, when we refer to the Investment Company Act, we are referring to 15 U.S.C. 80a.
Table of Contents
I. Introduction
A. Background
B. Overview of Rule Proposal
II. Discussion
A. Scope
1. Covered Function
2. Service Provider
3. Recordkeeping of Covered Functions
B. Due Diligence
1. Nature and Scope of Covered Function
2. Risk Analysis, Mitigation, and Management
3. Competence, Capacity, Resources
4. Subcontracting Arrangements
5. Compliance Coordination
6. Orderly Termination
7. Recordkeeping Provisions Related to Due Diligence
C. Monitoring
1. Recordkeeping Provisions Related to Monitoring
D. Form ADV
E. Third-Party Recordkeeping
F. Existing Staff No-Action Letters and Staff Statements
G. Transition and Compliance
III. Economic Analysis
A. Introduction
B. Baseline
1. Affected Parties
2. Adviser Use of Service Providers
3. Applicable Law Impacting Use of Service Providers
C. Broad Economic Considerations
D. Benefits and Costs
1. Due Diligence
2. Monitoring
3. Recordkeeping
4. Form ADV
E. Effects on Efficiency, Competition, and Capital Formation
1. Efficiency
2. Competition
3. Capital Formation
F. Reasonable Alternatives
1. Alternatives to the Proposed Scope
2. Alternatives to the Proposed Due Diligence and Monitoring Requirements
3. Alternatives to the Proposed Amendments to the Books and Records Rule
4. Alternatives to the Form ADV Requirements
5. Alternatives to the Transition and Compliance Period
G. Request for Comment
IV. Paperwork Reduction Act Analysis
A. Introduction
B. Rule 204-2
C. Form ADV
D. Request for Comment
V. Initial Regulatory Flexibility Act Analysis
A. Reason For and Objectives of the Proposed Action
1. Proposed Rule 206(4)-11
2. Proposed Amendments to Rule 204-2
3. Proposed Amendments to Form ADV
B. Legal Basis
C. Small Entities Subject to the Rules and Rule Amendments
1. Small Entities Subject to Proposed Rule 206(4)-11 and Proposed Amendments to Rule 204-2 and Form ADV
D. Projected Reporting, Recordkeeping and Other Compliance Requirements
1. Proposed Rule 206(4)-11
2. Proposed Amendments to Rule 204-2
3. Proposed Amendments to Form ADV
E. Duplicative, Overlapping, or Conflicting Federal Rules
1. Proposed Rule 206(4)-11
2. Proposed Amendments to Rule 204-2
3. Proposed Amendments to Form ADV
F. Significant Alternatives
1. Proposed Rules 206(4)-11 and 204-2
2. Proposed Amendments to Form ADV
G. Solicitation of Comments
VI. Consideration of Impact on the Economy
VII. Statutory Authority
I. Introduction
A. Background
The asset management industry has evolved greatly since Congress adopted the Investment Advisers Act of 1940 (“Advisers Act” or “Act”). For instance, many advisers now seek to provide full service wealth management and financial planning ( e.g., tax, retirement, estate, education, and insurance), and they use electronic systems to provide those services and keep their records. Clients and investors also are seeking to invest in types of securities and other assets that were not commonly traded or did not exist at that time, including, for example, derivatives and exchange-traded funds. At the same time, fee pressures for advisers have increased. As a result, advisers are under pressure to meet evolving and increasingly complex client demands in a cost-effective way. The demand for advisory services has grown as well. For example, regulatory assets under management (“RAUM”) have increased from $47 trillion to $128 trillion over the past 10 years; while RAUM managed for non-high net worth advisory clients have increased from approximately $3.7 trillion to approximately $7 trillion.
See Financial Advisers Now Help with College Plans, Family Counseling, Cremains, The Wall Street Journal (Aug. 23, 2019), available at https://www.wsj.com/articles/financial-advisers-now-help-with-college-plans-family-counseling-cremains-11566558002; Beyond Finances: Holistic Life Planning Trends Among Advisors, Investment News (2020), available at https://www.investmentnews.com/beyond-finances-holistic-life-planning-trends-among-advisors.
See Young, Confident, Digitally Connected—Meet America's New Day Traders, Reuters (Feb. 2, 2021), available at https://www.reuters.com/article/us-retail-trading-investors-age/young-confident-digitally-connected-meet-americas-new-day-traders-idUSKBN2A21GW; College Students Are Buying Stocks—But Do They Know What They're Doing?, CNBC (Aug. 4, 2020), available at https://www.cnbc.com/2020/08/04/college-students-are-buying-stocks-but-do-they-know-what-theyre-doing.html.
See, e.g., Adviser Industry Fee Pressures in Focus, Planadviser (Feb. 4, 2022), available at https://www.planadviser.com/exclusives/adviser-industry-fee-pressures-focus/ (stating that fee compression has impacted adviser revenue models in recent years due to increasing automation, stiffer competition and ongoing industry consolidation); CaseyQuirk Remarks and Discussion, U.S. Securities and Exchange Commission Asset Management Advisory Committee (Jan. 14, 2020), available at https://www.sec.gov/files/BenPhillips-CaseyQuirk-Deloitte.pdf (stating that buyers are becoming more fee-sensitive and showing an annualized reduction in global effective fees between 2015 and 2018).
A recent survey indicated that advisers are reducing their own expenses in response to fee compression, with 52% of surveyed respondents planning to reduce expense ratios on some products. C-Suite Asset Management Survey, Brown Brothers Harriman & Co. (2020), at 6 (“C-Suite Asset Management Survey”), available at https://www.bbh.com/content/dam/bbh/external/www/investor-services/insights/c-suite-asset-manager-survey/C-Suite%20Asset%20Manager%20Survey%20PDF_data.pdf (finding more than half of respondent asset managers are planning to reduce expense ratios or fees in the following year). See also Fees Were Already Under Pressure. Then the Pandemic Hit, Institutional Investor (Dec. 8, 2020), available at https://www.institutionalinvestor.com/article/b1plj6z9wsv5nf/Fees-Were-Already-Under-Pressure-Then-the-Pandemic-Hit.
See AWM: From `A Brave New World' to a New Normal, PwC (2020), at 6, available at https://www.pwc.lu/en/asset-management/awm-from-a-brave-new-world-to-a-new-normal.html (calculating worldwide assets under management in 2019 as $110.9 trillion, including a 9% compound annual growth rate since 2015).
Registered investment advisers report $7.096 trillion in RAUM for non-high net worth advisory clients, based on analysis of data reported on Form ADV through the Investment Adviser Registration Depository (IARD) system as of April 30, 2022. The data consists of assets that are reported by both advisers and sub-advisers, including mutual fund and ETF assets. Prior to the October 2017 changes to Form ADV, clients and client RAUM were estimated based on the midpoint of ranges reported.
Many advisers are adapting to the changes discussed above by engaging service providers to perform certain functions (“outsourcing”). In some cases, service providers may support the investment adviser's advisory services and processes. Supporting functions may include, for example, investment research and data analytics, trading and risk management, and compliance. In other cases, advisers hire service providers to perform or assist with functions that support middle- and back-office functions essential to asset management ( e.g., collateral management, settlement services, pricing or valuation services, and performance measurement). Additionally, investment advisers have engaged service providers to perform activities that form a central part of their advisory services. Advisers increasingly have engaged index providers to develop bespoke indexes that an adviser may replicate or track in portfolios for its clients, advisers engage subadvisers to manage some or all of a client's portfolio, and advisers use third parties to provide technology platforms for offering robo-advisory services.
See, e.g., The Race to Scalability 2020: Current Insights from a Decade of Advisor Research on Investment Management Trends, Flexshares (2020), available at https://go.flexshares.com/outsourcing; Christopher Newman, Asset Managers Continue to Outsource Middle Office Functions, EisnerAmper (Oct. 21, 2020), available at https://www.eisneramper.com/asset-managers-outsource-ai-blog-1020/.
See Smart Outsourcing Can Be a Game-Changer for RIAs, ThinkAdvisor (Mar. 18, 2021), available at https://www.thinkadvisor.com/2021/03/18/smart-outsourcing-can-be-a-game-changer-for-rias/ (describing benefits to registered investment advisers of using service providers, including outsourcing management of individual portfolios and possibility of “keep[ing] some core functions in-house and outsourc[ing] others”).
Service providers may give the adviser or the adviser's clients access to certain specializations or areas of expertise, reduce risks of keeping a function in-house that the adviser is not equipped to perform, or otherwise offer efficiencies that are unavailable to or unachievable by an adviser alone. Use of service providers can provide staffing flexibility by reducing the burdens on advisers' existing personnel and may mitigate the need to hire new personnel (which generally entails hiring and onboarding costs in addition to salaries and benefits). This flexibility may be particularly useful for services that the adviser uses on a periodic or ad hoc basis but may not need or wish to dedicate permanent staffing. Advisers with few personnel in particular may find benefits by allowing service providers to handle tasks that would otherwise be time-consuming or costly given the lack of economies of scale. Engaging a service provider also may prove efficient because it allows an adviser to allocate specific duties to a single service provider, rather than relying on multiple internal personnel to complete a function. Clients also can benefit from outsourcing, including through better quality of service, lower fees (if the adviser passes along any cost savings), or some combination.
There is a risk that clients could be significantly harmed, however, when an adviser outsources to a service provider a function that is necessary for the provision of advisory services without appropriate adviser oversight. The risk is in addition to any risks that would exist from the adviser providing these functions and should be managed. For example, a significant disruption or interruption to an adviser's outsourced services could affect an adviser's ability to provide its services to its clients. Outsourcing a service also presents a conflict of interest between an adviser providing a sufficient amount of oversight versus the costs of providing that oversight or the cost of the adviser providing the function itself. Poor oversight could lead to financial losses for the adviser's clients, including through market losses and as a result of increased transaction costs or the loss of investment opportunities. Excessive oversight can result in costs to the adviser, and potentially its clients, that outweigh the intended benefits. Outsourcing also has the potential to defraud, mislead or deceive clients. For example, outsourcing necessary advisory functions could have a material negative impact on clients, such as: inaccurate pricing and performance information that advisory clients rely on to make decisions about hiring and retaining the adviser and that advisers rely on to calculate advisory fees; compliance gaps that enable fraudulent, deceptive or manipulative activity by employees and agents of such service providers to occur or continue unaddressed; or poor operational management or risk measurement that leads to client losses. A service provider's major technical difficulties could prevent the adviser from executing an investment strategy or accessing an account. Additionally, sensitive client information and data could be lost and used to the client's detriment, or client holdings or trade order information could be negligently maintained by a service provider and misused by the service provider's employees or other market participants in trading ahead or front-running activities. Clients also may be harmed when a service provider has significant operations in a single geographic region because weather events, power outages, geopolitical events and public health events in that location raises concerns that the service provider can continue to perform its functions during these events.
See Armental, Maria, BNY Mellon to Pay $3 Million to Resolve Massachusetts Probe Over Glitch, The Wall Street Journal (Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay-3-million-to-resolve-massachusetts-probe-over-glitch-1458581998.
See In the Matter of Aegis Capital, LLC, Investment Advisers Release No. 4054 (Mar. 30, 2015) (settled order) (failures of an outsourced Chief Compliance Officer and the adviser's Chief Operating Officer resulted in Form ADV filings that grossly overstated the registrant's AUM and total number of clients).
See Tokar, Dylan et. al., Fund Administrator of Fortress, Pimco and Others Suffers Data Breach Through Vendor, The Wall Street Journal (Jul. 27, 2020), available at https://www.wsj.com/articles/fund-administrator-for-fortress-pimco-and-others-suffers-data-breach-through-vendor-11595857765.
Risks related to a service provider's conflicts of interests also may cause harm to an adviser's clients. There may be conflict of interest risks when a service provider recommends or otherwise highlights investments to advisory clients that the service provider also owns or manages for others. In that circumstance, the service provider has an incentive to influence investing behavior in a way that benefits the service provider to the detriment of the adviser's clients. For example, an index provider that holds an investment it subsequently adds to its widely followed index has a conflict of interest because it would directly benefit from creating or increasing demand for that investment and clients could be harmed if the investment does not perform as well as other investments the index provider could have added instead.
The risks of harm may be particularly pronounced where services that are necessary for the provision of advisory services are highly technical or proprietary to the service provider, or where the services require expertise or data the adviser lacks. For example, if an adviser engages a service provider that uses proprietary technology to measure portfolio risk or performance of client investments, the adviser likely would not be able to replicate such measurements for its clients. If such technology fails to provide accurate measurements, it would be difficult for the adviser to detect such issues and manage the portfolios or report performance for its clients without the adviser having a plan in place for managing and mitigating the risks of such a failure. The risks of harm are also heightened where the service provider has further outsourced one or more necessary functions to another service provider (possibly without the adviser's awareness or influence), or where the service provider delivers some services from locations outside of the United States, which introduces potential oversight and regulatory gaps or oversight challenges. In each of these cases, the disruption, interruption, or failures in the service provider's services could affect the ability of every adviser using that service provider to deliver advisory services to its clients or otherwise meet its obligations, including under the Advisers Act or other Federal securities laws.
The use of service providers could create broader market-wide effects or systemic risks as well, particularly where the failure of a single service provider would cause operational failures at multiple advisers. For example, there could be concentration risks to the extent that one service provider supplies several services to an adviser or multiple service providers merge to become a single market leader. Multiple regulated entities could use a common service provider, particularly because service providers have become more specialized in recent years, and for certain functions there may be only a few entities offering relevant (often information technology-dependent) services. If a large number of investment advisers and their clients use a common service provider, operational risks could be correspondingly concentrated, which could, in turn, lead to an increased risk of broader market effects during times of market instability. One example where the failure of a service provider had a broad impact occurred when a corrupted software update to accounting systems at a widely used fund accounting provider caused industry-wide concern over the accuracy of fund values for several days. An estimated 66 advisers and 1,200 funds were unable to obtain system-generated net asset values (“NAVs”) for several days, suggesting that an error in a system used by many advisers could disrupt entire markets.
See, e.g., The International Organization of Securities Commissions (“IOSCO”) FR07/2021, Principles on Outsourcing: Final Report (Oct. 2021), (“IOSCO Report”), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD687.pdf. The IOSCO Report cites examples of risks that could lead to systemic risk if multiple entities use a common service provider including: (1) if the service provider suddenly and unexpectedly becomes unable to perform services that are material or critical to the business of a significant number of regulated entities, each entity will be similarly disabled, (2) a latent flaw in the design of a product or service that multiple regulated entities rely upon may affect all these users, (3) a vulnerability in application software that multiple regulated entities rely upon may permit an intruder to disable or corrupt the systems or data of some or all users, and (4) if multiple regulated entities depend upon the same provider of business continuity services ( e.g., a common disaster recovery site), a disruption that affects a large number of those entities may reduce the capacity of the business continuity service.
Financial Stability Board, Regulatory and Supervisory Issues Relating to Outsourcing Third Party Relationships: Discussion Paper (Nov. 9, 2020), at 2 (“FSB Discussion Paper”), available at https://www.fsb.org/wp-content/uploads/P091120.pdf .
The IOSCO Report, supra footnote 13.
See Armental, Maria, BNY Mellon to Pay $3 Million to Resolve Massachusetts Probe Over Glitch, The Wall Street Journal (Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay-3-million-to-resolve-massachusetts-probe-over-glitch-1458581998.
See id. See also, e.g., BlackRock: The monolith and the markets, The Economist (Dec. 7, 2013), available at https://www.economist.com/briefing/2013/12/07/the-monolith-and-the-markets (stating that 7% of the world's $225 trillion of financial assets were supported by the same system and stating, “If that much money is being managed by people who all think with the same tools, it may be managed by people all predisposed to the same mistakes.”); IOSCO FR06/22, Operational resilience of trading venues and market intermediaries during the COVID-19 pandemic & lessons for future disruptions: Final Report, at 23 (July 2022), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD706.pdf (stating that disruption of outsourced services could lead to losses, such as clients unable to access accounts or have orders executed during market volatility).
Our observations underscore the risks associated with advisers outsourcing functions to service providers. We have observed an increase in such outsourcing and issues related to the outsourcing and advisers' oversight. One recent example is an enforcement action for alleged violations of section 206 of the Advisers Act against investment advisers that used models and volatility guidelines from a third-party subadviser without first confirming that they worked as intended. In another recent action, an adviser allegedly failed to oversee a third-party vendor that did not properly safeguard customers' personal identifying information. Additionally, we are troubled that the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing. In response to our staff's requests for documents, some advisers have not provided the information necessary to demonstrate compliance with the Advisers Act and its rules because of outsourcing. For example, some advisers that use client relationship management providers have asserted that they have complied with rule 204-3 because brochure delivery is programmed into the providers' software, though they cannot produce records to evidence that delivery took place.
See In the Matter of Aegon USA Investment Management, LLC, et al, Investment Advisers Act Release No. 4996 (Aug. 27, 2018) (settled order).
See Morgan Stanley Smith Barney LLC, Investment Advisers Act Release No. 6138 (Sept. 20, 2022) (settled order).
See17 CFR 275.204-3
These observations illustrate that despite the existing legal framework regarding the duties and obligations of investment advisers, more needs to be done to protect clients and enhance oversight of advisers' outsourced functions. An adviser has a fiduciary duty to its clients. The Advisers Act establishes a federal fiduciary duty for investment advisers that comprises a duty of loyalty and a duty of care and is made enforceable by the antifraud provisions of the Advisers Act. This combination of obligations has been characterized as requiring the investment adviser to act in the best interests of its client at all times.
See Transamerica Mortgage Advisors, Inc. v. Lewis, 444 U.S. 11, 17 (1979) (“§ 206 establishes federal fiduciary standards to govern the conduct of investment advisers.”) (quotation marks omitted); SEC v. Capital Gains Research Bureau, Inc., 375 U.S. 180, 191 (1963); Commission Interpretation Regarding Standard of Conduct for Investment Advisers, Investment Advisers Act Release No. 5248 (June 5, 2019), at 6-8 [84 FR 33669 (July 12, 2019)] (“Standard of Conduct Release”).
See SEC v. Tambone, 550 F.3d 106, 146 (1st Cir. 2008) (“Section 206 imposes a fiduciary duty on investment advisers to act at all times in the best interest of the fund . . .”); SEC v. Moran, 944 F. Supp. 286, 297 (S.D.N.Y 1996) (“Investment advisers are entrusted with the responsibility and duty to act in the best interest of their clients.”). See also Standard of Conduct Release, supra footnote 21, at 6-8 (discussing various interpretations of an adviser's fiduciary duty spanning several decades).
When an investment adviser holds itself out to clients and potential clients as providing advisory services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so. Outsourcing a particular function or service does not change an adviser's obligations under the Advisers Act and the other Federal securities laws. In addition, the adviser is typically responsible for the advisory services through an agreement with the client that represents or implies the adviser is performing all the functions necessary to provide the advisory services. An adviser remains liable for its obligations, including under the Advisers Act, the other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. In addition, an adviser cannot waive its fiduciary duty. Accordingly, an adviser should be overseeing outsourced functions to ensure the adviser's legal obligations are continuing to be met despite the adviser not performing those functions itself.
See Standard of Conduct Release, supra footnote 21 (discussing various interpretations of an adviser's fiduciary duty spanning several decades). See also section 205(a)(2) of the Advisers Act makes it unlawful for an SEC-registered adviser to enter into or perform any investment advisory contract unless the contract provides that no assignment of the contract shall be made by the adviser without client consent.
As a fiduciary, an investment adviser cannot just “set it and forget it” when outsourcing. In this regard, we are concerned that outsourcing these necessary functions (defined as “Covered Functions” in proposed rule 206(4)-11) in particular, without further oversight by the investment adviser, can undermine the adviser's provision of services and compliance with the Federal securities laws, and can directly harm clients. We also believe it is a deceptive sales practice and contrary to the public interest and investor protection for an investment adviser to hold itself out as an investment adviser, but then outsource its functions that are necessary to its provision of advisory services to its clients without taking appropriate steps to ensure that the clients will be provided with the same protections that the adviser must provide under its fiduciary duty and other obligations under the Federal securities laws. We believe a reasonable investor hiring an adviser to provide investment advisory services would expect the adviser to provide those services and, if significant aspects of those services are outsourced to a provider, to oversee those outsourced functions effectively. To do otherwise would be misleading, deceptive, and contrary to the public interest. Moreover, disclosure cannot address this deception. We do not believe any reasonable investor would agree to engage an investment adviser that will not perform functions necessary to provide the advisory services for which it is hired, and instead will outsource those functions to a service provider without effective oversight over the service provider. An adviser's use of service providers should include sufficient oversight by an adviser so as to fulfill the adviser's fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm.
Accordingly, in light of the increase in the use of service providers, the services provided, and the risks of client harm described above, we believe that a consistent oversight framework across investment advisers is needed for outsourcing functions or services that are necessary for the investment adviser to provide its advisory services in compliance with the Federal securities laws. Proposed new rule 206(4)-11 under the Advisers Act is designed to address these issues by requiring investment advisers to comply with specific elements as part of a due diligence and monitoring process to oversee the provision of covered functions.
Given the increasing use of service providers by investment advisers, we are also concerned that the Commission has limited visibility into advisers' outsourcing and thus the potential extent to which advisory clients face outsourcing-related risks. The Commission currently collects only limited information about an adviser's use of certain service providers through forms filed with the Commission, such as third-party keepers of advisers' books and records and certain service providers for private funds reported on Form ADV, or during examinations conducted by Commission staff. If the Commission had additional information about which service providers all registered advisers are using that are necessary to perform their advisory services, for example, it could quickly analyze the potential breadth of the impact from a market event. In the event of a critical failure at an asset management service provider, the Commission would be able to identify quickly all advisers reporting that firm on Form ADV as a service provider of one or more covered functions, which can help inform the Commission's course of action.
See Form ADV Part 1A, Schedule D, Sections 1.L. and 7.B.1.
Finally, we are concerned that when an investment adviser outsources its books and records obligations to a third party, the adviser may not be properly ensuring that it can comply with the Commission's recordkeeping requirements. Currently, rule 204-2 requires advisers to make and keep specified records, including standards for keeping those records electronically, but does not expressly impose specific requirements when an adviser outsources recordkeeping functions to a third party. We believe that specific conditions should apply to all advisers using third parties to make and keep records required by rule 204-2.
Commission staff addressed third party recordkeeping in two staff letters. See OMGEO, LLC, SEC Staff No-Action Letter (Aug. 14, 2009), at n.3 (“OMGEO NAL”), available at https://www.sec.gov/divisions/investment/noaction/2009/omgeo081409.htm (citing First Call and National Regulatory Services, SEC Staff No-Action Letter (Dec. 2, 1992)); First Call Corporation, SEC Staff No-Action Letter (Sept. 6, 1995) (“First Call NAL”), available at https://www.sec.gov/divisions/investment/noaction/1995/firstcall090695.pdf. The staff no-action letters represent the views of the staff of the Division of Investment Management. They are not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved their content. The staff no-action letters, like all staff statements, have no legal force or effect: they do not alter or amend applicable law, and they create no new or additional obligations for any person. See also infra section II.F.
B. Overview of Rule Proposal
The proposed rule would establish a set of minimum and consistent due diligence and monitoring obligations for an investment adviser outsourcing certain functions to a service provider. Proposed rule 206(4)-11 under the Advisers Act would apply to advisers that are registered or required to be registered with us and that outsource a covered function. The definition of a covered function has two parts: (1) a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and (2) that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. Clerical, ministerial, utility, or general office functions or services are excluded from the definition. Before engaging a service provider to perform a covered function, the adviser would have to reasonably identify and determine through due diligence that it would be appropriate to outsource the covered function, and that it would be appropriate to select that service provider, by complying with six specific elements. These elements address:
Proposed rule 206(4)-11(a). The rule number assigned to the proposed rule 206(4)-11 is based on the numbering for other rule amendments the Commission previously proposed. See, e.g., Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, available at https://www.sec.gov/rules/proposed/2022/33-11028.pdf (proposing rule 206(4)-9 related to cybersecurity policies and procedures of investment advisers); Private Fund Advisers: Documentation of Registered Investment Adviser Compliance Reviews, available at https://www.sec.gov/rules/proposed/2022/ia-5955.pdf (proposing rule 206(4)-10 related to private fund adviser audits). This number could change based on future Commission actions.
Proposed rule 206(4)-11(b).
Proposed rule 206(4)-11(b).
- The nature and scope of the services;
- Potential risks resulting from the service provider performing the covered function, including how to mitigate and manage such risks;
- The service provider's competence, capacity, and resources necessary to perform the covered function;
- The service provider's subcontracting arrangements related to the covered function;
- Coordination with the service provider for Federal securities law compliance; and
• The orderly termination of the provision of the covered function by the service provider.
Proposed rule 206(4)-11(a)(1).
The proposed rule also would require the adviser periodically to monitor the service provider's performance and reassess the selection of such a service provider under the due diligence requirements of the rule. Each of these elements is included in the rule to address specific areas of risks and concerns that we have observed, as described above. Although the proposed rule does not require additional explicit written policies and procedures related to service provider oversight, if the proposed rule were adopted, advisers would be required under existing rule 206(4)-7 to have policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act, and this requirement would apply to the proposed rule.
Proposed rule 206(4)-11(a)(2).
In addition, we are proposing to require advisers to make and keep certain books and records attendant to their obligations under the proposed oversight framework, such as lists or records of covered functions and records documenting their due diligence and monitoring of each service provider. The requirement to make and keep such books and records would help advisers monitor, and determine whether to modify, their approach to outsourcing a particular function. These records would also assist the Commission and its staff in evaluating adviser representations about their services and the extent to which an adviser complies with the rule.
See proposed rule 204-2(a)(24).
We are also proposing to add a new provision in the recordkeeping rule requiring every investment adviser that relies on a third party to make and/or keep books and records required by the recordkeeping rule to conduct due diligence and monitoring of that third party consistent with the requirements under proposed rule 206(4)-11 and obtain reasonable assurances that the third party will meet four standards. These standards address the third party's ability to: (i) adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of the recordkeeping rule applicable to the adviser in providing services to the adviser; (ii) make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser; (iii) provide access to electronic records; and (iv) ensure the continued availability of records if the third party's operations or relationship with the adviser cease. The requirements are intended to protect required records from loss, alteration, or destruction and to help ensure that such records are accessible to the investment adviser and the Commission staff while allowing investment advisers to continue to contract with a wide variety of service providers to assist with recordkeeping functions.
Finally, we are proposing amendments to Form ADV that are designed to improve visibility for the Commission and advisory clients relating to service providers that perform covered functions. New item 7.C. in Part 1A and Section 7.C. in Schedule D would require advisers to provide census-type information about these providers. These disclosures would provide more information about outsourced functions, enabling clients to make better informed decisions about the retention of an adviser and enabling the Commission and its staff to identify and address risks related to outsourcing by advisers and oversee advisers' use of service providers better.
Because Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the information in proposed new Item 7.C would be structured ( i.e., machine-readable) as well.
II. Discussion
A. Scope
Under proposed rule 206(4)-11, as a means reasonably designed to prevent fraudulent, deceptive, or manipulative acts, practices, or courses of business within the meaning of section 206(4) of the Act, it would be unlawful for an investment adviser registered or required to be registered with the Commission to retain a service provider to perform a covered function unless the investment adviser conducts certain due diligence and monitoring of the service provider. A covered function is defined in the proposed rule as a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. The proposed rule defines a service provider as a person or entity that performs one or more covered functions and is not an adviser's supervised person as defined in the Advisers Act. A covered function would not include clerical, ministerial, utility, or general office functions or services.
See proposed rule 206(4)-11(a).
Proposed rule 206(4)-11(b).
Proposed rule 206(4)-11(b).
Proposed rule 206(4)-11(b).
1. Covered Function
We are proposing to define “covered function” more narrowly than all of the functions an investment adviser might outsource to a service provider. Advisers outsource many services beyond their core advisory functions, and the failure of many of those functions could have little to no effect on an adviser's clients. Accordingly, we are targeting those outsourced functions that meet two elements: (1) those necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws; and (2) those that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services.
See proposed rule 206(4)-11.
The proposed rule applies if an adviser retains a service provider to perform a covered function, whether by a written agreement or by some other means. The Commission is not specifying how an adviser might retain a service provider to perform a covered function, but an adviser should consider using a written agreement as a best practice. The determination of whether an adviser has retained a service provider to perform such a covered function would depend on the facts and circumstances. For example, an adviser that enters into a written agreement with a valuation provider to value all of its clients' fixed income securities or with a subadviser to manage fixed income portfolios for several of its clients would be considered to retain a service provider under the proposed rule to perform a function that is necessary for the adviser to provide its advisory services. In contrast, custodians that are independently selected and retained through a written agreement directly with the client would not be covered by the proposed rule because the adviser is not retaining the service provider to perform a function that is necessary for the adviser to provide its advisory services.
The determination of what is a covered function also would depend on the facts and circumstances, as the proposed rule is meant to encompass functions or services that are necessary for a particular adviser to provide its investment advisory services. In addition, certain functions may be covered functions for one adviser but not for another adviser, and so certain persons or entities that perform functions on behalf of advisers may be a service provider in the scope of the rule with respect to one adviser but not for another adviser. We are providing examples of potential covered function categories an adviser may wish to consider in the amendments we are proposing to Form ADV, Section 7.C of Schedule D, which would include: Adviser/Subadviser; Client Services; Cybersecurity; Investment Guideline/Restriction Compliance; Investment Risk; Portfolio Management (excluding Adviser/Subadviser); Portfolio Accounting; Pricing; Reconciliation; Regulatory Compliance; Trading Desk; Trade Communication and Allocation; and Valuation.
Advisers outsource functions that are essential to asset management or directly support the adviser's advisory services and processes. Depending on the specific facts and circumstances, when problems arise with these types of functions, clients could experience a material negative impact, such as interruptions in advisory services or the adviser's inability or failure to comply with its legal responsibilities. We believe an adviser should take specific oversight steps required by the proposed rule to reduce the likelihood that these types of problems will occur and to reduce their impact when they do occur. In addition when an investment adviser holds itself out to clients and potential clients as providing advisory services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so. We believe it is contrary to the public interest and investor protection if the adviser then outsources covered functions without effectively overseeing those outsourced functions. Accordingly, an adviser should be overseeing outsourced functions to ensure the adviser's legal obligations are continuing to be met despite the adviser not performing those functions itself.
Generally, we would consider functions or services that are related to an adviser's investment decision-making process and portfolio management to meet the first element of the definition. For example, some functions and services covered under the first element would be those related to providing investment guidelines (including maintaining restricted trading lists), creating and providing models related to investment advice, creating and providing custom indexes, providing investment risk software or services, providing portfolio management or trading services or software, providing portfolio accounting services, and providing investment advisory services to an adviser or the adviser's clients (subadvisory services). Covered functions can include technology integral to an adviser's investment decision-making process and portfolio management or other functions necessary for the adviser to provide its investment advisory services. For example, if an adviser's investment decision-making process relies on artificial intelligence or software as a service, those services may form part of the covered function even though they are provided through technology. As discussed above, certain of these functions may be covered functions for one adviser but not for another adviser, depending on the facts and circumstances. For example, an adviser may choose to engage an index provider for the purposes of developing an investment strategy for its clients, which would be a covered function under the proposed rule, while another may license a widely available index from an index provider to use as a performance hurdle, in which case the proposed rule would not apply. We believe that the services of an index provider, if retained by an adviser for purposes of formulating the adviser's investment advice, would meet the first element of the definition of a covered function because such services would be necessary for the adviser to provide investment advice to its client. Implementing an investment decision also may meet this element, including identifying which portfolios to include or exclude, determining how to allocate a position among portfolios, and submitting the final orders to the broker. In order to provide investment advisory services in compliance with the Federal securities laws, an adviser might also seek to outsource its compliance functions, including outsourced chief compliance officers and other outsourced compliance functions such as making regulatory filings on behalf of the adviser, and valuation and pricing services. Ensuring the adviser complies with the regulatory requirements applicable to its advisory services is a necessary part of providing those services and would be covered under the rule. We would not consider functions performed by marketers and solicitors to be covered functions, however, because such services are not used by an adviser to provide investment advice to its clients.
These providers' activities, in whole or in part, may cause them to meet the definition of “investment adviser” under the Advisers Act. In a separate action, the Commission issued a request for public comment related to the status and registration of certain information providers, including index providers, model portfolio providers, and pricing services, under the Advisers Act. See Request for Comment on Certain Information Providers Acting as Investment Advisers, Investment Advisers Release No. 6050 (Jun. 15, 2022) [87 FR 37254 (Jun. 22, 2022)] (“Information Providers Request for Comment”), available at https://www.sec.gov/rules/other/2022/ia-6050.pdf. The comment letters on the Information Providers Request for Comment (File No. S7-18-22) are available at https://www.sec.gov/comments/s7-18-22/s71822.htm and we are continuing to consider all of the comments received. Several commenters noted that many advisers and fund boards oversee information providers and that advisers are fiduciaries bearing the ultimate responsibility for information providers' services. See, e.g., Comment Letter of ETF BILD (Aug. 16, 2022); Comment Letter of Investment Advises Association (Aug. 16, 2022); Comment Letter of Index Industry Association (Aug. 16, 2022); Comment Letter of Invesco Ltd. (Aug. 16, 2022); Comment Letter of Investment Company Institute (Aug. 16, 2022) (“Comment Letter of ICI”); Comment Letter of Independent Directors Council (Aug. 16, 2022); Comment Letter of NASDAQ (Aug. 16, 2022) (“Comment Letter of NASDAQ”); Comment Letter of S&P Dow Jones Indices (Aug. 16, 2022); Comment Letter of S&P Global Market Intelligence (Aug. 15, 2022); Comment Letter of the Securities Industry and Financial Markets Association (Aug. 16, 2022) (“Comment Letter of SIFMA”). Some commenters also suggested as an alternative to regulating these information providers as investment advisers, that the Commission consider regulating adviser oversight of information providers. See, e.g., Comment Letter of Healthy Markets Association and CFA Institute (Aug. 16, 2022); Comment Letter of ICI; Comment Letter NASDAQ; Comment Letter of SIFMA.
For example, an adviser may use valuation service providers to assist in fair value determinations. Such services would be included under the proposed rule as covered functions, as opposed to, for example, common market data providers providing publicly available information.
Marketers and solicitors must determine whether they are subject to statutory or regulatory requirements under Federal law, including the requirement to register as a broker-dealer pursuant to section 15(b) of the Securities Exchange Act of 1934. See15 U.S.C. 78o(b).
The second element of the proposed definition of “covered function” limits the definition to those functions or services that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. Determining what is a material negative impact would depend on the facts and circumstances, but it could include a material financial loss to a client or a material disruption in the adviser's operations resulting in the inability to effect investment decisions or to do so accurately. An adviser should consider a variety of factors when determining what would be reasonably likely to have a material negative impact, such as the day-to-day operational reliance on the service provider, the existence of a robust internal backup process at the adviser, and whether the service provider is making or maintaining critical records, among other things. For example, if an adviser used a service provider for portfolio management functions that experienced a cyber-incident that caused an inability for the adviser to monitor risks in client portfolios properly, it would be reasonably likely to cause a material negative impact on the adviser's clients and its ability to provide investment advisory services.
See proposed rule 206(4)-11(b).
See infra section II.B.4.
A covered function would not include clerical, ministerial, utility, or general office functions or services. These types of functions or services are not functions that an adviser would perform on its own or they are not likely to qualify as a covered function under the proposed rule because they are not necessary for an adviser to provide investment advisory services in compliance with the Federal securities laws or they are not likely to cause a material harm to clients if not performed properly. For example, covered functions would not include the adviser's lease of commercial office space or equipment, use of public utility companies, utility or facility maintenance services, or licensing of general software providers of widely commercially available operating systems, word processing systems, spreadsheets, or other similar off-the-shelf software.
Proposed rule 206(4)-11(b).
To illustrate how to apply the definition of a covered function, if an adviser engaged an index provider to create or lease an index for the adviser to follow as a strategy for its advisory clients, it would likely fall under both elements of the definition. First, using a bespoke index created specifically for the adviser to follow would serve as a material service that is necessary for the adviser to provide investment advisory services to the extent the index is used by the adviser to provide investment advice and make investments on behalf of the advisory client. Second, if the function is not performed or performed negligently, it would have a material negative impact on the adviser's ability to provide investment advisory services because if, for instance, the service provider failed to provide the index, the adviser would not be able to make investments for the client as needed. Similarly, if an adviser licenses a commonly available index and its stated investment strategy involves management against that index, failure to receive the index or an inaccurate delivery of the index could have a material negative impact on the adviser's ability to manage that portfolio. In contrast, if an adviser purchases a license to utilize a commonly available index solely as a comparison benchmark for performance and not to inform the adviser's investment decisions as part of its advisory services, that index provider would most likely not be providing a covered function because, in that context, the adviser is not using the index to provide investment advice.
2. Service Provider
An investment adviser would be required to comply with the proposed rule if the adviser retains a service provider. The term “service provider” is defined as a person or entity that: (1) performs one or more covered functions; and (2) is not a supervised person of the adviser. The proposed rule excludes supervised persons of an adviser from the definition of a service provider since such persons are already being directly overseen by the adviser. The proposed rule does not, however, make a distinction between third-party providers and affiliated service providers because the risks that the proposed rule are designed to address exist whether the service provider is affiliated or unaffiliated, and the service provider is not necessarily already being overseen by the adviser. For example, the ability to have direct control or full transparency may be limited when an adviser outsources, even to an affiliated service provider, which may increase the risk for failed regulatory compliance. As such, even though the affiliate may be in a control relationship with the adviser, it remains important for the adviser to determine if it is appropriate to retain the affiliate's services and to oversee the affiliate's performance of a covered function.
See proposed rule 206(4)-11(b).
See proposed rule 206(4)-11(b). A supervised person is defined in section 2(a)(25) of the Advisers Act as any partner, officer, director, (or other person occupying a similar status or performing similar functions), or employee of an adviser, or other person who provides investment advice on behalf of the adviser and is subject to the supervision and control of the adviser.
The proposed rule would not include an exception for service providers that are subject to other provisions of the Advisers Act, including SEC-registered advisers, or other Federal securities laws. An adviser remains liable for its legal and contractual obligations and should be overseeing outsourced functions to ensure the adviser meets its legal and contractual obligations, regardless of whether the service provider has its own legal obligations under the Federal securities laws. For example, if an adviser engages a broker-dealer to provide an electronic trading platform to submit orders from the adviser and allocate trades among the adviser's client accounts after the trades have been executed, then the adviser's engagement of the broker-dealer for those services would not be excepted from the proposed rule. We believe providing orders to a broker-dealer and allocating securities to client accounts after the trade are part of an investment adviser's services and responsibilities that cannot be outsourced without further oversight because, particularly in a discretionary account, instructing a broker-dealer about the trades the adviser is recommending and then allocating trades among client accounts is a critical component of an adviser's provision of investment advisory services. Additionally, we believe it would be reasonable for a client to expect initial and continued adviser oversight of that function, and the broker-dealer's failure to perform or negligent performance of its covered function could be reasonably likely to cause a material harm to the adviser's clients and its ability to provide its advisory services. For example, without proper oversight of this function, failing to perform the function could result in an adviser being unable to submit orders or allocate trades. A service provider performing asset allocations on behalf of the adviser also might allocate shares in a manner that favors certain clients over others or might fail to consider whether allocating additional shares would violate a client' investment guidelines.
If an adviser engages an SEC-registered adviser as a subadviser to manage and evaluate investments within a portfolio, then the adviser would not be excepted from the proposed rule. Even if the subadviser would be subject to its own compliance with the Federal securities laws, the adviser remains responsible for its advisory services and should perform its own due diligence and monitoring of the subadviser to ensure its obligations continue to be met. Moreover, the adviser's compliance with the proposed rule would not alleviate the subadviser's own compliance with the Federal securities laws, including the proposed rule. In the event that an SEC-registered subadviser were to hire a service provider itself, for example to help manage and evaluate the investments within a managed portfolio, the subadviser would be required to comply with the proposed rule with respect to that service provider. The subadviser would have the same obligations and duties to its client as any other SEC-registered adviser, whether the subadviser's client is another adviser or a client of another adviser, and the subadviser should engage in the same oversight requirements as any other adviser. All advisers registered or required to be registered are subject to the proposed rule if they engage a service provider to perform a covered function, regardless of the identities of their clients or their relationships to other advisers.
3. Recordkeeping of Covered Functions
An adviser would first need to determine which functions are covered functions in order to comply with the requirements of the proposed rule. Accordingly, we are proposing to revise the Advisers Act books and records rule to require an adviser to make and keep a list or other record of covered functions that the adviser has outsourced to a service provider and the name of each service provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a covered function.
See proposed rule 204-2(a)(24)(i). The rule number assigned to subparagraph (24) of the proposed amendments to rule 204-2(a) is based on the numbering for other rule amendments the Commission previously proposed. See e.g., Private Fund Advisers: Documentation of Registered Investment Adviser Compliance Reviews, available at https://www.sec.gov/rules/proposed/2022/ia-5955.pdf (proposing rule 204-2(a)(20) to (23)). The proposed rule's subsection number could change based on future Commission actions.
The recordkeeping requirement might be satisfied by a written agreement between the adviser and service provider, explicitly stating that the function or service provided is a covered function under the proposed rule and the name of each service provider. The written agreement could include the factors that led the function to be deemed a covered function, or that information could be memorialized in a separate record. Alternatively, there might be a written memorandum or other document prepared by the adviser that lists the names of the service providers; that explains how a particular function or service is one that is deemed to be necessary to provide investment advisory services in compliance with the Federal securities laws and that would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services if not performed or performed negligently; and that provides the factors that led the function to be deemed a covered function. The adviser's written compliance policies also could identify the covered functions and the factors considered for each, such as the type of function or service provided or whether the adviser could provide investment advisory services without the covered function.
The method by which the adviser meets this proposed requirement ( e.g., written agreement, memorandum to file, etc.) and the factors relevant to the adviser's determination would likely vary depending on each function or service for which an adviser engages a service provider. Accordingly, we are not specifying any particular method for making the list or record of factors to consider.
See proposed rule 204-2(e)(1).
Due to the unique nature of an adviser's relationship with a service provider, we are also proposing to revise the Advisers Act books and records rule to require that the records be maintained in an easily accessible place throughout the time period that the adviser has outsourced a covered function to a service provider, and for a period of five years thereafter. This amendment would help facilitate the Commission's inspection and enforcement capabilities.
See rule 204-2.
We request comment on the proposed scope of the rule:
1. Is the proposed scope of the rule appropriate? Why or why not? In what ways, if any, could the proposed scope of the rule or the proposed definition of covered function better match our policy goals? Does it need to be made clearer?
2. Instead of oversight requirements when an adviser outsources a covered function, should we only require Form ADV disclosure to clients and potential clients of any outsourcing of certain functions? Would it be sufficient for an adviser to disclose that it would outsource these services and not oversee them and would any reasonable investor agree to this approach? Or would a more limited approach to the oversight of service providers be appropriate instead of the proposed requirements? If so, what should that limited approach be?
3. In addition to the proposed oversight requirements when an adviser outsources a covered function, should the rule include an express provision that prohibits an adviser from disclaiming liability when it is not performing a covered function itself?
4. Is the proposed definition of “covered function” clear? Why or why not? In what ways, if any, could the proposed definition be made clearer?
5. The proposed rule is designed to apply in the context of outsourcing core advisory functions. The proposed rule does so by qualitatively describing what we believe is a core advisory function—namely, a function or service that is necessary for the investment adviser to provide its investment advisory services in compliance with the Federal securities laws. Does the proposed definition of covered function capture this intended core advisory function scope? Should the rule explicitly state that its application is limited to core investment advisory services? If yes, how would we identify and define what would be considered “core investment advisory services”?
6. Instead of our proposed definition, should we define “covered functions” as a specified list of core investment advisory activities, such as “services that are central to the selection, trading, valuation, management, monitoring, indexing, and modeling of investments”? Are there other specific functions or services that should be included or excluded from this list? Please explain. Are the services in this list clear? For example, would we need to define trading in this alternative definition to include allocation and communications related to trades? Would it be clear that subadvisers and portfolio management would be included as “management” in this alternative definition or that risk management is part of management and monitoring? Would it be confusing to list management and selection as well as indexing and modeling in this alternative definition? Is there overlap among the categories? If there is overlap, should the rule list only certain of these categories, such as selection and management, or would certain core services or functions be inadvertently excluded?
7. Should the Commission include or exclude in the definition of covered function any particular functions or services discussed within the release? Should services related to investment risk identification or monitoring be specifically identified, or would they be assumed to be included as part of the selection or management of investments? Instead should the specified list of covered functions/services be the same as those provided by service provider types listed in the proposed amendments to Form ADV?
8. Are there particular types of service providers to which the rule should apply? For example, should the rule explicitly include the service providers advisers would be required to identify in proposed amendments to Form ADV (portfolio management, trade communication and allocation, pricing services, valuation services, investment risk services, portfolio accounting services, client servicing, subadvisory services, and/or regulatory compliance)? Should we explicitly require the rule to apply to index providers, model providers, valuation agents, or other service providers that may be central to an adviser's investment decision-making process?
9. What would be the advantages and disadvantages of explicitly identifying the types of functions or providers that would trigger the rule? For instance, is there a risk of being over-inclusive and under-inclusive if we take such an approach? Are there certain services or functions that should be considered “core” for all advisers, or does what constitutes a “core” advisory function vary from one adviser to the next? Should what is considered “core” correlate to a certain percentage of clients who receive (and presumably can therefore be affected by) the service provider's services? That is, would a service provider's functions be considered “core” to an adviser if they could have an impact on a certain minimum percentage of the adviser's clients? Should it correlate to a certain percentage of regulatory assets under management that receive (and, again, presumably can be affected by) the service provider's services? That is, would a service provider's functions be considered “core” to an adviser if they could have an impact on a certain minimum percentage of the adviser's regulatory assets under management? What would be a percentage of either such measurement that should trigger application of the rule? 5%? 10%? 15%? 20%? Please explain your answer.
10. Should data providers be explicitly included within the scope of the rule? Are there specific types of data providers that might be considered “covered functions,” such as providers of security master data, corporate action data, or index data?
11. Instead of considering certain compliance functions to be a “covered function” under the rule, should we amend rule 206(4)-7 to require advisers to comply with the due diligence and monitoring requirements of proposed rule 206(4)-11 and 204-2(a)(24) for all outsourced compliance functions, as we are proposing for records made and kept by third parties, as described below?
12. Should we revise the proposed exclusion for clerical or ministerial services? Should we provide different or additional specific exclusions from the definition of covered function under the rule? Which ones, if any? For example, should we use the same definition of supervised person as in the Advisers Act? Should we explicitly exclude broad-based and widely published indices or specific clerical or ministerial services such as basic utilities and widely commercially available operating systems, word processing systems, or spreadsheets, utilities, or general office functions or services? Should we exclude functions or categories of services or should we list specific service providers that should be excluded? How should we view these services or functions when they are integral to the provision of a covered function ( e.g., when investment performance is calculated in a spreadsheet or an order management system is hosted in the cloud)?
13. Should we define “covered function” more broadly or more narrowly, and if so, how? For example, should we only use the first prong of the proposed definition and broaden the definition to any function or service that is necessary for the investment adviser to provide its advisory services in compliance with the Federal securities laws, regardless of the likely impact on clients of non- or negligent performance? Or should we only use the second prong of the definition to apply the rule to any services or functions that, if not performed or performed negligently, could potentially have a material negative impact, regardless of whether they are necessary for the adviser to provide its advisory services in compliance with the Federal securities laws? Should we change the second prong of the definition, for example, by applying the rule to any services or functions that if not performed or performed in a manner materially different from the adviser's representations or undertakings could potentially have a material negative impact?
14. Should the definition of “covered function” be expanded to include functions or services necessary for the adviser to comply with the Federal securities laws or with the Advisers Act instead of limiting the definition to functions or services necessary to provide investment advisory services in compliance with the Federal securities laws? Should the definition include other third-party providers of services to the adviser's clients, such as broker-dealers and custodians? Should the definition include any third-party providers that the adviser recommends to clients even if those providers enter into an agreement directly with the client and not with the investment adviser?
15. Is “necessary for the adviser to provide its advisory services in compliance with the Federal securities laws” sufficiently clear? Is the term “necessary” too restrictive and, if so, should alternate language be used, such as “supports the adviser in making investment selections and otherwise providing its advisory services in compliance with the Federal securities laws”? Should the proposed rule be limited to providing its advisory services in compliance with obligations only under the Advisers Act?
16. Is the proposed definition of “service provider” clear? Why or why not? In what ways, if any, could the proposed definition be made clearer?
17. Are the meanings of “material negative impact” and “reasonably likely” clear? Why or why not? Should we define these phrases or provide additional guidance? If so, how? Is there a different phrase we should use that conveys the same idea?
18. Should the rule define what it means to retain a service provider to perform a covered function? If so, how? Should we explicitly state that outsourcing would include affiliated entities of an adviser, including parent organizations?
19. Should we define when an adviser would retain a service provider for purposes of the proposed rule? Are there specific factors that should be relevant in determining whether a service provider arrangement should be subject to the rule? For example, should the rule apply where the adviser recommends the service provider to some or all of its clients? Would a relevant factor be the extent to which the adviser makes arrangements for the client to engage the service provider? Should the approach differ depending on whether the client is a fund (registered or not) or a separately managed account and the extent to which the adviser is a control person of the fund or has some control over the fund's contracting arrangements? Or should the proposed rule only include service providers that contract directly with the adviser? If so, why? Should we provide an explicit exclusion for all advisers that engage service providers to perform covered functions as part of a larger program or arrangement, such as the sponsor of a wrap fee program or other separately managed account program in which the sponsor is subject to the proposed rule with respect to the participation of the service providers in the program?
20. The proposed rule does not specify how an adviser would “retain” a service provider in compliance with the proposed rule. Should we require a written agreement or some other written documentation between the adviser and service provider to perform a covered function under the proposed rule? If so, what provisions should we require? For example, should certain elements of the proposed rule's due diligence requirements instead be required in a contract between the adviser and service provider? Should there be a written agreement requirement for certain covered functions and not others? For example, should the rule identify a sub-set of the proposed definition of covered function as critical covered functions and require a written agreement in those circumstances only? If the final rule were to, instead, define covered function by listing certain specific functions, such as described in request for comments 5, 6, 7, and 8 above, should we require a written contract between the adviser and these service providers? Are there any contexts in which a written agreement may be more feasible than others? Alternatively, should we not require a written agreement but instead require disclosure in Form ADV Part 1A of whether an adviser has a written agreement for each covered function or require disclosure only if the adviser does not have a written agreement for a particular covered function?
21. Is the scope of the proposed rule sufficiently clear in its application to various advisory arrangements such as, among others, separately managed accounts, wrap-fee programs, robo-advisory services, and model portfolio providers? Is it clear how it applies when technology is used as part of advisory services, such as artificial intelligence, foundation models, or software as a service? Why or why not?
22. With respect to an adviser's clients, should the rule apply to any service providers an adviser retains on behalf of all of the adviser's clients, as proposed, including clients that are registered investment companies or private funds? Why or why not? Should services provided to a fund, such as fund administration, transfer agent, principal underwriter or custody services, be deemed to be “investment advisory services” or otherwise covered under the proposed rule and related recordkeeping requirements? Should we provide an explicit exception for advisers when a registered investment company retains the listed service providers in rule 38a-1 under the Investment Company Act of 1940 (“Investment Company Act”) instead ( i.e., principal underwriter, fund administrator, and transfer agent)? What about with respect to private funds, which are not subject to rule 38a-1? Should we provide an explicit exception from the proposed rule if any such engagement is approved, in the case of a registered fund, by the board, including a majority of the independent directors, or in the case of a private fund, by a majority of the Limited Partner Advisory Committee or equivalent body?
23. Should we include subadvisers within the scope of the rule, as proposed? Why or why not? Should this differ based on whether the subadviser for a fund is engaged by the adviser or the fund itself?
24. The proposed rule excludes a supervised person of an investment adviser from the definition of provider. Do commenters agree that it would be duplicative to apply the rule in this context? Should the proposed rule also exclude an adviser's affiliated or related persons? Should such an exclusion depend on whether the affiliate or related person is separated from the adviser by information barriers? Why or why not?
25. Would it be duplicative or otherwise unnecessary to apply the rule in the context of an adviser's affiliates, as proposed? If so, please explain.
26. Should the proposed rule provide an exception for firms that are dually registered broker-dealers? For example, should we provide an exception for firms that comply with existing broker-dealer provisions such as FINRA Rule 3110 (Supervision) to meet a dual registrant's obligation under these rules? Should there be an exception for outsourcing to SEC-registered advisers or other service providers that are themselves subject to regulation under the Federal securities laws? Should such an exception be limited to outsourcing to another adviser or manager (including banks and trust companies) when the other adviser or manager treats the client as its own client (as may be evidenced, for example, by the client's entry into documentation appointing the adviser or manager, the inclusion of the client as a client on the books and records of the adviser or manager, or the delivery of disclosure documents of the adviser or manager to the client)?
27. To what extent do advisers already take the steps that would be required by the proposed rule? Do commenters believe that the proposed rule is necessary? Why or why not? To the extent that commenters believe that the proposed rule is already covered by the general fiduciary duty enforceable under Section 206 of the Advisers Act, do commenters believe there is sufficient clarity in the industry as to the obligations for an adviser in the context of retaining service providers? And if so, how do those obligations differ from what is outlined in this proposed rule?
28. Are the proposed changes to the books and records rule appropriate? Are there alternative or additional recordkeeping requirements we should impose? For example, should we require that the record include specific information or be memorialized in a written memo or report? Should we require advisers to update the list of covered functions within prescribed time periods such as monthly, quarterly or annually?
29. Should we require advisers to make and keep true, accurate, and current a list of covered functions? Why or why not? Should we specify any particular method for making the list or record of factors to consider? Should we require a specific method of maintaining the list of covered functions such as in its policies and procedures?
30. Do commenters believe it would be overly burdensome to require a record of factors that led the adviser to list each covered function, as proposed? Why or why not? Should we instead only require the list of covered functions without requiring the record of factors for each covered function?
B. Due Diligence
The proposed rule would require advisers to conduct reasonable due diligence before engaging a service provider to perform a covered function. We believe it is essential for an investment adviser to evaluate whether and how it will continue to meet its obligations to its clients, and the requirements of the Federal securities laws, including its obligations as a fiduciary, when it chooses to outsource. The due diligence requirement would provide guidelines to help ensure that the nature and scope of the covered function, as well as the risks associated with the adviser's use of service providers are identified and appropriately mitigated and managed. This also could reduce the risk that the adviser's outsourced services are not performed or are performed negligently. Specifically, the proposed rule would require an adviser to reasonably identify and determine that it would be appropriate to outsource the covered function, that it would be appropriate to select the service provider, and once selected, that it is appropriate to continue to outsource the covered function, by complying with six specific elements:
See proposed rule 206(4)-11(a)(1).
See In the Matter of AssetMark, Inc. (f/k/a Genworth Financial Wealth Management, Inc.), Investment Advisers Act Release No. 4508 (Aug. 25, 2016) (settled order) (AssetMark's due diligence was insufficient to confirm the accuracy of performance data from a third-party and therefore AssetMark failed to have a reasonable basis for the accuracy of the performance and performance-related claims made in its advertisements); see also In the Matter of Pennant Management, Inc., Investment Advisers Act Release No. 5061 (Nov. 6, 2018) (settled order) (Pennant negligently failed to perform adequate due diligence of a third party which ultimately contributed to substantial client losses).
(i) Identify the nature and scope of the covered function the service provider is to perform;
(ii) Identify and determine how it would mitigate and manage the potential risks to clients or to the investment adviser's ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function;
(iii) Determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner;
(iv) Determine whether the service provider has any subcontracting arrangements that would be material to the service provider's performance of the covered function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the adviser's ability to perform its advisory services in light of any such subcontracting arrangement;
(v) Obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser's compliance with the Federal securities laws; and
(vi) Obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.
The proposed rule requires that the due diligence be conducted “before engaging” a service provider, which would be before the adviser and service provider agree to the engagement, or agree to add new covered functions or services to an existing engagement. It would not be appropriate for the adviser to assess the risks of outsourcing a covered function to a particular service provider, for the first time, after it engaged the service provider. Conducting initial due diligence after engagement would unnecessarily subject the adviser's clients to potentially unknown and unmitigated risks associated with outsourcing the covered function to the service provider. Those risks could result in harm to the client that could have been avoided had due diligence been conducted beforehand.
For written agreements, this would be the date it is executed by both parties, or if different days, the later of the dates each party executes it.
See infra section II.G ( Transition and Compliance and related discussion).
The proposed rule also requires that service provider due diligence be conducted “reasonably.” This would mean an adviser's due diligence must reasonably be tailored to the function or services that would be outsourced and to the identified service provider. An adviser's analysis of a specific service provider's competence, capacity, and resources generally would not require boundless analysis or the identification of every conceivable risk of outsourcing, but must be reasonable under the facts and circumstances. The proposed rule is intended to allow registrants to tailor their due diligence practices to fit the nature, scope, and risk profile of a covered function and potential service provider.
For example, in determining whether to engage a third-party digital investment advisory platform, a registrant may not need to conduct a detailed analysis and review of the underlying computer code. However, the registrant generally should obtain a reasonable understanding of how the platform is intended to operate, determine that the platform operates as intended, and confirm the platform generates advice that is suitable for the registrant's clients. The registrant could consider also the risks of the digital platform that could result in material harm to a client and conclude that it can mitigate and manage those risks. In conducting this analysis, the adviser could review factors such as:
- Comparative digital platform methodologies, including their respective parameters, benefits, and risks;
- The digital platform's compliance and operational policies and procedures for the protection of client accounts and key systems, and its policies and procedures addressing the maintenance and oversight of the digital platform;
- The sufficiency of the digital platform's client questionnaire for enrolling clients in the advisory service;
- The digital platform's general process for developing, revising, and updating the advice or recommendations that it generates;
- The general process for and results of the service provider's testing and backtesting of the digital platform and the post-implementation monitoring of its performance; and
• The digital platform's prevention and detection of, and response to, cybersecurity threats.
Commission staff addressed similar issues in a guidance update. See Robo-Advisers, IM Guidance Update, No. 2017-02 (Feb. 2017) (discussing robo-adviser specific factors that an adviser may consider in adopting written policies and procedures).
Ultimately, conducting due diligence is not a one-size-fits-all process. Whether an adviser tailors its due diligence such that it is reasonable under the proposed rule would depend on the facts and circumstances applicable to the services to be performed and the identified service provider.
1. Nature and Scope of Covered Function
The first element in the proposed due diligence requirements would require an adviser to identify the nature and scope of the covered function the service provider is to perform. This might include documenting a description of the nature and scope of the covered function in a written agreement, memo to file, database, or other form the adviser deems appropriate. As part of its identification, an investment adviser generally should understand what services will be provided and how the service provider will perform those services. We believe such identification is important to reduce the risks of performance shortfalls by the service provider due to the adviser's or its service provider's insufficient understanding of the nature and scope of the covered function. A clear understanding between the adviser and service provider of the nature and scope of the applicable covered function should help ensure that the service provider is performing the function that the adviser believes is being performed and reduce the risk of harm to clients and investors as a result of inadequate, negligent, or otherwise insufficient performance of the covered function.
Proposed rule 206(4)-11(a)(1)(ii). As further discussed below, we are also proposing a new books and records provision, rule 204-2(a)(24) that would require advisers to make and retain a list or other record of covered functions that the adviser has outsourced to a service provider.
We are also proposing amendments to Form ADV Part 1A under which an adviser would be required to disclose information about its service providers of covered functions. See supra section II.D.
What is included in “nature and scope” under the proposed rule would vary depending on the facts and circumstances, and the level of detail should reasonably reflect relevant factors such as the nature, size, and complexity of the covered functions involved. For example, if the service provider performing a covered function is an index provider, then the identification of the nature and scope of the covered function might relate to such things as index license terms, rebalancing frequency, and frequency of data delivery from the provider to the adviser. If an adviser outsources its trading desk functions, then the adviser might wish to identify descriptions of the trading desk services, as well as any ancillary activities related to those services, such as software or other technological support and maintenance, business continuity and disaster recovery, employee training, and customer service, including the extent to which the provider would perform the services itself or hire others to perform them.
As part of this analysis, an adviser also might wish to identify the frequency, content, and format of the service provider's covered function. The analysis also might vary depending on the types of risks identified during the adviser's due diligence process. If an adviser identifies certain risks related to outsourcing a particular task or related to using a particular service provider, then the adviser generally should take those risks into account when identifying the nature and scope of the covered function. For example, the adviser might wish to determine how the adviser's information, facilities, and systems (including access to and use of the adviser's or the adviser's clients' information) would be used and any protections that would be put in place for use of such items. If an adviser were to engage a service provider to perform portfolio management services for its clients, and the adviser would be sharing non-public trading information and/or its advisory clients' personally identifiable information, the adviser generally should negotiate and identify how such information would be managed in order to mitigate the risk that such information may be mishandled.
Rules related to maintaining the privacy of client information also would apply. See, e.g., 17 CFR 248.11(a) (reuse and redisclosure of nonpublic personal information that nonaffiliated trading services provider receives from adviser limited to performing trading services for the adviser's clients). See also17 CFR 248.201(e)(4) (applicable to advisers that are a financial institution or creditor with covered accounts); Reg. S-ID, Appendix A, at Section VI(c).
2. Risk Analysis, Mitigation, and Management
The proposed rule would require an adviser to identify the potential risks to clients, or to the adviser's ability to perform its advisory services, resulting from outsourcing a covered function. In doing so, we believe an adviser generally should assess and consider prioritizing the risks created by outsourcing the function in light of the adviser's particular business processes. As discussed above, outsourcing an investment adviser's function without a minimum and consistent framework for identifying, mitigating, and managing risks, can undermine the adviser's provision of services and mislead or otherwise harm clients. A lack of such a framework could indicate that it is unreasonable for an adviser to outsource the function. Potential client harm caused by a service provider's failure to perform or negligent performance of the outsourced function could be significantly mitigated, or even avoided, if the adviser first identifies the risk, and then determines, before outsourcing a function, how to mitigate and manage the risk.
We believe a risk prioritization approach is a commonly used and effective practice in the industry. Also, the Commission proposed a risk prioritization approach for cybersecurity risk assessment. We encourage commenters to review that proposal to determine whether it might affect their comments on this proposing release. See Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Investment Advisers Act Release No. 5956 (Feb. 9, 2022) [87 FR 13524 (Mar. 9, 2022)] (“Proposed Cybersecurity Release”) (stating that “[a]s an element of an adviser's or fund's reasonable policies and procedures, the proposed cybersecurity risk management rules would require advisers and funds periodically to assess, categorize, prioritize, and draft written documentation of, the cybersecurity risks associated with their information systems and the information residing therein.”).
There are a variety of potential risks that an adviser should generally consider, such as the sensitivity of information and data that would be subject to the service or to which the service provider may have access, the complexity of the function being outsourced, the reliability and accuracy of the service or function delivered by the service provider, extensive use of particular service providers by the adviser or several advisers, available alternatives in the event a service provider fails or is unable to perform the service, the speed with which a function could be moved to a new service provider, existing and potential conflicts of interest of the service provider, geographic location of the service provider, unwillingness to provide transparency, known supply-chain challenges, and the availability of market resources skilled in the service. Key to this process might include determining the likely potential impact—particularly to the adviser's clients, to investors in the adviser's fund clients, or to the adviser's ability to perform its advisory services—of the failure, or improper performance, of the function to be outsourced.
Advisers may have disclosure obligations related to conflicts of interest that arise from other provisions of the Federal securities laws. See, e.g., Form ADV Part 2, General Instruction 3 (stating that advisers “must seek to avoid conflicts of interests with [their] clients, and, at a minimum, make full disclosure of all material conflicts of interest . . . that could affect the advisory relationship.”).
For example, outsourcing records administration, personal securities trading clearance and compliance, or client trading services may result in the service provider gaining access to the adviser's non-public trading information ( e.g., client account positions, active trade orders, restricted securities trading list), or personally identifiable information (“PII”) about an adviser's clients. In these circumstances, it would be important for the adviser to consider whether use of a service provider would increase the likelihood that the non-public trading information or PII could be mishandled, misused, subject to unauthorized access, or otherwise subject to a heightened risk. This risk may be amplified when outsourcing to an offshore service provider that is unfamiliar with applicable U.S. laws and regulations, is potentially subject to laws that apply a different standard, and may cause delays in production of records. In the case of an offshore service provider, the adviser should consider whether the service provider's policies, procedures, and operations comply with applicable United States laws and regulations, and whether the service provider is able to demonstrate experience servicing clients that are subject to Federal securities laws. Further, the adviser should consider the potential impact to its advisory business and its clients if the non-public trading information or PII were subject to a breach via the service provider.
Advisers should also note that outsourcing that transfers PII to third parties could implicate legal restrictions on sharing by the adviser of such information.
When an adviser outsources any covered function it introduces new relationships and the potential for new conflicts of interest, such as the service provider's incentives to meet its obligations to some clients ahead of others, to devote more resources to a different line of business than the one for which the provider was hired, or to favor affiliates. The adviser should identify these risks and determine how it will mitigate and manage them. For example, outsourcing some client portfolio management functions to a model provider may introduce new conflicts of interest issues for the service provider that the adviser may want to consider. In such a circumstance, an adviser generally should consider potential issues such as whether the service provider also provides services to the service provider's affiliates and how the service provider prioritizes providing models among clients that pay different fees to the service provider. This is because the service provider could have a financial incentive to provide favorable prioritization or terms to its affiliates or clients paying the service provider a higher fee. If so, the adviser generally should consider how to mitigate this conflict of interest through approaches such as obtaining contractual representations and warranties about the service provider's procedures, reviewing the service provider's applicable written policies and procedures, or obtaining a contractual right to audit the service provider.
As fiduciaries, advisers must seek to avoid conflicts of interest with clients, and, at a minimum, make full disclosure of all material conflicts of interest between the adviser and clients that could affect the advisory relationship. See Form ADV Part 2 General Instructions. Advisers may disclose this information in their Part 2 of Form ADV or by some other means.
Another common example that illustrates the importance of an adviser's risk analysis occurs when an adviser seeks to outsource all or portions of its compliance function. There can be benefits to relying on a third party with potentially greater compliance experience and expertise, but an adviser also generally should consider the nature of its business and whether a potential provider can sufficiently understand, ingest, and address the unique compliance needs of the adviser's business. The adviser can seek to mitigate and manage this risk by generally considering certain steps such as seeking references from other clients of the service provider, conducting interviews of key service provider personnel, ensuring the compliance service provider will customize its services to meet the needs and unique aspects of the adviser's particular business, obtaining written assurances about the experience and skills of the service provider personnel that will be assigned to the adviser's account, and obtaining the right to audit the functions being performed by the service provider periodically.
The proposed rule also would require advisers to identify the risks of outsourcing to a particular service provider. We understand that many advisers currently take a variety of steps to understand the risks of their service providers and those of certain service providers. These steps may include reviewing a summary of a service provider's business continuity plan, due diligence questionnaires, an assurance report on controls by an independent party, certifications or other information regarding a provider's operational resiliency or implementation of compliance policies, procedures, and controls relating to its systems, results of any testing, and conducting periodic onsite visits. The nature, depth, and complexity of this analysis would be dependent, in part, on the adviser's assessment of risks associated with the function being outsourced. If an adviser determines that the risk of outsourcing a particular function is relatively high, then the adviser generally should consider adjusting its due diligence of the particular provider commensurate with that risk assessment. An adviser also generally should consider that a provider may pose unique or novel risks such as international operations, limited financial or operational history, lack of financial or operational transparency, lack of sufficient operating capital to support long-term operations, inability or unwillingness to provide client references, insufficient availability of qualified personnel, infrastructure susceptibility to extreme weather, lack of adequate data security, and prior service failures.
For example, if the outsourced function involves valuation of illiquid or private securities, the adviser generally should consider whether the particular service provider has the capability and experience to provide accurate and timely information. Inaccurate or untimely valuation information could affect the adviser's strategy, resulting in negative financial consequences for the adviser's clients. A lack of necessary sophistication or inability to perform timely are examples of service provider issues that generally should be identified and addressed before the service provider is engaged.
The proposed rule would also require an adviser to determine how it will mitigate and manage the identified risks. This could be accomplished through a variety of means, including actions taken by the adviser, or actions taken by the service provider at the adviser's request or direction. If an adviser determines that risks cannot be mitigated or managed adequately, the adviser generally should consider factors such as whether it is consistent with an adviser's fiduciary responsibility to its clients to move forward with outsourcing the function, whether outsourcing the function may increase the risk of fraud against the adviser's clients, or whether there is a viable alternative to outsourcing.
There are a multitude of ways that an adviser may mitigate or manage risks, subject to the applicable facts and circumstances surrounding the function. To mitigate the identified risks, an adviser generally may consider the potential impacts of the risks occurring, the frequency with which the risks may occur, and how to avoid or lessen those impacts. This could include considering whether the service provider allows sufficient transparency such that the adviser reasonably can monitor the outsourced functions to confirm they are performed correctly and developing and implementing written policies and procedures to oversee the service provider. For example, if an adviser incorporates a service provider's software to manage its portfolio risk, a flaw in the software could adversely affect client portfolios. It would therefore be important that the service provider sufficiently explains and demonstrates how the software operates so that the adviser can understand, identify, and determine whether it can mitigate any risks that the use of the software may pose. The adviser also generally should consider whether and how the service provider would provide notice of software failure, and how the service provider will respond in the event of a failure. Similarly, in the event the adviser is U.S.-based and outsourcing to a non-U.S.-based service provider, the adviser generally should consider whether and how it can effectively monitor the performance of the covered function, and whether there are any unique limitations or risks posed by the location where the services will be provided, such as geopolitical instability, heightened exposure to extreme weather, lack of U.S. legal jurisdiction and ability to enforce legal rights, infrastructure challenges such as instability in the power grid or internet services, or lack of access to an experienced workforce. If the adviser determines it cannot effectively monitor the performance of a covered function, it generally should consider whether outsourcing is consistent with the adviser's fiduciary responsibility to its clients, whether outsourcing may increase the risks for the adviser's clients, and whether there is a viable alternative to outsourcing.
An adviser may also mitigate and manage the risks of failing to perform a function by implementing contractual safeguards or pursuing alternative options. For example, if a service provider placing trades for the adviser's clients experienced a trading delay or stopped trading altogether, there may be material negative impacts on the adviser's clients. To mitigate the risk of this scenario, the adviser could enter into a contractual agreement with the service provider that identified, in advance of such an event, a substitute trading arrangement to be implemented within a timeframe that would cause as little disruption to clients as possible. An adviser also could establish a redundancy in the outsourced service or function. For example, an adviser could engage a primary pricing provider for illiquid securities, and also have an arrangement with a secondary pricing provider. The secondary provider could provide prices in the instance that the first pricing service fails, and otherwise be used, for example, to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider. Such contractual provisions may be particularly important in preventing harm to the adviser's clients. Regardless of who a contract indicates should remedy such a situation or who is liable for a particular breach, a service provider's failure to perform does not excuse the adviser from its fiduciary duty and other legal obligations and liabilities.
3. Competence, Capacity, Resources
Once an adviser has identified the risks related to outsourcing the function and the risks of the service provider, the proposed rule would require the adviser to determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner. Outsourcing an investment adviser's function to a service provider without making this determination can undermine the adviser's provision of services and mislead or otherwise harm clients. When an investment adviser holds itself out as providing advisory services or agrees with a client to provide such services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so. If an adviser retains a service provider without ensuring the service provider is able to perform the function in a timely and effective manner, the adviser would not be ensuring its obligations will be met and clients could be harmed if the service provider fails to perform or negligently performs the covered function. Therefore, in order to comply with its legal obligations when outsourcing a function, the adviser should confirm that the service provider is able to perform the applicable function timely and effectively to the same standards directly applicable to the adviser.
The determination of competence, capacity, resources, and performing the function timely and effectively should be based on the facts and circumstances of the functions being outsourced. For example, if outsourcing a function is high risk due to the complexity of the function, the adviser may want to assess competence by focusing on the experience and expertise of the service provider's personnel and the comprehensiveness of their processes and methodologies. If the function is labor intensive, the adviser may wish to consider factors such as whether the service provider has the necessary staffing capacity to provide the function and the service provider's historical staff retention rates. If the function requires specialized equipment or technology, the adviser may wish to seek evidence that the service provider possesses those resources. If the function is novel or is unique to the adviser, the adviser may wish to consider whether it is even appropriate to outsource due to a lack of service providers with the necessary competence, capacity, or resources to perform the function. In all of these instances, the adviser may consider whether and how the service provider can perform the covered function such that it effectively addresses the adviser's and its client's needs.
In addition to considering the facts and circumstances of the function being outsourced, we believe an adviser's analysis of competence generally should include an understanding of how the service provider will perform the function. For this, the adviser generally should verify that the service provider is able to explain and demonstrate clearly how the function will be performed. This enables the adviser to confirm it is outsourcing to a competent service provider, mitigates the risk of potential harm to the adviser's clients of a failure to perform, and educates the adviser in order to better monitor the service provider once engaged. For example, if an adviser is outsourcing its robo-advisory product to a third-party digital investment platform the adviser generally should understand the client factors considered by the platform, the methodology used by the platform to generate any recommendations, the factors that may alter that methodology, any highly technical or complex aspects of the methodology such as incorporation of artificial intelligence, and the service provider's procedures for testing and oversight of the methodology.
4. Subcontracting Arrangements
The proposed rule would require that the adviser determine whether the service provider has any subcontracting arrangements that would be material to the performance of the covered function. In the event of such a subcontracting arrangement, the proposed rule would also require that the adviser identify and determine how it will mitigate and manage potential risks to clients or its ability to perform advisory services in light of any such subcontracting arrangement.
Proposed rule 206(4)-11(a)(1)(iv).
In making these determinations, an adviser generally could rely on representations provided by the service provider or could develop policies and procedures with certain limitations or conditions when engaging a service provider that uses subcontractors. For example, an adviser may implement a policy that prevents the adviser from retaining a service provider that primarily relies on subcontractors to perform the covered function, or implement a procedure to audit the service provider's oversight of its subcontractors. An adviser also may enter into a written agreement with the service provider that requires the service provider to notify the adviser of any material incidents that take place at the subcontractor that may cause a failure to perform a covered function by the service provider. When determining how to mitigate and manage potential risks of outsourcing in light of any subcontracting arrangement, the adviser could consider relying on written representations the service provider makes about steps it is taking to mitigate and manage such risks.
Service providers may utilize subcontracting arrangements for any advisory services and functions, which creates a chain of service providers to an adviser. The absence of a direct relationship with a subcontractor may affect the adviser's ability to assess and manage risks that develop as a result of outsourcing. Outsourcing risks are heightened when an adviser uses service providers for “covered functions” that, by definition under the proposed rule, if not performed or performed negligently would be reasonably likely to cause a material negative impact on an adviser's clients or its ability to provide advisory services. Because the adviser ultimately has the responsibility for providing advisory services and complying with the Federal securities laws, we believe it is important that the adviser know about material subcontracting arrangements so that it can oversee the covered function properly.
Requiring the adviser to determine whether the service provider has any subcontracting arrangements might provide more visibility into the outsourcing chain by the adviser. However, we also recognize that a service provider may use a large number of subcontractors for a variety of functions or services at various points in time. As a way to balance the burden of having to determine how the adviser will mitigate and manage potential risks with respect to every subcontractor with the benefit of the adviser having some visibility into the use of subcontractors, we believe that the determination should be limited to subcontracting arrangements that would be material to the service provider's performance of the covered function. To determine whether a subcontracting arrangement is material, we believe it is appropriate generally to follow the standard used in the proposed definition of covered function. Thus, a subcontracting arrangement would be material if nonperformance or negligent performance would be reasonably likely to cause a significant negative impact on the service provider's ability to perform the covered function. A subcontracting arrangement that is subject to this standard would depend on the type of subcontractor being used and the nature and scope of the subcontracting arrangement. For example, if an adviser engaged a subadviser to manage certain of its clients' portfolios, and the subadviser outsourced some or all of its portfolio management to a subcontractor, we generally would consider this to be material because the subadviser would be outsourcing the function that the adviser had engaged the subadviser to perform. In such an instance, we believe the subcontractor's failure to perform or negligent performance of portfolio management would be reasonably likely to cause a significant negative impact on the subadviser's performance of the covered function, which would be reasonably likely to cause a material negative impact on the adviser's ability to provide its investment advisory services.
We believe that requiring this determination and risk assessment of any subcontracting arrangements that would be material to performance of a covered function is important because having a chain of providers increases the risk of lack of transparency and control by the adviser if there were an issue within the chain. We believe that to the extent a service provider uses any subcontractors that are material to the performance of its covered function, the adviser generally should conduct further monitoring and put in place risk management processes to mitigate potential harm to the adviser, and its advisory clients.
5. Compliance Coordination
The proposed due diligence provision would require an adviser to obtain reasonable assurance from a service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser's compliance with the Federal securities laws, as applicable to the covered function. An adviser remains liable for its obligations, including under the Advisers Act, other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. The proposed requirement would alert the service provider to those responsibilities and obtaining reasonable assurances would help the adviser ensure that it can continue to meet its compliance obligations despite outsourcing those functions.
For example, an adviser may rely on a service provider for part of its portfolio management function. While not required under the proposed rule, that adviser may wish to consider obtaining written assurances or written representations from the service provider that it is aware of the adviser's obligations under the Advisers Act, and that it will assist the adviser, as applicable, in complying with its obligations as a fiduciary. For additional clarity, the adviser may wish to consider articulating specific responsibilities of the service provider in relation to assisting the adviser to comply with its legal obligations. As another example, an adviser may rely on an outsourced chief compliance officer or compliance consultant for updating and filing the adviser's Form ADV, including Form CRS. Such an adviser may want to obtain assurances or representations from the service provider that it has sufficient knowledge of the adviser's business such that the adviser's Form ADV will be accurate and contain all required disclosure. In discussions with our staff regarding Form ADV compliance, some advisers have claimed ignorance of a filing not having been made, or of missing, inadequate or inaccurate disclosure, due to the adviser's reliance on an outsourced chief compliance officer or compliance consultant. Similarly, in response to our staff's requests for documents, advisers often indicate that they lack access to information necessary to demonstrate compliance with a provision of the Advisers Act and its rules or other Federal securities laws because of outsourcing. In instances where our staff has requested records demonstrating compliance with the brochure delivery rule, some advisers that use client relationship management providers have asserted that they have complied with the rule because brochure delivery is programmed into the providers' software, though they cannot produce records to evidence that delivery took place.
See rule 204-3.
6. Orderly Termination
The proposed rule would require an investment adviser to obtain reasonable assurance from the Service Provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function. This provision is designed to mitigate risks of an interruption in advisory services or the adviser's compliance with the Federal securities laws in the event that the outsourced relationship is discontinued. An abrupt termination of a covered function without a process to continue services in another way, transfer records, and otherwise provide a smooth transition could have a material negative impact on an adviser's clients or an adviser's ability to provide investment advisory services to clients. For example, if an adviser relied on a software provider to provide an order management and trading application for the purposes of placing orders on behalf of the adviser's clients, and the software provider abruptly terminated its services without the adviser being able to replace the provider or move the services in-house, then the termination would be reasonably likely to cause a material negative impact on the adviser's ability to provide investment advisory services. This is because the adviser may not be able to place orders at or near normal volumes or as efficiently. Such harm could be mitigated by the proposed due diligence requirement to obtain reasonable assurance from a service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.
Proposed rule 206(4)-11(a)(2)(vi).
Orderly termination of a service provider's performance of a covered function might include the adviser ensuring that no ongoing operational and technological dependency on the service provider remains after the termination of the relationship with the service provider. For example, an adviser might consider obtaining reasonable assurance, whether through a written agreement or some other means, from the service provider that it will provide a notice of intent to terminate in a specified amount of time or other similar process so that the service provider does not abruptly terminate its services to the detriment of the adviser and its clients.
Given the variety of advisers and providers and different levels of complexity with respect to outsourced functions, the proposed rule is designed to afford advisers and service providers the flexibility to establish what would constitute “orderly” termination in light of the risks involved. The adviser must be able to stay in compliance with its obligations under the Advisers Act and its rules during and after termination. Accordingly, the process that allows for “orderly” termination generally should reflect consideration of certain factors such as the type of covered function and applicable regulatory requirements. For example, if the covered function were recordkeeping services, then the adviser should account for how to continue to stay in compliance with the regulatory requirements with respect to recordkeeping after termination of the agreement. If the covered function were valuation services, then the adviser should consider how to transition different client accounts prior to complete termination and how to stay in compliance with any valuation requirements. In addition to ensuring proper transfer or retention of records, advisers generally should consider how they would maintain operational, regulatory, or other capabilities as a result of terminating the service provider engagement.
An “orderly” termination process also should be designed to handle confidential and other sensitive information securely. The adviser and service provider generally should consider ways to ensure that no confidential data or information remains with the service provider other than that required to meet the service provider's contractual obligations or the service provider's own legal obligations, if any. For example, a service provider that performs valuation services may have been granted access to certain adviser back-office or middle-office systems and internal reports, and the adviser and service provider might wish to agree to allow for verification that the provider's access is terminated either immediately upon notification of termination or after a reasonable amount of time once all accounts have been closed by the service provider. The adviser and service provider might also agree to the return or destruction of any copies of reports or confidential information after the terms of termination are satisfied, depending on the length of time it would take.
Relatedly, an “orderly” termination process also generally should contemplate reasonable time frames to allow for timely transfer or destruction of any data, as appropriate or necessary. Such provisions would facilitate the continuity and quality of the outsourced functions in the event of termination. For example, if an adviser wants to protect its ability to change its subadviser when appropriate without undue restrictions, limitations, or cost, then the adviser generally should consider termination and transfer arrangements with reasonable time frames to allow for timely transfer of confidential adviser and client information from the original service provider to the new service provider.
In addition to ensuring the adviser stays in compliance with its regulatory obligations during and post-termination of a relationship with a service provider, the adviser might consider provisions in a written agreement or some other form to protect itself against certain failures or breaches by the service provider such as termination rights, clear delineation of ownership of intellectual property, and the obligation of the service provider to assist and provide support for a successful and complete transition or termination.
7. Recordkeeping Provisions Related to Due Diligence
Finally, the proposal would amend the Advisers Act books and records rule to require advisers to make and retain specific records related to their due diligence assessment. These records include a list or other record of covered functions the adviser outsourced to a service provider including the name of each service provider, the factors that led to listing it as a covered function on Form ADV, and documentation of the adviser's due diligence assessment. The due diligence records would include any policies or procedures or other documentation showing how the adviser would mitigate and manage the risks it identifies, both at a covered function and a service provider level. The proposed amendments would also revise the books and records rule to require a copy of any written agreement, including any amendments, appendices, exhibits, and attachments, entered into with a service provider regarding covered functions. The records would have to be maintained in an easily accessible place while the adviser outsources the covered function and for a period of five years thereafter. This aspect of the proposal is designed to facilitate our staff's ability to assess an adviser's compliance with the proposed rule. We believe it would similarly enhance an adviser's compliance efforts as well.
See proposed rule 204-2(a)(24).
See proposed rule 204-2(e)(4).
We request comment on all aspects of the proposed due diligence requirement and corresponding proposed amendments to the Advisers Act books and records rule, including the following items:
31. Should we adopt the due diligence requirements as proposed? Are there other aspects of due diligence that should be required additionally or instead? Conversely, should we exclude any of the proposed due diligence requirements?
32. Should we require advisers to obtain third-party experts, audits, and/or other assistance to oversee a service provider when the adviser is outsourcing a function that is highly technical, or the oversight requires expertise or data the adviser lacks? For example, if an adviser is outsourcing to a service provider that provides valuation or pricing of complex or private securities, or a service provider that incorporates artificial intelligence into its services, should that adviser be required to confirm it has sufficient internal expertise to effectively oversee the service provider, and if not, obtain a third-party expert to provide such oversight?
33. Advisers are currently required under rule 206(4)-7 to have policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act, and this requirement would apply to the proposed rule. The proposed rule does not require additional explicit written policies and procedures related to service provider oversight. Should the rule require specific policies and procedures in addition to or instead of the requirements in the proposed rule? And if so, what specific provisions should be required? Should we also include changes to rule 38a-1 under the Investment Company Act?
34. Should we exempt certain service providers or covered functions from some or all of the due diligence requirements? If so, which service providers should we exempt, which due diligence requirements should we exempt, and why?
35. Should we exempt certain categories of advisers or service providers from the due diligence requirements, such as smaller ( e.g., a small business or small organization as defined in 17 CFR 275.0-7 or a small business as defined by the U.S. Small Business Administration) advisers or service providers or newly registered advisers? If so, which ones and why? Alternatively, should we provide scaled due diligence requirements, and if so, how? Would the proposed due diligence requirements raise any particular challenges for smaller or different types of advisers? If so, what could we do to help mitigate these challenges?
36. The proposed rule requires that the due diligence be conducted before the service provider is engaged. Are there reasons that due diligence cannot be completed prior to engaging a service provider? If so, please explain and provide examples. For example, should there be an exception for emergencies? How would we define emergency? Should an exception for emergencies be time-limited ( e.g., one month) or permitted for the duration of the emergency?
37. Are there other core factors that advisers should be required to consider in conducting due diligence? If so, what are those factors? For example, should advisers be required to confirm the financial stability of a service provider through the review of audited financials, or should certain service providers be required to provide certain third-party certifications or reports such as a Systems and Organizational Controls report (“SOC 1”) or other internal control report? Should service providers be required to have third-party financial support, such as fidelity bonds, errors and omissions insurance, or other support? If so, what type and level of support should be required?
See System and Organizational Controls: SOC Suite of Services, AICPA, available at https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html.
38. Is it clear what we mean by identifying the “nature and scope” of the services? If not, how can it be made clearer?
39. The proposed rule is intended to provide flexibility to investment advisers in the methods they use to identify outsourcing risks. Should we dictate a specific method by which risks are identified? For example, should we require that investment advisers prioritize the identified risks and create a record of that prioritization?
40. For purposes of identifying the risks of engaging a service provider in the due diligence process, should the rule include a materiality threshold?
41. Should the rule require advisers to adopt and implement service provider risk management strategies, as proposed? Should the Commission take a different approach to address these risks instead, such as requiring disclosure of the risks to clients, or limiting the services that can be outsourced?
42. Should the proposed rule require advisers to make determinations about the service providers' competence, capacity, and resources as proposed? Should the Commission take a different approach instead? For example, should we require advisers to make reasonable assessments instead? How much independent research would advisers be able to accomplish to comply with this requirement?
43. Should the proposed due diligence books and records amendments be expanded or limited in any way? Are there alternative, explicit, or additional recordkeeping requirements we should impose?
44. The proposed due diligence provision requires that the adviser determine whether the service provider has any subcontracting arrangements that are material to the service provider's performance of the covered function (emphasis added). Should we provide more guidance on the term “material”? Should we broaden the requirement to any subcontracting arrangements? Should we exempt or alter this requirement for service providers that are also investment advisers? Finally, should we omit the requirement that the adviser determine whether the service provider has any subcontracting arrangements?
45. The proposed due diligence provision requires an adviser to determine how it will mitigate and manage potential risks to clients or the adviser's ability to perform its services in light of subcontracting arrangements that would be material to a service provider's performance of a covered function. Should we exempt certain advisers from, alter, or delete this requirement, and if so why?
46. Is the provision requiring the adviser to obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of compliance with the Federal securities laws, as applicable to the covered function, appropriate? Maintaining records required by the Federal securities laws is one component of an adviser's regulatory compliance. Is there any overlap between this provision requiring coordination for legal compliance more broadly and the proposed requirement discussed below for an adviser to obtain reasonable assurance from third-party recordkeepers to provide required records to the adviser and Commission? If so, should we address any potentially duplicative requirements?
47. Is the proposed requirement to obtain reasonable assurance that the service provider is able, and will, provide a process for orderly termination appropriate? Is it clear what we mean by “orderly?” Should we define what “orderly” means instead? If so, how should we define it?
48. Are there circumstances in which an adviser might determine that abrupt termination was reasonably necessary to protect clients? If so, should the provision requiring obtaining reasonable assurance for orderly termination of the performance of a covered function be revised to permit advisers to exercise their judgment in such cases? For advisers to registered investment companies, should abrupt termination by the adviser require notification to the investment company board?
49. Should the Commission adopt the related recordkeeping provisions as proposed or should they be changed? For example, should the time period of retention be changed to five years after the entry was made or three years after the relationship between the adviser and service provider has been terminated?
C. Monitoring
Once a service provider is engaged, the proposed rule would require the adviser to periodically monitor the service provider's performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements of the proposed rule with a manner and frequency such that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider. Monitoring is critical to an adviser's ability to discover and address problems in a timely manner, continue providing its advisory services to clients, and comply with the Federal securities laws. For example, if an adviser is relying on a service provider's robo advice platform, the adviser generally should monitor to ensure that the platform continues to operate and adjust to client inputs as the adviser understands it should perform. The proposed monitoring obligation also helps to support an adviser's duty to monitor a client's account over the course of the relationship. Therefore, it would be inappropriate for an adviser to take a “set-it-and-forget-it” mentality when outsourcing a function or service that the adviser has agreed to perform or would otherwise be performing itself in order to provide its advisory services or to satisfy compliance obligations.
See proposed rule 206(4)-11(a)(2).
See In the Matter of Virtus Investment Advisers, Inc., Investment Advisers Act Release No. 4266, at 7 (Nov. 16, 2015) (settled order) (“Virtus had no written policies and procedures for evaluating and monitoring the accuracy of third-party-produced performance information or third-party marketing materials that Virtus directly or indirectly circulated or distributed to other persons.”).
See Standard of Conduct Release, supra footnote 21, at 72 (stating that the duty of care includes, among other things, the duty to provide advice and monitoring over the course of the advisory relationship).
When considering the manner and frequency of monitoring, an adviser should be mindful that it remains liable for its obligations, including under the Advisers Act, other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. If an adviser cannot sufficiently monitor a service provider, or is concerned that the service provider's actions or inactions may harm the adviser's clients or result in a regulatory violation, then the adviser may need to terminate the service provider relationship if possible. In such an instance, an adviser generally should be cognizant of any contractual limitations with a service provider that may impose additional risks on the adviser's clients or otherwise affect the adviser's analysis of whether to terminate the relationship.
The proposed monitoring requirement leverages processes similar to due diligence, which we have stated above is not a one-size-fits-all analysis. Thus, all monitoring generally should continue to take into account all of the required elements for due diligence, including the nature and scope of the service provider's services as well as the risks of engaging the particular service provider performing that function. The adviser generally should periodically evaluate the validity of its conclusions drawn during the initial due diligence process, and should adjust its monitoring to reflect changes in the functions or services the service provider is engaged to perform, industry or market changes that may affect the covered function, and also adjust to reflect the findings of any preceding monitoring. In order to continue outsourcing the service or function to the service provider, the adviser should be able to determine reasonably that the outsourcing remains appropriate.
The proposed rule would require an adviser to monitor its service providers with a manner and frequency such that the adviser reasonably determines that it is appropriate to continue (i) to outsource the covered function and (ii) to outsource to the service provider. The manner and frequency of an adviser's monitoring would depend on the facts and circumstances applicable to the covered function, such as the materiality and criticality of the outsourced function to the ongoing business of the adviser and its clients. For example, certain functions may require periodic onsite visits where other services may be monitored remotely. Methods of monitoring could include, for example, automated scans or reviews of service provider data feeds, periodic meetings with the provider to review service metrics, or contractual obligations to test and approve new systems prior to implementation. The frequency of an adviser's periodic monitoring also would be subject to factors such as the frequency with which the covered function is conducted, the complexity of the function, or the risk to clients of a failure to perform or of negligently performing the function.
The Commission similarly concluded that different frequencies of the required periodic re-assessment of valuation risks may be appropriate for different funds or risks. See Good Faith Determinations of Fair Value, Investment Company Act Release No. 34128 at 14 (Dec. 3, 2020) [86 FR 748 (Jan. 6, 2021)].
In determining an appropriate frequency of monitoring, advisers should consider whether there has been any change in the risk profile of the covered function or the service provider. For example, if a service provider announced significant layoffs of personnel, then it may be necessary for the adviser to increase temporarily or permanently the frequency and alter the manner of its monitoring to determine whether the service provider continues to have the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner. Alternatively, if new laws or regulations were implemented that affected a specific function, then it similarly may be necessary to alter temporarily or permanently the frequency and manner of monitoring to determine that the service provider continues to perform its services properly.
1. Recordkeeping Provisions Related to Monitoring
Finally, the proposal would amend the Advisers Act books and records rule to require advisers to make and keep records documenting the periodic monitoring of a service provider of a covered function. Advisers generally should consider including information such as performance reports received from the service provider, the time, location, and summary of findings of any financial, operational, or third-party assessments of the service provider, identification of any new or increased service provider risks and a summary of how the adviser will mitigate or manage those risks, any amendments to written agreements with a service provider, the adviser's written policies and procedures applicable to monitoring, a record of any changes to the nature and scope of the covered function the service provider is to perform, and a record of any inadequate or failed performance by a service provider of a covered function and responses from the adviser. The records would have to be maintained in an easily accessible place while the adviser outsources the covered function and for a period of five years after the adviser ceases outsourcing the covered function. Like other proposed amendments to the books and records rule, this aspect of the proposal is designed to facilitate our staff's ability to assess an adviser's compliance with the proposed rule. We believe it would similarly enhance an adviser's compliance efforts as well.
See proposed rule 204-2(a)(24)(iv).
See proposed rule 204-2(e)(4).
We request comment on all aspects of the proposed monitoring requirement, including the following items:
50. Should we adopt the monitoring requirements as proposed? Are there other aspects of monitoring that should be required under the rule? Conversely, should we exclude any of the proposed monitoring requirements from the rule?
51. Should we prescribe the frequency of monitoring instead of requiring an adviser to monitor its service providers with a manner and frequency such that the adviser reasonably determines that it is appropriate to continue to outsource the covered function and to outsource to the service provider, as proposed? Or should we prescribe a minimum frequency of monitoring? For example should we require that monitoring of service providers be conducted monthly? Quarterly? No less than annually? Why or why not?
52. As proposed, the rule requires that advisers make and maintain records documenting the periodic monitoring of a service provider, but it does not specify the specific records that must be maintained. Should the rule identify specific records to be maintained? If so, what records should be made and maintained and why? For example, should the rule require retention of due diligence questionnaires, third party audits, memos to file, or service provider reports?
53. Should we exempt certain categories of advisers or service providers from the proposed monitoring requirements, such as smaller or newer advisers or service providers? If so, which ones and why? Alternatively, should we provide for scaled monitoring requirements by any of these categories of advisers, and if so, how?
54. Should we prescribe the manner in which monitoring is conducted? For example, should we require that advisers conduct onsite visits of service providers on a periodic basis, or that advisers require periodic written certifications of compliance on a periodic basis, or engage third-party experts to conduct formal reviews? Why or why not? Are there any other monitoring actions that we should require?
55. Should the proposed monitoring books and records amendments be expanded or limited in any way? If so, how?
D. Form ADV
Data collected from Form ADV is of critical importance to our regulatory program and our ability to protect clients and investors. We use information reported to us on Form ADV Part 1A for a number of purposes, one of which is to allocate our examination resources efficiently based on the risks we discern or the identification of common business activities from information provided by advisers. The data disclosed in Form ADV Part 1A is structured such that it is readily used to create risk profiles of investment advisers and permits our examiners to prepare better for, and more efficiently conduct, their examinations. Moreover, the information in Form ADV Part 1A allows us to understand better the investment advisory industry as well as evaluate and form regulatory policies and improve the efficiency and effectiveness of the Commission's oversight of markets for investor protection.
Advisers use Form ADV to apply for registration with us (Part 1A) or with state securities authorities (Part 1B), and must keep it current by filing periodic amendments as long as they are registered. See Advisers Act rules 203-1 and 204-1. Form ADV has three parts. Part 1(A and B) of Form ADV provides regulators with information to process registrations and to manage their regulatory and examination programs. Part 2 is a uniform form used by investment advisers registered with both the Commission and the state securities authorities. See Instruction 2 of General Instructions to Form ADV. Part 3: Form CRS describes the requirements for a relationship summary. See General Instructions to Form ADV. This release discusses proposed changes to Form ADV Part 1A. To the extent that state securities authorities consider making similar changes that affect advisers registered with the states, we would forward comments to the North American Securities Administrators Association for consideration by the state securities authorities.
To enhance our ability to oversee investment advisers and provide additional public information about the use of service providers as defined in proposed rule 206(4)-11, we are proposing to amend Form ADV Part 1A to require registered advisers to identify their service providers that perform covered functions, provide the location of the office principally responsible for the covered functions, provide the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, we would also require specific information that would clarify the services or functions they provide. This information would provide us with a better understanding of the material services and functions that advisers outsource to service providers, would help us better understand potential broader market effects of outsourcing to service providers, and would permit us to enhance our assessment of advisers' reliance on service providers for purposes of targeting our examinations. The information also would help us identify advisers' use of particular service providers that may pose a risk to clients and investors, such as in situations where we learn that a service provider experiences a significant and ongoing disruption to its operations. Finally, the information would provide public information about advisers' use of third party service providers.
See proposed Form ADV, Part 1A, Item 7.C., and Section 7.C. of Schedule D.
This new reporting item would appear in Item 7 of Form ADV and consistent with the scope of proposed rule 206(4)-11, would only require reporting by investment advisers registered or required to be registered with the Commission. Currently, Item 7 requires advisers to disclose information about financial industry affiliations and activities, and to state whether they advise any private funds, and if so, provide certain information related to those private funds. New Item 7.C. would require SEC-registered advisers to check a box to indicate whether they outsourced any covered functions to a service provider. The required reporting will be limited to covered functions that are outsourced to service providers, as defined in proposed rule 206(4)-11(b). The determination of what is a covered function would vary depending on the facts and circumstances and, as a result, some advisers may report a service on Form ADV as a covered function while other firms may not. For those services determined to be covered functions and outsourced to one or more service providers, advisers would report more detailed information about each such service provider in new Section 7.C. of Schedule D. This would include the legal and primary business names of the service provider, the legal entity identifier (if applicable), and the address of the service provider. Having this identifying information for each listed service provider would give us a more complete picture of the extent to which the adviser's operations depend on one or more service providers, and help us consider the potential effects in the event of an industry wide failure by a particular service provider.
See proposed rule 206(4)-11(a). We are also proposing conforming amendments to Form ADV Part 1A, General Instructions and Glossary of Terms. Because Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the information in proposed new Item 7.C would be structured ( i.e., machine-readable) as well. Advisers submitting an other-than-annual amendment to Form ADV Part 1 would not be required to update their responses to Item 7.C, even if the responses to those items have become inaccurate, which is consistent with the updating requirements for the rest of Item 7. See Instruction 4 to General Instructions to Form ADV.
These new Form ADV reporting requirements are being proposed in conjunction with proposed Rule 206(4)-11. Proposed rule 206(4)-11 would not apply to exempt reporting advisers, and therefore proposed Item 7.C. would not apply to exempt reporting advisers. We believe that requiring only investment advisers registered or required to be registered to complete the items we propose appropriately enhances our ability to oversee investment advisers that are subject to the proposed rule and enhances client and investor disclosure as it relates to the proposed rule.
See also proposed rule 204-2(a)(24)(i) (requiring a record of covered functions that the adviser has outsourced to a service provider).
Section 7.C. also would require noting whether the identified service provider is a related person of the adviser, and noting the date the service provider was first engaged. Both of these data points would be helpful to us in conducting our risk assessments for developing and targeting examinations. Knowing whether a service provider is a related person would assist us and clients or investors in understanding the conflicts of interest that may be present, and would also assist in understanding better the potential impacts of a service provider's non-performance or negligent performance. Finally, Section 7.C. would require an adviser to report those covered functions or services the service provider is actively engaged in providing from predetermined categories of covered functions or services set forth in the item. The non-exhaustive list of categories is intended to encompass those services or functions that may be commonly outsourced and could fall within the definition of a covered function. If the service or function performed by the service provider was not represented in a predetermined category, the adviser would be permitted to select “other” with a free form field to identify the unlisted category. The covered function categories that we are proposing to include in Item 7.C of Schedule D are: Adviser/Subadviser; Client Services; Cybersecurity; Investment Guideline/Restriction Compliance; Investment Risk; Portfolio Management (excluding Adviser/Subadviser); Portfolio Accounting; Pricing ; Reconciliation; Regulatory Compliance; Trading Desk; Trade Communication and Allocation; Valuation; and Other. For example, we believe regulatory compliance would generally include outsourced chief compliance officer and other compliance consultant functions.
See Glossary of Terms to Form ADV. A related person includes “[a]ny advisory affiliate and any person that is under common control with your firm.”
This proposed disclosure would improve our ability to assess service provider conflicts for those service providers that perform a covered function as defined by the proposed rule, and could serve as an input to the risk metrics by which our staff identifies potential risk and allocates examination resources. The staff conducts similar analyses today, but have limited inputs, which constrains their effectiveness. For instance, it would be relevant to us to identify easily advisers using a service provider that we are separately investigating for involvement in alleged misconduct. The ability to identify readily other advisers using such a service provider would allow us to assess quickly and take appropriate actions. The proposed disclosure would also improve our ability to evaluate the adequacy and completeness of advisers' conflicts of interest disclosures by identifying additional potential sources of conflict.
The information would be publicly available as is other information on Form ADV, and we believe it may benefit the public in supplementing the information available about the adviser and may provide investors with additional context in which to consider an investment adviser's provision of advisory services. The public would be able to identify quickly and consider any implications of an adviser's use of one or more service providers or the outsourcing of any service or function. For example, if a client learns of a significant disruption at a major service provider, that client could easily and quickly determine whether its adviser uses that service provider for a service or function the client considers material and whether to take remedial action.
We request comment on the proposed Form ADV requirements:
56. Are the proposed requirements to disclose service providers that perform a covered function as defined in rule 206(4)-11 appropriate? Should we instead require all registered advisers that outsource any services to provide the specified information and then mark each service to indicate whether it is a covered function within rule 206(4)-11 or not? Or should we include a broader Form ADV reporting requirement, such as requiring all advisers ( e.g., exempt reporting advisers and advisers registering with state securities authorities) to provide the specified information regarding any outsourced service or function or only those that are subject to rule 206(4)-11 or any substantially similar regulation?
57. Do commenters agree with the proposed list of covered functions categories under Section 7.C of Schedule D? Do the proposed categories adequately capture the range of covered functions? Are the categories understandable? If not, which categories require additional explanation? Should we add or remove any categories? If so, please identify the category and explain why the change is appropriate. For example, should we include additional categories relating to investment data/analytics, information technology ( e.g., IT infrastructure or application software and support), or middle and back office functions ( e.g., client reporting and/or billing, performance measurement, collateral management, post-trade processing, etc.)? Alternatively, should the categories be consolidated ( e.g., pricing and valuation), retitled or otherwise revised? For example, do commenters agree that regulatory compliance would generally include such services as outsourced chief compliance officer and other compliance consultant functions? If not, how should the category be revised to encompass these types of outsourced functions?
58. Should we require additional or different reporting with respect to service providers that perform functions related to books and records required under rule 204-2? If so, how should reporting requirements be changed for these service providers and/or what additional information should be reported?
59. Do advisers have concerns with the public disclosure of service providers that perform covered functions? If so, what are those concerns? For example, are there categories of service providers that should not be disclosed publicly due to competitive, trade secret, compliance, or other risks? Should we require such disclosure to be reported non-publicly to the Commission in a format other than the Form ADV? If so, how?
60. Should the proposed ADV disclosure include the ability to incorporate by reference to other parts of the form? For example, should we allow advisers to cross reference private fund service providers that are currently required to be disclosed in Section 7.B. of Schedule D?
61. Are the proposed definitions of “covered function” and “service provider” in the Glossary of Terms to Form ADV appropriate? Do commenters agree that these defined terms should cross-reference proposed rule 206(4)-11(b)? Alternatively, should we provide the full text of each term, as defined in proposed rule 206(4)-11(b), in the Glossary of Terms to Form ADV without cross-reference to the proposed rule?
62. Would any additional or other information be material to an adviser's clients or prospective clients regarding outsourcing that is not included in the proposal and is not currently disclosed to investors through Form ADV or elsewhere ( e.g., whether the service provider arrangement is subject to a written agreement or information about passed-through fees)? Should we add any other service provider information to the Form ADV disclosure? If so, what information and why? For example, should Form ADV, Part 2 require information in the adviser's brochure about the use of service providers and related conflicts and other risks? Or is information about outsourced services already adequately being disclosed in connection with disclosures related to conflicts of interest or other risks? For example, should we require disclosure of potential conflicts of interest of the service provider? Should we require that, in addition or in place of the service provider's principal office, advisers report the principal office where the service provider's services are performed? Alternatively, should we delete any of the service provider information proposed to be disclosed? If so, what information and why?
63. Do advisers have concerns it will be difficult to compile, maintain and disclose this information on service providers? Could this place an undue burden on smaller advisers? If so, which information may be difficult to compile, maintain and disclose? Please explain.
64. Should private fund advisers be required under rule 206(4)-11 to provide information about their service providers to private fund investors through additional or different disclosure requirements in Form ADV? If so, what information should be required?
65. Should we require advisers to add narrative disclosures about their service providers in their Form ADV Part 2 brochures or wrap fee program brochures? If so, what information should be included?
E. Third-Party Recordkeeping
Many investment advisers seek to outsource various recordkeeping functions. Some of these functions may involve record creation, others may focus solely on record storage and retention, and many will include creation as well as storage and retention functions. Investment advisers may contract with data- and record-management companies, offsite storage companies, or information technology companies ( e.g., cloud service providers) to store or retain records. An adviser may also rely on a third party to perform a function that creates records, such as a firm that calculates performance or rates of return for one or more portfolios that the adviser may use to manage the investments in the portfolios, include in statements to clients or marketing materials provided to prospective clients, or show on its website. While the performance calculation provider's primary function is to calculate performance, this provider relies on records and data that substantiate the performance calculations and, in turn, those calculations create new records that need to be stored and retained. As another example, if a service provider were providing accounting, investment operations, or middle office services for the adviser, many of the records generated by the service provider would likely correspond to records that the existing Federal securities laws require registered investment advisers to make and keep. An adviser therefore may not directly possess all of the documentation and records that are required to be created or maintained by an investment adviser under the existing Federal securities law requirements.
See, e.g., rule 204-2(a), which requires registered advisers to maintain, among other things, journals, ledgers, check books, memorandums of each order given for the purchase or sale of a security, and bills or statements relating to the business of the adviser.
The continuing accessibility and integrity of adviser records are critical to the fulfillment of our oversight responsibilities, where such records may represent a primary means in which to demonstrate an investment adviser's compliance with various Federal securities laws. If advisers are not required to protect their records from inadvertent or intentional alteration or destruction and provide examiners with meaningful access to all required records, then the records become unreliable, and the examination process may be impaired. Recordkeeping requirements ensure that the Commission staff will have access to appropriate and helpful information in order to carry out its examination program. The ability to conduct timely and comprehensive examinations plays a significant role in proactively promoting compliance with the Federal securities laws and aids in preventing problems before they occur as well as promoting improvements in relevant areas.
Accessing records also can be critical for an investment adviser to provide advisory services and fulfill its fiduciary duty to clients. For example, accessing account information from prior periods can help an investment adviser substantiate portfolio performance that has been presented to prospective clients. Issues arising with an investment adviser's books and records can disrupt the adviser's ability to provide its services and may result in material harm to its clients. For example, if an adviser engages a cloud services provider to maintain critical client information, such as their account and personal information, and the cloud services provider inadvertently experiences a loss of client records, this would be reasonably likely to cause a material negative impact on the adviser's ability to provide its services and on its advisory clients. The adviser would either have no records or inaccurate records to verify, for example, the client's account information. The adviser might not have all the records it needs to execute certain investments or make other decisions on behalf of its client. In addition, if the adviser does not have accurate and timely information on client holdings and transactions, this could result in misinformed purchase or sales decisions as well as trade errors. The adviser may also lack the trading information to be able to report to its clients or track its trading activity in the portfolio, and, in turn, that could deprive clients and the adviser an opportunity to respond to market changes or timely remedy potential issues with the broker-dealer or custodian involving the trades. An investment adviser's compliance monitoring and internal audit functions also require timely access to records in order to function efficiently, such as when monitoring portfolio diversification and other client investment guidelines. As another example, accessing communication records regarding trade order execution may assist with monitoring whether an investment adviser is adhering to its own written policies and procedures concerning best execution.
Advisers generally should consider the specific retention periods for each type of record, such as records to substantiate a performance track record pursuant to rule 204-2(a)(16), and require all records to be available for the necessary retention periods. Advisers or their third parties relying on custodian statements, for example, to document data used in performance calculations may wish to consider retaining copies of such statements in the event the adviser no longer has access to the custodian's systems for a specific client's account.
When an adviser outsources recordkeeping functions without sufficient oversight, the risk that an issue with an adviser's books and records may arise can increase. Regardless of whether records are made or kept by a third party or by the investment adviser directly, the investment adviser remains responsible to comply with the Advisers Act recordkeeping requirements and other Federal securities laws. Rule 204-2, the Advisers Act recordkeeping rule, details the types of records required to be made and kept “true, accurate and current” as well as the manner, location, and duration of records to be maintained by investment advisers registered or required to be registered with the Commission. It does not, however, prescribe requirements for when an adviser outsources one or more of the required recordkeeping functions to a third party.
Accordingly, the proposed amendments to the Advisers Act recordkeeping rule include a new provision requiring every investment adviser that relies on a third party to make and/or keep any books and records required by the recordkeeping rule (“recordkeeping function”) to comply with a comprehensive oversight framework, consisting of due diligence, monitoring, and recordkeeping elements. Specifically, an investment adviser would be required to perform due diligence and monitoring as prescribed by proposed rule 206(4)-11(a)(1) and (a)(2) with respect to the recordkeeping function and make and keep such records as prescribed in proposed rule 204-2(a)(24) as though the recordkeeping function were a “covered function” and the third party were a “service provider,” each as defined in proposed rule 206(4)-11(b). In addition, an investment adviser relying on a third party for such recordkeeping functions would also be required to obtain reasonable assurances that the third party will meet four specific standards related to the recordkeeping rule's requirements.
See supra sections II.B and II.C; proposed rule 204-2(l)(1); proposed rule 206(4)-11(a).
The proposed amendments would provide a comprehensive oversight framework for third-party recordkeepers to protect against loss, alteration, or destruction of an adviser's records, and to help ensure that those records are accessible to the investment adviser as well as Commission staff. The proposed amendments would require advisers to conduct reasonable due diligence before engaging a third party to perform a recordkeeping function required by the recordkeeping rule. Specifically, an investment adviser would be required to reasonably identify and determine through due diligence that it would be appropriate to outsource the recordkeeping, and that it would be appropriate to select a particular third-party recordkeeper, by complying with each of the six due diligence elements specified in proposed rule 206(4)-11(a)(1). These elements address: the nature and scope of the services; potential risks resulting from the third-party recordkeeper performing the recordkeeping function, including how to mitigate and manage such risks; the recordkeeper's competence, capacity, and resources necessary to perform the function; the recordkeeper's subcontracting arrangements related to the function; coordination with the recordkeeper for Federal securities law compliance; and the orderly termination of the provision of the function by the recordkeeper.
See proposed rule 204-2(l)(1).
Consistent with these requirements, an adviser's due diligence of a third-party recordkeeper generally should be tailored reasonably to the nature, scope, and risk profile of the recordkeeping function or service that would be provided as well as to the identified third party. For example, the adviser generally should consider whether the particular third-party recordkeeper has the capability and experience to both make and maintain the required records in a format that is consistent with an adviser's books and records requirements. Therefore, the required due diligence of an adviser seeking to engage a third-party cloud provider to make and keep records on behalf of the adviser should take into account the third party's competence, capacity, and resources generally, but the adviser may not need to understand the intricacies of the cloud service's operations. The adviser generally should have a reasonable understanding of the cloud service and the risks of the service, and be able to conclude that it can mitigate and manage those risks. In conducting this due diligence, the adviser could review factors such as:
- Comparative cloud-based recordkeeping services, including their respective parameters, benefits, and risks,
- The cloud service provider's capability and experience with making and/or keeping records required under the recordkeeping rule,
- The cloud service's compliance and operational policies and procedures for the protection of data, and its policies and procedures addressing the maintenance and oversight of the data,
- The cloud service's prevention and detection of, and response to, cybersecurity threats, and
• The experience or lack thereof of other similarly situated advisers that have previously engaged the cloud service and any risks identified in those experiences or lack thereof.
Once a third party is engaged to provide recordkeeping functions required by the recordkeeping rule, proposed rule 204-2(l) would require the adviser to monitor the third party's performance of the recordkeeping function periodically and reassess the retention of the third party in accordance with the monitoring requirements prescribed by proposed rule 206(4)-11(a)(2). Monitoring third-party recordkeepers is critical to an adviser's ability to discover and address issues relating to the adviser's records in a timely fashion before such records may be inadvertently altered, lost or destroyed or otherwise rendered inaccessible. As discussed in section II.C above, the manner and frequency of an adviser's monitoring would depend on the facts and circumstances applicable to the recordkeeping function. For example, sufficient monitoring of an off-site physical record storage company may reasonably differ from that of an electronic media storage company due to the inherent differences in the nature and scope of their respective functions.
Further, an investment adviser would be required to comply with the attendant recordkeeping requirements prescribed in proposed rule 204-2(a)(24) with respect to such functions. Thus, in addition to performing the required due diligence and monitoring for a third party recordkeeping, an adviser would also be required to make and keep records documenting its due diligence and periodic monitoring of that third party as though the recordkeeping function were a “covered function” and the third party were a “service provider”, each as defined in proposed rule 206(4)-11(b). Requiring an adviser to make and keep records of its oversight of third-party recordkeepers is intended to enhance an adviser's compliance efforts and facilitate the Commission's inspection and enforcement capabilities.
See proposed rule 204-2(a)(24)(ii).
In addition to due diligence and monitoring obligations, an investment adviser that relies on a third party to perform any recordkeeping function under rule 204-2 would be required to obtain reasonable assurances that the third party will meet four standards specific to recordkeeping. First, the adviser must have reasonable assurance that the third party will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the requirements of the recordkeeping rule. Second, the adviser must have reasonable assurance that, when making and/or keeping records on behalf of the adviser, the third party will, in practice, actually make and/or keep records in a manner that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser. Third, for electronic records, the adviser must have reasonable assurance that the third party will allow the investment adviser and Commission staff to access the records easily through computers or systems during the required retention period of the recordkeeping rule. Whether computers or systems satisfy this provision of the rule would be determined based on the facts and circumstances, and could include, for example, computers and proprietary systems owned and operated by an adviser as well as computers and systems rented, licensed or otherwise made available to an adviser ( e.g., web portals, cloud computing, storage area networks, and electronic recordkeeping systems) which may be used to access such electronic records. Fourth, the adviser must have reasonable assurance that arrangements will be made to ensure the continued availability of records that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser in the event that the third party ceases operations or the relationship with the investment adviser is terminated.
See proposed rule 204-2(l)(2).
The Commission staff has previously addressed third-party recordkeeping subject to certain conditions in staff letters. See, e.g., First Call NAL, supra footnote 25; OMGEO NAL, supra footnote 25.
These standards, coupled with the prescribed due diligence and monitoring requirements, are intended to assist with making and keeping true, accurate, and current records of the adviser, protect those records from loss, alteration, or destruction, and ensure that those records are accessible to the investment adviser and the Commission staff, while maintaining appropriate freedom for investment advisers to contract with service providers to assist with recordkeeping functions. We expect that the arrangements between investment advisers and service providers for recordkeeping services may vary significantly among firms due to differences in the structure, operation, or scope of services amongst investment advisers and service providers.
Whether an investment adviser's arrangement with a third-party service provider satisfies the requirements under proposed rule 204-2(l)(2) would depend on the particular facts and circumstances of the arrangement including, among other things, the type of record, where the records are located, the medium and method of storage, and how promptly records or copies of records can be provided. When a third party is retained to assist with recordkeeping, the making and keeping of records still must satisfy the applicable requirements prescribed by rule 204-2. Thus, the adviser must obtain reasonable assurance that the third party will adopt and implement internal processes and/or systems for both making and keeping records on behalf of the investment adviser that meet the applicable requirements of rule 204-2. For example, rule 204-2(g) permits an investment adviser to maintain records electronically as long as certain requirements are met, including that the adviser shall, upon request, promptly provide the Commission legible, true, and complete copies of records in the medium and format in which they are stored, printouts of such records, and a means to access, view, and print the records. Therefore, under proposed rule 204-2(l)(2), where a service provider will keep email archives ( e.g., in cloud storage or an external storage database) on behalf of an investment adviser, the adviser should have reasonable assurance that the service provider will, among other things, adopt and implement internal processes and/or systems for making and/or keeping the records in such a manner to enable a prompt response to Commission requests for such records in the format required. We are aware of instances where advisers engage a third party to learn only later that the third party cannot produce required records in a reviewable format. These are issues that should be identified and addressed before a third-party recordkeeper is engaged.
See proposed rule 204-2(l)(2)(i).
See proposed rule 204-2(l); 17 CRF 275.204-2(g)(2)(ii).
The recordkeeping rule also addresses the location and length of time that required records under the rule must be maintained. Rule 204-2 generally requires that, among other things, such records be maintained and preserved in an easily accessible place and, for a period of time, in an appropriate office of the investment adviser. Consistent with these requirements, if an adviser outsources the storage of records under the recordkeeping rule, the adviser should seek to ensure that those records will be easily accessible for the duration of the required retention period. For example, if an investment adviser retains an off-site physical storage company to assist with maintaining physical records of records such as trade confirmations, those records should be maintained in an appropriate office of the adviser for the applicable period first, and then when the records are moved to the off-site location, they must be maintained in an easily accessible place. For electronic records, the proposed amendments would require an investment adviser to have the ability to access electronic records easily through computers/systems because such required records may be stored on servers or other storage devices that are owned or operated by a third party ( e.g., a cloud service provider). However, pursuant to rule 204-2, the records still must be available in the adviser's office for a period of time. The computers and/or systems that provide access to the required records could include computers and proprietary systems owned and operated by an adviser as well as computers and systems rented, licensed or otherwise made available to an adviser ( e.g., web portals, cloud computing, storage area networks, and electronic recordkeeping systems). This element of the proposed amendments is intended to safeguard an investment adviser's access to its required records while providing firms with the ability to use electronic platforms to make and keep their records. If an adviser has essentially immediate access to a record through a computer or system located at an appropriate office of the adviser, then that record could be considered to be maintained at an appropriate office of the adviser. For example, if an investment adviser relies on a service provider to store trade confirmations in the service provider's electronic database, one way the adviser could seek to ensure that the records will be easily accessible would be to require access to the records at any time through computers and/or systems for the record's required retention period under rule 204-2. In addition, in such an arrangement, the adviser should also seek to ensure such records are maintained in such a manner to permit them to be promptly provided to the Commission upon request.
See17 CFR 275.204-2(e).
See rule 204-2(e).
See proposed rule 204-2(l)(2)(iii).
See rule 204-2(e).
See, e.g., First Call NAL, supra footnote 25.
See proposed rule 204-2(l)(2)(iii); see also, e.g., OMGEO NAL, supra footnote 25.
When engaging a third party to provide recordkeeping services under rule 204-2, the investment adviser should account for how to continue to stay in compliance with the rule's requirements after termination of the arrangement either by the adviser or the third party. Rule 204-2(f) addresses circumstances where an investment adviser may discontinue its business and requires, among other things, that the adviser arrange for and be responsible for the preservation of required records under the rule. Similarly, a service provider may also discontinue its business or arrangement with an investment adviser. To seek to protect records required by the recordkeeping rule against loss and destruction when outsourced recordkeeping arrangements change or terminate, we are proposing to require an investment adviser to obtain reasonable assurance that a third party will make arrangements to ensure the continued availability of the required records under the recordkeeping rule as applicable to the adviser should the third party cease operations or its relationship with the investment adviser be terminated. For example, if an adviser were retaining records with a cloud storage service provider, the adviser may consider requiring that the cloud service provider agree to retain and grant the adviser access to such records for the legally required amount of time. Alternatively, the adviser may want to require that the service provider agree to assist in the transfer of such records to the adviser or another agreed-upon third party at the termination of the contractual relationship. This would allow the adviser to continue to retain such records in compliance with its legal obligations and provide them to the Commission staff upon request.
See17 CFR 275.204-2(f); proposed rule 204-2(l)(2)(iv)).
See proposed rule 204-2(l)(2)(iv).
See proposed rule 204-2(l)(2)(iv).
While many investment advisers may already have service provider agreements or other arrangements that contain these proposed standards as part of their policies and procedures or best practices to mitigate or manage risks the investment advisers identified when performing due diligence and monitoring, we believe that all investment advisers should obtain reasonable assurances that service providers will meet these four standards in an outsourced recordkeeping arrangement. We understand that the manner in which an investment adviser obtains reasonable assurances that the service provider will adhere to these standards may vary depending on the arrangement. One way an investment adviser could consider accomplishing this is by having a written agreement that expressly includes the four standards. Alternatively, an investment manager may seek to ensure these requirements are satisfied through one or more letters of understanding, statements of work, or other means. In some cases, the adviser might elect to receive and retain duplicate records from the service provider that the adviser stores and retains directly.
Finally, we are not proposing new Form ADV reporting requirements specific to third-party recordkeepers because current Item 1.L of Form ADV Part 1A already requires disclosure regarding the location of an adviser's books and records required under Section 204 of the Advisers Act when such books and records are maintained somewhere other than the principal office and place of business of the Adviser. An adviser is required to provide, among other things, the name of the entity and location where the books and records are maintained as well as a description of the books and records maintained at such location. An adviser should include third-party recordkeepers that maintain such books and records for the investment adviser in their responses to this item, which may include, among other things, arrangements such as electronic data- and record-management, offsite storage, and information technology ( e.g., cloud services) providers. Therefore, current reporting requirements already provide the Commission with information regarding advisers' use of third-party recordkeepers.
See15 U.S.C. 80b-4; Form ADV Item 1.L & Schedule D, Section 1.L.
See Form ADV Schedule D, Section 1.L.
We request comment on the proposed third-party recordkeeping requirements:
66. Do commenters agree that the proposed requirements for investment advisers that rely on third parties for recordkeeping functions under rule 204-2 are appropriate? Do the proposed amendments provide appropriate flexibility for investment advisers to engage third-party service providers in various capabilities? Are the proposed standards appropriately flexible in light of changing technology and digital infrastructure trends? If not, how should they be changed?
67. Should we broaden the proposed requirements to encompass all outsourced recordkeeping functions related to an adviser's obligations under the Federal securities laws, which would include rule 204-2? For example, should rule 204-2(l) apply to any records that are made and/or kept by a third party on behalf of an investment adviser in accordance with fulfilling the adviser's obligations under the Federal securities laws?
68. Should analogous requirements be added to rules under the Investment Company Act of 1940 ( e.g., rules 31a-1 and 31a-2) for registered investment companies? If so, should the requirements be different for registered investment companies than for advisers when outsourcing recordkeeping functions? Why or why not?
69. Do commenters agree that it is appropriate to require similar due diligence and monitoring requirements as prescribed in proposed rule 206(4)-11 for outsourced recordkeeping functions? Why or why not?
70. Should we adopt the due diligence requirements for third-party recordkeepers as proposed? Are there other aspects of due diligence that should be required additionally or instead? Conversely, should we exclude any of the proposed due diligence requirements?
71. Should we adopt the monitoring requirements for third-party recordkeepers as proposed? Are there other aspects of monitoring that should be required additionally or instead? Conversely, should we exclude any of the proposed monitoring requirements?
72. Do commenters agree that the proposed recordkeeping requirements related to an adviser's due diligence and monitoring of service providers of covered functions, as defined in proposed rule 206(4)-11(b), should also be required for third-party recordkeepers? Why or why not?
73. Are the types of service provider arrangements that would be encompassed under proposed rule 204-2(l) sufficiently clear? Is this scope sufficiently defined? Should the scope be clarified in any other way?
74. Are there certain types of third-party recordkeeping arrangements that should be included or excluded ( e.g., cloud service providers or service providers which are subject to existing government or self-regulatory organization oversight, such as broker-dealers or banks)? If so, explain why. Are there types of third-party recordkeeping arrangements that should be subject to different or alternative oversight requirements? If so, explain why and, if applicable, suggest alternative requirements to the proposed rule text.
75. Do investment advisers currently have service provider agreements that meet the recordkeeping standards in proposed rule 204-2(l)? If not, what types of service provider arrangements do not these standards? Do investment advisers currently obtain reasonable assurances that service providers will meet the recordkeeping standards in proposed rule 204-2(l) through their policies and procedures and/or due diligence practices? If so, do commenters believe the proposed rule is necessary?
76. Should proposed rule 204-2(l) require a written agreement between an investment adviser and a third party where the investment adviser relies on the third party for recordkeeping functions under rule 204-2? Should proposed rule 204-2(l)(2) require that the four standards under the proposal be expressly covered by a written agreement or, alternatively, a written undertaking? Should the standards be clarified in any manner? Should additional standards be included as part of the proposal?
77. Are the four standards enumerated in proposed rule 204-2(l)(2) sufficiently understandable? If not, which standards require additional clarity and detail? Do commenters believe certain terms should be defined within rule 204-2? If so, what terms?
78. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the applicable requirements of rule 204-2? Why or why not?
79. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will make and/or keep records on behalf of the investment adviser that meet all of the applicable requirements of rule 204-2? Why or why not?
80. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will allow the investment adviser and staff of the Commission to access the adviser's electronic records easily through computers or systems? Why or why not? If not, what level of access should be required for records required by rule 204-2 when such records are maintained by a third party? Should certain types of electronic records be excluded from this requirement or otherwise subject to different or alternative requirements? If so, please explain.
81. Do commenters agree that it is appropriate for investment advisers to make arrangements with service providers to ensure the continued availability of records in the event that the third party ceases operations or the relationship with the investment adviser is terminated? Why or why not? Should we prescribe more specific requirements for the retention of records under the recordkeeping rule when a third party recordkeeping arrangement with an investment adviser is terminated?
82. We are not proposing to require additional Form ADV reporting for third-party recordkeepers. Are all third-party recordkeepers already reported in Section 1.L. of Schedule D, and if not, should we explicitly require that they be reported on Form ADV? Should we require advisers to report all third-party recordkeepers in Section 7.C of Schedule D or cross reference to their disclosure in Section 1.L. of Schedule D? Should we allow advisers to report more than one principal office for a service provider in Section 1.L. of Schedule D?
F. Existing Staff No-Action Letters and Staff Statements
Consistent with the proposed amendments, staff in the Division of Investment Management is reviewing certain of our staff's no-action letters addressing the application of the recordkeeping rules to determine whether any such letters should be withdrawn in connection with any adoption of this proposal. If the rule is adopted, some of these letters would be moot, superseded, or otherwise inconsistent with the amended rules and, therefore, would be withdrawn. We list below the letters that are being reviewed for withdrawal as of the dates the proposed amendments, if adopted, would be effective after a transition period. If interested parties believe that additional staff letters or other staff statements should be potentially withdrawn, they should identify the letter or statement, state why it is relevant to the proposed amendments, and how it should be treated and the reason therefor. To the extent that a letter listed below relates both to a topic identified in the list below and another topic, the portion unrelated to the topic listed is not being reviewed in connection with the adoption of this proposal.
Letters To Be Reviewed Concerning Rule 204-2
Letter and date | Topic subject to withdrawal |
---|---|
First Call Corporation (pub. avail. Sept. 6, 1995) | Investment adviser electronic recordkeeping. |
Omgeo LLC (pub. avail. Aug. 14, 2009) | Investment adviser electronic recordkeeping. |
G. Transition and Compliance
We are proposing to require advisers registered or required to be registered with the Commission to comply with the proposed rule, if adopted, starting ten months from the rule's effective date (the “compliance date”). This would provide a transition period during which a registered investment adviser can prepare to develop and adopt appropriate procedures to comply with the proposed rule, if adopted. Pursuant to our proposal, the proposed rule, if adopted, would apply to any engagement of new service providers made on or after the compliance date of the proposed rules and amendments. The ongoing monitoring requirements, if adopted, also would apply to existing engagements beginning on the compliance date. The adviser would be required to monitor periodically the service provider's performance of the existing covered function and reassess the retention of the service provider in accordance with the due diligence requirements. If adopted, the rule would require such monitoring and reassessment to occur with a manner and frequency such that the investment adviser reasonably determines that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider.
We request comment on the following:
83. Do commenters agree that a ten-month transition period following the effective date of any final rule is appropriate? If not, how long of a transition period would be appropriate? For example, would 90 days be an appropriate amount of time? Would longer be necessary, e.g., eighteen months, and if so, why? Should we have different compliance dates for larger or smaller entities? For example, should we require compliance for larger advisers within ten months and require eighteen months for smaller advisers? Why or why not?
84. Under our current proposal, all current applicable adviser engagements with service providers would fall within the purview of the proposed rule and would be subject to the due diligence and monitoring requirements as outlined within the proposal as of the compliance date. We understand that this requirement may result in advisers having to revisit existing arrangements with service providers to review for compliance and perhaps even requiring advisers to amend current contracts to satisfy the requirements of the proposed rule. We request comment on whether the rule should include a provision that excludes an adviser's existing engagement with a service provider that occurred prior to any compliance date of the proposed rule. Alternatively, should the proposed rule exempt advisers with existing service provider engagements from complying with certain proposed actions within the proposal? What requirement(s) should receive this treatment and why is it necessary? Are there certain types of service provider relationships that should be covered by such a provision in order to prevent the imposition of an unfair or unreasonable burden on the adviser or to prevent the imposition of excessive costs? If so, please explain the unfair burden or excessive costs that could result.
85. Would it be preferable to provide a different transition period for advisers that have existing relationships with service providers to come into compliance with any final rule than the transition period for new relationships? Do advisers need a different time period to review current service provider engagements and determine what further actions may be needed to bring the adviser into compliance with any final rule?
86. Should we provide an exception for service provider engagements that are short-term in nature ( e.g., less than three months)? Should we provide advisers with a safe harbor during periods where an adviser has determined to transition a covered function from one service provider to another? For example, should we provide a ten-day safe harbor to allow for advisers to transition a covered function from a service provider if the adviser makes a determination that it no longer remains appropriate to outsource the covered function to that service provider?
III. Economic Analysis
A. Introduction
We are mindful of the costs imposed by, and the benefits obtained from, our rules. Section 202(c) of the Advisers Act provides that when the Commission is engaging in rulemaking under the Act and is required to consider or determine whether an action is necessary or appropriate in the public interest, the Commission shall also consider whether the action will promote efficiency, competition, and capital formation, in addition to the protection of investors. The following analysis considers, in detail, the likely significant economic effects that may result from the proposed rule and proposed amendments to rules and forms, including the benefits and costs to clients and investors and other market participants as well as the broader implications of the proposed rule and amendments for efficiency, competition, and capital formation.
Where possible, the Commission quantifies the likely economic effects of its proposed amendments and rules. However, the Commission is unable to quantify certain economic effects because it lacks the information necessary to provide estimates or ranges of costs. Further, in some cases, quantification would require numerous assumptions to forecast how investment advisers, service providers, and other affected parties would respond to the proposed rule and amendments, and how those responses would in turn affect the broader markets in which they operate. In addition, many factors determining the economic effects of the proposed rule and amendments would be investment adviser-specific or service provider-specific. Investment advisers vary in size and sophistication, as well as in the products and services they offer. As a result, the extent to which investment advisers outsource covered functions as well as the kinds of covered functions they outsource differ, making it inherently difficult to quantify economic effects on advisers. Similarly, service providers vary in size and sophistication, as well as in the services they offer or could potentially offer, making it inherently difficult to quantify economic effects on service providers. Even if it were possible to calculate a range of potential quantitative estimates, that range would be so wide as to not be informative about the magnitude of the benefits or costs associated with the proposed rule. Many parts of the discussion below are, therefore, qualitative in nature. As described more fully below, the Commission is providing a qualitative assessment and, where practicable, a quantified estimate of the economic effects.
B. Baseline
The economic baseline against which we evaluate and measure the economic effects of the proposed rules and amendments, including its potential effects on efficiency, competition, and capital formation, is the state of the world in the absence of the proposed rules.
1. Affected Parties
Registered Investment Advisers. The proposed rule would generally apply to a registered investment adviser (“RIA”) that outsources a covered function to a service provider. As of June 2022 there were 15,169 investment advisers registered with the Commission. RIAs reported $128.2 trillion in regulatory assets under management (“RAUM”) with $116.87 trillion in discretionary RAUM attributable to 47 million accounts and $11.36 trillion in non-discretionary RAUM attributable to 14 million accounts. The average RAUM among RIAs was $8.45 billion and the median was $396.8 million.
See proposed rule 206(4)-11(a).
Table 1—Registered Investment Advisers Statistics by Majority Client Type
Majority client type | Number of registered investment advisers | Average RAUM (millions) | Median RAUM (millions) |
---|---|---|---|
High net worth individuals | 6,389 | $2,059.1 | $300.2 |
Pooled investment vehicles | 4,174 | 8,897.0 | 1,025.1 |
Non-high net worth individuals | 2,191 | 3,130.6 | 127.6 |
Investment Companies | 767 | 65,849.5 | 1,250.2 |
Pension and profit sharing plans | 474 | 11,269.7 | 897.5 |
Corporations | 238 | 4,224.2 | 490.9 |
State/municipal entities | 198 | 16,534.5 | 1,840.3 |
Other investment advisers | 190 | 7,072.5 | 631.5 |
Other client type | 173 | 2,701.5 | 646.8 |
Insurance companies | 123 | 55,691.3 | 4,474.4 |
Charities | 109 | 5,470.1 | 631.1 |
Banking or thrift institutions | 67 | 9,634.3 | 2,717.1 |
Business development companies | 47 | 3,353.5 | 998.5 |
Foreign institutions | 29 | 30,971.1 | 2,538.8 |
Total | 15,169 | 8,453.9 | 396.8 |
Source: Form ADV, Part 1A, Item 5D. The majority client type represents the client type to which the RIA attributes the majority of their RAUM. All data reflect updated records as of July 2022. |
Average and median RAUM vary by the type of client to which the RIA attributes the majority of its RAUM. For example, for RIAs with a majority of investment company clients, the average and median RAUMs were $65.849 billion and $1,250.2 million, respectively. For RIAs with a majority of non-high net worth individual clients, the average and median RAUMs are much smaller—$3.130 billion and $127.6 million, respectively.
Form ADV, Part 1A, Item 5.D.
Service Providers. Service providers would also be affected by the proposed rule. Covered functions are potentially performed by: (1) an adviser's supervised person, (2) a related-party service provider, or (3) a third-party service provider. Under the proposed rule a service provider would be a person or entity that performs one or more covered functions and is not an adviser's supervised person as defined in the Act, where covered functions are those that are (1) necessary for the adviser to provide investment advisory services in compliance with the Federal securities laws and (2) if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. The determination of what is a covered function would depend on the facts and circumstances and encompass functions or services that are necessary for an adviser to provide its investment advisory services in compliance with the Federal securities laws. Certain functions may be covered functions for one adviser but not for another adviser, depending on strategy and business model, and so certain persons or entities that perform functions on behalf of advisers may be a service provider in the scope of the rule with respect to one adviser but not for another adviser. In this section, we discuss a variety of persons or entities that perform functions on behalf of advisers under the term “service provider,” though these persons or entities may only be service providers in the scope of the rule for certain advisers.
See supra section II.A.2.
Id.
Few current disclosures require advisers to identify if a service provider is a related-party or third-party service provider. One item on Form ADV identifies the use of administrators and whether the administrator is a related party or a third party, but only for clients that are private funds. Of the 5,378 advisers to private funds reported on Form ADV, 4,213 (78%) report at least one third-party administrator and 140 (3%) report at least one related-party administrator.
Form ADV, Part 1A, Schedule D, Section 7.B.(1), Item 26. Items 25 and 28 identify custodians and marketers. As discussed above, custodians and marketers are not within the scope of the rule and so our analysis is limited to administrators. See supra section II.A.
See Form ADV, Part 1A, Item 7B(1). The data reflects updated records as of July 2022. An adviser must file a separate Section 7.B of Schedule D for each private fund that it manages. Because these items are only provided by private fund advisers, this analysis is not representative of the broader investment adviser industry. There may also be other categories of service providers not captured by Form ADV.
Certain items in Form ADV data provide information on RIAs' outsourcing of services, but do not distinguish between third-party and related-party service providers. In particular, Form ADV data include information on RIAs' use of certain service providers of potentially covered functions: (1) chief compliance officers, and (2) record-keepers. Table 2 provides information on the use of these service providers by advisers.
Form ADV, Part 1A, Item 1.J.(2).
Form ADV, Part 1A, Item 1.L & Schedule D, Section 1.L. Items 1.I and 5.B.(6) identify entities that provide website or social media services and individuals who solicit clients on an adviser's behalf. Because these entities are unlikely to be within the scope of the rule, they are excluded from this analysis. See supra section II.A.
Table 2—Adviser Use of Additional Service Providers
Chief compliance officer | Record keeping | |
---|---|---|
Count | 789 | 7,178 |
Percent | 5 | 47 |
Source: Form ADV, Part 1A, Items 1.J.(2) and 1.L & Schedule D, Section 1.L. All data reflect updated records as of July 2022. |
Although we believe that if an RIA has a related party that provides a particular function, the adviser may make use of that related-party service provider, Form ADV currently does not require RIAs to specifically provide that information. We can, however, identify whether an RIA has a related party that is a service provider on Form ADV, which is illustrated in Table 3. For example, approximately a third of RIAs report a related party that is another investment adviser such as a financial planner, and many RIAs report a related party that is a broker-dealer, municipal securities dealer, government securities broker or dealer, or insurance company or agency. However, the actual proportion of RIAs with related party service providers may be lower, to the extent that these related parties are not functioning as service providers to an adviser's clients.
Form ADV, Part 1A, Item 7.A. requires advisers to provide information about their related persons, including foreign affiliates. Advisers' related persons are all advisory affiliates and any persons that are under common control with the adviser. In particular, Item 7.A. requires an adviser to disclose if the adviser has a related person that is: (1) broker-dealer, municipal securities dealer, or government securities broker or dealer (registered or unregistered), (2) other investment adviser (including financial planners), (3) registered municipal advisor, (4) registered security-based swap dealer, (5) major security-based swap participant, (6) commodity pool operator or commodity trading advisor (whether registered or exempt from registration), (7) futures commission merchant, (8) banking or thrift institution, (9) trust company, (10) accountant or accounting firm, (11) lawyer or law firm, (12) insurance company or agency, (13) pension consultant, (14) real estate broker or dealer, (15) sponsor or syndicator of limited partnerships (or equivalent), excluding pooled investment vehicles, and (16) sponsor, general partner, managing member (or equivalent), excluding pooled investment vehicles.
Table 3—Percentage of RIAs Reporting Each Type of Related Party
Related-party type | % of RIAs reporting type of related-party |
---|---|
Sponsor, general partner, managing member (or equivalent), excluding pooled investment vehicles | 36 |
Other investment adviser (including financial planners) | 29 |
Broker-dealer, municipal securities dealer, or government securities broker or dealer (registered or unregistered) | 16 |
Commodity pool operator or commodity trading advisor (whether registered or exempt from registration) | 16 |
Insurance company or agency | 16 |
Accountant or accounting firm | 7 |
Banking or thrift institution | 5 |
Trust company | 5 |
Sponsor or syndicator of limited partnerships (or equivalent), excluding pooled investment vehicles | 5 |
Pension consultant | 4 |
Lawyer or law firm | 3 |
Real estate broker or dealer | 3 |
Registered municipal advisor | 2 |
Registered security-based swap dealer | 1 |
Futures commission merchant | 1 |
Major security-based swap participant | 0 |
Source: Form ADV, Part 1A, Item 7.A. All data reflect updated records as of July 2022. |
Clients. Clients of RIAs may also be affected by the proposed rule, to the extent they either benefit from increased oversight and/or face additional costs that are passed on to them from advisers, including those that service providers pass on to advisers. Form ADV requires RIAs to indicate the approximate number of advisory clients and the amount of total RAUM attributable to various client types. Table 4 provides information on the number of client accounts, total RAUM, and the number of RIAs attributable to each client type. For instance, non-high net worth individuals account for over 43 million clients, or approximately 83.14% of all advisory clients, while investment companies make up about 25 thousand clients, less than one percent of all advisory clients. Investment companies account for $43,838 billion in RAUM, or approximately 35.5% percent of reported RAUM. Business development companies, on the other hand, account for around $211 billion in RAUM, under 1% of total RAUM.
If a client fits into more than one category, Form ADV requires an adviser to select one category that most accurately represents the client (to avoid double-counting clients and assets).
Table 4—RIA Market Size by Client Type
Client type | Clients (millions) | Total RAUM (billions) | RIAs |
---|---|---|---|
Non-high net worth individuals | 43.824 | 7,093 | 8,286 |
High net worth individuals | 6.917 | 11,832 | 8,989 |
Other investment advisers | 0.908 | 1,427 | 814 |
Pension and profit-sharing plans | 0.431 | 8,106 | 5,271 |
Other client types | 0.377 | 1,156 | 1,374 |
Corporations | 0.340 | 3,267 | 4,934 |
Charities | 0.121 | 1,613 | 5,134 |
Pooled investment vehicles | 0.095 | 34,584 | 5,763 |
State/municipal entities | 0.027 | 4,285 | 1,299 |
Investment companies | 0.025 | 43,838 | 1,603 |
Insurance companies | 0.013 | 7,630 | 1,028 |
Banking or thrift institutions | 0.011 | 966 | 432 |
Foreign institutions | 0.002 | 2,209 | 363 |
Business development companies | 0.000 | 211 | 98 |
Source: Form ADV, Part 1A, Item 5D. All data reflects updated records as of July 2022. |
2. Adviser Use of Service Providers
Reasons for use of Service Providers. Advisers use service providers for a variety of reasons. First, advisers may rely on service providers for a covered function because the adviser faces difficulties performing the function themselves as a matter of operations. Advisers may also choose to use a service provider for a function that could be performed internally, because advisers believe they may give the adviser or its clients access to certain specializations or areas of expertise, or otherwise offer efficiencies that are unavailable to or unachievable by an adviser alone. For instance, in some circumstances, service providers may be able to provide the same or similar levels of service as an adviser in a manner that is more cost-effective to clients. Outsourcing can also provide staffing flexibility by reducing the burdens on advisers' existing personnel. These burdens generally entail hiring and onboarding costs in addition to salaries and benefits, and the flexibility may be particularly useful for services that are periodic or otherwise infrequent and may not require permanent staffing by the adviser. Advisers with few personnel in particular may find benefits in allowing service providers to handle tasks that would otherwise be time-consuming or costly given the lack of economies of scale. Engaging a service provider also may prove efficient because it allows an adviser to allocate specific duties to a single service provider, rather than relying on multiple internal personnel to complete a function. Clients also can benefit from outsourcing, including through lower fees (if the adviser passes along any cost savings) and better quality of service.
See supra section I.A.
See supra footnote 5.
There are a wide variety of functions that an adviser might outsource. For example, advisers might outsource functions that operationally support an adviser's business functions ( e.g., investment research and data analytics, trading and risk management, compliance). Advisers might also hire service providers to perform or assist with functions that support middle- and back-office functions essential to asset management ( e.g., collateral management, settlement services, pricing or valuation services, and performance measurement). Lastly, advisers might hire service providers to support the investment advisers' core advisory services and processes ( e.g., provision of bespoke indexes, sub-advisory services, and platforms for robo-advisory services).
See supra section I.A.
Risks Associated with use of Service Providers. While the use of service providers might offer investment advisers significant advantages, the use of service providers may also present elevated risks of potential material harm to clients, and on the adviser's ability to perform its advisory services, resulting from outsourcing a covered function. Elevated risks can manifest in several ways: (1) increased operational risks from individual service providers to individual advisers, (2) increased risks associated with expanded or additional conflicts of interest resulting from principal-agent and moral hazard problems, (3) increased operational risk resulting from an adviser relying on a single service provider to provide multiple functions, (4) increased broader or systemic operational risk from a service being provided by a small number of service providers, (5) increased risks from reduced regulatory transparency, (6) increased risk of harm when clients and investors are misled as to the adequacy of the adviser's due diligence in engaging service providers and oversight of outsourced functions, and (7) increased risk of harm from rare but catastrophic operational failures that may be difficult for advisers and clients to predict, and thus price into their negotiated agreement. We discuss each of these in turn.
Use of a service provider could reduce an adviser's direct control over, or visibility into, a function. Reduced control over or visibility into a function could increase existing operational risks or introduce new operational risks. For example, without proper oversight of trade allocation, an adviser could be left unable to submit orders or allocate trades, or could have a service provider allocating shares in a manner that favors certain clients over others or failing to consider whether allocating additional shares would violate a client' investment guidelines. As another example, where a service provider manages data for an adviser, an operational failure could result in advisers making investment decisions based on incorrect data about their client's assets. For example, if an adviser has incorrect data on a client's holdings of a particular security, the adviser may mistakenly not sell as much of their client's holdings in the event of a market downturn as they would otherwise. This may also include advisers outsourcing critical functions to service providers in geographical areas with unique heightened risks, such as risks from weather events, power outages, geopolitical events and public health concerns in their location.
See supra section II.A.2.
See supra section II.A.1.
See supra section I.A.
An investment adviser's loss of control over, or visibility into, an outsourced function could also create potential or actual conflicts of interest between investment advisers and service providers. This is because the relationship between client and an adviser is generally one where the principal (the client) relies on an agent (the adviser) to work on the principal's behalf. To the extent that principals and their agents do not have aligned preferences and goals, agents (advisers) may take actions that increase their well-being at the expense of principals (clients).
See Michael C. Jensen & William H. Meckling, Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure, 3 J. Fin. Econ. 305 (1976).
These conflicts of interest are particularly relevant for oversight of outsourced functions because of the client's limited visibility and limited ability to observe and independently monitor the adviser's oversight of the service provider. This scenario is defined as a moral hazard problem: When an agent's actions cannot be observed or directly contracted for by the principal, it is difficult to induce agents to supply the proper amounts of productive inputs or appropriately share risk with the principal. While an oversight failure can result in costs to an adviser vis-à-vis reputational costs, fiduciary liabilities, or other costs, an adviser's oversight activities are at least partially unobservable to the client. This results in a moral hazard problem that exacerbates the risk of the adviser taking actions that increase their well-being at the expense of their clients, such as pursuing cost savings on decisions to outsource, due diligence, monitoring, and recordkeeping, where the cost savings accrue to the adviser but increase operational risks for clients and investors.
See, e.g., Bengt Holmstrom, Moral Hazard and Observability, 10 Bell J. of Econ. 1 (1979). (“It has long been recognized that a problem of moral hazard may arise when individuals engage in risk sharing under conditions such that their privately taken actions affect the probability distribution of the outcome . . . . The source of this moral hazard or incentive problem is an asymmetry of information among individuals that results because individual actions cannot be observed and hence contracted upon.”); Bengt Holmstrom, Moral Hazard in Teams, 13 Bell J. of Econ. 2 (1982). (“Moral hazard refers to the problem of inducing agents to supply proper amounts of productive inputs when their actions cannot be observed and contracted for directly.”). In other contexts, moral hazard refers to a party taking on excessive risk when knowing another party will be responsible for negative outcomes. This alternative definition may be viewed as a special case of the broader economic definition associated with the difficulty of contracting for privately taken actions. See, e.g., Adam Carpenter, Moral Hazard Definition, U.S. News (Aug. 11, 2022), available at https://money.usnews.com/investing/term/moral-hazard.
Conversely, an adviser's reputation motives—the fear of market-imposed loss of future profits—should generally work against the tendency to underinvest in oversight of service providers. However, for smaller advisers—who do not enjoy economies of scale or scope, and generally have less valuable brands—the cost of implementing robust service provider oversight would be relatively high, while their reputation motives would be more limited, because there is less reputational capital to lose. Thus, smaller advisers can be expected to be especially prone to moral hazard problems and resulting underinvestment in service provider oversight.
Further potential or actual conflicts of interest can emerge between advisers, service providers, and the adviser's clients, because either the adviser or the service provider can act as an agent to the adviser's clients, benefitting at the client's expense. These conflicts of interest may therefore be exacerbated by the client's limited visibility into the service provider's practices. For example, without oversight, the service provider may pursue cost savings on its operations that increase risk to the adviser's clients, because the service provider benefits from cost savings but operational risks are costly to the adviser's client. As another example, as discussed above, there may be conflict of interest risks when a service provider recommends or otherwise highlights investments to advisory clients that the service provider also owns or manages for others.
See supra section I.A.
An adviser's use of service providers to provide multiple functions could also increase operational risk. If an adviser is dependent on a service provider for a large number of services, any disruption or interruption to those services could affect an adviser's services to its clients. If the service provider becomes unable to perform those functions, clients of the investment adviser may be harmed to the extent the investment adviser is unable to find a suitable replacement for the service provider or provide the services itself. The more services provided by a given service provider, the greater the potential effect on investment advisory clients, through any of the previously discussed risks or channels of harm.
See supra section I.A. However, it is not always the case that an adviser that only outsources a single function is less at risk than an adviser that outsources multiple, if the single outsourced function is more critical to the adviser's provision of advisory services.
In certain circumstances, the use of service providers could create broader or systemic risks as well. In particular, to the extent that the failure of a single service provider would cause operational failures at multiple advisers, that service provider may represent a source of systemic risk. For example, because service providers have become more specialized in recent years, for certain functions there may be only a few entities offering relevant (often information technology-dependent) services, and so multiple regulated entities could use a common service provider. In other cases, multiple service providers may merge to become a single market leader. These or related circumstances could, in turn, concentrate operational risk. If a large number of investment advisers were to use a common service provider, operational risks could be correspondingly concentrated. Increased concentration of operational risk could, in turn, lead to an increased risk of broader market effects during times of market instability, compounding any of the previously discussed risks and channels of harm. For example, in one instance a corrupted software update to accounting systems at a widely-used fund accounting provider caused industry-wide concern over the accuracy of fund values for several days, in which an estimated 66 advisers and 1,200 funds were unable to obtain system-generated NAVs for several days. This could also include cases where advisers discount the risks of a service provider failing because they view the service provider as “too big to fail,” and assume that regulators will deploy public funds to rescue the service provider in the event of its failure.
IOSCO Report, supra footnote 13.
FSB Discussion Paper, at 2, supra footnote 14
See supra section I.A.
IOSCO Report, supra footnote13. The IOSCO Report cites examples of risks that could lead to systemic risk if multiple entities use a common service provider including: (1) if the service provider suddenly and unexpectedly becomes unable to perform services that are material or critical to the business of a significant number of regulated entities, each entity will be similarly disabled, (2) a latent flaw in the design of a product or service that multiple regulated entities rely upon may affect all these users, (3) a vulnerability in application software that multiple regulated entities rely upon may permit an intruder to disable or corrupt the systems or data of some or all users, and (4) if multiple regulated entities depend upon the same provider of business continuity services ( e.g., a common disaster recovery site), a disruption that affects a large number of those entities may reduce the capacity of the business continuity service.
Investment advisers and their clients may not currently be aware of, or currently have enough information or otherwise be able to assess, concentration risks where multiple investment advisers use a common service provider.
See supra footnotes 16, 17, and accompanying text.
The Financial Conduct Authority observed UK asset managers in 2012 and expressed concern that some firms appear to rely on the fact that an outsourced service provider is a large financial institution, which regulators might look to rescue using public funds, in order to justify minimal oversight, among other potential gaps in service provider oversight practices. See FSA, To the CEOs of Asset Managers (Dec. 2012), available at https://webarchive.nationalarchives.gov.uk/ukgwa/20140305053157mp_/http://www.fsa.gov.uk/static/pubs/ceo/review_outsourcing_asset_management.pdf.
When a function is performed internally, advisers have access to information necessary to demonstrate compliance with the Advisers Act or rules. Such information is helpful for the Commission's use in its regulatory programs, including examinations, investigations, and client and investor protection efforts. Transparency in outsourced functions, likewise, is helpful for assessing regulatory compliance and remediating problems as they occur. For example, if several advisers follow an investing strategy based on a particular third-party investment model, an error by the model provider may cause widespread errors in the client accounts invested relying on the model, and with greater transparency the Commission could quickly analyze the potential breadth of the impact and take appropriate actions. Further, advisers that outsource a certain function sometimes indicate that because they outsource the function, they lack access to the information necessary to demonstrate compliance with a provision of the Advisers Act or rules. In addition, investment advisers have limited disclosure or books and records obligations with respect to their use of service providers. In other cases, a service provider may deliver some services from locations outside of the United States, which introduces potential oversight and regulatory gaps or oversight challenges. The resulting reduced transparency into the use of service providers, then, creates the potential that the Commission does not have information that could enhance its ability to evaluate and form regulatory policies and to assess markets for client and investor protection.
See supra section I.A.
See supra section I.A for more detailed discussion.
See supra section III.B.1; see also infra section III.B.3.
See supra section I.A.
See supra section I.A. For example, the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing.
Clients or investors may also face heightened risk of harm from each of these risks to the extent that they are misled about the adequacy of the adviser's due diligence in engaging service providers and the adviser's oversight of outsourced functions. If clients or investors understood clearly the extent of an adviser's oversight and management of risks associated with outsourcing a covered function, the price of advisory services could account for expected operational risks to the extent that clients have bargaining power. But when an adviser holds itself out to clients and potential clients or investors as an investment adviser that can provide certain advisory functions or services, the adviser implies that it remains responsible for the performance of those services and it will act in the best interest of the client in doing so. An adviser remains liable for its obligations, including those under the Advisers Act, the other Federal securities laws, and any contract entered into with the client, even if the adviser outsources the function.
See supra section I.A; see also infra section III.B.3.
Finally, clients or investors may face increased risk of harm from rare but catastrophic operational failures that may be difficult for advisers and clients or investors to predict, and thus price into their negotiated agreements. These types of events, because they are rare and difficult to predict, may go unaccounted for in the pricing of instruments, investments, or contracts. Similar to the previous discussion, rare but catastrophic operational risks may result from the compounding of different categories of operational risks. For example, such risks may result from an adviser who has outsourced multiple critical functions to service providers in a single geographic region, all of whom the adviser may assume are typically reliable and thus not proactively monitored by the adviser, but who may all simultaneously face disruption in the face of extreme weather, a geopolitical event or public health crisis. To the extent that advisers have outsourced critical functions to third-party service providers who are often reliable but are not subject to the adviser's oversight, these service providers represent potential risks that investors and advisers may not be able to price into their contracts.
See, e.g., Howard Kunreuther & Mark Pauly, Insuring Against Catastrophes in The Known, the Unknown, and the Unknowable in Financial Risk Management (Francis X. Diebold, Neil A. Doherty and Richard J. Herring eds., 2010), at 210-238.
Patterns in Adviser Use of Service Providers. One motivation for an adviser to outsource a function is that outsourcing might offer efficiencies that are unavailable to or unachievable by the adviser. Potential gains in efficiency may not be the same for all advisers. For example, gains may be related to factors such as adviser size (as measured by RAUM), or the types of clients advisers serve.
See supra section I.A.
As discussed above, Form ADV identifies the use of certain service providers and whether these service providers are related parties or third parties, but only for private funds. For administrators, a higher proportion (80%) of the largest 10% of advisers rely on third-party service providers than is the case for the smallest 10% advisers (75%). Additionally, the use of related-party administrators is rare, ranging from 1%-6% across adviser size deciles, in comparison to the use of third-party administrators, which ranges from 74%-80%.
See supra section III.B.1.
Adviser size is measured by RAUM.
Source: Form ADV, Schedule D, Section 7B(1), Item 26. All data reflect updated records as of July 2022. Also as discussed above, because these items are only reported by private fund advisers, this analysis is not representative of the broader investment adviser industry. There may also be other categories of service providers not captured by Form ADV. See supra footnote 104.
Additionally, as discussed above, certain additional items on Form ADV provide information on all RIAs' outsourcing of services, but also do not distinguish between third-party and related-party service providers. Table 5 below provides information on the extent to which the use of these service providers varies across advisers as a function of RAUM. As is the case with advisers' use of administrators above, Table 5 shows that larger advisers are more likely than smaller advisers to report using these categories of service providers.
See supra section III.B.1.
As discussed above, Form ADV provides information on certain types of related-party service providers, but does not include whether an adviser outsources to the related-party service provider. Because Form ADV does not include information indicating whether an adviser outsources to a related-party service provider, we focus the information provided in Table 6 on advisers' use of third-party service providers.
Table 5—Adviser Use of Additional Service Providers
Size decile | Chief compliance officer (%) | Record keeping (%) |
---|---|---|
Smallest | 8 | 33 |
2 | 4 | 28 |
3 | 5 | 29 |
4 | 6 | 33 |
5 | 5 | 37 |
6 | 6 | 40 |
7 | 6 | 51 |
8 | 6 | 61 |
9 | 5 | 73 |
Largest | 2 | 88 |
Source: Form ADV, Part 1A, Item 1J(2) and 1L. The table shows the within-size-decile percentage off all RIAs. Item 1J(2) may undercount the Chief Compliance Officer figure since it excludes those employed by a registered investment company. Item 1L may overcount the Record Keeping estimate since it does not exclude branch offices. All data reflects updated records as of July 2022. |
Table 6 below provides further information on the extent to which adviser use of service providers varies across advisers as a function of the type of client to which the registered investment adviser attributes a majority of their RAUM.
Table 6—Adviser Use of Additional Service Providers by Majority Client Type
Client type | Chief compliance officer (%) | Record keeping (%) |
---|---|---|
High net worth individuals | 4 | 30 |
Pension and profit-sharing plans | 5 | 44 |
Banking or thrift institutions | 7 | 42 |
Charities | 4 | 54 |
Other investment advisers | 9 | 45 |
Investment companies | 13 | 68 |
State/municipal entities | 5 | 62 |
Pooled investment vehicles | 5 | 76 |
Non-high net worth individuals | 6 | 32 |
Foreign institutions | 0 | 76 |
Business development companies | 19 | 79 |
Insurance companies | 8 | 67 |
Corporations | 6 | 48 |
Other client types | 15 | 55 |
Source: Form ADV, Part 1A, Item 1J(2) and 1L. Item 1J(2) may undercount the Chief Compliance Officer figure since it excludes those employed by a registered investment company. Item 1L may overcount the Record Keeping estimate since it does not exclude branch offices. All data reflects updated records as of July 2022. |
3. Applicable Law Impacting Use of Service Providers
Advisers who use service providers, whether a related-person or third-party service provider, may currently conduct activities related to each of the proposed obligations, such that varying degrees of due diligence, risk mitigation and management, monitoring, recordkeeping, and other oversight-related activities may already occur in the marketplace. Certain advisers may currently conduct some or all of the proposed activities to satisfy a variety of legal requirements.
In addition to regulatory requirements, advisers may already currently conduct some or all of the proposed activities solely as a matter of good business practice.
First, an adviser who has outsourced a function to a service provider remains liable for its obligations, including under the Advisers Act or other Federal securities laws. Advisers' fiduciary duty comprises a duty of loyalty and a duty of care, the latter of which includes providing investment advice in the best interest of the client, based on the client's objectives. For example, where an investment adviser has the responsibility to select broker-dealers to execute client transactions, the adviser is obligated to seek to obtain “best execution” of client transactions given the circumstances pertaining to the transactions.
See supra section I.A.
Id.
See Standard of Conduct Release, supra footnote 21, at section I.A. (“When seeking best execution, an adviser should consider `the full range and quality of a broker's services in placing brokerage including, among other things, the value of research provided as well as execution capability, commission rate, financial responsibility, and responsiveness' to the adviser.”) (quoting Interpretive Release Concerning the Scope of Section 28(e) of the Securities Exchange Act of 1934 and Related Matters, Exchange Act Release No. 23170 (Apr. 28, 1986)); Commission Guidance Regarding Client Commission Practices under Section 28(e) of the Securities Exchange Act of 1934, Exchange Act Release No. 54165 (July 18, 2006), available at https://www.sec.gov/rules/interp/2006/34-54165.pdf.
Where an investment adviser fails to satisfy its obligations, including fulfilling its fiduciary duty to clients or complying with the Advisers Act and other Federal securities laws, its conduct may result in potential liability under the antifraud provisions of the Federal securities laws. Investment advisers are subject to Section 206 of the Advisers Act, which prohibits engaging “in any act, practice, or course of business which is fraudulent, deceptive, or manipulative.” Section 206(4) specifically empowers the Commission to adopt rules defining fraudulent acts and practices and to prescribe means reasonably designed to prevent their occurrence. In addition to the antifraud provision of the Advisers Act, investment advisers are also subject to other antifraud provisions under the Federal securities laws and misconduct by an adviser may result in liability under such other provisions, including Section 17 of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and rule 10b-5 thereunder.
See15 U.S.C. 77q; 15 U.S.C. 78l; and 17 CFR 240.10b-5.
Second, investment advisers registered with the Commission are required to adopt and implement written policies and procedures reasonably designed to prevent violation of the Federal securities laws. The Commission has said that Rule 206(4)-7 requires advisers to consider their fiduciary and regulatory obligations under the Advisers Act and to formalize policies and procedures to address them. The rule does not enumerate specific elements that advisers must include in their policies and procedures and each adviser should adopt policies and procedures that take into consideration the nature of that firm's operations. Registered investment companies are subject to similar compliance procedures and practices pursuant to rule 38a-1 under the Investment Company Act of 1940 and to the extent certain advisers have clients that are registered investment companies, the adviser and certain specified service providers may be subject to relevant provisions of the rule.
See Compliance Programs of Investment Companies and Investment Advisers, Investment Advisers Act Release No. 2204 (Dec. 17, 2003), at section II.A.1 (adopting rule 206(4)-7), available at https://www.sec.gov/rules/final/ia-2204.htm.
See id.
Rule 38a-1 requires policies and procedures to provide for oversight of certain service providers to the registered investment company, including its investment advisers, principal underwriters, administrators, and transfer agents. The rule also requires the registered investment company's board of directors, including a majority of its independent directors, to approve its investment adviser's policies and procedures based on a finding that the policies and procedures are reasonably designed to prevent violation of the Federal securities laws by the registered investment company and the adviser. In addition, the registered investment company is required to review its policies and procedures, as well as those of its investment adviser, annually. See17 CFR 270.38a-1.
As discussed, many investment advisers outsource various functions supporting the adviser's services and processes. Investment advisers who presently outsource covered functions may already conduct any or all of the proposed required due diligence and monitoring obligations with respect to outsourced covered functions. Further, such advisers may already incorporate these practices into their written policies and procedures. However, while there is an existing framework under which advisers may oversee certain service providers, there is no existing provision under the Advisers Act expressly requiring due diligence and monitoring for those service providers.
Certain entities may be subject to particularized requirements under other regulatory regimes. For example, firms that are dually registered broker-dealers are subject to FINRA Rule 3110 which requires members to, among other provisions, establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations. This supervisory system must, among other requirements, designate an appropriately registered principal with authority to carry out the supervisory responsibilities of the member for each type of business in which it engages for which registration as a broker-dealer is required. See, e.g., Rule 3110 Supervision, available at https://www.finra.org/rules-guidance/rulebooks/finra-rules/3110.
For example, advisers may already conduct some due diligence and monitoring with respect to service providers relating to the handling of sensitive client information in complying with their obligations under applicable laws. Section 204A of the Advisers Act requires advisers to maintain and enforce written policies and procedures with the aim of preventing the firm or any person associated with the firm from misusing material non-public information, with rule 204A-1 thereunder requiring, among other things, that an adviser's code of ethics set forth requirements that certain advisory personnel report personal securities trading and that the adviser's supervised persons must comply with Federal securities laws. Thus, some investment advisers may currently conduct due diligence and monitoring in enforcing their code of ethics, which encompasses certain aspects of the adviser's relationship with service providers.
See15 U.S.C. 80b-4a and 17 CFR 275.204A-1. However, rule 204A-1 is intended to apply only to “access persons” of an investment adviser and does not apply to unrelated third parties.
Third, investment advisers use Form ADV to register with the SEC, register with one or more state securities regulators, and amend those registrations. Form ADV elicits detailed information concerning the adviser and its owners, business practices, employees, and disciplinary history. While Form ADV requires reporting on certain parties, such as the adviser's industry affiliations and certain clients, it does not currently require reporting on all service providers that perform what would be covered functions under the proposal.
Form ADV also serves as a reporting form for exempt reporting advisers.
Fourth, the Federal securities laws require investment advisers, registered investment companies, and others to make and keep books and records. The recordkeeping requirements are a key part of the Commission's regulatory program for advisers and funds, as they allow us to monitor adviser and fund operations, and to evaluate their compliance with the Federal securities laws. Existing Rule 204-2, which would be amended by the proposal, currently provides certain requirements for books and records to be maintained by investment advisers while various rules under the Investment Company Act of 1940, as amended, provide similar requirements for specified records to be maintained by registered investment companies. To the extent certain advisers have clients that are registered investment companies, those advisers may be subject to relevant recordkeeping obligations under the 1940 Act. For example, if the board of directors of a registered investment company has designated performance of fair value determinations to the adviser under rule 2a-5 of the 1940 Act, the adviser is obligated to maintain the records required by the related recordkeeping provision. Rule 204-2 details the types of required records as well as the manner, location and duration of records to be maintained by registered investment advisers. For example, rule 204-2(g) permits investment advisers to use electronic storage media for records required to be maintained under Rule 204-2. However, the rule does not prescribe specific requirements for when an adviser outsources one or more of the required recordkeeping functions to a third party. Commission staff has addressed third-party recordkeeping in two staff letters, which include certain similar components to the proposed amendments to rule 204-2. Although it is not required by rule, advisers who presently outsource covered functions may already make and keep relevant books and records with respect to their oversight of service providers.
See infra section V.E.; see, e.g., 17 CFR 270.31a-1, 17 CFR 270.31a-2, 17 CFR 270.31a-3, 17 CFR 270.31a-4.
See17 CFR 270.2a-5; 17 CFR 270.31a-4.
See OMGEO NAL, supra footnote 25, at n.3 (citing First Call and National Regulatory Services, SEC Staff No-Action Letter (Dec. 2, 1992)); First Call NAL, supra footnote 25.
See infra section V.A.2.
Fifth, Regulation S-P: Privacy of Consumer Financial Information (“Regulation S-P” or “Reg S-P”) provides requirements to adopt written policies and procedures reasonably designed to: (i) insure the security and confidentiality of customer records and information; (ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. All registered investment advisers who are financial institutions or creditors with covered accounts are also subject to Regulation S-ID: Identity Theft Red Flags (“Regulation S-ID” or “Reg. S-ID”), under which they are required to develop and implement a written identity theft program that includes policies and procedures to identify relevant types of identity theft red flags, detect the occurrence of those red flags, and to respond appropriately to the detected red flags.
See17 CFR 248.30.
17 CFR 248.201(d)(2); 17 CFR pt. 248, subpt. C, app. A. See also infra section V.E.
Sixth, some advisers may be subject to additional regulatory regimes that implicate customer information safeguards. For example, advisers to private funds may be subject to the Federal Trade Commission's Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) that contains a number of modifications to the existing rule with respect to data security requirements to protect customer financial information. Additionally, advisers that are affiliated with banks may be indirectly subject to safeguarding standards that include a requirement for a data breach response plan or program. Advisers who anticipate needing to comply with these privacy regulations may already conduct any or all of the proposed required obligations with respect to service providers who are responsible for customer information.
16 CFR pt. 314; see also86 FR 70308 (Dec. 9, 2021) (Jan. 10, 2022, effective date; Dec. 9, 2022, applicability date for certain provisions).
See 70 FR at 15752, available at https://www.federalregister.gov/d/05-5980. Specifically, The Banking Agencies' Incident Response Guidance provides, among other things, that when an institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to determine promptly the likelihood that the information has been or will be misused. If the institution determines that misuse of the information has occurred or is reasonably possible, it should notify affected customers as soon as possible.
Lastly, registered investment advisers are subject to a variety of disclosure requirements that they must make to their investors, including certain disclosures vis-à-vis the registration forms of the funds they advise. For instance, open end funds register using Form N-1A, and closed end funds register using Form N-2. A fund's registration form includes information related to its basic operating structure, including its advisers and some of its service providers. However, there are no particularized requirements for these fund registration documents to discuss fund outsourcing, due diligence, or monitoring practices.
See Form N-1A, available at https://www.sec.gov/about/forms/formn-1a.pdf; see Form N-2, available at https://www.sec.gov/files/formn-2.pdf.
C. Broad Economic Considerations
As discussed above, investment adviser clients and investors rely on the delegated asset management industry, which includes investment advisers registered or required to be registered with the Commission, for a wide variety of wealth management and financial planning functions to their advisers, including tax, retirement, estate, education, and insurance services. These services are critical for investors to plan for the future and diversify their investment risks. Investment advisers are responsible, under existing regulatory regimes, for a wide variety of functions in order to provide these advisory services. Over time, investment advisers have in turn outsourced certain functions that are necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws as a response to competitive pressures, growing demand for advisory services, and increasingly complex client demands.
See supra section I.A.
See supra section I.A, III.B.3.
See supra section I.A, III.B.2.
Without a minimum and consistent framework for identifying, mitigating, and managing risks to clients, outsourcing can lead to client harm through the channels described above, such as clients being misled, their adviser making investment decisions based on incorrect data, having sensitive information misappropriated, potential or actual conflicts of interest, or failures to provide records for regulatory oversight. While many advisers may be aware of the risks and account for them appropriately when deciding whether and how to engage or continue to use service providers, our staff has observed that not all advisers provide a sufficient level of oversight with respect to their service providers, despite the existing fiduciary duty and other legal obligations applicable to advisers. This is because, while advisers and funds face relevant competitive market forces and therefore have private reputational incentives to maintain some level of oversight of service providers, market failures can lead their chosen levels of oversight to be sub-optimally low, both from the perspective of what each individual adviser's clients and investors would prefer, and from the perspective of optimal levels of oversight for broader or systemic operational risks.
See supra section III.B.2.
See supra section I.A, III.B.3.
See supra section III.B.2.
These market failures provide the economic rationale for the proposed rule because they indicate that, without Commission action, clients and advisers have limited abilities and incentives to implement effective reforms, such as those in the proposed rules, for several reasons. First, there are a number of practical issues investment advisers and their clients and investors may face in coming to agreement on, measuring, and accounting for risks due to outsourcing. Second, the client's inability to observe an adviser's effort in oversight of service providers gives rise to principal-agent and moral hazard problems that can contribute to an adviser exerting too little effort on oversight of its service providers. These problems are exacerbated by instances in which the adviser has limited visibility into a service provider's operations. Lastly, in addition to the effects from moral hazard and principal-agent problems, advisers' individual incentives to exert effort into oversight are likely to be lower than optimal where operational failures at service providers can carry broader or systemic risks. This is because individual advisers do not have incentives to consider the benefits that their oversight may provide to the investment advisory industry as a whole, including (and in particular) competing advisers. These difficulties are consistent with the outcomes discussed above, in which the Commission has observed operational failures by service providers affecting advisers' abilities to deliver services to their clients, despite existing fiduciary duty and other regulations, and we next discuss each of these difficulties in turn.
See supra section I.A.
With respect to the practical issues that currently may limit the ability or incentive of clients and advisers to adequately address the risks of outsourcing: First, because of the substantial variety and complexity of functions offered by service providers (such as client servicing, investment risk management, pricing, and reconciliation, among others), advisers and their clients may face difficulty in coming to agreement on and developing a common, consistent set of expected practices. These difficulties may be particularly pronounced in the case of covered functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience. Second, even if clients and advisers agree on the adviser's obligations, clients may face risks from rare but catastrophic operational events that are inherently difficult to predict, and thus difficult to account for when negotiating the terms of advisory services. While some degree of operational risk is inevitable, we believe that the proposed rule may help lower these risks through its due diligence and monitoring requirements.
For example, for an adviser who lacks experience in algorithmic-based trading but has retained an algorithmic trading firm and outsourced certain trading activity to that firm, clients and investors may benefit substantially from new requirements for risk analysis and due diligence on the part of the adviser. While the adviser would not need to fully understand the technical intricacies of the algorithmic trading service, it generally would need to have a reasonable understanding of the service and its associated risks, and be able to conclude that it can mitigate and manage those risks. See supra section II.B for more discussion.
See supra section III.B.2. While clients and advisers could price these risks into their contracts for advisory services through premiums for insurance coverage for operational failures, this would require clients and advisers to agree on the scope of coverage required.
Additionally, principal-agent problems, moral hazard problems, and related conflicts of interest in the relationships between clients, advisers, and service providers may limit incentives for private reform and the ability of these market participants to implement reform. The investment adviser relationship is subject to agency problems, including those resulting from conflicts, to the extent clients (the principals) and investment advisers (the agents) have different preferences and goals. Investment advisers may take actions that increase their well-being at the expense of clients, thereby imposing agency costs on their clients. Moreover, because an adviser's oversight of a service provider cannot be observed (and thus cannot be contracted for by the clients or investors), there is a moral hazard problem that may make it difficult for clients and investors to induce advisers to supply the proper amounts of oversight. Advisers may therefore be able to avoid implementing reforms of service provider oversight practices. It may also be likely for service providers to avoid reforms, because minimal oversight on the part of the adviser may open opportunities for service providers to pursue cost savings that increase operational risks, or opportunities for other conflicts of interest that could benefit the service provider or adviser at the client's expense. These principal-agent problems, moral hazard problems, and conflicts of interest may therefore be particularly strong in the context of conducting due diligence and monitoring of service providers, because clients have even less visibility into service provider functions than they do adviser functions.
See Standard of Conduct Release, at 31-32, supra footnote 21. An adviser's fiduciary duty can mitigate these agency problems and reduce agency costs by deterring investment advisers from taking actions that expose them to legal liability.
See supra section III.B.2, see also, e.g., Bengt Holmstrom, Moral Hazard and Observability, 10 Bell J. of Econ. 1 (1979). (“It has long been recognized that a problem of moral hazard may arise when individuals engage in risk sharing under conditions such that their privately taken actions affect the probability distribution of the outcome . . . . The source of this moral hazard or incentive problem is an asymmetry of information among individuals that results because individual actions cannot be observed and hence contracted upon.”); Bengt Holmstrom, Moral Hazard in Teams, 13 Bell J. of Econ. 2 (1982). (“Moral hazard refers to the problem of inducing agents to supply proper amounts of productive inputs when their actions cannot be observed and contracted for directly.”).
See supra section I.A.
See supra section III.B.2.
Lastly, because operational failures at service providers can carry broader or systemic risks, advisers' individual incentives to exert effort into oversight are likely to be lower than optimal from a societal standpoint. For instance, when a function is provided to many advisers by a small number of service providers, each adviser may not take into account the broader, systemic operational risk associated with that service provider's failure when determining the level of oversight that they individually, or privately, find optimal. For example, an investment adviser may not take into account the benefits that its own oversight of a service provider creates for its competitors. Moreover, to the extent that broader or systemic operational failures reduce client confidence in markets, there may be even greater differences in each adviser's privately optimal level of oversight and the optimal level of oversight from a societal standpoint. This is because an operational failure at a service provider for one adviser may reduce client confidence in other advisers, and advisers may not account for the additional impact of their service provider's operational failures on client trust in the investment advisory industry as a whole, including (and in particular) competing advisers.
See supra section III.B.2.
See Andreu Mas-Colell, et. al., Microeconomic Theory (Oxford University Press)(1995), at Chapter 11, for a general discussion of externalities. Through the lens of the theory of externalities and public goods, we believe that due diligence is equivalent to a public good supplied at a suboptimal quantity, which may be improved by the current proposed rule.
The proposed rules would therefore impose a set of minimum and consistent obligations on investment advisers registered or required to be registered with the Commission in the course of their outsourcing processes. These obligations are designed to address the risks and market failures described above in the context of outsourcing core advisory functions. These reforms are designed to promote a more comprehensive framework to address—and thereby reduce—risks to advisers and their clients that result from an adviser's use of service providers. These reforms also are designed to give the Commission and advisers' clients better information for oversight of advisers' use of service providers.
The scope of the proposed rule would be limited to investment advisers registered or required to be registered who have retained a service provider to perform a covered function. The proposed rule would restrict its scope to a covered function to provide sufficient oversight in those specific circumstances where the function or service is one that is necessary for the adviser to provide advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. A service provider would be a person or entity that performs one or more covered functions and is not a supervised person as defined in the Act. Excluding supervised persons from the definition of a service provider allows advisers to avoid the costs of complying with the proposed rule in those circumstances where the service provider is subject to the supervision and control of the adviser and the requirements of the rule would be duplicative.
Clients and investors would benefit from this minimum and consistent regulatory framework for identifying, mitigating, and managing risks associated with outsourced functions. They would benefit through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, improved confidence for clients and investors that advisers will be able to carry out their regulatory obligations, and greater regulatory transparency and resulting effectiveness of the Commission's client and investor protection efforts. Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience, such as algorithmic-based trading or use of predictive data analytics.
See supra section I.A, III.B.2; see also infra section III.D.4. For example, the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing.
The costs of the proposed rules would include the costs of meeting the minimum regulatory requirements of the rules, including the costs to advisers of updating, as appropriate, their compliance programs in response to the due diligence, monitoring, and record keeping requirements. For SEC-registered investment advisers, the costs would also include the costs of updating their Form ADV filings to include the new required reporting. To the extent advisers currently outsource covered functions, the cost of outsourcing covered functions is typically borne by advisers—some or all of which, may be passed on to clients. Under the proposed rule, compliance costs would be borne by advisers that currently outsource covered functions or that may outsource covered functions in the future. For example, and as an initial matter, advisers would incur costs associated with determining if outsourced functions are subject to the requirements of the proposed rule. Those advisers, in turn, may attempt to pass costs on to their clients. The ability of advisers to pass compliance costs to their clients may depend on the willingness of clients to incur those additional costs. Further, service providers of covered functions would incur costs outside of their normal course of business as a result of adviser requests for information to comply with their due diligence and monitoring requirements of the proposed rule. These costs would likely lead to some service providers charging additional fees to advisers, some or all of which may be passed on to advisers' clients.
We believe the costs of the proposed rules would be limited by several factors. First, some advisers may already meet certain portions of the obligations that would be required under the proposed rules in the course of complying with existing legal obligations, and their costs would only include the costs associated with obligations they do not already meet. Second, certain advisers may determine that the costs of completing a function themselves with equal efficiency and quality as their service provider are less than the costs of the service provider plus the regulatory oversight costs. For these advisers, the costs of the proposal would be no greater than the costs associated with transitioning to completing the function themselves, as this choice would place the covered function in the purview of a supervised person of the adviser, and therefore outside of the scope of the proposed rule. However, this mitigating factor may be less relevant for smaller advisers, who may be less able to perform their outsourced functions themselves with equal efficiency and quality as their service provider.
See supra section III.B.3.
Our discussion in section III.D below describes in more detail how each of the benefits and costs would result from each of the elements of the proposed rules.
D. Benefits and Costs
1. Due Diligence
The proposed rule would require advisers to conduct reasonable due diligence before engaging a provider. Through this due diligence, advisers would be required to: (i) identify the nature and scope of the covered function the service provider is to perform; (ii) identify and determine how it would mitigate and manage the potential risks to clients or to the investment adviser's ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function; (iii) determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner; (iv) determine whether the service provider has any subcontracting arrangements that would be material to the service provider's performance of the covered function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the investment adviser's ability to perform its advisory services in light of any such subcontracting arrangement; (v) obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser's compliance with the Federal securities laws; and (vi) obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.
See proposed rule 206(4)-11(a)(1).
See supra section II.B. The benefits and costs of the required recordkeeping provisions associated with due diligence are discussed in section III.D.3.
a. Benefits
A minimum and consistent due diligence framework would benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, and greater regulatory transparency and resulting effectiveness of the Commission's client and investor protection efforts. Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience. Certain prongs of the proposed due diligence requirement of the rule would provide further individualized contributions to these benefits, to the extent that advisers do not already complete each of the proposed requirements in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties.
See supra section III.C.
See supra sections III.B.2, III.C.
First, because advisers must determine the nature and scope of any covered function that a service provider is to perform, advisers would be required to have a basic understanding of what the service provider will do and how they will do it. This preliminary step would enhance the effectiveness of any other component of an adviser's due diligence process, including the proposed required framework, by ensuring that the adviser has taken basic steps to prepare to actively engage with the service provider to address issues as they arise. These benefits may be particularly pronounced in the case of new or experimental functions for which the adviser has limited expertise or experience. Additionally, analyzing the nature and scope of a covered function could allow for early implementation of safeguards in response to identified vulnerabilities, which could benefit clients by reducing the risk of harm arising from preventable performance shortfalls by service providers. For example, if an adviser seeks to outsource portfolio management activity, it may discover through its nature and scope analysis that its clients' personally identifiable information may be exposed, or that the service provider would be subject to a conflict of interest with another adviser. The adviser could then either take steps to mitigate and manage these risks or choose to retain directly supervised persons to manage its advisers' portfolios.
See supra section II.B.1.
Second, the proposed rule would require an adviser with an outsourced covered function to identify and determine how it would mitigate and manage the potential risks of outsourcing. This would include an analysis of the general risks of outsourcing a covered function, as well as the particular risks of the specific service provider selected by the adviser. Potential client harm caused by a service provider's failure to perform (or a service provider performing negligently) the outsourced function could be significantly mitigated, or even avoided, if the adviser conducts appropriate risk analysis, mitigation, and management prior to outsourcing a function.
See supra section II.B.2.
Third, by requiring advisers to determine service providers have the competence, capacity, and resources necessary to provide the services they offer in a timely and effective manner, the proposed rule could benefit advisers' clients through early identification of a variety of risks associated with the service provider's business. Clients and investors would benefit, because outsourcing an investment adviser's function to a service provider without the necessary competence, capacity, and resources to perform that function can undermine the adviser's provision of services and mislead or otherwise harm clients.
We believe that the lack of any of these elements in a service provider can hinder the ability of an adviser to outsource to that service provider and also remain consistent with the adviser's fiduciary duty to its clients. For instance, an adviser may discover a service provider of a labor-intensive service has insufficient staff, or that a service provider lacks sufficient specialized systems or equipment to carry out a particular technical function. These conditions may be contrary to the client's understanding of their agreement with the adviser, because the adviser is responsible for these operations even though the service is outsourced. In these cases, both the adviser and its clients would benefit from the opportunity to identify a more appropriate provider of the covered function in question, though these benefits may be mitigated to the extent that identifying such a provider is costly.
These circumstances may particularly arise in the context of affiliated service providers where a parent entity determines that an adviser must purchase services or otherwise consume services from the parent or from another affiliate. The adviser that is outsourcing, if permitted to do its own analysis, might have opted to use a different provider or not to outsource at all.
Fourth, operational risks may be heightened in instances where a service provider uses many subcontractors or when a service provider switches subcontractors for arrangements that are material to the performance of the covered function. The proposed rule is designed to mitigate this heightened risk by including subcontracting arrangements in the scope of an adviser's required due diligence and requiring the adviser to mitigate and manage potential risks in light of the subcontracting arrangements, provided the subcontracting arrangement is material to the service provider's performance of the covered function. This additional layer of required due diligence can provide more oversight and visibility into the full set of functions managed by service providers. For example, this component of the proposed due diligence would provide greater oversight and visibility into an arrangement in which a service provider that provides trading platform services engages a subcontractor to write software code, test the software, or retrieve data for use on the trading platform. In turn, clients and investors may benefit from the opportunity to evaluate the risks presented by a service provider that might otherwise be hidden in the service provider's set of subcontractors.
See supra section II.B.4.
Fifth, by requiring advisers to obtain reasonable assurance from their service providers of coordination for purposes of the advisers' compliance with the Federal securities laws, the proposed rule would likely improve confidence for clients and improve communications between advisers and service providers. When advisers set clear processes and ground rules with their service providers in order to remain compliant with the Federal securities laws, clients may have additional confidence that their advisers will be able to carry out their regulatory obligations. Additionally, obtaining such reasonable advance assurance from service providers may lead to more efficient and effective lines of communication between advisers and their service providers. This improved communication between advisers and service providers may be especially helpful to advisers to mitigate client harm in times of market stress and where a service provider is not be directly subject to the Federal securities laws and therefore is unaware of the potential impact of their services on the adviser's compliance with those obligations.
Sixth, the orderly termination requirement may have the benefit of mitigating the risk to clients that advisory services are abruptly disrupted due to an agreement between the client's adviser and a service provider being terminated. It also may decrease the risk that an adviser will find itself unable to comply with the Federal securities laws in the event of such a disruption. By compelling advisers to prepare for an orderly termination, the rule may prevent heightened costs of staying compliant with the Federal securities laws or maintaining good business practices in a disorderly termination. Further, by potentially increasing the protection of confidential or sensitive information during or after termination, such as the return or destruction of documents or revocation of service provider access or privileges, the rule may give clients and investors more confidence in procuring advisory services from registered investment advisers. Finally, to the extent that the rule requires reasonable assurance of termination rights and processes, the rule may reduce costly legal disputes between these parties. For example, these risks may be heightened in the case where an adviser terminates a service provider covering valuation services, where the process of transitioning client accounts may result in those accounts falling out of compliance with valuation requirements. By compelling advisers to prepare for an orderly termination, the rule would help to protect clients from inaccurate valuations of their assets, it would help to protect clients from misappropriation of confidential or sensitive information regarding their portfolio holdings, and it would help to ensure proper transfer and retention of records, among other protections.
See supra section II.B.6.
The magnitude of the benefits would depend on the extent of advisers' current due diligence functions that they complete in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties. Advisers that currently engage service providers may already have the proposed processes or similar processes in place. To the extent advisers currently have processes in place that would be in compliance with the proposed rule, the client and investor protection benefit of the proposed due diligence processes would be diminished.
See supra sections III.B.2, III.C.
See supra section III.B.3.
With respect to the proposed compliance coordination requirements in particular, advisers that engage service providers today may already be taking steps to mitigate the risk that these arrangements do not impede an adviser's ability to remain compliant with the Federal securities laws. The benefits of the proposed compliance coordination requirement would therefore be lessened the more advisers currently satisfy the proposed requirement.
b. Costs
Similar to the benefits, the magnitude of the costs would depend on the extent of advisers' current due diligence on their covered functions. However, most advisers would likely face certain minimum costs, as even an adviser who conducts little outsourcing or who already conducts substantial due diligence in accordance with their fiduciary duty would likely still undertake a careful review in order to confirm that they are in compliance with the rule.
See supra section III.B.3, III.C.
For example, an adviser who already conducts substantial due diligence would still need to review their due diligence processes to confirm that their processes constitute appropriate risk analysis, mitigation, and management. See supra section II.B.2.
Service providers would also face increased costs as a result of these due diligence requirements, which may be partially or fully passed on to advisers. These would include costs to service providers who respond to requests from advisers for information or otherwise participate in the adviser's due diligence, costs to service providers to update or reform their operations, as well as costs to negotiate or re-negotiate service arrangements. These requirements would involve senior business, legal and compliance personnel, external costs for counsel, and potential costs for hiring of additional personnel to help with these burdens. Any portion of the resulting costs that is not borne by service providers would ultimately be passed on to advisers, and may in turn be passed on to clients and investors.
The division of the service provider's direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties. In certain cases, the service provider may accommodate adviser requests without charging additional fees or raising prices. This may particularly be the case for smaller service providers, who may have less bargaining power relative to their adviser customers. In other cases, the service provider may charge the full amount of their increased costs as a fee to the adviser. This may particularly be the case for smaller advisers, who may have less bargaining power relative to their service providers.
These costs are likely to be high initially, and decline over time as advisers develop their due diligence systems. However, ongoing costs of the proposed due diligence requirements would not decline to zero over time. Advisers would face ongoing annual due diligence costs, separate from their monitoring costs, when they change service providers, renegotiate contractual relationship with service providers, change which of their functions they outsource, or implement other such changes that require new due diligence. Advisers would also face certain costs anytime they consider implementing such changes to their business, even if they do not proceed with the change, because part of their necessary evaluation of the business decision would include evaluating the due diligence they would need to undertake.
The costs estimated in this section are associated with actually conducting the proposed due diligence requirements, and are thus in addition to the PRA costs discussed below, which are limited to the collection of information costs of the proposed recordkeeping requirements associated with the proposed due diligence requirements. See infra section IV.
In addition, some advisers may choose to update their systems and internal processes and procedures for due diligence in order to better respond to this requirement. These updates may require the time and attention of business and operational personnel, which may detract from their regular functioning. Additionally, business and operational personnel may incur costs that arise from negotiating contractual safeguards with service providers in order to comply with due diligence requirements. The costs of those improvements would be an indirect cost of the rule, to the extent they would not occur otherwise, and they are likely to be higher initially than they would be on an ongoing basis. Finally, as noted in section III.C above, the collective costs of this proposal are unlikely to exceed the cost to the adviser of providing the covered function in-house, as this choice would place the covered function in the purview of a supervised person of the adviser, and therefore outside of the scope of the proposed rule. However, to the extent that an adviser responds to the proposed due diligence rules by providing a covered function in-house and does so less efficiently or at a lower quality than a service provider would, this loss of efficiency or quality would represent an additional burden of the proposed rule. Similarly, there may be cases where advisers currently have multiple service providers, but the due diligence costs would cause an adviser to reduce its reliance to only a single provider, even if it would result in less reliable or lower quality service to the adviser's clients, because of the costs to properly diligence a provider. Any portion of these costs that is not borne by advisers would ultimately be passed on to clients and investors.
See supra section III.C. However, this mitigating factor may be less relevant for smaller advisers, who may be less able to perform their outsourced functions themselves with equal efficiency and quality as their service provider.
Similar to the benefits, there would be individualized costs associated with certain prongs of the proposed due diligence requirements.
First, because determining whether a function is a covered function at all requires an analysis of the facts and circumstances of the function, advisers generally may have to undertake legal and other expenses to evaluate which of their functions are covered functions and thus in the scope of the rule. This analysis may be particularly costly for certain functions for which it may require thorough investigation to evaluate whether the function is necessary for the adviser to provide investment advisory services, or for which it may require thorough investigation to evaluate whether there would be a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services if the function was not performed, or if performed negligently. Advisers may also face additional costs to the extent they conservatively evaluate their outsourced functions, and ultimately conduct the proposed required due diligence activities on functions that may not be covered functions. As such, any costs of the proposed rule to service providers may additionally be faced by certain service providers who would be outside the scope of the rule, to the extent that advisers retaining their services conservatively determine they should exercise additional due diligence on them.
See supra section II.A.1.
The Commission requests comment on whether the proposed rule should explicitly list certain service providers or covered functions that the rule would apply to. See supra section II.A.
Second, for the purposes of the due diligence on nature and scope of covered functions, time and personnel costs may be necessary to obtain a sufficient understanding of the covered function to be outsourced. Fundamentally, an adviser may outsource a covered function if it is more efficient than devoting internal resources, or if the service provider can provide higher quality operations. To a lesser degree, the required nature and scope analysis may be costly, particularly when more complex or technical functions must be understood. This cost may present a necessary change in personnel duties whenever covered functions are considered for outsourcing, or as additional hiring of third-party experts to evaluate the processes of potential service providers if the adviser lacks the requisite experience to make an informed evaluation with available personnel. Similarly, service providers may incur costs associated with responding to requests for information from advisers, whether in the form of internal staff time, or costs of third parties providing independent assessments, and service providers may pass some or all these costs on to advisers, who may in turn pass on these costs to their clients and investors.
See supra section III.B.2.
Third, to the extent advisers' current processes for service provider risk analysis, mitigation, and management differ from the proposal, there would be direct costs necessary to comply with the specific proposed requirements. Also, to the extent that they are not already doing so in a manner that would meet the proposed rule's standards, advisers would incur costs to mitigate and manage any additional conflicts of interest created by outsourcing covered functions. The above costs would include demands on personnel time to verify that the depth and complexity of the analysis is consistent with the adviser's assessment of risks associated with the function being outsourced. There are a variety of paths that advisers could take to complete these requirements and meet these demands, and the costs would depend on the adviser's chosen route. For example, an adviser also could establish a redundancy in the outsourced service or function, such as by arranging a secondary pricing provider to provide pricing services in the event a primary pricing service provider fails, and could be used to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider. Such redundancy would increase costs to clients and investors, or could deter some advisers from engaging such third parties (even when it might be beneficial to offer clients and investors access to those services).
See supra section III.B.2.
Fourth, to the extent advisers' processes for lessening the risks associated with service providers' competence, capacity, and resources differ from the proposal, there would be direct costs necessary to comply with the proposed requirements. The cost of complying with this new requirement would be limited to the additional costs necessary to bring current practice into compliance with the proposed rule. Because this analysis should be based on the facts and circumstances of the functions being outsourced, costs will likely vary across functions that are being outsourced, but there will also be specific costs required to analyze the facts and circumstances of each function being outsourced. For example, if outsourcing a function is determined to be high risk due to the complexity of the function, the adviser may want to focus on the experience and expertise of the service provider's personnel. If the function is labor intensive, the adviser may consider whether the service provider has the necessary staffing to provide the function. The costs associated with these two circumstances are likely to be different. These requirements may also result in additional costs to service providers, to the extent they revise their practices in order to satisfy an adviser's requests to ensure that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner.
Fifth, for large service providers, there may be many subcontractors that materially contribute to the service provider's covered function. In such cases, it may be more burdensome for advisers to assess the potential risks each of these subcontracting arrangements may pose to the service provider's provision of the covered function. Similar to the costs associated with evaluating the nature and scope of covered functions, there may be extra costs to advisers in the case where it is ambiguous which subcontractors are material to the service provider's ability to perform the covered function. Further, advisers may face difficulty in getting providers or subcontractors to cooperate with risk assessment efforts. Lastly, depending on the amount of non-advisory business a service provider has, there may be a risk that a service provider would discontinue business with advisers rather than cooperate with the adviser's risk-assessment efforts to conduct due diligence on sub-contractors.
As a closely related matter, and in addition, cooperating with advisers' assessment of subcontracting arrangements may impose additional time and effort costs on service providers. In particular, service providers may face costs associated with determining which of their own subcontractors' services are material, meaning that nonperformance or negligent performance would be reasonably likely to cause a significant negative impact on the service provider's ability to perform the covered function. These would include similar costs that advisers would face in determining which outsourced operations are covered functions, including extra costs to service providers where it is ambiguous which subcontractors' services would be material to their ability to perform the covered function.
See supra section II.B.4.
Sixth, in the case of the compliance coordination requirement, direct involvement by business or operational personnel may be required to ensure that reasonable assurance of coordination for purposes of the adviser's compliance with the Federal securities laws has been obtained from service providers. Similarly, service providers may face costs in providing this reasonable assurance to advisers, requiring time of senior business, legal, and compliance personnel, as well as external costs for counsel. We expect such costs to be potentially high initially, but decrease over time as advisers adopt more streamlined systems to obtain this reasonable compliance. However, there may be instances in which advisers encounter reluctance from service providers to commit to cooperating. For instance, large service providers with many non-adviser customers, such as general cloud computing service providers, may be unwilling to accommodate as-needed unscheduled due diligence or monitoring requests by individual customers. In such cases, these service providers may either not do business with advisers or assess additional fees (which may be passed on to clients) to help advisers comply with the Federal securities laws. Finally, it is possible that some service providers, who are not themselves regulated by the Commission, may provide certain assurances to the adviser of compliance with the Federal securities laws and then simply fail to deliver on those assurances, resulting in an adviser needing to implement an unexpected and sudden termination of the service provider or transfer of operations to a different service provider, which we expect would be costly to the adviser and its clients.
However, these costs would potentially be mitigated by the proposed rule's requirement that advisers obtain reasonable assurance from the Service Provider is able to, and will, provide a process for orderly termination of its performance of the covered function. See supra section II.B.6.
Lastly, if service providers perceive the requirement to provide reasonable assurance that they can terminate their services in an orderly fashion to be too burdensome, or if they believe such assurance would not be reasonable, they may choose not to enter into agreements with registered advisers. In this case, advisers may be left with a limited selection of service providers, which may increase the costs or lower the overall quality of services. To the extent that additional costs outside of their normal course of business are required to provide such reasonable assurance to advisers, service providers would likely charge additional fees, some or all of which may be passed on to adviser's clients. Finally, the costs imposed by the orderly termination requirement may provide an incentive for certain advisers to avoid discontinuing business relationships with inefficient or low-quality service providers. However, this outcome may be unlikely, as the continued monitoring requirements described above would require advisers to reasonably determine that it remains appropriate to outsource to the service provider.
Advisers may particularly avoid discontinuing business relationships with inefficient or low-quality service providers to the extent that the proposed rule would reduce the population of viable service providers, either by preventing service provider entry, causing certain service providers to exit because of their increased costs, or causing service provider fees to increase. See infra section III.E.2.
See supra section II.B.6.
We estimate the direct costs to advisers associated with the proposed due diligence requirements, including legal expenses for an adviser to identify its covered functions and service providers, legal expenses for review of contracts to determine the nature and scope of the services provided for those covered functions, time and personnel costs to obtain a sufficient understanding of the covered function to be outsourced, securing of various reasonable assurances from service providers (which could be provided through written agreements, correspondence, or other written documentation, or through oral negotiations), and additional legal costs to review subcontracting arrangements, among others.
Because the nature and magnitude of these expenses are likely to vary across advisers and across covered functions, in particular because many advisers likely already satisfy many of the proposed requirements for due diligence processes as a result of competitive market forces and resulting reputational effects on individual advisers and in accordance with their fiduciary duty or other applicable law, we anticipate a range of possible costs of the rule. At minimum, we estimate that the proposed due diligence requirements would be completed by compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/hour), senior operations managers ($400/hour), operations specialists ($150/hour), compliance clerks ($77/hour), and general clerks ($68/hour). Certain advisers may need to hire additional personnel to meet these requirements.
See supra section III.B.3.
The Commission's estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association's Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV.
Advisers would face initial, one-time direct costs associated with coming into compliance with the proposed due diligence requirements, as well as ongoing annual direct costs associated with the due diligence requirements. As discussed throughout this section, the initial, one-time direct costs associated with coming into compliance with the proposed due diligence requirements are likely to be higher than the ongoing annual costs. For example, to the extent that advisers analyze the facts and circumstances analysis of each outsourced function, advisers may face substantial initial costs in determining their full set of covered functions.
See supra section II.A.
To estimate monetized costs to advisers, we multiply the hourly rates above by estimated hours per professional. We estimate that on average, advisers would require at a minimum 40 hours of time from each of the personnel identified above as an initial burden in coming into compliance with the proposed rule, assuming an average of 8 hours per covered function and five covered functions per adviser. As noted above, we believe it is likely that these minimum costs would be required even for an adviser who conducts little outsourcing or who already conducts substantial due diligence in accordance with their fiduciary duty, because such an adviser would likely still undertake a careful review in order to confirm that they are in compliance with the rule. For example, we believe the substantial majority of, if not all, advisers would elect to prepare some form of written agreement with their service providers as part of their means of complying with the proposed due diligence requirements.
For certain of these categories of professionals, these hours may be imposed on two professionals of each, who would face one-time costs of 20 hours each. Other categories may require four professionals who would face one-time costs of ten hours each. For some, such as the Chief Compliance Officer, these hours would come/originate from one staff member. While there are no publicly available granular data on adviser outsourcing of operations that would be covered functions, this assumption is consistent with frequent outsourcing of custodial, administrative, prime brokerage, auditing, and recordkeeping services among RIAs. See supra section III.B.1; see also infra section IV. Service providers may also face direct costs, such as personnel costs for providing reasonable assurances to advisers, but for the purposes of estimating minimum costs to advisers, we assume that service provider costs are not passed on to advisers. Individual estimates correspond to the aggregated average cost per adviser, where the average is taken across all advisers. Some advisers, particularly the smallest advisers or those who do no outsourcing, are likely to face costs that are below this lower bound for the average cost across all advisers.
Also as noted above, an adviser who conducts substantial due diligence would still need to review its due diligence processes to confirm its processes constitute appropriate risk analysis, mitigation, and management. See supra section II.B.2.
These minimum-cost assumptions indicate a one-time initial burden of 440 total labor hours and $132,320 per adviser, or a total one-time initial burden of 6,492,640 labor hours and $1.953 billion across all advisers.
As noted above, certain due diligence costs would be ongoing, separate from monitoring costs. These include costs associated with the adviser changing service providers, renegotiating contractual relationship with service providers, changing which of their functions they outsource, implementing other such changes that require new due diligence, or evaluating a need to implement any of these changes. We estimate that the ongoing annual burden of the due diligence requirement would be one-third the initial burden, resulting in minimum-cost ongoing annual burden of 146.67 labor hours and $44,106.67 per adviser and 2,164,213 labor hours and $650,837,973 across all advisers.
See infra section IV.
However, many due diligence costs would be likely to be higher for certain advisers. Larger advisers, with more outsourcing of covered functions, may have greater costs. An adviser needing to revise its existing practices, needing to hire new personnel, choosing to switch service providers in response to the rule, and multiple other factors may cause costs to increase as well. The factors that may increase due diligence costs are difficult to quantify. For example, an adviser may implement a policy that prevents the adviser from retaining a service provider that primarily relies on subcontractors to perform the covered function, or implement a procedure to audit the service provider's oversight of its subcontractors. These internal adviser policy limitations or audits may represent additional costs, such as increased prices for using service providers. Similarly, any audit procedure would entail audit fees or costs for new personnel. As another example, as noted above, certain advisers may elect to retain a secondary pricing provider to provide pricing services in the event a primary pricing service provider fails, and could be used to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider, even though no such secondary pricing provider would be required by the proposed rules.
See supra section II.B.2.
While the potential sources of increased costs are difficult to quantify, we anticipate that very few advisers would face a burden that exceeds three times the above-described minimum burden. To the extent that the average adviser faces this upper bound of three times the minimum burden, this would indicate that a potential upper bound for due diligence costs would be initial costs of 1,320 hours and $396,960 per adviser and 19,477,920 hours and $5.858 billion across all advisers, and ongoing annual costs of 440 hours and $132,320 per adviser and 6,492,640 hours and $1.953 billion across all advisers. We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range of costs that could hold for different advisers.
Individual estimates correspond to the aggregated average cost per adviser, where the average is taken across all advisers. Some advisers, particularly the largest advisers, are likely to face costs that substantially exceed this upper bound for the average cost across all advisers.
See infra section III.G.
Additional direct costs would be generated by the impact of the proposed rules on service providers, distinct from those costs directly faced by advisers as a result of the proposed due diligence requirements. Some of these costs would result from responding to adviser requests for information, as noted in this section. These costs may include the time of service provider personnel required in communicating directly with the adviser, understanding the nature of the requests, and compiling the information to be provided. Larger service providers serving many advisers may benefit from economies of scale in responding to these informational requests, as similar information may be requested by multiple advisers. Additionally, there would be costs to service providers who elect to update or reform their operations due to increased adviser due diligence resulting from this rule. Similar to costs for information requests, larger service providers may be able to update or reform their operations with greater economies of scale than smaller service providers.
See supra section III.D.1.a.
We are unable to quantify these direct costs that would be incurred by service providers as a result of this rule, as the cost range would be too wide to be informative. In particular, the direct costs that would be incurred by service providers are subject to substantially greater uncertainty than the direct costs that would be incurred by advisers. This uncertainty is due to a number of factors, including variation in complexity of covered functions outsourced to service providers, the degree of market concentration across service provider markets (and hence the number of advisers a service provider may need to work with to comply with the rule), and variation in current service provider practices. The costs to any single service provider of meeting the burden for any single covered function for any single adviser may therefore have substantial variance. For example, if few service providers perform a particular covered function, those service providers may perform the same covered function for many advisers and hence benefit from economies of scale. By contrast, for service providers in less concentrated industries, the rule would potentially impose higher costs per service provider. The costs to service providers would also depend on the degree to which service providers are able to increase their prices and pass those costs on to advisers. We request comment on any data that could enable us to calculate the effect of the proposed rule on service providers.
See infra section III.G.
2. Monitoring
The proposed rule would require the adviser, once a service provider has been engaged, to periodically monitor the service provider's performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements of the proposed rule with such a frequency that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource the covered function to the service provider. The manner and frequency of an adviser's monitoring would depend on the facts and circumstances applicable to the covered function, such as the materiality and criticality of the outsourced function to the ongoing business of the adviser and its clients. We discuss the benefits and costs of the proposed monitoring requirement of the rule below.
See supra section II.C. The benefits and costs of the required recordkeeping provisions associated with monitoring are discussed in section III.D.3.
a. Benefits
Advisers' clients rely on adviser monitoring of service providers for prevention and timely detection of potential harms resulting from operational risk and conflicts of interest, including ensuring their clients are continuing to receive advisory services. The enhanced client and investor protections resulting from the proposed periodic monitoring requirement would benefit clients to the extent that requiring such periodic monitoring mitigates operational risks and risks posed by conflicts of interest, or reduces the effect of negative outcomes, should they occur. For example, periodic monitoring of service providers' performance would allow advisers to evaluate service providers' performance over time, comparing current to past performance and more easily identifying any changes or trends in that performance, and taking remedial action where appropriate. As with the other components of the proposed rules, the proposed monitoring rule would thereby benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, and greater regulatory transparency and resulting effectiveness of the Commission's client and investor protection efforts. Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience.
The magnitude of the benefit would depend on the extent to which advisers currently periodically monitor the service provider's performance and reassess their due diligence in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties. While advisers are not required to have specific processes in place today, as fiduciaries, and as a matter of business practice, advisers that engage service providers today should be monitoring those providers. To the extent advisers currently have such, or similar, processes in place, and to the extent those processes include all of the elements required by the rule, the client and investor protection benefit of the requirement would be lessened. However, this factor would not mitigate the broader benefits of clients and investors being able to consistently rely on the existence of a minimum and consistent framework for identifying, mitigating, and managing risks associated with outsourced functions.
See supra sections III.B.2, III.C.
See supra section III.B.3.
b. Costs
Advisers' current processes for monitoring service providers may differ from those specified by the proposed rule. The cost of complying with this new requirement would be limited to the additional costs necessary to comply with the more specific requirements of the proposed rule. These costs would include demands on personnel time to verify that an adviser's monitoring of service providers is in compliance with the proposed rule. As with due diligence requirements, periodic monitoring would also impose distinct costs on service providers associated with service provider time and cooperation with adviser requests for information, costs to update or reform their operations in response to adviser oversight, and costs to negotiate or re-negotiate service arrangements. Any portion of the resulting costs that is not borne by service providers would ultimately be passed on to advisers. Likewise, any portion of adviser costs that is not borne by advisers would ultimately be passed on to clients and investors.
The costs estimated in this section are associated with actually conducting the proposed monitoring requirements, and are thus in addition to the PRA costs discussed below, which are limited to the collection of information costs of the proposed recordkeeping requirements associated with the proposed monitoring requirements. See infra section IV.
The division of the service provider's direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties. See supra section III.D.1.b.
Similar to the benefits, the costs associated with implementing this requirement are likely to vary depending on advisers' and service providers' current practices, as advisers may already engage in monitoring in response to relevant competitive market forces and resulting reputational effects on individual advisers. In addition, some advisers may choose to update their systems and internal processes and procedures for tracking their monitoring of service providers in order to better respond to this requirement, and some service providers may choose to update their systems and internal processes and procedures for responding to advisers' monitoring requests. These updates may require the time and attention of business and operational personnel, which may detract from their regular functioning. However, they are also likely to vary their monitoring based on the particular service provided. For instance, for information technology services, the implementation of automated scans or reviews of service provider data feeds, could require more significant costs upfront to the adviser with minimal maintenance costs. Additionally, business and operational personnel may incur costs that arise from negotiating contractual safeguards with service providers in order to comply with this due diligence requirement. The costs of those improvements would be an indirect cost of the rule, to the extent they would not occur otherwise, and they may be higher initially than they would be on an ongoing basis.
Other costs such as those associated with periodic meetings and ongoing monitoring are more likely to persist, instead of consisting of upfront costs that decline over time. For instance, some functions may require periodic onsite visits, and advisers may specify contractual obligations to approve new systems prior to implementation. Similar to due diligence requirements, to the extent that an adviser responds to the proposed monitoring rules by providing a covered function in-house and does so less efficiently or at a lower quality than a service provider would, this loss of efficiency or quality would represent an additional cost of the proposed rule. Similarly, there may be cases where advisers currently have multiple service providers, but the monitoring costs would cause an adviser to reduce its reliance to only a single provider, even if it would result in less reliable or lower quality service to the adviser's clients, because of the costs to properly monitor a provider. Advisers may also face additional costs to the extent they spend money and staff time on evaluating as well as enhancing their due diligence and monitoring for a broader range of their outsourced functions than they ultimately determine to be covered functions.
See supra section II.C.
As noted above, smaller advisers may be less able than larger advisers to provide a covered function in-house as efficiently and with equal quality as a service provider. See supra section III.C.
The Commission requests comment on whether the proposed rule should explicitly list certain service providers or covered functions that the rule applied to. See supra section II.A.
Because the direct costs associated with the proposed monitoring requirements primarily constitute periodically monitoring the service provider's performance of the covered function and reassessing the due diligence requirements of the proposed rule, we anticipate that the costs of the monitoring requirements would be closely related to the costs of the due diligence requirements. In particular, we anticipate that the proposed monitoring requirements would require the same staff as the due diligence requirements: compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/hour), senior operations managers ($400/hour), operations specialists ($150/hour), compliance clerks ($77/hour), and general clerks ($68/hour). As for the number of hours required for these personnel, we estimate that a typical adviser would face one third of its due diligence costs as additional monitoring costs. This indicates a lower bound for initial costs of 146.67 hours and $44,106.67 per adviser and 2,164,213 hours and $650,837,973 across all advisers, and a lower bound for ongoing annual costs of 48.89 hours and $14,702.22 per adviser and 721,404 hours and $216,945,991 across all advisers. This also indicates an upper bound for initial costs of 440 hours and $132,320 per adviser and 6,492,640 hours and $1.953 billion across all advisers, and an upper bound for ongoing annual costs of 146.67 hours and $44,106.67 per adviser and 2,164,213 hours and $650,837,973 across all advisers. We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range of costs that could hold for different advisers.
The Commission's estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association's Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV. Certain advisers may need to hire additional personnel to meet these requirements.
See infra section III.G.
As with the proposed due diligence requirements, we are unable to quantify the costs that would be incurred by service providers as a result of this rule, as the cost range would be too wide to be informative.
See supra section III.D.1.b.
3. Recordkeeping
We are proposing to revise the Advisers Act books and records rule in connection with the scope, due diligence, and monitoring provisions of the proposed rule, as well as provide four more general new requirements for outsourced recordkeeping.
See supra sections II.A.3, II.B.7, I.A.1, and II.E.
a. Benefits
The proposed recordkeeping requirements would benefit clients and investors by enabling an examiner to verify more easily that an adviser is in compliance with the proposed rule and to facilitate the more timely detection and remediation of non-compliance. More generally, the recordkeeping requirements would enhance the transparency of outsourced services and enhance the Commission's oversight capabilities. Enhancing the Commission's oversight capabilities could benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, and greater regulatory transparency and resulting effectiveness of the Commission's client and investor protection efforts. For example, the required recordkeeping would assist with outreach, examination, or investigation into cases where a service provider who is providing trade execution is not adhering to policies and procedures concerning best execution.
Rule 206(4)-7 would already require advisers to adopt and implement written policies and procedures reasonably designed to prevent and detect violations of the proposed due diligence and monitoring requirements if adopted. However, rule 206(4)-7 does not enumerate specific elements that advisers would need to include in their written policies and procedures, as the proposed recordkeeping requirements would. See supra section I.A, III.B.3; see also infra section V.D. The Commission staff have observed some advisers currently unable to provide timely responses to examination and enforcement requests because of outsourcing. See supra section I.A.
See supra section II.E.
The proposed requirements for outsourced recordkeeping would further benefit clients and investors by mitigating the risk of loss, alteration or destruction of all records maintained by a third-party service provider, as well as ensuring access to these records for investment advisers and their clients and investors. While many investment advisers may already have service provider agreements or other arrangements that contain these standards as part of their policies and procedures or best practices to mitigate or manage risks the investment advisers identified when performing due diligence, we believe that clients and investors would benefit from a minimum and consistent framework for third-party recordkeeping that applies to all service providers to mitigate the risk of loss, alteration or destruction of records.
b. Costs
The proposed recordkeeping requirements would impose costs on advisers related to creating and maintaining the required records. The quantifiable costs include those that can be attributed to senior business analysts, attorneys, and compliance professionals who would review and familiarize themselves with requirements as specified in the proposed rules. In particular, advisers would be required to make and retain a list of covered functions and contributing factors, document their due diligence efforts, retain any written agreements with service providers, and document periodic monitoring of retained service providers. Pursuant to the Paperwork Reduction Act analysis, we anticipate across all 14,756 RIAs an initial cumulative burden of 206,584 hours with an initial cumulative cost of $60,477,466 associated with this recordkeeping requirement. We anticipate on an ongoing annual basis across all 14,756 RIAs a cumulative burden of 2,985,903 internal annual hours with a cumulative annual cost of $237,527,702. These quantified estimates are solely for the time, effort, and financial resources expended to generate, maintain, retain, or disclose or provide information to or for the adviser or Commission. These estimates are in addition to the direct costs, discussed above, that would be imposed by the proposed requirements for actually conducting additional due diligence and monitoring.
This burden corresponds to 88,536 hours with an initial cumulative cost of $25,918,914 for collection of information costs associated with making and retaining a list of outsourced covered functions and factors, plus 118,048 hours with an initial cumulative cost of $34,558,552 for collection of information costs associated with making and retaining records documenting the monitoring assessment. See infra section IV.B.
See infra section IV.B.
See supra section III.D.1.b, III.D.2.b.
Additionally, the proposed rules include third-party recordkeeping requirements, which would impose further costs on advisers. An adviser that outsources either the storage, retention, or creation of records to a third party would need to obtain reasonable assurances that the third party would be able to meet the standards discussed above. These required standards would impose direct costs on advisers to the extent that they choose to outsource some or all recordkeeping to third-party providers. In particular, advisers may require time and effort of operational personnel to negotiate arrangements with third-party recordkeeping service providers to seek to ensure the standards enacted by this rule are met. Additionally, third-party providers of recordkeeping services would face costs associated with bringing their systems into compliance to the extent that they differ from the proposed third-party recordkeeping requirements.
See supra section II.E.
Because the direct costs associated with the proposed third-party recordkeeping requirements primarily constitute activities with similar principles as the proposed due diligence requirements, we anticipate that the costs of the third party recordkeeping requirements would be closely related to the costs of the due diligence requirements. In particular, we anticipate that the proposed monitoring requirements would require the same staff as the due diligence requirements: compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/hour), senior operations managers ($400/hour), operations specialists ($150/hour), compliance clerks ($77/hour), and general clerks ($68/hour). As for the number of hours required for these personnel, we estimate that a typical adviser would face one fifth of its due diligence costs as additional third-party recordkeeping costs, as the estimated due diligence costs rely on an estimate of an adviser outsourcing five covered functions, and the burden of the third party recordkeeping requirements are approximately consistent with the due diligence burden on any other individual covered function. This indicates a lower bound for initial costs of 88 hours and $26,464 per adviser and 1,298,528 hours and $390,502,784 across all advisers, and a lower bound for ongoing annual costs of 29 hours and $8,821 per adviser and 432,843 hours and $130,167,595 across all advisers. This also indicates an upper bound for initial costs of 264 hours and $79,392 per adviser and 3,895,584 hours and $1.172 billion across all advisers, and an upper bound for ongoing annual costs of 88 hours and $26,464 per adviser and 1,298,528 hours and $390,502,784 across all advisers. We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range of costs that could hold for different advisers.
There may be differences in the costs of recordkeeping as compared to due diligence, which would cause costs of recordkeeping to be higher than those estimated here. For example, the costs of implementing the proposed requirements as separate from the costs of obtaining reasonable assurances from recordkeeping requirements could require additional processes and personnel than those discussed here, and would result in greater costs.
The Commission's estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association's Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV. Certain advisers may need to hire additional personnel to meet these requirements.
See infra section IV.B.
See infra section III.G.
As with the proposed due diligence requirements, we are unable to quantify the costs that would be incurred by service providers as a result of this proposed rule, as the cost range would be too wide to be informative. Any portion of the proposed required recordkeeping costs that is not borne by advisers would ultimately be passed on to clients and investors.
See supra section III.D.1.b.
4. Form ADV
We are proposing to amend Form ADV to require advisers to identify their service providers that perform covered functions as defined in proposed rule 206(4)-11, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, we would also require specific information that would clarify the services or functions they provide. Because Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the proposed information in proposed new Item 7.C would be structured ( i.e., machine-readable). We discuss the benefits and costs of the proposed Form ADV requirements of the rule below.
See proposed Form ADV, Part 1A, Item 7.C., and Section 7.C. of Schedule D.
a. Benefits
The proposed Form ADV requirements would provide direct and indirect benefits to clients. Form ADV disclosure would benefit clients of advisers directly by making it less costly to gather information necessary for investors and other clients to conduct more comprehensive due diligence when deciding to hire or retain advisers, to the extent that their choice of adviser is impacted by outsourcing of covered functions to service providers as defined in proposed rule 206(4)-11. Investors in fund clients (such as private funds) would similarly benefit, to the extent they obtain Form ADV information.
Form ADV Part 1A is submitted using a structured data language (specifically, an XML-based data language specific to Form ADV), so the information in the new Item 7.C of Part 1A would be structured ( i.e., machine readable). Also, clients of advisers would be able to identify quickly and consider any implications of an adviser's use of a service provider or the outsourcing of any service or function. For example, clients that use multiple advisers for purposes of total return risk diversification could identify whether that diversification was lessened by all or many of their advisers relying on a single service provider, to the extent that their returns would be harmed by multiple advisers facing operational failures. We also expect the use of this information may help clients of advisers protect themselves against losses resulting from a service provider failure or service provider fraud. For example, if a client experienced a system failure relating to a service provider, and the adviser has identified that provider as a service provider defined in rule 206(4)-11 and reported that provider in Form ADV, the client could determine more easily and quickly whether its adviser uses that service provider for a covered function and take remedial action such as contacting the adviser to understand how the adviser is managing the issue or choosing to move to a new adviser.
As discussed in section III.C, when multiple regulated entities use a common service provider, operational risk could become concentrated. The proposed Form ADV requirements would make it less costly for clients to gather information necessary to mitigate concentrated operational risk.
The proposed Form ADV requirements would also provide a benefit by facilitating the Commission in its oversight role. The disclosures would allow the Commission to understand better the investment advisory industry as well as enhance the ability of the Commission to evaluate and form regulatory policies and improve the efficiency and effectiveness of the Commission's oversight of markets for client and investor protection. For example, for service providers that advisers identify as service providers defined in rule 206(4)-11 on Form ADV, the information in the required Form ADV disclosures would provide the Commission with a better understanding of the material services and functions that advisers outsource to service providers, and would enhance our assessment of advisers' reliance on service providers for purposes of targeting our examinations. Also, the information would help the Commission identify advisers' use of particular service providers that advisers have identified that may pose a risk to clients and investors. Additionally, the disclosures would improve our ability to assess service provider conflicts and potential risks when identifying firms for examination. Finally, the ability to identify readily other advisers using such a service provider would allow the Commission to assess quickly and react to the potential harm to advisory clients. The proposed rules would thereby benefit clients and investors through the Commission's increased visibility into operational failures, greater regulatory transparency, and resulting effectiveness of the Commission's client and investor protection efforts.
As discussed in section III.B.2, if a large number of investment advisers used a common service provider, operational risks could be correspondingly concentrated. Increased concentration of operational risk could, lead to an increased risk of broader market effects during times of market instability. The ability to identify readily the advisers using such a service provider might allow the Commission to respond more quickly to such broader market effects.
b. Costs
The Form ADV requirements would require the disclosure of certain information that is not currently required in the Form. Costs would likely vary across advisers, depending on the nature of an adviser's business and its business model. For example, advisers that do not outsource functions or that outsource fewer functions would have fewer reporting requirements than advisers that outsource a large number of functions, to the extent that these functions would qualify as covered functions under the proposed rule. We believe, however, that much of the information we propose requiring would be readily available because we understand that it is information used by advisers in conducting their business. Lastly, the requirement that information in Item 7.C of Part 1A of Form ADV be provided in a custom XML-based data language is unlikely, by itself, to impose costs on advisers because the XML-based data language is not new and applies to existing Form ADV Part 1A disclosures.
To the extent that the proposed rule would require information not currently contained in adviser accounting or financial reporting systems to be reported, advisers may bear one-time costs to update systems to adhere to the new filing requirements.
The additional burden on advisers due to proposed modifications to Form ADV would take the form of initial internal costs, annual internal costs, and external costs. We estimate that the proposed modifications would impose 1.5 additional hours of initial internal costs and 0.7 additional hours of annual internal costs per adviser. The total internal burden is anticipated to be $9,706,497 across all RIAs. Additionally, initial external costs are anticipated for a subset of RIAs. We anticipate this additional external cost would be $7,794,857 across all RIAs. In total, the proposed modifications are expected to impose an additional burden of $17,517,585 across all RIAs. We anticipate that these information collection costs are likely to be the same initially as they are on an ongoing basis. Any portion of these costs that is not borne by advisers would ultimately be passed on to clients and investors.
See infra section IV. Calculated as 2.2 internal hours per adviser × 14,756 advisers at a blended hourly rate of $299.50. The total revised internal cost per adviser of $13,094.14 incorporates the increase in required hours and an inflation adjustment to the blended hourly rate, and the calculation here captures only the increase in required hours. Additionally, this aggregate cost reflects only the current investment advisory industry size, and does not incorporate the expected net addition of 552 RIAs per year.
See infra section IV. Calculated as 1 hour of external legal services × 0.25 × 14,756 advisers × $531 per hour + 1 hour of external compliance consulting services × 0.5 × 14,756 advisers × $791 per hour = $7,794,857. The additional burden resulting from this rule is calculated using estimated additional hours and inflation-adjusted hourly costs of corresponding personnel. See supra footnote 241.
E. Effects on Efficiency, Competition, and Capital Formation
1. Efficiency
The proposed rules may affect the efficiency with which clients' and investors' capital is allocated in two ways.
First, the proposed rule would result in an increase in information about advisers outsourcing that clients would be able to access on Form ADV. To the extent that clients access this information and rely on it, that increased information could permit clients to make better informed decisions about allocating their capital. For example, clients may choose to diversify investments across multiple advisers who engage different service providers to perform certain covered functions, such as advisers who rely on different index providers or model providers, or advisers who rely on service providers offering different predictive data analytics methods. Therefore, to the extent that clients and investors access and make use of the additional Form ADV information generated by advisers as a result of this proposed rule, we would expect a more efficient allocation of client and investor capital among advisers.
Second, and alternatively, if some advisers were to elect to perform certain covered functions in-house to avoid the compliance costs associated with outsourcing the covered functions, or if the service provider terminates the relationship as a result of its own increased costs and the adviser cannot identify a suitable replacement, the function may be performed less efficiently as compared to the service provider. For example, such a loss of efficiency could occur for any functions that experience economies of scale, and which may be currently provided by a single service provider for a large number of advisers, to the extent those advisers would perform the function in-house in response to the proposed rules. As noted above, smaller advisers may be less able than larger advisers to provide a covered function in-house as efficiently and with equal quality as a service provider.
See supra section III.C.
2. Competition
The proposed rules may lead clients to make better-informed decisions when selecting an adviser by increasing information about advisers outsourcing that clients would be able to access on Form ADV. As a result, competition among advisers could increase. An increase in competition could, presumably, manifest itself in terms of better service, better pricing, or some combination of the two, for clients, to the extent that clients and investors access and use the additional Form ADV information generated by advisers as a result of this proposed rule.
See supra section III.E.1.
Alternatively, the proposed rule could have the opposite effect on competition. As an initial matter, the proposed rule would create new costs of providing advisory services, which could disproportionately impact small or newly emerging advisers who may be less able to absorb or pass on these new costs. New costs, especially fixed costs, could also disproportionately impact small or newly emerging advisers. To the extent these costs discourage entry of new advisers or cause certain advisers to exit the market, competition would be harmed.
It is also possible that the costs borne by advisers may be large enough to cause some advisers to stop outsourcing some or all of their covered functions. If advisers were to stop outsourcing some or all of their covered functions, clients could experience a decrease in the quality of advisers' services. Alternatively, if advisers were to try to pass on the costs, or some component thereof, to clients, these costs may cause some clients to seek other advisers or alternatives to registered advisers. The decreased demand for advisory services could result in a decline in the number of registered advisers and, a decrease in competition among registered advisers, as a result. A decrease in competition among registered advisers could manifest itself in terms of poorer service, poorer pricing, or some combination of the two, for clients.
See supra section III.E.1. If there are fixed costs associated with the proposed regulations, then smaller advisers would generally tend to bear a greater cost, relative to adviser size, than larger advisers. If there are material fixed costs associated with the proposed rule, then we would expect the possible negative effect on competition to be greater for smaller advisers who engage service providers because the proposed regulations would tend to increase their costs more (relative to adviser size) than for larger advisers that engage service providers.
Finally, the proposed rules may affect competition among service providers or their subcontractors. The rules are designed to increase transparency into an adviser's outsourced covered functions for clients and investors, as well as for the Commission. One possible result of this increased transparency may be increased competition among service providers with respect to the quality of their services. Advisers may be able to scrutinize service providers more closely, and thus better select more effective service providers or service providers who better align with their needs, to the extent these relationships are not already appropriately aligned, and service providers overall may seek to adjust the quality of their services accordingly. On the other hand, the proposed rules may have the opposite effect, in the event that the increased costs of the rule cause certain service providers to exit the market, or choose not to contract with investment advisers, either to avoid incurring new costs or to avoid the costs of improving the quality of their services. The increased costs associated with the rule could also dissuade new entry of service providers. In this case, the number of service providers to investment advisers may shrink, which may in turn result in higher service provider prices, although any change in the average quality of remaining providers would depend on whether higher or lower quality service providers would be more likely to exit to avoid new costs.
3. Capital Formation
Lastly, the enhancements to client and investor protection as well as the additional information available to potential current clients and potential investors could result in current investors being willing to invest more and potential investors being more willing to invest for the first time. For example, potential investors may be more willing to invest for the first time knowing that outsourced covered functions would be subject to enhanced due diligence and monitoring, as well as knowing that any third-party service providers maintaining the records of their investment would be subject to enhanced oversight. To the extent that the proposed rule leads to greater investment, we could expect greater demand for securities, which could, in turn, promote capital formation.
See supra sections II.B, II.C, II.E.
F. Reasonable Alternatives
1. Alternatives to the Proposed Scope
Scope of Covered Functions. As noted above, the proposed rule would generally apply to a registered adviser that outsources a covered function to a service provider. A covered function is defined in the proposed rule as a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. The Commission alternatively could define covered functions to include broader or narrower sets of outsourced functions. Changing the definition of covered functions could provide a benefit in terms of either (i) increased client protection and investor protection in the case of broadening the definition or (ii) a reduction in the cost of the compliance with the rule in the case of narrowing the definition.
See proposed rule 206(4)-11(a).
Proposed rule 206(4)-11(b).
We believe the definitions that we have included in the proposed rule will provide additional protections with respect to advisers outsourcing that we think are important for the protection of clients and investors. Additionally, the definition of covered functions, in combination with other requirements of the proposed rule, would provide efficiencies for our examination staff, as well as provide the public with additional information about advisers to make more informed decisions about the selection and retention of investment advisers. Narrowing the scope of the definitions could reduce the cost of the proposed rule's requirements, but could also result in a reduction in client and investor protections as a result of being under-inclusive. For instance, the rule could have alternatively limited the scope of the definition of a covered function to a pre-identified list of specific functions, but this could limit the rule's protections when there are material changes in the manner in which advisers operate that are outside the scope of the stated functions. This list could be either the same as those provided by service provider types listed in the proposed amendments to Form ADV, or more expansive, or more restrictive. For example, it could define covered function as those services pertaining to the selection, trading, valuation, management, monitoring, indexing, use of predictive data analytics, and modeling of investments. The rule could also provide detailed guidance on variations of descriptions of functions that different service providers may use. For example, the rule could separately define “trading” and “execution,” and provide explicit instruction as to how they would be treated by the rule. As another example, the rule could provide separate explicit instruction for “management and selection” as separate from “indexing and modeling.” The rule could also explicitly state that its application is limited to core investment advisory services, and provide an explicit definition for core investment advisory services. The rule could alternatively apply based on a percentage of either regulatory assets under management or clients directly affected by the service provider's performance. These limitations may broadly have the effect of lowering compliance costs of the proposed rule, but they may not reflect what is core to any particular investment adviser.
See supra section II.A.
See supra section II.A.3.
Alternatively, broadening the scope would have the opposite effect, increasing the cost of the proposed rule's requirements but potentially resulting in greater client and investor protections. For instance, the rule could scope in service providers such as public utilities or providers of commercially available word processing software. We believe that the proposed rule strikes an appropriate balance in terms of the scope of its definition of covered functions by requiring advisers to provide sufficient oversight in those specific circumstances where the function or service is one that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on clients and is necessary for the adviser to provide advisory services.
The Commission requests comment on our analysis of the benefits and costs of both narrowing and expanding the scope. See supra section III.G.
Scope of Service Providers. The proposed rule excludes supervised persons of an adviser from the definition of a service provider. The proposed rule does not, however, make a distinction between third-party providers and affiliated service providers. The Commission alternatively could exclude affiliated service providers from the definition of a service provider. Arguably, the use of affiliated service providers may create less risk. For example, use of an affiliated service provider could mitigate the risk of limited information about conflicts of interests associated with the use of a third-party service provider. Excluding affiliated service providers from the definition of a service provider, could benefit advisers by reducing the cost of compliance when using an affiliated service provider.
See proposed rule 206(4)-11(b).
For example, an affiliated service provider who does not operate covered functions for multiple advisers would have no scope for benefiting one adviser's clients at the expense of another. See supra section III.B.2.
We believe, however, that while certain risks may be diminished, risks the proposed rule are designed to address still exist whether the service provider is affiliated or unaffiliated. For example, the ability to have direct control or full transparency may be limited when an adviser outsources a covered function, even to an affiliated service provider, which increases the risk for failed regulatory compliance. There may also still be risks of conflicts of interest when the affiliated service provider performs services to more than one adviser. We believe that including affiliated service providers in the definition of service providers strikes the right balance in terms of mitigation of risk and the cost of complying with the proposed rule.
Similarly, the proposed rule does not make an exception for sub-advisers that are registered as investment advisers with the Commission. This rulemaking alternatively could have excepted registered sub-advisers, which may have lowered the total cost of the rule. However, we believe that such an exception would diminish the effectiveness of the rule, as the fact that a sub-adviser is registered with the Commission does not negate the need for sufficient due diligence and monitoring to be undertaken for the benefit of the client. If an adviser allocates some or all of a client's portfolio to a sub-adviser, the adviser is still ultimately responsible for reasonably ensuring that the services rendered are consistent with the adviser's representation of the services to the client. We believe that reduced benefit from the resulting gap in adviser oversight would not be justified by the cost savings that could be obtained by providing an exception to registered sub-advisers.
The proposed rule could also have provided an exception for separately managed accounts and other wrap fee programs. As proposed, an adviser in such a program would be subject to the proposed rule if they retain a service provider for its provision of advisory services. As such, multiple advisers that retain the same service provider may need to conduct due diligence and monitoring on that service provider, depending on whether such services are covered function. As an alternative, the proposed rule could provide an exclusion for advisers that engage service providers to perform covered functions as part of a larger program or arrangement, such as the sponsor of a wrap fee program or other separately managed account program in which the sponsor is subject to the proposed rule with respect to the participation of the service providers in the program. One advantage of such an exception could be reducing the potential for redundancy in the due diligence and monitoring of service providers conducted in wrap fee programs. However, we believe that sub-advisers that retain service providers are best positioned to conduct appropriate due diligence and monitoring of a service provider in connection with its particular sub-advisory role. For instance, while a sub-adviser overseeing fixed-income portfolio strategies and a sub-adviser overseeing equity portfolio strategies may retain the same service provider, there may be different operational risks, conflicts of interest, or other problems discovered upon due diligence or monitoring with respect to each of these roles. Therefore, we do not believe that it would be appropriate to provide an exception for such cases.
2. Alternatives to the Proposed Due Diligence and Monitoring Requirements
One alternative to proposed new rule 206(4)-11 would be amendments to existing rules. For example, amendments to rule 204A-1 (which provides for minimum provisions to an investment adviser's code of ethics) could introduce requirements for protections of sensitive client information. Amendments to Form ADV and/or rule 204-3 could introduce more requirements for advisers to disclose information about service providers to their clients in their brochures. These requirements could include greater detail on the adviser's use of service providers, the adviser's understanding of the operational risks associated with those service providers, and the adviser's existing due diligence and monitoring practices. Further protections in the case of advisers engaging service providers on behalf of registered investment companies could be achieved by amending rule 38a-1 to require advisers to approve compliance policies and procedures associated with service providers. We could also amend Advisers Act rule 206(4)-7 to require specific policy and procedure requirements for service provider oversight. However, these amendments would not create the same consistent framework requiring both due diligence and ongoing monitoring, as proposed rule 206(4)-11 would. We believe that a prophylactic rule that creates a consistent framework for advisers to use and continue to use a service provider is more likely to result in consistent client and investor protections than expanding the scope of rules that are not uniformly intended to address the risks associated with outsourcing. Moreover, amendments to existing rules would primarily address issues with dissemination of sensitive client information, and would not achieve the same benefits associated with broadly reducing risk of fraud or other harms associated with outsourced functions, advisers failing to secure regulatory oversight, or other benefits of proposed rule 206(4)-11.
See rule 204A-1, see also supra section III.B.3.
See rule 204-3, see also supra footnote 62 and accompanying text.
See rule 38a-1, see also supra section III.B.3; see also infra section V.E.
See supra section III.C.
A second alternative to the proposed new rule 206(4)-11 would be a rule limited to requiring minimum consistent disclosures as to an adviser's existing due diligence and monitoring processes for outsourced covered functions. For example, amendments to existing rule 204-3 could enhance what an adviser must include in its brochures, and such amendments could require advisers to describe their due diligence and monitoring processes in greater detail. Advisers could also be required to make quarterly or annual statements to their clients on the status of their service providers and the outsourced covered functions, including any anticipated operational risks for the subsequent reporting period uncovered as part of the adviser's existing due diligence and monitoring processes. This alternative could potentially result in reduced costs relative to the proposal, but only insofar as it is less costly for an adviser to make appropriate disclosures than it is for an adviser to enhance its due diligence and monitoring processes. For example, for an adviser who already conducts substantial due diligence and monitoring and may already be in substantial compliance with the proposed rule but does not make regular disclosures regarding covered functions to clients or investors, an alternative disclosures-based framework would be more costly than the proposed rules. A disclosures-based framework would also have fewer direct risk-reduction benefits relative to a framework directly requiring minimum consistent due diligence and monitoring. Moreover, an adviser cannot waive its fiduciary duty and should be overseeing outsourced functions to ensure its obligations are met. It would be a breach of its fiduciary duty and deceptive for an adviser to outsource certain covered functions without conducting initial due diligence and ongoing oversight, particularly those related to its advisory services and compliance with the Federal securities laws. With respect to both of these alternatives, we believe proposed rule 206(4)-11 strikes the right balance in terms of mitigation of risk and the costs of complying with the proposed rule.
3. Alternatives to the Proposed Amendments to the Books and Records Rule
We propose to require advisers to make and retain certain books and records attendant to their obligations under the proposed oversight framework, such as lists or records of covered functions, records documenting due diligence and monitoring of a service provider, records of certain notifications, and copies of any written agreements that the adviser enters into with service providers. The proposed recordkeeping requirements would assist our examination staff in monitoring compliance with the proposed rule. Alternatively, the proposed rule could require the retention of more, fewer, or no additional records. Requiring advisers to retain more records would aid our examination staff in monitoring compliance with the proposed rule, but increase the cost of compliance for advisers. Requiring advisers to retain fewer, or no, additional records would hamper the ability of our staff to monitor compliance with the proposed rule, but decrease the cost of compliance for advisers. We believe that limiting the scope of the required recordkeeping to the current proposal strikes the appropriate balance between minimizing costs and making information available that is important to the examination process.
See proposed rule 204-2(a)(24).
The proposed rule contains provisions related to the adviser's responsibilities concerning third-party creation, storage and retention of records. Specifically, every investment adviser that relies on a third party for any recordkeeping function required by the recordkeeping rule must obtain reasonable assurances that the third party will meet certain standards intended to maintain the integrity of and access to records in providing the outsourced function. For example, for electronic records, the third party must allow the investment adviser and staff of the Commission to access the records easily through computers or systems during the required retention period of the recordkeeping rule. As an alternative, the proposed rule could require investment advisers to direct service providers (other than cloud service and other records providers) to transfer required records periodically to the adviser, but not impose any other requirement for reasonable assurances of other recordkeeping standards. By removing the more detailed standards currently proposed, this alternative could potentially lower the cost to advisers and service providers when records are created indirectly as a result of a service provider's contracted activity. For instance, a service provider that an adviser retains to calculate a fund's performance or rates of return creates new records that need to be stored and retained, even though the service provider is not retained for a recordkeeping purpose. However, this approach could reduce the assurances to the adviser and its clients and investors of proper storage and retention of records. As such, we believe the current rule is better suited to ensure the adviser is able to comply with the Advisers Act recordkeeping and other relevant Federal securities laws.
See supra section II.E.
Id.
Id.
Additionally, the proposed rule could require a written agreement between the adviser and its service providers of covered functions. Under this alternative, the proposed rule could incorporate the currently proposed due diligence requirements as requirements to be included in a contract between the adviser and service provider. The alternative could be required for only certain covered functions and not others, for example by defining a list of critical covered functions and requiring a written agreement for those functions, or could be required for all covered functions. Such a requirement could have the benefit of reducing the risk of ambiguity between advisers and service providers, as well as potentially increasing transparency to the Commission. As noted, the recordkeeping rule could be satisfied by such a written agreement. However, we believe that requiring a written agreement between advisers and service providers of all covered functions could be overly burdensome, in instances where certain large service providers may be unwilling to modify their standard contracts for advisers to comply with regulation if advisers are a fraction of their client base. While we do not know how frequently that would occur, we nevertheless do not currently believe that the benefits of explicitly requiring written agreements between advisers and service providers would justify the costs. We request comment on whether a written agreement should be explicitly required.
See supra section II.E.
See supra section II.A.3.
Finally, the proposed rule could require disclosure in Form ADV Part 1A of whether an adviser has a written agreement for each covered function, or could require disclosure in cases where an adviser does not have a written agreement for a particular covered function. Such a requirement could have the benefit of alerting investors and the Commission to instances in which ambiguity between advisers and service providers could be heightened by the lack of a written agreement. However, these benefits would be limited to the instances in which clients and investors would access and make use of the additional Form ADV information generated by advisers. Therefore, we do not currently believe the benefits of requiring disclosures of written agreements would justify the costs of preparing additional Form ADV disclosures, but we request comment above on whether the rule should require these additional disclosures.
See supra section II.A.3.
4. Alternatives to the Form ADV Requirements
We are proposing to amend Form ADV to require advisers to identify their service providers that perform covered functions, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. One alternative to the proposed amendments to a public Form ADV disclosure would be a nonpublic report to the Commission in a format other than Form ADV. Absent the Form ADV disclosures, however, clients would no longer receive the direct benefit of less costly information gathering. Also, we believe that it is more efficient to compile information about advisers on Form ADV, which can enhance our staff's ability to effectively carry out its risk-based examination program and risk monitoring activities, and could improve client and investor protection by evaluating and forming regulatory policies and focusing examination activities, thereby creating a greater indirect benefit to clients as well.
See supra section II.D.
Another alternative to the proposed Form ADV disclosures would be to add additional required disclosures on fund registration statements, such as comparable information about service provider arrangements. For instance, fund registration documents could be required to directly disclose all of the information that is currently proposed to be required on Form ADV, such as the legal names of their service providers, whether the service provider is a related person, and which covered functions the service provider is engaged to provide, so that investors do not need to analyze Form ADV to obtain this information. A similar approach could also require private fund advisers to provide comparable information to private fund investors. This alternative would potentially improve access to information for fund investors in addition to direct advisory clients, to the extent that registered fund investors (unlike private fund investors) are unlikely to analyze Form ADV data.
However, we believe there are several downsides to this approach that are inconsistent with the intent of the proposed rule. First, funds are separate entities from advisers that are often capable of entering into agreements directly with a service provider. Therefore, this approach would capture data related to service providers to funds instead of service providers to advisers. Assuming the service provider's relationship was with the adviser as opposed to the fund, this approach would still only capture data for advisers to funds. It would not capture data for advisers to advisers that did not have fund clients, such as advisers to solely retail clients.
Another downside of this approach would be that it would involve the modification and collection of information from various registration documents depending on the type of fund under advisement of an RIA. For instance, open-end mutual funds register using Form N-1A, while closed-end mutual funds register using Form N-2. For these reasons, we believe that it is more efficient and effective to compile information about advisers on Form ADV. The proposed rule can enhance our staff's ability to effectively carry out its risk-based examination program and risk monitoring activities, and could improve client and investor protection by evaluating and forming regulatory policies and focusing examination activities, thereby creating a greater indirect benefit to clients as well. Further, clients and investors may find such information more readily accessible when it is consolidated onto a single form, which may lower the costs of their information gathering. We therefore believe that Form ADV is the most appropriate medium for advisers to report their use of service providers for covered functions.
5. Alternatives to the Transition and Compliance Period
We are proposing that advisers registered or required to be registered with the Commission be required to comply with the rule applicable to it, if adopted, starting on the compliance date, which is proposed as ten months from the rule's effective date. This would provide a transition period during which a registered investment adviser can prepare to comply with any final rule. The proposed rule, if adopted, would apply to any new engagement of service providers made on or after the compliance date of the proposed rules and amendments. The ongoing monitoring requirements, if adopted, also would apply to existing engagements beginning on the compliance date.
See supra section II.G.
Id.
Id.
As one alternative, the Commission could only require advisers to comply with any final rule with respect to new funds or client relationships. Arguably, under the rule as proposed, clients who have already invested in funds or have an existing advisory relationship have agreed to negotiated economic terms. To the extent that these negotiations granted any economic terms to the client to compensate for operational risks, requiring an adviser to come into compliance with any final new rule without renegotiating all terms of a client's contract could represent a windfall to the client in the form of a reduction in its risk with no additional cost to the client. Clients with established contractual terms may also face higher costs of coming into compliance with any final rule, to the extent that the parties do renegotiate the broader economic terms of the contract. These considerations potentially motivate the alternative that would only require advisers to comply with any final rule with respect to new funds or client relationships. However, many client contractual relationships may be evergreen, or allow for a multiple extensions to the life of the contractual relationship, and so allowing for advisers' existing client relationships to forego compliance could substantially reduce the benefits of any final rule. We believe that providing no exemptions for existing clients strikes the right balance in terms of mitigation of risk and the cost of complying with any final rule.
For a fund with a pass-through expense model, in which all expenses are passed through to the investors, there would be no such windfall. See, e.g., Eli Hoffmann, Welcome To Hedge Funds' Stunning Pass-Through Fees, Seeking Alpha (Jan. 24, 2017), available at https://seekingalpha.com/article/4038915-welcome-to-hedge-funds-stunning-pass-through-fees.
As another alternative, the Commission could provide for a longer transition and compliance period, which would increase the amount of time advisers have to comply with any final rule. This alternative would reduce the benefits of the proposed rule by foregoing the benefits of any rule during the extended compliance period. However, to the extent it is less costly for advisers to come into compliance over a longer time period, this alternative could reduce the costs of any final rule. We believe that the proposed transition and compliance period strikes the right balance in terms of the costs of coming into compliance with any final rule, but we request comment on whether proposed transition period following any final rule's effective date is appropriate.
See supra section II.G.
G. Request for Comment
The Commission requests comment on all aspects of this initial economic analysis, including whether the analysis has: (i) identified all benefits and costs, including all effects on efficiency, competition, and capital formation; (ii) given due consideration to each benefit and cost, including each effect on efficiency, competition, and capital formation; and (iii) identified and considered reasonable alternatives to the proposed rule. We request and encourage any interested person to submit comments regarding the proposed rule, our analysis of the potential effects of the proposed rule, and other matters that may have an effect on the proposed rule. We request that commenters identify sources of data and information as well as provide data and information to assist us in analyzing the economic consequences of the proposed rule. We also are interested in comments on the qualitative benefits and costs we have identified and any benefits and costs we may not have discussed.
In addition to our general request for comment on the economic analysis associated with the proposed rule, we request specific comment on certain aspects of the proposal:
87. We request comment on our characterization of the risks associated with outsourcing. Are there other risks or potential harms to clients that our analysis has not identified?
88. We request comment on our characterization of market failures associated with outsourcing to service providers that may hinder reform in the absence of the proposed rules. Do commenters agree with the relevance of the described principal-agent and moral hazard problems?
89. The proposed rule would require an adviser to identify the potential risks to clients, or to the adviser's ability to perform its advisory services, resulting from outsourcing a covered function. To what extent do advisers currently have such, or similar, processes in place?
90. The proposed rule would require the adviser to determine that the service provider has the competence, capacity, and resources necessary to provide timely and effective services. To what extent do advisers currently have such, or similar, processes in place?
91. The proposed rule would require that the adviser determine whether the service provider has any subcontracting arrangements that would be material to the performance of the covered function, and would require the adviser to identify and determine how it will mitigate and manage potential risks to clients or its ability to perform advisory services in light of any such subcontracting arrangement. To what extent do advisers currently have such, or similar, processes in place?
92. The proposed rule would require an adviser to obtain reasonable assurance from a service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser's compliance with the Federal securities laws, as applicable to the covered function. To what extent do advisers currently have such, or similar, processes in place?
93. The proposed rule would require an investment adviser to obtain reasonable assurance from the Service Provider is able to, and will, provide a process for orderly termination of its performance of the covered function. To what extent do advisers currently have such, or similar, processes in place?
94. The proposal would require advisers to monitor the service provider's performance of the covered function and reassess the due diligence requirements of the proposed rule with such a frequency that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider. To what extent do advisers currently have such, or similar, processes in place?
95. The proposal would provide for certain new books and recordkeeping requirements. To what extent do advisers currently have such, or similar, processes in place?
96. We request comment on all aspects of the quantified estimates of costs of the rule. In particular:
a. To what extent would the required minimum staffing from personnel and third parties differ from the estimates provided here, for each of the proposed rules?
b. To what extent would the required minimum number of hours from those staff differ from the estimates provided here, for each of the proposed rules?
c. What additional data should the Commission consider in its estimation of the minimum costs an adviser would face in conjunction with the proposed rules?
d. Do commenters agree that only certain advisers would frequently transfer regulatory records from their service providers? Are there other voluntary actions that only certain advisers would undertake in pursuit of coming into compliance with the proposed rules?
e. What additional sources of variation are there that would result in an adviser facing more than the minimum costs of coming into compliance with the proposed rules? What additional information should the Commission consider when quantifying those additional costs?
f. To what extent would the upper bound of average costs faced by any particular adviser differ from the estimates provided here, for each of the proposed rules?
g. What are the likely highest costs any single adviser would be likely to face in coming into compliance with the proposed rules? What information should the Commission consider when quantifying those highest costs?
h. To what extent would the estimated costs be impacted by advisers electing, in response to the proposed rules, to provide covered functions themselves that are currently outsourced? What would the costs of this transition be? To what extent would those costs differ from other expected costs of complying with the proposed rules?
i. If possible, for commenters who already undertake similar processes to those described in the proposed rules, please provide estimates of the cost of undertaking those processes. What additional considerations can the Commission use to extrapolate such figures in order to estimate costs to other advisers?
j. What additional considerations can the Commission use to estimate the costs and benefits of the proposed amendments?
97. We request comment on the anticipated costs to service providers as a result of the proposed regulations. Are there significant direct or indirect costs to service providers beyond those stated in section III.D? To what extent do commenters believe that the costs to service providers would be proportional to, and thus can be extrapolated from, the costs that would be imposed on advisers? We additionally request any data which could aid in the calculation of the costs of the proposed rule to service providers.
98. How do commenters anticipate that the costs of complying with the proposed rule will be shared between advisers' and their clients?
99. How do commenters believe the proposed regulations will affect efficiency, competition, and capital formation in the industry? Please explain.
100. Do commenters believe that the alternatives the Commission considered are appropriate? Are there other reasonable alternatives that the Commission should consider? If so, please provide additional alternatives and how their benefits and costs would compare to the proposal. Specifically, we request comment on the following:
a. Do commenters agree with our assertion that broadening the definitions of covered functions would enhance client and investors protections, but increase the costs of compliance? Do commenters agree with our belief that the proposed rule strikes the right balance in terms of the scope of its definitions of covered functions? Why or why not?
b. Do commenters believe that limiting the scope of the required recordkeeping to that required by the proposed rule strikes the appropriate balance between minimizing costs and making information available for the examination process? Why or why not? Should the Commission increase or decrease the scope of the required recordkeeping? Why or why not?
101. Are there alternatives to required Form ADV disclosure in addition to targeted examinations that we should implement?
IV. Paperwork Reduction Act Analysis
A. Introduction
Certain provisions of the proposed rule and proposed amendments contain “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”). We are submitting the proposed collections of information to the Office of Management and Budget (“OMB”) for review in accordance with the PRA. The proposed amendments to rule 204-2 under the Advisers Act (other than new rule 204-2(l)) and Form ADV would have an effect on currently approved collection of information burdens. Proposed rule 206(4)-11 and proposed rule 204-2(l) would not require new collections of information. Proposed Rule 206(4)-11 would require an adviser to conduct due diligence and monitoring of covered functions performed by a service provider, and proposed rule 204-2(l) would affect the manner in which an adviser can rely on a third-party to store required books and records. Any documentation required by proposed rule 206(4)-11's due diligence and monitoring requirements is captured in the collection of information burden for Rule 204-2.
44 U.S.C. 3501 through 3521.
The titles for the existing collections of information are: (1) “Rule 204-2 under the Investment Advisers Act of 1940” (OMB control number 3235-0278); and (2) “Form ADV” (OMB control number 3235-0049).
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Each requirement to disclose information, offer to provide information, or adopt policies and procedures constitutes a collection of information requirement under the PRA. These collections of information would help increase the likelihood that advisers have a reasonable basis for determining that it would be appropriate to outsource particular functions or services to a service provider, and collectively would serve the Commission's interest in protecting clients and investors by reducing the risk that a service provider could significantly affect a firm's operations and directly or indirectly harm clients. The Commission staff would also use the collection of information in its examination and oversight program to prepare better for, and more efficiently conduct, their on-site examinations. We discuss below the collection of information burdens associated with the proposed rule amendments.
B. Rule 204-2
Under section 204 of the Advisers Act, investment advisers registered or required to register with the Commission under section 203 of the Advisers Act must make and keep for prescribed periods such records (as defined in section 3(a)(37) of the Exchange Act), furnish copies thereof, and make and disseminate such reports as the Commission, by rule, may prescribe as necessary or appropriate in the public interest or for the protection of clients and investors. Rule 204-2, the books and records rule, sets forth the requirements for maintaining and preserving specified books and records. This collection of information is found at 17 CFR 275.204-2 and is mandatory. The Commission staff uses the collection of information in its examination and oversight program. Responses provided to the Commission in the context of its examination and oversight program concerning the proposed amendments to rule 204-2 would be kept confidential subject to the provisions of applicable law.
Concurrent with proposed rule 206(4)-11, we are proposing corresponding amendments to rule 204-2. The proposed amendments would require advisers to make and retain: (1) a list or other record of covered functions that the adviser has outsourced to a service provider, along with a record of the factors that led the adviser to list each function; (2) records documenting the due diligence assessment conducted pursuant to proposed rule 206(4)-11, including any policies and procedures or other documentation as to how the adviser will mitigate and manage the risks of outsourcing a covered function; (3) a copy of any written agreement, including amendments, appendices, exhibits, and attachments, entered into pursuant to proposed rule 206(4)-11; and (4) records documenting the periodic monitoring of a service provider of a covered function. Each of these records would be maintained and preserved consistent with proposed Advisers Act Rule 204-2(e)(4) in an easily accessible place throughout the time period during which the adviser has outsourced a covered function to a service provider and for a period of five years thereafter. These proposed amendments would help facilitate the Commission's inspection and enforcement capabilities.
The respondents to this collection of information are investment advisers registered or required to be registered with the Commission. All such advisers will be subject to the proposed amendments to rule 204-2. As of December 31, 2021, there were 14,756 advisers registered with the Commission. We estimate that all of them would use a service provider for a covered function and be subject to these books and records requirements. In our most recent Paperwork Reduction Act submission for rule 204-2, we estimated for rule 204-2 a total annual aggregate hour burden of 2,764,563 hours, and a total annual aggregate external cost burden of $175,980,426. The table below summarizes the initial and ongoing annual burden estimates associated with the proposed amendments to rule 204-2. We have made certain estimates of the burdens associated with the proposed amendments solely for the purpose of this PRA analysis. Based on staff experience, most advisers already conduct some level of oversight of service providers so as to fulfill the adviser's fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm. Our burden estimates therefore presume that advisers are already making some records of due diligence and monitoring.
Supporting Statement for the Paperwork Reduction Act Information Collection Submission for Revisions to Rule 204-2, OMB Report, OMB 3235-0278 (Aug. 2021).
Table 1—Rule 204-2 PRA Estimates
C. Form ADV
Form ADV is the investment adviser registration form under the Advisers Act. Part 1 of Form ADV contains information used primarily by Commission staff, and Part 2A is the client brochure. Part 2B requires advisers to create brochure supplements containing information about certain supervised persons. Part 3: Form CRS (relationship summary) requires certain registered investment advisers to prepare and file a relationship summary for retail investors. We use the information on Form ADV to determine eligibility for registration with us and to manage our regulatory and examination programs. Clients and investors use certain of the information to determine whether to hire or retain an investment adviser, as well as what types of accounts and services are appropriate for their needs. The collection of information is necessary to provide advisory clients, prospective clients, other market participants and the Commission with information about the investment adviser and its business, conflicts of interest and personnel. Rule 203-1 under the Advisers Act requires every person applying for investment adviser registration with the Commission to file Form ADV. Rule 204-4 under the Advisers Act requires certain investment advisers exempt from registration with the Commission (“exempt reporting advisers” or “ERAs”) to file reports with the Commission by completing a limited number of items on Form ADV. Rule 204-1 under the Advisers Act requires each registered and exempt reporting adviser to file amendments to Form ADV at least annually, and requires advisers to submit electronic filings through IARD. The paperwork burdens associated with rules 203-1, 204-1, and 204-4 are included in the approved annual burden associated with Form ADV and thus do not entail separate collections of information. These collections of information are found at 17 CFR 275.203-1, 275.204-1, 275.204-4 and 279.1 (Form ADV itself) and are mandatory. Responses are not kept confidential.
We are proposing amendments to Form ADV Part 1 to enhance client and investor disclosure and our ability to oversee investment advisers. Specifically, the proposed amendments would amend Item 7 of Part 1A to require an adviser to disclose whether it outsources any covered function, and if so, to provide additional information on Schedule D. The proposed amendments would add Section 7.C. to Schedule D of Part 1A to require advisers to disclose the following for each service provider to which a covered function is outsourced: legal name, primary business name, legal entity identifier (if applicable), whether the service provider is a related person of the adviser, date the service provider was first engaged, location of the service provider's office primarily responsible for the covered function, and the covered function(s) that the service provider is engaged to perform. The collection of this information is necessary to improve information available to us and to the general public about advisers' use of service providers to perform covered functions. Our staff would also use this information to help prepare for examinations of investment advisers. We are not proposing amendments to Parts 2 or 3 of Form ADV.
The amount of time that a registered adviser will incur to complete Item 7.C. and Section 7.C. of Schedule D will vary depending on the number of service providers the advisers engages. Nevertheless, we believe that the proposed revisions to Part 1A would impose few additional burdens on advisers in collecting information as advisers should have ready access to all the information necessary to respond to the proposed items in their normal course of operations. We anticipate, moreover, that the responses to many of the questions are unlikely to change from year to year, minimizing the ongoing reporting burden associated with these questions.
The respondents to current Form ADV are investment advisers registered with the Commission or applying for registration with the Commission and exempt reporting advisers. Based on the IARD system data as of December 31, 2021, approximately 14,756 investment advisers were registered with the Commission, and 4,813 exempt reporting advisers file reports with the Commission. The amendments we are proposing would increase the information requested in Part 1 of Form ADV for registered investment advisers that engage a service provider to perform a covered function. We estimate that all registered investment advisers will engage at least one service provider to perform a covered function. The burdens associated with completing Parts 2 and 3 also are included in the PRA for purposes of updating the overall Form ADV information collection. Based on the prior revision of Form ADV, we estimated the annual compliance burden to comply with the collection of information requirement of Form ADV is 433,004 burden hours and an external cost burden estimate of $14,125,083. We propose the following changes to our PRA methodology for Form ADV:
An exempt reporting adviser is an investment adviser that relies on the exemption from investment adviser registration provided in either section 203( l) of the Advisers Act because it is an adviser solely to one or more venture capital funds or section 203(m) of the Advisers Act because it is an adviser solely to private funds and has assets under management in the United States of less than $150 million.
Exempt reporting advisers are required to complete a limited number of items in Part 1A of Form ADV (consisting of Items 1, 2.B., 3, 6, 7, 10, 11, and corresponding schedules). The proposal does not include any requirement for exempt reporting advisers to respond to proposed new Item 7.C.
See Updated Supporting Statement for PRA Submission for Amendments to Form ADV under the Investment Advisers Act of 1940 (“Approved Form ADV PRA”).
See Investment Adviser Marketing, Final Rule, Investment Advisers Act Release No. 5653 (Dec. 22, 2020) [81 FR 60418 (Mar. 5, 2021)] (“IA Marketing Release”) and corresponding submission to the Office of Information and Regulatory Affairs at reginfo.gov (“2021 Form ADV PRA”).
• Form ADV Parts 1 and 2. Form ADV PRA has historically calculated an hourly burden per adviser per year for Form ADV Parts 1 and 2 for each of (1) the initial burden and (2) the ongoing burden, which reflects advisers' filings of annual and other-than-annual updating amendments. We noted in previous PRA amendments that most of the paperwork burden for Form ADV Parts 1 and 2 would be incurred in the initial submissions of Form ADV. However, recent PRA amendments have continued to apply the total initial hourly burden for Parts 1 and 2 to all currently registered or reporting RIAs and ERAs, respectively, in addition to the estimated number of new advisers expected to be registering or reporting with the Commission annually. We believe that the total initial hourly burden for Form ADV Parts 1 and 2 going forward should be applied only to the estimated number of expected new advisers annually. This is because currently registered or reporting advisers have generally already incurred the total initial burden for filing Form ADV for the first time. On the other hand, the estimated expected new advisers will incur the full total burden of initial filing of Form ADV, and we believe it is appropriate to apply this total initial burden to these advisers. We propose to continue to apply any new initial burdens resulting from proposed amendments to Form ADV Part 1, as applicable, to all currently registered investment advisers.
Table 2 below summarizes the burden estimates associated with the proposed amendments to Form ADV Part 1. The proposed new burdens also take into account changes in the numbers of advisers since the last approved PRA for Form ADV, and the increased wage rates due to inflation.
Table 2—Form ADV PRA Estimates
Internal initial burden hours | Internal annual amendment burden hours | Wage rate | Internal time costs | Annual external cost burden | |
---|---|---|---|---|---|
PROPOSED AMENDMENTS TO FORM ADV | |||||
RIAs (burden for Parts 1 and 2, not including private fund reporting) | |||||
Proposed addition (per adviser) to Part 1 (Item 7.C and Section 7.C of Schedule D) | 1.5 hours (reflects estimate of 18 minutes per outsourced covered function x estimated average of 5 covered functions per adviser) | 0.7 hours | $299.50 per hour (blended revised rate for senior compliance examiner and compliance manager) | 2.2 hours × $299.50 = $658.90 | 1 hour of external legal services ($531) for 1/4 of advisers that prepare Part 1; 1 hour of external compliance consulting services ($791) for 1/2 of advisers that prepare Part 1. |
Current burden per adviser | 29.72 hours | 11.8 hours | $273 per hour (blended current rate for senior compliance examiner and compliance manager) | (29.72 + 11.8) × $273 = $11,334.96 | $2,069,250 aggregated (previously presented only in the aggregate). |
Revised burden per adviser | 29.72 hours + 1.5 hours = 31.22 hours | 0.7 hours + 11.8 hours = 12.5 hours | $299.50 (blended revised rate for senior compliance examiner and compliance manager) | (31.22 + 12.5) × $299.50 = $13,094.14 | $5,019.75. |
Total revised aggregate burden estimate | 39,367.44 hours | 190,975 hours | Same as above | (39,367.44 + 190,975) × $299.5 = $68,987,560.80 | $10,565,759. |
RIAs (burden for Part 3) | |||||
No proposed changes | |||||
Current burden per RIA | 20 hours, amortized over three years = 6.67 hours | 1.58 hours | $273 (blended current rate for senior compliance examiner and compliance manager) | $273 × (6.67 + 1.71) = $2,287.74 | $2,433.74 per adviser. |
Total updated aggregate burden estimate | 66,149.59 hours | 14,573.92 hours | $299.50 (blended revised rate for senior compliance examiner and compliance manager) | $24,176,691.20 (($299.50 × (66,149.59 hours + 14,573.92 hours)) | $8,732,193.75. |
ERAs (burden for Part 1A, not including private fund reporting) | |||||
No proposed changes | |||||
Current burden per ERA | 3.60 hours | 1.5 hours + final filings | $273 (blended current rate for senior compliance examiner and compliance manager) | Wage rate × total hours (see below) | $0. |
Total updated aggregate burden estimate | 1,245.6 | 7,775.6 hours | $299.50 (blended revised rate for senior compliance examiner and compliance manager) | $2,701,849.40 ($299.50 × (1,245.6 + 7,775.6 hours)) | $0. |
Private Fund Reporting | |||||
No proposed changes | |||||
Current burden per adviser to private fund | 1 hour per private fund | N/A-included in the existing annual amendment reporting burden for ERAs | $273 (blended current rate for senior compliance examiner and compliance manager) | Cost of $46,865.74 per fund, applied to 6% of RIAs that report private funds. | |
Total updated aggregate burden estimate | 1,150 hours | N/A | $299.50 (blended revised rate for senior compliance examiner and compliance manager) | $3,978,123.50 ($279.5 × 14,233 hours)) | $15,090,768.30. |
TOTAL ESTIMATED BURDENS, INCLUDING AMENDMENTS | |||||
Current per adviser burden/external cost per adviser | 23.82 hours | 23.82 hours × $273 = $6,502.86 per adviser cost of the burden hour | $777. | ||
Revised per adviser burden/external cost per adviser | 15.70 hours | 15.70 hours × $299.50 = $4,702.15 per adviser cost of the burden hour | $1,678.59. | ||
Current aggregate burden estimates | 433,004 initial and amendment hours annually | 433,004 × $273 = $118,210,092 aggregate cost of the burden hour | $14,125,083. | ||
Revised aggregate burden estimates | 321,237.15 Initial and amendment hours annually | 321,237.15 × $299.50 = $96,210,526.40 aggregate cost of the burden hour | $34,355,721.05. | ||
Notes: | |||||
This column estimates the hourly burden attributable to annual and other-than-annual updating amendments to Form ADV, plus RIAs' ongoing obligations to deliver codes of ethics to clients. The internal annual amendment burden hours estimate for the proposed Part 1 Item 7.C. is the sum of the internal initial burden estimate annualized over a three-year period (1.5 initial hour/3 = 0.5 hours), plus 0.2 hours of ongoing annual burden hours, and it assumes annual reassessment and execution: ((1.5 initial hours/3 years) + 0.2 hours of additional ongoing burden hours) = 0.7 hour. | |||||
As with Form ADV generally, and pursuant to the currently approved PRA ( see 2021 Form ADV PRA), we expect that for most RIAs, the performance of these functions would most likely be equally allocated between a senior compliance examiner and a compliance manager, or persons performing similar functions. The Commission's estimates of the relevant wage rates are based on salary information for the securities industry compiled by the SIFMA Wage Report. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. For RIAs that do not already have a senior compliance or a compliance manager, we expect that a person performing a similar function would have similar hourly costs. The estimated wage rates in connection with the proposed PRA estimates are adjusted for inflation from the wage rates used in the currently approved PRA analysis. | |||||
External fees are in addition to the projected hour per adviser burden. Form ADV has a one-time initial cost for outside legal and compliance consulting fees in connection with the initial preparation of Parts 2 and 3 of the form. In addition to the estimated legal and compliance consulting fees, investment advisers of private funds incur one-time costs with respect to the requirement for investment advisers to report the fair value of private fund assets. | |||||
Based on Form ADV data as of December 31, 2021, we estimate that there are 14,756 RIAs (“current RIAs”) and 552 net new advisers that are expected to become RIAs annually (“newly expected RIAs”). We obtain the newly expected RIAs number by taking the average number of new RIAs over the past three years (1,287) and subtracting the average RIA deregistrations over the past three years (735), for a total of 552 net new advisers on average. | |||||
The $299.50 wage rate reflects current estimates from the SIFMA Wage Report of the blended hourly rate for a senior compliance examiner ($260) and a compliance manager ($339). ($260 + $339)/2 = $299.50. | |||||
We estimate that a quarter of RIAs would seek the help of outside legal services and half would seek the help of compliance consulting services in connection with the proposed amendments to Form ADV Part 1. This is based on previous estimates and ratios we have used for advisers we expect to use external services for initially preparing various parts of Form ADV. See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in the 2021 Form ADV PRA did not change that estimate). Because the SIFMA Wage Report does not include a specific rate for an outside compliance consultant, we are proposing to use the rates in the SIFMA Wage Report for an outside management consultant, as we have done in the past when estimating the rate of an outside compliance counsel. We are adjusting these external costs for inflation, using the currently estimated costs for outside legal counsel and outside management consultants in the SIFMA Wage Report: $531 per hour for outside counsel, and $791 per hour for outside management consultant (compliance consultants). | |||||
Per above, we are proposing to revise the PRA calculation methodology to apply the full initial burden only to expected RIAs, as we believe that current RIAs have generally already incurred the burden of initially preparing Form ADV. | |||||
See 2020 Form ADV PRA Renewal (stating that the estimate average collection of information burden per adviser for Parts 1 and 2 is 29.22 hours, prior to the most recent amendment to Form ADV). See also 2021 Form ADV PRA (adding 0.5 hours to the estimated initial burden for Part 1A in connection with the most recent amendment to Form ADV). Therefore, the current estimated average initial collection of information hourly burden per adviser for Parts 1 and 2 is 29.72 hours (29.22 + 0.5 = 29.72). | |||||
The currently approved average total annual burden for RIAs attributable to annual and other-than-annual updating amendments to Form ADV Parts 1 and 2 is 10.5 hours per RIA, plus 1.3 hours per year for each RIA to meet its obligation to deliver codes of ethics to clients (10.5 + 1.3 = 11.8 hours per adviser). See 2020 Form ADV PRA Renewal (these 2020 hourly estimates were not affected by the 2021 amendments to Form ADV). As we explained in previous PRAs, we estimate that each RIA filing Form ADV Part 1 will amend its form 2 times per year, which consists of one interim updating amendment (at an estimated 0.5 hours per amendment), and one annual updating amendment (at an estimated 8 hours per amendment), each year. We also explained that we estimate that each RIA will, on average, spend 1 hour per year making interim amendments to brochure supplements, and an additional 1 hour per year to prepare brochure supplements as required by Form ADV Part 2. See id. | |||||
See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in the 2021 Form ADV PRA did not affect that estimate). | |||||
External cost per RIA includes the external cost for initially preparing Part 2, which we have previously estimated to be approximately 10 hours of outside legal counsel for a quarter of RIAs, and 8 hours of outside management consulting services for half of RIAs. See 2020 Form ADV Renewal (these estimates were not affected by subsequent amendments to Form ADV). We add to this burden the estimated external cost associated with the proposed amendment (an additional hour of each, bringing the total to 11 hours and 9 hours, respectively, for 1/4 and 1/2 of RIAs, respectively). We therefore calculate the revised burden per adviser as follows: (((.25 × 14,756 RIAs) × ($531 × 11 hours)) + ((0.50 × 14,756 RIAs) × ($791 × 9 hours)))/14,756 RIAs = $5019.75 per adviser. | |||||
Per above, we are proposing to revise the PRA calculation methodology for current RIAs to not apply the full initial burden to current RIAs, as we believe that current RIAs have generally already incurred the initial burden of preparing Form ADV. Therefore, we calculate the initial burden associated with complying with the proposed amendment of 1.5 initial hour × 14,756 current RIAs = 22,134 initial hours in the first year aggregated for current RIAs. We are not amortizing this burden because we believe current advisers will incur it in the first year. For expected new RIAs, we estimate that they will incur the full revised initial burden, which is 31.22 hours per RIA. Therefore, 31.22hours × 552 expected RIAs = 17,233.44 aggregate hours for expected new RIAs. We do not amortize this burden for expected new RIAs because we expect a similar number of new RIAs to incur this initial burden each year. Therefore, the total revised aggregate initial burden for current and expected new RIAs is 22,134 hours + 17,233.44 hours = 39,367.44 aggregate initial hours. | |||||
12.5 amendment hours × (14,756 current RIAs + 552 expected new RIAs) = 190,975 aggregate amendment hours. | |||||
Per above, for current RIAs, we are proposing to not apply the currently approved external cost for initially preparing Part 2, because we believe that current RIAs have already incurred that initial external cost. For current RIAs, therefore, we are applying only the external cost we estimate they will incur in complying with the proposed amendment. Therefore, the revised total burden for current RIAs is (((.25 × 14,756 RIAs) × ($531 × 1 hour)) + ((0.50 × 14,756 RIAs) × ($791 × 1 hour))) = $7,794,857 aggregated for current RIAs. We do not amortize this cost for current RIAs because we expect current RIAs will incur this initial cost in the first year. For expected new RIAs, we apply the currently approved external cost for initially preparing Part 2 plus the estimated external cost for complying with the proposed amendment. Therefore, $5,019.75 per expected new RIA × 552 = $2,770,902 aggregated for expected new RIAs. We do not amortize this cost for expected new RIAs because we expect a similar number of new RIAs to incur this external cost each year. $7,794,857 aggregated for current RIAs + $2,770,902 aggregated for expected RIAs = $10,565,759 aggregated external cost for RIAs. | |||||
Even though we are not proposing amendments to Form ADV Part 3 (“Form CRS”), the burdens associated with completing Part 3 are included in the PRA for purposes of updating the overall Form ADV information collection. Based on Form ADV data as of October 31, 2021, we estimate that 8,877 current RIAs provide advice to retail investors and are therefore required to complete Form CRS, and we estimate an average of 347 expected new RIAs to be advising retail advisers and completing Form CRS for the first time annually. | |||||
See Form CRS Relationship Summary; Amendments to Form ADV, Investment Advisers Act Release No. 5247 (Jun. 5, 2019) [84 FR 33492 (Sep. 10, 2019)] (“2019 Form ADV PRA”). Subsequent PRA amendments for Form ADV have not adjusted the burdens or costs associated with Form CRS. Because advisers have been required to comply with the Form CRS requirements for less than three years, we have, and are continuing to, apply the total initial amendment burden to all current and expected new RIAs that are required to file Form CRS, and amortize that initial burden over three years for current RIAs. | |||||
As reflected in the currently approved PRA burden estimate, we stated that we expect advisers required to prepare and file the relationship summary on Form ADV Part 3 will spend an average 1 hour per year making amendments to those relationship summaries and will likely amend the disclosure an average of 1.71 times per year, for approximately 1.58 hours per adviser. See 2019 Form ADV PRA (these estimates were not amended by the 2021 amendments to Form ADV), | |||||
See 2020 Form ADV PRA Amendment (this cost was not affected by the subsequent amendment to Form ADV and was not updated in connection with that amendment; while this amendment did not break out a per adviser cost, we calculated this cost from the aggregate total and the number of advisers we estimated prepared Form CRS). Note, however, that in our 2020 Form ADV PRA Renewal, we applied the external cost only to expected new retail RIAs, whereas we had previously applied the external cost to current and expected retail RIAs. Because advisers have been required to comply with the Form CRS requirements for less than three years, we believe that we should continue to apply the cost to both current and expected new retail RIAs. See 2019 Form ADV PRA. | |||||
8,877 current RIAs × 6.67 hours each for initially preparing Form CRS = 59,209.59 aggregate hours for current RIAs initially filing Form CRS. For expected new RIAs initially filing Form CRS each year, we are not proposing to use the amortized initial burden estimate, because we expect a similar number of new RIAs to incur the burden of initially preparing Form CRS each year. Therefore, 347 expected new RIAs × 20 initial hours for preparing Form CRS = 6,940 aggregate initial hours for expected RIAs. 59,209.59 hours + 6,940 hours = 66,149.59 aggregate hours for current and expected RIAs to initially prepare Form CRS. | |||||
1.58 hours × (8,877 current RIAs updating Form CRS + 347 expected new RIAs updating Form CRS) = 14,573.92 aggregate amendment hours per year for RIAs updating Form CRS. | |||||
We have previously estimated the initial preparation of Form CRS would require 5 hours of external legal services for an estimated quarter of advisers that prepare Part 3, and 5 hours of external compliance consulting services for an estimated half of advisers that prepare Part 3. See 2020 PRA Renewal (these estimates were not amended by the most recent amendment to Form ADV). The hourly cost estimate of $531 and $791 for outside legal services and management consulting services, respectively, are based on an inflation-adjusted figure in the SIFMA Wage Report. Therefore, (((.25 × 8,877 current RIAs preparing Form CRS) × ($531 × 5 hours)) + ((0.50 × 8,877 current RIAs preparing Form CRS) × ($791 × 5 hours))) = $23,447,040. For current RIAs, since this is still a new requirement, we amortize this cost over three years for a per year initial external aggregated cost of $7,815,680. For expected RIAs that we expect would prepare Form CRS each year, we use the following formula: (((.25 × 347 expected RIAs preparing Form CRS) × ($531 × 5 hours)) + ((0.50 × 347 expected RIAs preparing Form CRS) × ($791 × 5 hours))) = $916,513.75 aggregated cost for expected RIAs. We are not amortizing this initial cost because we estimate a similar number of new RIAs would incur this initial cost in preparing Form CRS each year, $7,815,680 + $916,513.75 = $8,732,193.75 aggregate external cost for current and expected RIAs to initially prepare Form CRS. | |||||
Based on Form ADV data as of Dec. 31, 2021, we estimate that there are 4,813 currently reporting ERAs (“current ERAs”), and an average of 346 expected new ERAs annually (“expected ERAs”). | |||||
See 2021 Form ADV PRA. | |||||
The previously approved average per adviser annual burden for ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See 2021 Form ADV PRA. As we have done in the past, we add to this burden the burden for ERAs making final filings, which we have previously estimated to be 0.1 hour per applicable adviser, and we estimate that an expected 371 current ERAs will prepare final filings annually, based on Form ADV data as of Dec. 2020. | |||||
For current ERAs, we are proposing to not apply the currently approved burden for initially preparing Form ADV, because we believe that current ERAs have already incurred this burden. For expected ERAs, we are applying the initial burden of preparing Form ADV of 3.6 hours. Therefore, 3.6 hours × 346 expected new ERAs per year = 1,245.6 aggregate initial hours for expected ERAs. For these expected ERAs, we are not proposing to amortize this burden, because we expect a similar number of new ERAs to incur this burden each year. Therefore, we estimate 1,245.6 aggregate initial annual hours for expected ERAs. | |||||
The previously approved average total annual burden of ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See 2020 Form ADV Renewal (this estimate was not affected by the subsequent amendment to Form ADV). As we have done in the past, we added to this burden the currently approved burden for ERAs making final filings of 0.1 hour, and multiplied that by the number of final filings we are estimating ERAs would file per year (371 final filings based on Form ADV data as of Dec. 2020). (1.5 hours × 4,813 currently reporting ERAs) + (0.1 hour × 371 final filings) = 7,256.6 updated aggregated hours for currently reporting ERAs. For expected ERAs, the aggregate burden is 1.5 hours for each ERA attributable to annual and other-than-annual updating amendments to Form ADV x 346 expected new ERAs = 519 annual aggregated hours for expected new ERAs updating Form ADV (other than for private fund reporting). The total aggregate amendment burden for ERAs (other than for private fund reporting) is 7,265.6 + 519 = 7,775.6 hours. | |||||
Based on Form ADV data as of Oct. 31, 2021, we estimate that 5,232 current RIAs advise 43,501 private funds, and expect an estimated 136 new RIAs will advise 407 reported private funds per year. We estimate that 4,959 current ERAs advise 23,476 private funds, and estimate an expected 372 new ERAs will advise 743 reported private funds per year. Therefore, we estimate that there are 66,977 currently reported private funds reported by current private fund advisers (43,501 + 23,476), and there will be annually 1,150 new private funds reported by expected private fund advisers (407 + 743). The total number of current and expected new RIAs that report or are expected to report private funds is 5,368 (5,232 current RIAs that report private funds + 136 expected RIAs that would report private funds). | |||||
See 2020 Form ADV PRA Renewal (this per adviser burden was not affected by subsequent amendments to Form ADV). | |||||
We previously estimated that an adviser without the internal capacity to value specific illiquid assets would obtain pricing or valuation services at an estimated cost of $37,625 each on an annual basis. See Rules Implementing Release, supra footnote82. However, because we estimated that external cost in 2011, we are proposing to use an inflation-adjusted cost of $46,865.74, based on the CPI calculator published by the Bureau of Labor Statistics at https://www.bls.gov/data/inflation_calculator.htm. As with previously approved PRA methodologies, we continue to estimate that 6% of RIAs have at least one private fund client that may not be audited. See 2020 Form ADV PRA Renewal. | |||||
Per above, for currently reported private funds, we are proposing to not apply the currently approved burden for initially reporting private funds on Form ADV, because we believe that current private fund advisers have already incurred this burden. For the estimated 1,150 new private funds annually of expected private fund advisers, we calculate the initial burden of 1 hour per private fund. 1 hour per expected new private fund × 1,150 expected new private funds = 1,150 aggregate hours for expected new private funds. For these expected new private funds, we are not proposing to amortize this burden, because we expect new private fund advisers to incur this burden with respect to new private funds each year. Therefore, we estimate 1,150 aggregate initial hours for expected private fund advisers. | |||||
As with previously approved PRA methodologies, we continue to estimate that 6% of registered advisers have at least one private fund client that may not be audited, therefore we estimate that the total number of audits for current and expected RIAs is 6% × 5,368 current and expected RIAs reporting private funds or expected to report private funds = 322.08 audits. We therefore estimate that approximately 322 registered advisers incur costs of $46,865.74 each on an annual basis (see note 29 describing the cost per audit), for an aggregate annual total cost of $15,090,768.30. | |||||
433,004 currently approved burden hours/18,179 advisers (current and expected annually) = 23.82 hours per adviser. See 2021 Form ADV PRA. | |||||
$14,125,083 currently approved aggregate external cost/18,179 advisers (current and expected annually) = $777 blended average external cost per adviser. | |||||
321,237.15 aggregate annual hours for current and expected new advisers (see infra note 38)/(14,756 current RIAs + 552 expected RIAs + 4,813 current ERAs +346 expected ERAs) = 15.70 blended average hours per adviser. | |||||
$34,355,721.05 aggregate external cost for current and expected new advisers (see infra note 39)/(20,467 advisers current and expected annually (see supra footnote 34) = $1,678.59 blended average hours per adviser. | |||||
See 2021 Form ADV PRA. | |||||
See 2021 Form ADV PRA. | |||||
39,367.44. hours (internal initial burden for Parts 1 and 2) + 190,975 4 hours (internal annual amendment burden for Parts 1 and 2) + 66,149.59 hours (internal initial burden for Part 3) + 14,573.92 hours (internal annual amendment burden for Part 3) + 1,245.6 hours (internal initial burden for ERAs) + 7,775.6 hours (internal annual amendment burden for ERAs) + 1,150 hours (Internal initial burden for private funds) = 321,237.15 aggregate annual hours for current and expected new advisers. | |||||
$10,565,759 + $8,732,193.75 + $15,090,768.30 = $34,355,721.05. |
D. Request for Comment
We request comment on whether these estimates are reasonable. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (1) evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) evaluate the accuracy of the Commission's estimate of the burden of the proposed collection of information; (3) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; and (4) determine whether there are ways to minimize the burden of the collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology.
Persons wishing to submit comments on the collection of information requirements of the proposed amendments should direct them to the OMB Desk Officer for the Securities and Exchange Commission, MBX.OMB.OIRA.SEC_desk_officer@omb.eop.gov, and should send a copy to Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090, with reference to File No. S7-25-22. OMB is required to make a decision concerning the collections of information between 30 and 60 days after publication of this release; therefore a comment to OMB is best assured of having its full effect if OMB receives it within 30 days after publication of this release. Requests for materials submitted to OMB by the Commission with regard to these collections of information should be in writing, refer to File No. S7-25-22, and be submitted to the Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549-2736.
V. Initial Regulatory Flexibility Act Analysis
The Commission has prepared the following Initial Regulatory Flexibility Analysis (“IRFA”) in accordance with section 3(a) of the Regulatory Flexibility Act (“RFA”). It relates to proposed rule 206(4)-11 under the Advisers Act and proposed amendments to Form ADV and rule 204-2 under the Advisers Act.
A. Reason For and Objectives of the Proposed Action
The reasons for, and objectives of, the proposed rule and amendments are discussed in more detail in sections I and II, above. The burdens of these requirements on small advisers are discussed below as well as above in sections III and IV, which discuss the burdens on all advisers.
We are proposing rule 206(4)-11 under the Advisers Act to require all advisers registered with the Commission to conduct due diligence and monitoring of its service providers. We believe advisers are increasingly relying on service providers to outsource certain functions without appropriate oversight, and there may be heightened risks because of it such as compliance gaps, poor operational management or risk measurement, or loss of sensitive client information and data. The proposed rule would therefore require a minimum and consistent oversight framework for all investment advisers outsourcing functions or services that are necessary to provide their advisory services in compliance with the Federal securities laws, and that if not performed or performed negligently, would be reasonably likely to cause a material negative impact on an adviser's clients or an adviser's ability to perform its services.
See proposed rule 206(4)-11(a).
We are also proposing related amendments to rule 204-2, the Advisers Act books and records rule, which set forth requirements for making and keeping records related to the due diligence and monitoring requirements. We are proposing these amendments to: (1) conform the books and records rule to the proposed service provider oversight rule; (2) help ensure that an investment adviser retains records of all of its documents related to its service provider oversight; and (3) facilitate the Commission's inspection and enforcement capabilities. In addition, we are proposing to add a new provision to rule 204-2 requiring advisers that rely on a third party for any recordkeeping function required by that rule to perform due diligence and monitoring of that third party consistent with the requirements under proposed rule 206(4)-11 as though the recordkeeping function were a “covered function” and the third party were a “service provider,” each as defined in proposed rule 206(4)-11(b), and obtain reasonable assurances that the third party will meet certain standards. The standards are intended to protect required records from loss, alteration or destruction and to require that such records be accessible to the investment adviser and the Commission staff while maintaining appropriate freedom for investments advisers to contract with service providers to assist with recordkeeping functions.
See proposed rule 204-2 (recordkeeping); proposed rule 204-6, and amendments to rule 204-3 and Form ADV (reporting); and amendments to Forms N-1A, N-2, N-3, N-4, N-6, N-8B-2, and S-6 (disclosure).
See proposed rule 204-2(l).
Lastly, we are proposing amendments to Form ADV for advisers registered or required to be registered with the Commission to disclose information about certain service providers. We believe this requirement would help the Commission and its staff in their efforts to oversee registered investment advisers and enhance client and investor disclosures. More information about service providers that perform covered functions would provide the Commission with a better understanding of the material services and functions that advisers outsource and permit us to enhance our assessment of advisers' reliance on service providers for purposes of targeting examinations. The information would also help us identify particular service providers that may pose a risk to clients and investors and provide us with the ability to conduct a more comprehensive assessment of advisers.
We believe that the proposed rule and amendments discussed above would, together, improve the ability of advisers as well as their clients and prospective clients to evaluate and understand relevant risks and incidents related to the use of service providers that they face and the potential effect on the advisers' services and operations.
1. Proposed Rule 206(4)-11
Proposed rule 206(4)-11 would require an adviser to conduct due diligence before engaging a service provider to perform a covered function. In conducting its due diligence, the adviser would be required to, among other things, identify the nature and scope of the covered function the service provider is to perform, identify and determine how it will mitigate and manage potential risks, determine that the service provider has the competence, capacity, and resources necessary to perform the covered function, determine whether the service provider has any material subcontracting arrangements, and obtain certain reasonable assurances from the service provider. The proposed rule would also require the adviser periodically to monitor the service provider's performance of the covered function and reassess the due diligence required under the proposed rule.
See proposed rule 206(4)-11(a)(1).
See proposed rule 206(4)-11(a)(1).
See proposed rule 206(4)-11(a)(2).
2. Proposed Amendments to Rule 204-2
We are proposing related amendments to rule 204-2, the books and records rule, under the Advisers Act, which sets forth requirements for maintaining, making, and retaining specified books and records. We are proposing to amend the current rule to require advisers to make and keep: (1) a list or other record of covered functions that the adviser has outsourced to a service provider, along with a record of the factors that led the adviser to list it as a covered function; (2) records documenting the due diligence assessment; (3) a copy of any written agreement; and (4) records documenting the periodic monitoring of a service provider. These records would be required to be maintained throughout the time period during which the adviser has outsourced a covered function to a service provider and for a period of five years thereafter.
See proposed rule 204-2(a)(24).
See proposed rule 204-2(e)(4).
We are also proposing an amendment to the rule 204-2 to require every investment adviser registered or required to be registered that relies on a third party to make and/or keep required by rule 204-2, to perform due diligence and monitoring of that third party as prescribed in proposed rule 206(4)-11 as though the recordkeeping function were a “covered function” and the third party were a “service provider”, each as defined in proposed rule 206(4)-11(b), and obtain reasonable assurances that the third party will meet four standards: (i) adopt and implement internal processes and/or systems for making and keeping records on behalf of the investment adviser that meet all of the requirements of the recordkeeping rule applicable to the adviser in providing services to the adviser; (ii) make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser; (iii) for electronic records, allow the investment adviser and staff of the Commission to access the records easily through computers or systems; and (iv) have arrangements in place to ensure the continued availability of records in the event that the third party's operations cease or the relationship with the investment adviser is terminated.
See proposed rule 204-2(l).
3. Proposed Amendments to Form ADV
We are proposing related amendments to Form ADV. The amendments would require advisers registered or required to be registered with the Commission to identify their service providers that perform covered functions, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, the amendments would require specific information that would clarify the services or functions they provide. The new reporting item would appear in Item 7 of Form ADV, which currently requires advisers to disclose information about financial industry affiliations. More detailed information would be required to be filled in Schedule D of Part 1A under the revised Item 7.
B. Legal Basis
The Commission is proposing rule 206(4)-11 under the Advisers Act under the authority set forth in sections 203(d), 206(4), and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(d), 10b-6(4) and 80b-11(a) and (h)]. The Commission is proposing amendments to rule 204-2 under the Advisers Act under the authority set forth in sections 204 and 211 of the Advisers Act of 1940 [15 U.S.C. 80b-4 and 80b-11]. The Commission is proposing amendments to Form ADV under section 19(a) of the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of the Investment Company Act [15 U.S.C. 80a-37(a)], and sections 203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(c)(1), 80b-4, and 80b-11(a) and (h)].
C. Small Entities Subject to the Rules and Rule Amendments
In developing these proposals, we have considered their potential effect on small entities that would be subject to the proposed rule and amendments. The proposed rule and amendments would affect many, but not all, investment advisers registered with the Commission, including some small entities.
1. Small Entities Subject to Proposed Rule 206(4)-11 and Proposed Amendments to Rule 204-2 and Form ADV
Under Commission rules, for the purposes of the Advisers Act and the RFA, an investment adviser generally is a small entity if it: (1) has assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year. Our proposed rule and amendments would not affect most investment advisers that are small entities (“small advisers”) because they are generally registered with one or more state securities authorities and not with the Commission. Under section 203A of the Advisers Act, most small advisers are prohibited from registering with the Commission and are regulated by state regulators. Based on IARD data, we estimate that as of December 31, 2021, approximately 471 SEC-registered advisers are small entities under the RFA.
Advisers Act rule 0-7(a) [17 CFR 275.0-7].
Based on SEC-registered investment adviser responses to Items 5.F. and 12 of Form ADV.
The Commission estimates that based on IARD data as of December 31, 2021, approximately 14,756 investment advisers would be subject to proposed rule 206(4)-11 and the related proposed amendments to rule 204-2 under the Advisers Act and Form ADV.
See supra section III.B.1.
All of the approximately 471 SEC-registered advisers that are small entities under the RFA would be subject to proposed rule 206(4)-11 and the related proposed amendments to rule 204-2 under the Advisers Act and Form ADV.
D. Projected Reporting, Recordkeeping and Other Compliance Requirements
1. Proposed Rule 206(4)-11
Proposed rule 206(4)-11 would impose certain compliance requirements on investment advisers, including those that are small entities. All registered investment advisers, including small entity advisers, would be required to comply with the proposed rule's due diligence and monitoring requirements. The proposed requirements, including compliance and recordkeeping requirements, are summarized in this IRFA (section V.A. above). All of these proposed requirements are also discussed in detail, above, in sections I and II, and these requirements and the burdens on respondents, including those that are small entities, are discussed above in section III (the Economic Analysis) and below. The professional skills required to meet these specific burdens are also discussed in sections III and IV.
There are different factors that would affect whether a smaller adviser incurs costs relating to these requirements that are higher or lower relative to other firms and likely to vary depending on the adviser's current practices. The specifics of these burdens are discussed in the Economic Analysis, which also discusses the burdens on all registered investment advisers. For example, although a smaller adviser's use of service providers should include sufficient oversight by the adviser so as to fulfill the adviser's fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm, those current practices may not meet the specific requirements of the proposal. In addition, smaller advisers who may not enjoy economies of scale or scope or may have less valuable brands than larger advisers, could be expected to be more prone to underinvestment in service provider oversight than larger advisers.
See supra section III.D.
See supra section III.D at footnote 121 and accompanying text.
Also, while we would expect larger advisers to incur higher costs related to this proposed rule in absolute terms relative to a smaller adviser, we would expect a smaller adviser to find it more costly, per dollar managed, to comply with the proposed requirements because it would not be able to benefit from a larger adviser's economies of scale. For example, if there are fixed costs associated with the proposed regulations, then smaller advisers would generally tend to bear a greater cost, relative to adviser size, than larger advisers. To the extent there are material fixed costs associated with the proposed rule, then we would expect the possible negative effect on competition to be greater for smaller advisers who engage service providers because the proposed regulations would tend to increase their costs more (relative to adviser size) than for larger advisers that engage service providers.
See also supra footnote 192 and accompanying text. The division of the service provider's direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties.
Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the proposed rule 206(4)-11. The proposed rule 206(4)-11 under the Advisers Act, which would require advisers to conduct due diligence and monitoring of their service providers, would create new annual costs for advisers. We estimate that the due diligence and monitoring requirements would create an ongoing annual burden of approximately 195.56 hours per small adviser, or 92,108.76 hours in aggregate for small advisers. We therefore expect the annual monetized aggregate cost to small advisers associated with our proposed amendments would be approximately $27,698,987.
See supra sections III.D.1, III.D.2, and IV.
See supra sections III.D.1 and III.D.2. We estimate that the ongoing annual burden for the required due diligence and monitoring of service providers would be on the minimum-cost estimates as described in sections III.D.1 and III.D.2 because we expect smaller advisers to be represented in these lower bound estimates.
See supra sections III.D.1, III.D.2. $867,783,964 total cost × (471 small advisers/14,756 advisers) = $27,698,986.70.
2. Proposed Amendments to Rule 204-2
The proposed amendments to rule 204-2 would impose certain requirements related to the creation and maintenance of records on investment advisers, including those that are small entities. All registered investment advisers, including small entity advisers, would be required to comply with the recordkeeping amendments, which are summarized in this IRFA (section V.C. above). The proposed amendments are also discussed in detail, above, in sections I and II, and the requirements and the burdens on respondents, including those that are small entities, are discussed above in sections III and IV (the Economic Analysis and Paperwork Reduction Act Analysis, respectively) and below. The professional skills required to meet these specific burdens are also discussed in sections III and IV.
Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the proposed amendments to rule 204-2. The proposed amendments to rule 204-2 under the Advisers Act, which would require advisers to make and keep certain documents required under proposed rule 206(4)-11 and 204-2(l), would create a new annual burden of approximately 15 hours per small adviser, or 7,065 hours in aggregate for small advisers. We therefore expect the annual monetized aggregate cost to small advisers associated with recordkeeping required by the proposed amendments would be $1,964,541. The proposed amendments to rule 204-2 also would require advisers that rely on third parties to make and/or keep records required by rule 204-2 to perform certain due diligence and monitoring of such third parties. We estimate that these due diligence and monitoring requirements would create an ongoing annual burden of approximately 29 hours per small adviser, or 13,659 hours in aggregate for small advisers. We therefore expect the annual monetized aggregate cost to small advisers associated with the due diligence and monitoring requirements required by the proposed amendments would be approximately $4,154,849.
See supra section IV.B.
$61,547,276 total cost × (471 small advisers/14,756 advisers) = $1,964,541.
See proposed rule 204-2(l).
See supra section III.D.3. We estimate that the ongoing annual burden for the required due diligence and monitoring of third-party recordkeepers would be on the minimum-cost estimates as described in section III.D.3 because we expect smaller advisers to be represented in this lower bound estimate.
$130,167,595 total cost × (471 small advisers/14,756 advisers) = $4,154,848.01.
3. Proposed Amendments to Form ADV
The proposed amendments to Form ADV would impose certain reporting and compliance requirements on investment advisers, including those that are small entities. Specifically, new Item 7.C. of Form ADV would require advisers to disclose whether they outsource any covered functions to a service provider and report more detailed information about such service providers in new Section 7.C. of Schedule D. All SEC-registered investment advisers, including small entity advisers, would be required to comply with the proposed rule's reporting requirement by completing this portion of Form ADV. The proposed requirements, including reporting and compliance requirements, are summarized in this IRFA (section V.C. above). All of these proposed requirements are also discussed in detail, above, in sections I and II, and these requirements and the burdens on respondents, including those that are small entities, are discussed above in sections III and IV (the Economic Analysis and Paperwork Reduction Act Analysis, respectively) and below. The professional skills required to meet these specific burdens are also discussed in sections III through IV.
The proposal would not require exempt reporting advisers to respond to Item 7.C. See proposed General Instruction 3 (not requiring exempt reporting advisers to complete Form ADV, Part IA, Item 7.C.
Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the Form ADV amendments. New Item 7.C. of Form ADV, which would require advisers to report to the Commission information about certain of their service providers, would create a new annual burden of approximately 0.7 hours per adviser, or 329.7 hours in aggregate for small advisers. We therefore expect the annual monetized aggregate internal cost to small advisers associated with our proposed amendments would be $98,745.15.
See supra section IV.C.
$3,093,595.40 total cost × (471 small advisers/14,756 advisers) = $98,745.15.
E. Duplicative, Overlapping, or Conflicting Federal Rules
1. Proposed Rule 206(4)-11
In proposing this rule 206(4)-11, we recognize that investment advisers today are subject to a number of rules and regulations which indirectly address the oversight of an adviser's service providers. However, investment advisers do not have explicit due diligence and monitoring obligations under the Advisers Act specifically for service providers. The proposed rule would provide a comprehensive oversight framework, consisting of specific due diligence and monitoring elements, which we believe would be complementary to existing obligations and practices rather than duplicative or conflicting.
In addition, rule 206(4)-7 under the Advisers Act requires advisers to consider, among other things, their regulatory obligations and formalize policies and procedures reasonably designed to prevent violation of the Advisers Act. While rule 206(4)-7 does not enumerate specific elements that an adviser must include in its compliance program, advisers may already be assessing the various risks created by their particular circumstances in hiring service providers when developing their compliance policies and procedures to address such risks. To the extent there may be overlap between existing practices employed by firms in implementing their written policies and procedures under rule 206(4)-7 and the proposal, these practices may not meet all the specific requirements of the proposal as existing rules do not provide a comprehensive oversight framework when outsourcing covered functions. Therefore, these practices would be complementary to the requirements of the proposed rule, rather than duplicative or conflicting.
Advisers may also consider the risks associated with the use of service providers when service providers are engaged on behalf of registered investment companies, which may be subject to other oversight rules under the Federal securities laws. For example, rule 38a-1 under the Investment Company Act requires certain compliance procedures and practices by registered investment companies including board approval of the policies and procedures of each adviser, principal underwriter, administrator, and transfer agent of the fund. The board approval must be based on a finding by the board that the policies and procedures are reasonably designed to prevent violation of the Federal securities laws by the fund and the adviser. If these same service providers ( i.e., principal underwriter, administrator, and transfer agent) are engaged by the adviser to service their mutual fund clients, then there may be potential for overlap between the proposed rule and rule 38a-1. However, we believe that the two rules are complementary, and that the adviser should separately conduct its own due diligence and monitoring to the extent that it engages a service provider for its fund clients because unlike 38a-1, the proposed rule is not limited to reviewing solely a service provider's policies and procedures.
See rule 38a-1(a)(1) and (2).
See id.
See id.
Advisers to registered investment companies might also consider the risks of service providers when valuation agents or pricing services are engaged for purposes of complying with rule 2a-5, also known as the valuation rule, under the Investment Company Act. The valuation rule requires that funds assess periodically any material risks associated with determining the fair value of the fund's investments, including material conflicts of interest, and managing those identified valuation risks. As part of the rule, the fund's board might designate a fund's investment adviser as the “valuation designee,” which would be subject to the board's oversight. As the valuation designee, the adviser may choose to outsource certain functions to a service provider such as a third-party pricing agent or valuation company. In the event that it does, there would have to be fund board oversight, which includes periodic reporting to the board of any reports or materials related to the fair value of investments or process for fair valuing fund investments as well as prompt board notification and reporting of any occurrence of matters that materially affect the fair value of the designated portfolio of investments. An adviser's engagement of a valuation agent or pricing services might involve some oversight such as due diligence and monitoring, but it would be focused on the fair valuation of investments, and not a comprehensive oversight of the service provider that engages in other covered functions, which our proposed rule is designed to strengthen.
See rule 2a-5.
See id.
See rule 2a-5(b)(1).
Some advisers may also consider the risks associated with the use of service providers when complying with certain obligations under the Advisers Act. For example, advisers registered or required to be registered with the Commission are subject to section 204A of the Advisers Act, which requires an adviser to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the adviser or any person associated with the adviser. In addition, rule 204A-1 under the Advisers Act requires, among other things, that an adviser's code of ethics sets forth requirements that certain advisory personnel report personal securities trading to provide a mechanism for the adviser to identify improper trades or patterns of trading and its supervised persons comply with the Federal securities laws. As part of an adviser's compliance with these obligations and implementation of its code of ethics, an adviser may conduct some oversight of third party arrangements which relate to certain obligations under its code of ethics, such as the use and protection of material non-public information. While such oversight may include some due diligence and monitoring, it would be focused on the requirements of the adviser's code of ethics, and not a comprehensive oversight of the service provider that engages in other covered functions.
See15 U.S.C. 80b-4a.
See17 CFR 275.204A-1.
Other rules also include requirements for protecting an investment adviser's client information, including the provision of that information to third parties, which could include service providers covered by the proposed rule. Regulation S-P and Regulation S-ID require, among other things, investment advisers registered with the Commission to adopt policies and procedures to protect various records and information of customers. Regulation S-P provides requirements to adopt written policies and procedures reasonably designed to: (i) insure the security and confidentiality of records and information of an adviser's client; (ii) protect against any anticipated threats or hazards to the security or integrity of such records and information; and (iii) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to an adviser's client. Regulation S-ID provides requirements to develop and implement a written identity theft program that includes policies and procedures to identify relevant types of identity theft red flags, detect the occurrence of those red flags, and to respond appropriately to the detected red flags. If the adviser is a financial institution or creditor with covered accounts, Reg. S-ID, at 17 CFR 248.201(e)(4), requires it to “Exercise appropriate and effective oversight of service provider arrangements,” and section VI(c) of the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation in Appendix A to Reg. S-ID provides:
See17 CFR 248.30.
See17 CFR 248.201.
17 CFR 248 Appendix A to Subpart C.
Whenever a financial institution or creditor engages a service provider to perform an activity in connection with one or more covered accounts the financial institution or creditor should take steps to ensure that the activity of the service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft.
Where an adviser outsources certain cybersecurity functions, the adviser may already conduct due diligence and monitoring of service providers pursuant to policies and procedures to address Regulation S-P or Regulation S-ID. For example, advisers may already have policies and procedures to address the handling of non-public trading information or PII when service providers have access to such information under Regulation S-P and S-ID. As another example, if a nonaffiliated trading services provider were to receive nonpublic personal information from the adviser under an exception from Reg. S-P's notice and opt out requirements, its reuse and re-disclosure of the information would be limited to performing trading services for the adviser's clients by Reg. S-P, at 17 CFR 248.11(a), or the corresponding requirement of another Gramm-Leach-Bliley Act regulatory agency if the service provider is not regulated by the SEC.
While some advisers may conduct proper due diligence and monitoring of their valuation agents or pricing services, third-party recordkeepers, and certain service providers such as those arrangements that raise privacy or cybersecurity risks under the existing regulatory framework, there are no Commission rules that explicitly require firms to conduct the comprehensive due diligence and monitoring of their service providers, as proposed under the proposed rule. As stated above, we believe that the proposed rule would be complementary, rather than duplicative of, the current and other proposed rules.
2. Proposed Amendments to Rule 204-2
Together with proposed rule 206(4)-11, we are proposing corresponding amendments to rule 204-2, the Advisers Act books and records rule. Rule 204-2 prescribes the type, manner, location and duration of records to be maintained by registered investment advisers registered or required to be registered with the Commission, but does not currently prescribe requirements for when an adviser outsources one or more required recordkeeping functions to a third party. Under the proposed amendments to rule 204-2, when an adviser relies on a third party to make and keep records of the adviser required under the rule, an adviser would be required to comply with the requirements of proposed rule 204-2(l), including performing the same due diligence and monitoring prescribed by proposed rule 206(4)-11 as though the recordkeeping function were a “covered function” and the third party were a “service provider”, each as defined in proposed rule 206(4)-11(b). An adviser may currently conduct certain due diligence and monitoring of these types of third-party recordkeepers as part of the adviser's efforts to ensure its compliance with its existing recordkeeping obligations. However, these practices may not meet all the specific requirements of the proposal as rule 204-2 does not currently prescribe specific due diligence and monitoring requirements nor does the existing rule framework provide a comprehensive oversight of such service providers. Additionally, under rule 204-2(f), an investment adviser, before discontinuing its investment advisory business or otherwise terminating its advisory activities, is required to arrange and be responsible for the preservation of books and records required by the rule for the remainder of the required retention period. While an adviser may currently seek to coordinate with a third-party recordkeeper to ensure records required under the recordkeeping rule will be preserved for the required retention period, that adviser may not have obtained reasonable assurance that the third party will make arrangements to ensure the continued availability of records should the third party cease its business operations. Proposed rule 204-2(l) is intended to complement existing rule 204-2(f) and ensure the continued availability of the records in the event that a third-party recordkeeper ceases operations or the relationship with the adviser is terminated.
The amendments to rule 204-2 are complementary to the existing recordkeeping framework because the changes would conform rule 204-2 to the proposed service provider oversight rule and provide express requirements for when an adviser outsources recordkeeping functions. There are no duplicative, overlapping, or conflicting Federal rules with respect to the proposed amendments to rule 204-2.
3. Proposed Amendments to Form ADV
Our proposed new Item 7.C in Form ADV Part 1A would require SEC-registered advisers to: (1) indicate whether they outsource any covered functions to a service provider; (2) disclose information of each such service provider including legal and primary business names of the service provider, legal entity identifier, and address of service provider; (3) indicate whether identified service provider is a related person of the adviser; (4) date the service provider was first engaged, and (5) the covered function(s) that the service provider is engaged to perform. Currently, Item 7 in Form ADV Part 1A requires an adviser to disclose information about financial industry affiliations and activities, and to state whether the adviser advises any private funds, and if so, provide certain information related to those private funds. The proposed requirements would not be duplicative of, overlap, or conflict with, other information advisers are required to provide on Form ADV.
F. Significant Alternatives
The Regulatory Flexibility Act (“RFA”) directs the Commission to consider significant alternatives that would accomplish our stated objective, while minimizing any significant economic effect on small entities. We considered the following alternatives for small entities in relation to our proposal: (1) exempting advisers that are small entities from the proposed due diligence and monitoring requirements under proposed rule 206(4)-11 and related provisions under the proposed amendments to rule 204-2, to account for resources available to small entities; (2) establishing different requirements or frequency, to account for resources available to small entities; (3) clarifying, consolidating, or simplifying the compliance requirements under the proposal for small entities; and (4) using design rather than performance standards.
See5 U.S.C. 603(c).
1. Proposed Rules 206(4)-11 and 204-2
The RFA directs the Commission to consider significant alternatives that would accomplish our stated objectives, while minimizing any significant adverse effect on small entities. We considered the following alternatives for small entities in relation to the proposed rules 206(4)-11 and 204-2: (1) differing compliance or reporting requirements that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the proposed rule for such small entities; (3) the use of design rather than performance standards; and (4) an exemption from coverage of the proposed rule, or any part thereof, for such small entities.
Regarding the first and fourth alternatives, the Commission believes that establishing different compliance or reporting requirements for small advisers, or exempting small advisers from the proposed rule, or any part thereof, would be inappropriate under these circumstances. Because the protections of the Advisers Act are intended to apply equally to clients of both large and small firms, it would be inconsistent with the purposes of the Advisers Act to specify differences for small entities under the proposed rule 206(4)-11 and corresponding changes to rule 204-2. We believe that the proposed rule would result in multiple benefits to clients. For example, having appropriate due diligence and monitoring measures in place would help address any potential risks and incidents that occur at the service provider and help protect advisers and their clients from greater risk of harm. We believe that these benefits should apply to clients of smaller firms as well as larger firms. Establishing different conditions for large and small advisers even though advisers of every type and size rely on various service providers for performing covered functions and thus face increasing compliance gap and other risks would negate these benefits. The corresponding changes to rule 204-2 are tailored to address proposed rule 206(4)-11 and the requirements for outsourcing recordkeeping functions.
See supra section III.D.
Regarding the second alternative, we believe the current proposal is clear and that further clarification, consolidation, or simplification of the compliance requirements is not necessary. The proposed rule would require advisers to: (1) conduct certain due diligence before engaging a service provider to perform a covered function; and (2) periodically monitor the service provider's performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements. The proposed rule would provide a minimum, consistent oversight framework regarding an adviser outsourcing functions or services that are necessary to provide advisory services in compliance with the Federal securities laws, and that if not performed or if performed negligently would be reasonably likely to cause a material negative impact on an adviser's clients or an adviser's ability to perform its services. The proposed rule would serve as an explicit requirement for advisers to oversee service providers covered by the rule appropriately and is designed to address our concern that outsourcing covered functions in particular, without further action by the investment adviser, can undermine the adviser's provision of services, and can otherwise harm clients.
See proposed rule 206(4)-11. See also supra section II.B and C.
Regarding the third alternative, we determined to use performance standards rather than design standards. Although the proposed rule requires due diligence and monitoring that are reasonably designed to address a certain number of elements, we do not place certain conditions or restrictions on how to adopt and implement such requirements. The general elements are designed to enumerate core areas that firms must address when conducting due diligence and monitoring of a service provider. Given the number and varying characteristics of advisers, we believe firms need the ability to tailor their measure or method in conducting due diligence and monitoring based on their individual facts and circumstances. Similarly, rather than requiring a written agreement with specific language provisions, the proposed rule would afford advisers the flexibility to customize and tailor their processes to the proposed requirements. Proposed rule 206(4)-11 therefore allows advisers to address the general elements based on the particular risks posed by each adviser's operations and business practices as well as the types of covered functions that are outsourced and the types of service providers engaged. The proposed rule would also provide flexibility for the adviser to determine the personnel who would implement and oversee the effectiveness of its due diligence and monitoring.
See supra section II.B and C.
See proposed rule 206(4)-11(a).
2. Proposed Amendments to Form ADV
The RFA directs the Commission to consider significant alternatives that would accomplish our stated objectives, while minimizing any significant adverse effect on small entities. We considered the following alternatives for small entities in relation to the proposed amendments to Form ADV: (1) differing compliance or reporting requirements that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the proposed amendments for such small entities; (3) the use of design rather than performance standards; and (4) an exemption from coverage of the proposed amendments, or any part thereof, for such small entities.
Regarding the first and fourth alternatives, the Commission believes that establishing different compliance or reporting requirements for small advisers, or exempting small advisers from the proposed amendments, or any part thereof, would be inappropriate under these circumstances. Because the protections of the Advisers Act are intended to apply equally to clients of both large and small firms, it would be inconsistent with the purposes of the Advisers Act to specify differences for small entities under the proposed amendments to Form ADV. We believe that the proposed amendments would result in multiple benefits to clients. For example, the proposed amendments to Form ADV would improve the ability of clients and prospective clients to evaluate and conduct a more comprehensive due diligence of an adviser, addressing any potential concerns related to an adviser's use of a particular service provider. We believe that these benefits should apply to clients of smaller firms as well as larger firms. Establishing different conditions for large and small advisers even though all advisers, regardless of type and size, engage service providers to outsource certain covered functions, would negate these benefits.
See supra section III.D.
Regarding the second alternative, we believe the current proposed amendments are clear and that further clarification, consolidation, or simplification of the compliance requirements is not necessary. The proposed amendments to Form ADV would require advisers to disclose information regarding the service providers that perform covered functions. The proposed amendments to Form ADV would provide for advisers to present clear and meaningful disclosure regarding such service providers to their clients and prospective clients.
See supra section II.D.
Regarding the third alternative, we determined that for the Commission and its staff to better identify and address risks related to outsourcing by advisers and oversee advisers' use of service providers and to enable clients to make better informed decisions about the retention of an adviser, advisers must provide certain baseline information about their service providers. The proposed amendments to Form ADV do not contain any specific limitations or restrictions on the disclosure of service providers. Given the number and varying types of advisers, as well as the types of covered functions and service providers that may be engaged at a particular adviser, respectively, we believe firms need the ability to tailor their disclosures according to their own circumstances.
See supra section II.B.
G. Solicitation of Comments
We encourage written comments on the matters discussed in this IRFA. We solicit comment on the number of small entities subject to the proposed rule 206(4)-11 and proposed amendments to rule 204-2 and Form ADV. We also solicit comment on the potential effects discussed in this analysis; and whether this proposal could have an effect on small entities that has not been considered. We request that commenters describe the nature of any effect on small entities and provide empirical data to support the extent of such effect.
VI. Consideration of Impact on the Economy
For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996, or “SBREFA,” we must advise OMB whether a proposed regulation constitutes a “major” rule. Under SBREFA, a rule is considered “major” where, if adopted, it results in or is likely to result in (1) an annual effect on the economy of $100 million or more; (2) a major increase in costs or prices for consumers or individual industries; or (3) significant adverse effects on competition, investment or innovation. We request comment on whether the proposal would be a “major rule” for purposes of SBREFA. We request comment on the potential effect of the proposed amendments on the U.S. economy on an annual basis; any potential increase in costs or prices for consumers or individual industries; and any potential effect on competition, investment or innovation. Commenters are requested to provide empirical data and other factual support for their views to the extent possible.
Public Law 104-121, Title II, 110 Stat. 857 (1996) (codified in various sections of 5 U.S.C., 15 U.S.C., and as a note to 5 U.S.C. 601).
VII. Statutory Authority
The Commission is proposing rule 206(4)-11 under the Advisers Act under the authority set forth in sections 203(d), 206(4), and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(d), 10b-6(4) and 80b-11(a) and (h)]. The Commission is proposing amendments to rule 204-2 under the Advisers Act under the authority set forth in sections 204 and 211 of the Advisers Act of 1940 [15 U.S.C. 80b-4 and 80b-11]. The Commission is proposing amendments to Form ADV under section 19(a) of the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of the Investment Company Act [15 U.S.C. 80a-37(a)], and sections 203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(c)(1), 80b-4, and 80b-11(a) and (h)].
List of Subjects in 17 CFR Parts 275 and 279
- Reporting and recordkeeping requirements
- Securities
Text of Proposed Rule and Form Amendments
For the reasons set out in the preamble, title 17, chapter II of the Code of Federal Regulations is proposed to be amended as follows:
PART 275—RULES AND REGULATIONS, INVESTMENT ADVISERS ACT OF 1940
1. The authority citation for part 275 continues to read, in part, as follows:
Authority: 15 U.S.C. 80b-2(a)(11)(G), 80b-2(a)(11)(H), 80b-2(a)(17), 80b-3, 80b-4, 80b-4a, 80b-6(4), 80b-6a, and 80b-11, unless otherwise noted.
Section 275.204-2 is also issued under 15 U.S.C. 80b-6.
Amend § 275.204-2 by adding reserved paragraphs (a)(20) through (23) and paragraphs (a)(24), (e)(4), and (l) to read as follows:
(a) * * *
(20)-(23) [Reserved]
(24)(i) A list or other record of Covered Functions that the adviser has outsourced to a Service Provider, as defined in § 275.206(4)-11, including the name of each Service Provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a Covered Function;
(ii) Records documenting the due diligence assessment conducted pursuant to § 275.206(4)-11, including any policies and procedures or other documentation as to how the adviser will comply with § 275.206(4)-11(a)(1)(ii);
(iii) A copy of any written agreement, including any amendments, appendices, exhibits, and attachments, entered into with a Service Provider regarding Covered Functions, each as defined in § 275.206(4)-11; and
(iv) Records documenting the periodic monitoring of a Service Provider pursuant to § 275.206(4)-11.
(e) * * *
(4) Books and records required to be made under paragraph (a)(24) of this rule shall be maintained in an easily accessible place throughout the time period during which the adviser has outsourced a Covered Function to a Service Provider and for a period of five years thereafter.
(l) Every investment adviser subject to paragraph (a) of this section that relies on a third party to make and/or keep any books and records required by this section (the recordkeeping function) must:
(1) Due diligence and monitoring. Perform due diligence and monitoring as prescribed in § 275.206(4)-11(a)(1) and (a)(2) with respect to the recordkeeping function, and make and keep such records as prescribed in paragraph (a)(24) of this section, in each case as though the recordkeeping function were a Covered Function as defined in § 275.206(4)-11(b) and the third party were a Service Provider as defined in § 275.206(4)-11(b); and
(2) Obtain reasonable assurances that the third party will:
(i) Adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the requirements of this section as applicable to the investment adviser;
(ii) Make and/or keep records of the investment adviser that meet all of the requirements of this section as applicable to the investment adviser;
(iii) For electronic records of the investment adviser that are made and/or kept by the third party under this subparagraph, allow the investment adviser and staff of the Commission to access the records easily through computers or systems during the required retention period pursuant to this section; and
(iv) Make arrangements to ensure the continued availability of records of the investment adviser that are made and/or kept under this subparagraph by the third party that will meet all of the requirements of this section as applicable to the investment adviser in the event that the third party ceases operations or the relationship with the investment adviser is terminated.
3. Section 275.206(4)-11 is added to read as follows:
(a) As a means reasonably designed to prevent fraudulent, deceptive, or manipulative acts, practices, or courses of business within the meaning of section 206(4) of the Act (15 U.S.C. 80b-6(4)), it shall be unlawful for an investment adviser registered or required to be registered under section 203 of the Act (15 U.S.C. 80b-3) to retain a Service Provider to perform a Covered Function unless:
(1) Due diligence. Before engaging such Service Provider, the adviser reasonably identifies, and determines that it would be appropriate to outsource the Covered Function and that it would be appropriate to select that Service Provider, by:
(i) Identifying the nature and scope of the Covered Function the Service Provider is to perform;
(ii) Identifying, and determining how it will mitigate and manage, the potential risks to clients or to the adviser's ability to perform its advisory services resulting from engaging a Service Provider to perform the Covered Function and engaging that Service Provider to perform the Covered Function;
(iii) Determining that the Service Provider has the competence, capacity, and resources necessary to perform the Covered Function in a timely and effective manner;
(iv) Determining whether the Service Provider has any subcontracting arrangements that would be material to the Service Provider's performance of the Covered Function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the investment adviser's ability to perform its advisory services in light of any such subcontracting arrangement;
(v) Obtaining reasonable assurance from the Service Provider that it is able to, and will, coordinate with the investment adviser for purposes of the adviser's compliance with the Federal securities laws, as applicable to the Covered Function; and
(vi) Obtaining reasonable assurance from the Service Provider that it is able to, and will, provide a process for orderly termination of its performance of the Covered Function.
(2) Monitoring. The adviser periodically monitors the Service Provider's performance of the Covered Function and reassesses the retention of the Service Provider in accordance with the due diligence requirements of paragraph (a)(1) of this section and with a manner and frequency such that the investment adviser reasonably determines that it is appropriate to continue to outsource the Covered Function and that it remains appropriate to outsource it to the Service Provider.
(b) Definitions. For the purposes of this section:
Covered Function means a function or service that is necessary for the investment adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser's clients or on the adviser's ability to provide investment advisory services. A covered function does not include clerical, ministerial, utility, or general office functions or services.
Service Provider means a person or entity that:
(i) Performs one or more Covered Functions; and
(ii) Is not a supervised person, as defined in 15 U.S.C. 80b-2(a)(25), of the investment adviser.
PART 279—FORMS PRESCRIBED UNDER THE INVESTMENT ADVISERS ACT OF 1940
4. The authority citation for part 279 continues to read as follows:
Authority: The Investment Advisers Act of 1940, 15 U.S.C. 80b-1 et seq.,Pub. L. 111-203, 124 Stat. 1376.
5. Amend Form ADV (referenced in § 279.1) by:
a. In General Instructions, revising the second sub-bullet point paragraph to the first bullet point paragraph under Instruction 3;
b. In Instructions for Part 1A, revising the heading and introductory text of 6. Item 7;”
c. In Glossary of Terms, redesignating items 11 through 53 as 12 through 54, and items 55 through 65 as 57 through 67;
d. In Glossary of Terms, adding new items 11 and 57;
e. In Part 1A, revising Item 7 heading and introductory text, and adding C; and
f. In Schedule D, adding Section 7.C.
The additions and revisions read as follows:
Note:
The text of Form ADV does not, and this amendment will not, appear in the Code of Federal Regulations.
By the Commission.
Dated: October 26, 2022.
Vanessa A. Countryman,
Secretary.
BILLING CODE 8011-01-P
[FR Doc. 2022-23694 Filed 11-15-22; 8:45 am]
BILLING CODE 8011-01-C