On February 9, 2022, the SEC proposed a series of sweeping new rules and rule amendments[1] (“Proposed Rules”) under the Investment Advisers Act of 1940 (“Advisers Act”). If adopted, these rules would prohibit certain activities relating to private funds and significantly increase the reporting, disclosure and compliance requirements of private fund advisers,[2] including by:

  • prohibiting certain allocations of fees and expenses, compensation arrangements and transactions involving conflicts of interest;
  • prohibiting certain “preferential” redemption rights and information rights provided to investors, including by way of side letters;
  • requiring the delivery of quarterly statements regarding private fund performance, fees and expenses;
  • requiring the delivery of a fairness opinion in connection with certain GP-led secondaries transactions;
  • requiring an annual, independent audit for each private fund;
  • requiring the adoption and implementation of written policies and procedures designed to address cybersecurity risks;
  • expanding the “books and records” rule relating to each of the above; and
  • requiring written documentation of the adviser’s annual compliance audit.

Certain of the Proposed Rules would move U.S. securities laws applicable to private funds from a largely disclosure-based regime to a rules-based regime.

Prohibited Activities

The Proposed Rules would prohibit all private fund advisers, including those that are not registered (i.e., exempt reporting advisers), from engaging in certain practices, conflicts of interest and compensation arrangements that are, according to the SEC’s Proposing Release, “contrary to the public interest and the protection of investors.” Some of these activities are common in the private funds’ marketplace and have been accepted for years by advisers and investors in their advisory contracts as market standard. For instance, the Proposed Rules would change the decades-long accepted allocation of risks manifested in typical fund documents. These activities would be prohibited regardless of whether the private fund’s governing documents permit such activities, the adviser otherwise discloses the practices and/or the private fund’s investors (or LPAC) have consented to the activities either expressly or implicitly. The prohibited activities include:

  • reducing the amount of an “adviser clawback”[3] (commonly referred to as a “GP clawback”) by actual, potential or hypothetical taxes applicable to the adviser, its related persons, or their respective owners or interest holders;
  • seeking reimbursement, indemnification, exculpation or limitation of an adviser’s liability by the private fund or its investors for a breach of fiduciary duty (regardless of whether state or other law would permit an adviser to waive its fiduciary duty), willful misfeasance, bad faith, negligence or recklessness in providing services to the private fund;
  • charging a portfolio investment[4] for monitoring, servicing, consulting or other fees in respect of any services the investment adviser does not, or does not reasonably expect to, provide to the portfolio investment (e.g., accelerated monitoring fees; private funds with a 100% management fee offset if the adviser retains excess transaction fees where no further management fee offset can be applied and the private fund investors are not offered a rebate or another economic benefit equal to their pro rata share of any such excess fees);
  • charging a private fund for fees or expenses associated with an examination or investigation of the adviser or its related persons[5] by governmental or regulatory authorities;
  • charging a private fund for regulatory or compliance expenses or fees of the adviser or its related persons (e.g., the adviser’s Form ADV);
  • charging fees or expenses related to a portfolio investment on a non-pro rata basis when multiple private funds and other clients advised by the adviser or its related persons have invested (or propose to invest) in the same portfolio investment; and
  • borrowing money, securities or other fund assets, or receiving an extension of credit, from a private fund client.

Preferential Treatment; Side Letters

The Proposed Rules would prohibit private fund advisers from providing certain types of “preferential” treatment (based on a facts and circumstances analysis) to private fund investors, including preferential redemption rights and preferential information rights regarding the portfolio holdings or exposures of the private fund, in each case, if the adviser reasonably expects such treatment to have a material, negative effect on other investors in that private fund or in a substantially similar pool of assets:[6]

In addition, private fund advisers would be prohibited from, directly or indirectly, providing any other preferential treatment (e.g., excuse rights, lower fees) to any private fund investor, unless the adviser provides written disclosure regarding such preferential treatment:

  • with respect to a prospective investor in the same private fund, prior to the investor’s investment; and
  • with respect to an existing investor in the same private fund, annually if any preferential treatment has been provided to an investor since the last notice provided.

Quarterly Statement

The Proposed Rules would require private fund advisers to provide standardized, quarterly statements to investors[7] within 45 days after each calendar quarter end detailing information about each private fund’s fees, expenses and performance (unless such quarterly statement is prepared and delivered by another person). Each statement would be required to include prominent disclosure regarding the manner in which expenses, payments, allocations, rebates, waivers and offsets are calculated, as well as cross references to the relevant sections of the private fund’s organizational and offering documents that set forth the calculation methodology.

  • Private Fund-Level Table and Disclosure – a single table that would provide reporting on a fund-wide basis (as opposed to individualized investor-level reporting) allowing investors to compare costs across private funds, including line items reflecting total dollar amounts in each of the following categories:
    • all compensation, fees and other amounts allocated or paid to the adviser or any of its related persons by the private fund during the reporting period (“adviser compensation”),[8] including, but not limited to, management, advisory, sub-advisory, or similar fees or payments, and “performance-based compensation”[9] (including carried interest) (in each case, both before and after the application of any offsets, rebates or waivers);
    • all fees and expenses paid by the private fund during the reporting period other than those disclosed as adviser compensation (“fund expenses”), including, but not limited to, organizational, accounting, legal, administration, audit, tax, due diligence and travel expenses (in each case, both before and after the application of any offsets, rebates or waivers); and
    • the amount of any offsets or rebates carried forward during the reporting period to subsequent quarterly periods to reduce future payments or allocations to the adviser or its related persons.
  • Portfolio Investment-Level Table and Disclosure – a single table covering all portfolio investments that allocated or paid the investment adviser or its related persons compensation, fees or other amounts during the reporting period, including line items in each of the following categories:
    • the total dollar amount of all “portfolio investment compensation” [10] allocated or paid by each “covered portfolio investment”[11] during the reporting period, including origination, management, consulting, monitoring, servicing, transaction, administrative, advisory, closing, disposition, directors, trustees or similar fees or payments by the covered portfolio investment to the investment adviser or any of its related persons (in each cases, both before and after the application of any offsets, rebates or waivers); and
    • the private fund’s ownership percentage of each covered portfolio investment (determined as of the end of the reporting period) that paid or allocated portfolio investment compensation to the adviser or its related persons during the reporting period or, if the fund does not have an ownership interest in the covered portfolio investment (e.g., where the fund holds a debt instrument), the adviser would be required to list zero percent as the fund’s ownership percentage along with a brief description of the fund’s investment in such covered portfolio investment.
  • Performance Disclosure – standardized fund performance information based on the type of fund, including prominent disclosure of the criteria used and assumptions made in calculating the performance:
    • “Illiquid Funds”[12] (typically, private equity, real estate and venture capital funds) – the following performance measures, shown since inception of the illiquid fund through the end of the quarter covered by the quarterly statement and computed without the impact of any “fund-level subscription facilities”[13]:
      • gross internal rate of return[14] (“IRR”) and gross multiple of invested capital[15] (“MOIC”) for the illiquid fund;
      • net IRR and net MOIC for the illiquid fund;
      • gross IRR and gross MOIC for the realized and unrealized portions of the illiquid fund’s portfolio, with the realized and unrealized performance shown separately; and
      • a “statement of contributions and distributions”[16] for the illiquid fund.
    • “Liquid Funds”[17] (typically, hedge funds) – the following performance measures:
      • annual net total returns for each calendar year since inception;
      • average annual net total returns over the one-, five- and ten- calendar year periods; and
      • the cumulative net total return for the current calendar year as of the end of the most recent calendar quarter covered by the quarterly statement.

Adviser-led Secondaries

The Proposed Rules would prohibit a private fund adviser from completing an adviser-led secondary[18] transaction with respect to any private fund, unless the adviser distributes to investors in the private fund, prior to the closing of the transaction, a fairness opinion from an independent opinion provider[19] and a summary of any material business relationships[20] the adviser or any of its related persons has, or has had within the past two years, with the independent opinion provider.

Mandatory Annual Audit

The Proposed Rules would require[21] registered private fund advisers to obtain a financial statement audit[22] at least annually for each private fund (and upon a fund’s liquidation), performed by an independent public accountant[23] and prepared in accordance with U.S. GAAP.[24] Such audited financial statements would be required to be distributed to current investors[25] “promptly” (rather than pursuant to a specific deadline) after the completion of the audit. The private fund adviser would be required to enter into a written agreement with the auditor pursuant to which the auditor must notify the SEC: (i) promptly upon issuing an audit report to the private fund that contains a modified opinion and (ii) within four business days of resignation or dismissal from, or other termination of, the engagement, or upon removing itself or being removed from consideration for being reappointed.

Cybersecurity

The SEC also proposed new cybersecurity risk management rules and amendments to enhance cybersecurity preparedness and improve the resilience of investment advisers and investment companies[26] against cybersecurity threats and attacks. The Proposed Rules would require:

  • Policies and Procedures – investment advisers to adopt and implement written policies and procedures that are reasonably designed to address cybersecurity risks, in each case, tailored to the adviser based on its business operations, including its complexity, and attendant cybersecurity risks. The Proposed Rules list certain general elements that advisers would be required to address in their cybersecurity policies and procedures, including the following:
    • Risk Assessment – periodic assessments of cybersecurity risks associated with adviser information systems and adviser information residing therein, including requiring the adviser to: (i) categorize and prioritize cybersecurity risks based on an inventory of the components of their information systems, the information residing therein, and the potential effect of a cybersecurity incident on the adviser; and (ii) identify their service providers that receive, maintain or process adviser information, or that are permitted to access their information systems, including the information residing therein, and identify the cybersecurity risks associated with the use of these service providers;
    • User Security and Access – controls designed to minimize user-related risks and prevent the unauthorized access to information and systems; related policies and procedures must include: (i) requiring standards of behavior for individuals authorized to access adviser information systems and any adviser information residing therein, such as an acceptable use policy; (ii) identifying and authenticating individual users, including implementing authentication measures that require users to present a combination of two or more credentials for access verification; (iii) establishing procedures for the timely distribution, replacement, and revocation of passwords or methods of authentication; (iv) restricting access to specific adviser information systems or components thereof and adviser information residing therein solely to individuals requiring access to such systems and information as is necessary for them to perform their responsibilities and functions on behalf of the adviser; and (v) securing remote access technologies used to interface with adviser information systems;
    • Information Protection – monitoring of information systems and protecting information from unauthorized access or use, based on a periodic assessment of their information systems and the information that resides on the systems, taking into account: (i) the sensitivity level and importance of adviser information to its business operations; (ii) whether any adviser information is personal information; (iii) where and how adviser information is accessed, stored and transmitted, including the monitoring of adviser information in transmission; (iv) adviser information systems access controls and malware protection; and (v) the potential effect of a cybersecurity incident involving adviser information on the adviser and its clients, including the ability for the adviser to continue to provide investment advice; oversight of service providers that receive, maintain or process adviser information, or are otherwise permitted to access adviser information systems and any adviser information residing;
    • Cybersecurity Incident Response and Recovery – measures to detect, respond to and recover from a cybersecurity incident, including policies and procedures that are reasonably designed to ensure: (i) continued operations of the adviser; (ii) the protection of adviser information systems or adviser information residing therein; (iii) external and internal cybersecurity incident information sharing and communications; and (iv) reporting of significant cybersecurity incidents to the SEC; and
    • Threat and Vulnerability Management – the ability to detect, mitigate, and remediate cybersecurity threats and vulnerabilities with respect to adviser information and systems.
  • Proposed Form ADV-C – Advisers would be required to report “significant adviser cybersecurity incidents”[27] to the SEC on proposed Form ADV-C on a confidential basis, including on behalf of a private fund client. An adviser would be required to submit Form ADV-C promptly, but in no event more than 48 hours, after having a reasonable basis to conclude that a significant adviser cybersecurity incident or a significant fund cybersecurity incident had occurred or is occurring. Form ADV-C would include both general and specific questions related to the significant cybersecurity incident, such as the nature and scope of the incident as well as whether any disclosure has been made to any clients and/or investors. Advisers would be required to amend any previously filed Form ADV-C promptly, but in no event more than 48 hours, after information reported on the form becomes materially inaccurate; if new material information about a previously reported incident is discovered; and after resolving a previously reported incident or closing an internal investigation pertaining to a previously disclosed incident.
  • Form ADV Part 2A – Enhanced adviser disclosures would be required on Form ADV Part 2A related to cybersecurity risks and incidents that could materially affect[28] the advisory services they offer and how they assess, prioritize and address cybersecurity risks created by the nature and scope of their business relationship. Advisers would be required to describe any cybersecurity incidents that occurred within the last two fiscal years that have significantly disrupted or degraded the adviser’s ability to maintain critical operations, or that have led to the unauthorized access or use of adviser information, resulting in substantial harm to the adviser or its clients. An adviser would be required to deliver interim brochure amendments to existing clients promptly if the adviser adds disclosure of a cybersecurity incident to its brochure or materially revises information already disclosed in its brochure about such an incident. The timing of the brochure amendment delivery should take into account the exigent nature of cybersecurity incidents which would generally militate toward swift delivery to clients.

Books and Records; Annual Compliance Review

The SEC proposed amending Rule 204-2 under the Advisers Act (the “books and records rule”) to require private fund advisers to retain records related to each of the above proposals. The SEC also proposed amending Rule 206(4)-7 under the Advisers Act (the “compliance rule”) to require all registered investment advisers to document the annual review of the adequacy of their compliance policies and procedures in writing.

Next Steps

The public comment period will remain open for 60 days following publication of the Proposed Rules on the SEC’s website or 30 days following publication of the Proposed Rules in the Federal Register, whichever is longer. If adopted, the SEC is proposing a one-year transition period for advisers to come into compliance with the Proposed Rules (other than the cybersecurity rules, which appear to become effective upon adoption).