Overview

On October 26, 2022, the Securities and Exchange Commission ("SEC") proposed Rule 206(4)-11, a new rule ("Proposed Rule") under the Investment Advisers Act of 1940 ("Advisers Act") that would prohibit registered investment advisers ("RIAs") from outsourcing certain services (the "Covered Functions") without meeting the requirements set forth in the Rule. If adopted, compliance would be required starting ten months from the rule's effective date (the "Compliance Date"), and would only apply to the engagement of new service providers made on or after the Compliance Date. However, the ongoing monitoring provisions of the Proposed Rule would apply to all service providers, regardless of when they were engaged.

In a statement regarding the Proposed Rule, SEC Chair Gary Gensler cited increased use of third-party service providers by investment advisers and concern that RIAs using service providers "continue to meet their obligations to the investing public."

Service Providers

A "Service Provider" is anyone who (i) performs a Covered Function and (ii) is not a supervised person of the RIA. The definition of Service Provider does not provide an exception for affiliates of the RIA or for entities registered under the Advisers Act.

Covered Functions

A Covered Function is a function or service that is required for the adviser's compliance with federal securities laws, and which, when performed negligently, can cause a material negative impact on the adviser's clients or services. Examples of a material negative impact include a material financial loss to a client or a material disruption of an RIA's investment operations.

Generally, the SEC would consider Covered Functions to encompass services and functions that relate to an RIA's investment decision processes or to the management of the RIA's portfolio. The SEC provided a non-exhaustive list of examples of Covered Function areas, such as investment guidelines, investment models, custom indexes, software services related to investments, trading and portfolio management software, portfolio accounting services, outsourced chief compliance officers and compliance consultants, and cybersecurity. The SEC did not provide definitive guidance, but instead stated that such examples may be Covered Functions for one RIA, but not another, depending on the "facts and circumstances."

Determining what constitutes a material negative impact also depends, according to the SEC, on the "facts and circumstances." The SEC provided some factors that RIAs should consider, such as, among other things, the degree to which the RIA relies on a Service Provider for the RIA's day-to-day operations, whether the RIA has a robust internal backup process, and whether the Service Provider is maintaining critical records.

Services provided by marketers and solicitors, as well as clerical, ministerial, utility, or general office functions are not Covered Functions for the purposes of the Proposed Rule.

Requirements

The Proposed Rule introduces four main requirements for RIAs:

1. Due Diligence and Monitoring

The Proposed Rule would require RIAs to conduct due diligence on Service Providers prior to outsourcing Covered Functions. Under the Proposed Rule, RIAs would be required to determine the appropriateness of outsourcing a Covered Function and selecting a Service Provider by:

  1. identifying the scope and nature of the Covered Function;
  2. identifying the risks involved and determining how to mitigate those risks;
  3. ensuring that the Service Provider has the ability to properly provide the Covered Functions;
  4. determining whether the Service Provider uses subcontractors, and identifying and mitigating the risks involved;
  5. obtaining reasonable assurances that the Service Provider will coordinate with the RIA to ensure that the RIA will comply with the regulatory requirements of the Covered Functions; and
  6. obtaining reasonable assurances that there is a process for the orderly termination of the RIA's relationship with the Service Provider.

The Proposed Rule also would require advisers to periodically monitor the Service Provider's performance and reevaluate the appropriateness of outsourcing Covered Functions under the due diligence requirements above.

2. Books and Records

The Proposed Rule would amend the current Rule 204-2 (the "Books and Records Rule") under the Advisers Act to require RIAs to maintain information regarding the Service Providers, including the factors that led the RIA to outsource the Covered Functions to each Service Provider, records of the due diligence assessments described above, a copy of any written agreements, and records documenting the required periodic monitoring.

3. Oversight of Service Providers Serving as Recordkeepers

The Proposed Rule would further amend the Books and Records Rule to require RIAs that rely on third parties for the RIAs' record-keeping requirements to treat such recordkeepers as Service Providers, and in addition obtain reasonable assurances that the Service Provider will:

  1. adopt and implement internal processes for making or keeping records that meet the RIA's recordkeeping requirements under the Books and Records Rule;
  2. will keep the RIA's records in a manner that complies with the Books and Records Rule;
  3. provide easy access to the RIA's electronic records to the RIA and to the SEC; and
  4. provide access to the RIA's records as required by the Books and Records Rule after the termination of the Service Provider's relationship with the RIA.

4. Form ADV Changes

The Proposed Rule would require RIAs to provide census-type information about Service Providers in Form ADV's new item 7.C. in Part 1A and Section 7.C. in Schedule D.

Item 7.C will include checkboxes for the following Covered Functions:

Adviser / Subadviser; Client Servicing; Cybersecurity; Investment Guideline / Restriction; Compliance; Investment Risk; Portfolio Management (excluding Adviser / Subadviser); Portfolio Accounting; Pricing; Reconciliation; Regulatory Compliance; Trading Desk; Trade Communication and Allocation; Valuation; and Other.

These public disclosures are intended to alert the SEC and advisory clients of outsourced Covered Functions and the Service Providers performing them.

Implications

While the Proposed Rule is designed to protect investors and enhance SEC oversight of RIA relations with third parties, the rule has garnered criticism from industry leaders. SEC Commissioner Hester M. Pierce has openly opposed the proposal as "repackaging existing fiduciary obligations into a new set of prescriptions for investment advisers" and as unduly and disproportionately burdensome on smaller advisers. Investment Adviser Association President and CEO Karen Barr has similarly criticized the new oversight requirements as being "overly burdensome and prescriptive and fail[ing] to recognize how little leverage firms have over many service providers" and being "not adequately tailored to the range of firms it covers, including smaller advisers."

Given the broad due diligence, monitoring, recordkeeping, and reporting requirements of the new rule, it is expected that industry participants will comment extensively on the SEC's proposal. Comments on the proposed rulemaking are due 30 days after publication in the Federal Register or December 27, 2022, whichever is later.

Jacob Botros, Associate Attorney, contributed as an author.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.