Continuing an extensive rule-making season, the Securities and Exchange Commission proposed new requirements under the Investment Advisers Act of 1940 regarding the oversight of both affiliated and third-party service providers (Proposed Rule) by investment advisers registered or required to be registered with the SEC (advisers).1 If adopted, the Proposed Rule likely would have a significant impact on investors and managers, by increasing general compliance, recordkeeping costs and potential liability, which could lead advisers to reconsider whether to outsource covered functions or retain those services in-house. Smaller offices and firms in particular likely will have greater difficulty in complying, given the ambiguity in the scope of the Proposed Rule. Firms and service providers may want to consider submitting comment letters to press the SEC to limit the scope of the Proposed Rule and to provide additional guidance and clarity if adopted.
The Proposed Rule’s accompanying release (Release) discusses the increased use of outsourcing by advisers.2 The Proposed Rule, if adopted, would prescribe minimum initial and ongoing due diligence and monitoring obligations for advisers for the outsourcing of “covered functions.”
Advisers who outsource covered functions would be subject to the following requirements:
- Due Diligence: Reasonably determining, based on specified due diligence considerations, that the covered function and a service provider, including certain subcontracting arrangements by a service provider, are appropriate prior to engaging a service provider;
- Monitoring: Periodically monitoring, and reassessing the retention of, a service provider pursuant to due diligence requirements;
- Recordkeeping: Maintaining certain books and records related to the advisers’ obligations under the proposed oversight framework;
- Form ADV Disclosure: Providing additional disclosure of covered functions and service providers on Form ADV; and
- Oversight of Third-Party Recordkeeping: Conducting due diligence and monitoring of the third parties used by an adviser to make and/or keep the books and records.
The burdens associated with implementing the Proposed Rule likely will increase costs for both advisers and investors, particularly given the uncertainty as to what constitutes a “covered function.” Additionally, the Proposed Rule raises the possibility of enforcement action focusing on the performance of service providers and the adviser’s determination to outsource and the selection and oversight of a service provider.
The Proposed Rule would prohibit an adviser from retaining a service provider to perform a covered function unless the adviser conducts certain due diligence and satisfies monitoring requirements. Advisers to registered investment companies would need to comply with the Proposed Rule with respect to service providers retained on behalf of the registered investment company, provided the criteria below are satisfied.
Pursuant to the Proposed Rule, a covered function is any function: (1) that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws; and (2) that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.
Whether a certain service is a covered function would be a fact-specific determination, meaning that certain functions may be covered functions for one adviser but not for another, and that not every function provided by a service provider would be deemed to be a “covered function.” The Release provides some guidance, but is ambiguous, particularly as to how an adviser should select and monitor service providers that furnish technology solutions or incorporate technology into their product or service.
For the first prong, the Release notes that functions or services that are related to an adviser’s investment decision-making process and portfolio management generally will constitute a covered function. For the second prong, the Release notes the following factors for determining whether a certain service or function would be reasonably likely to have a material negative impact:
- The day-to-day operational reliance on the service provider;
- The existence of a robust internal backup process at the adviser; and
- Whether the service provider is making or maintaining critical records.3
Significant to managers employing quantitative strategies where the investment decision-making process relies on “artificial intelligence or software as a service,” such functions may be deemed covered functions even though these are primarily technology services.
As proposed, a service provider is any person, whether affiliated or a third party, which: (1) performs one or more covered functions; and (2) is not a supervised person of the adviser.
The Proposed Rule also would require that advisers consider any subcontractors engaged by the service provider if the “arrangement would be material if nonperformance or negligent performance would be reasonably likely to cause significant negative impact on the service provider’s ability to perform the covered function.”
The Proposed Rule would require an adviser, prior to engaging a service provider or adding new covered functions to an existing engagement, to reasonably identify and determine that: it would be appropriate to outsource a covered function; it would be appropriate to select the service provider; and once selected, it would be appropriate to continue to outsource the covered function and to continue to use the incumbent service provider. Accordingly, the Proposed Rule describes six specific elements on which to focus the due diligence review:
- Identify the nature and scope of the covered function;
- Identify and determine how the adviser would mitigate and manage the potential risks to clients or to the adviser’s ability to perform its advisory services, resulting from outsourcing a covered function to a service provider;
- Determine that the service provider has the competence, capacity and resources necessary to perform the covered function in a timely and effective manner;
- Determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identify and determine how the adviser will mitigate and manage potential risks in light of any such arrangements;
- Obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser to ensure the adviser’s compliance with the Federal securities laws; and
- Obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.
The due diligence would need to be reasonably tailored to the covered function being outsourced and to the potential service provider.
The Proposed Rule would require an adviser to periodically monitor a service provider’s performance of a covered function and reassess the retention of the service provider, including any relevant subcontractors, in accordance with the due diligence criteria described above. The manner and frequency would depend on the nature and importance of the outsourced function and would need to be sufficient to enable the adviser to reasonably determine that it is appropriate to continue to outsource the covered function and retain the service provider. If an adviser cannot sufficiently monitor a service provider or is concerned that the service provider’s actions or inactions may harm the adviser’s clients or result in a regulatory violation, then the adviser could need to terminate the service provider relationship.
Recordkeeping Related to Due Diligence and Monitoring
In the Release, the SEC also proposed amendments to Rule 204-2 under the Advisers Act (Books and Records Rule) that would require advisers to make and retain specific records related to their due diligence assessment, including: a record of outsourced covered functions and the responsible service providers; the factors that led to listing the covered functions on Form ADV; and documentation of the adviser’s due diligence assessment. Similarly, the proposed amendments to the Books and Records Rule would require the adviser to make and keep records documenting the periodic monitoring of a service provider of a covered function.
Form ADV Reporting
The proposed amendments to Form ADV are intended to enhance the SEC’s ability to oversee advisers and provide additional public information about the disclosure to the adviser’s clients with respect to its use of service providers. The Proposed Rule would require an adviser to: identify its outsourced covered functions and the service providers that perform them; state the location of the service provider’s office principally responsible for the covered functions; provide the date the service providers were first engaged for the covered functions; and note whether the service providers are related persons of the adviser. As proposed, the outsourced covered functions would be disclosed by selecting from a pre-populated list or by selecting “other” and providing a description of the covered function(s).
Oversight of Third-Party Recordkeeping
A separate set of proposed amendments to the Books and Records Rule would require advisers that rely on a third party to make and/or keep any books and records required by the Books and Records Rule to comply with similar due diligence and monitoring requirements to those outlined above. In addition, the adviser would be required to ensure that the third-party service provider will maintain records that comply with the Books and Records Rule. The adviser would need to obtain reasonable assurance that the third-party service provider will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the adviser that meet all of the requirements of the Books and Records Rule that are applicable to the adviser. Further, the adviser would need to obtain reasonable assurance that the third-party service provider will allow the adviser and SEC staff access to the records easily during the required retention period and ensure the continued availability of records pursuant to the Books and Records Rule, in the event that the third-party service provider ceases operations or its relationship with the adviser is terminated.
Additional Considerations for Private Fund Advisers
These proposals follow a separate set of rules proposed earlier this year aimed at private funds (Proposed Private Funds Rules).4 The Proposed Private Funds Rules would prohibit, among other things, private fund advisers from charging the fund for “regulatory or compliance expenses or fees of the adviser or its related persons.” Thus, should both rules be adopted as proposed, and any of the costs associated with complying with the proposed outsourcing oversight requirements constitute regulatory or compliance expenses, private fund advisers would be prohibited from charging such costs to the fund and likely would need to absorb those costs themselves.
Outsourcing Does Not Alter an Adviser’s Fiduciary or Contractual Duties to Clients
Additionally, the Release expands upon the SEC’s statements in the Commission Interpretation Regarding Standard of Conduct for Investment Advisers and the Proposed Private Fund Rules as to the obligations of advisers by stating that “an adviser remains liable for its obligations, including under the Advisers Act, the other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions.”5 The SEC clearly indicates that outsourcing does not generally diminish an adviser’s obligation to assure that covered functions are properly carried out; rather, the Release emphasizes that continuing oversight is necessary “to ensure [those] obligations are continuing to be met despite the adviser not performing those functions itself.” The Release also signals the SEC’s belief that disclosure likely would not be sufficient to alter this general precept, stating that investors inherently would “expect the adviser to provide [advisory] services and, if significant aspects of those services are outsourced to a provider, to oversee those outsourced functions effectively. To do otherwise would be misleading, deceptive, and contrary to the public interest... disclosure cannot address this deception.” As such, an adviser that fails to discharge its obligations in selecting and overseeing a service provider could be liable for that failure. Additionally, although it does not appear that the Proposed Rule makes advisers guarantors against the negligent act of a properly selected and overseen provider, the SEC is likely to view any such negligence as triggering a need for an accelerated determination as to the continuation of an outsourcing arrangement or as evidence of insufficient oversight.
The Proposed Rule currently contemplates a 10-month compliance period following its effective date if the rule is adopted. If adopted, the Proposed Rule would apply to any engagement of new service providers beginning on or after the compliance date. The monitoring requirements would apply to existing relationships with service providers. An adviser would be required to periodically monitor the performance of its existing service providers that provide covered functions and to reassess the retention of the service providers according to the due diligence requirements. The Proposed Rule as written would apply to all current applicable adviser engagements, meaning advisers may need to revisit existing arrangements to review for compliance and potentially amend its current contracts to satisfy the Proposed Rule.
Key Dates and Timing
Advisers, service providers, investors and other market participants are encouraged to submit comments to the SEC regarding the Proposed Rule and related amendments. During its discussion of the Proposed Rule, the SEC expressed interest in comments related to the definition of a covered function and whether the Proposed Rule, as written, would allow advisers to reasonably tailor their due diligence and monitoring obligations for the specific covered function and service provider. The Release was published in the Federal Register on November 16, 2022.6 Comments on the Proposed Rule and related amendments must be submitted by December 27, 2022.7