SEC Proposes New Requirements for Adviser Oversight of Service Providers
On 26 October 2022, the Securities and Exchange Commission (SEC) proposed new Rule 206(4)-11 (the Proposed Rule) under the Investment Advisers Act of 1940 (Advisers Act) and related amendments (together with the Proposed Rule, the Proposals), which, if adopted, would prohibit registered investment advisers from outsourcing certain services or functions without first meeting certain minimum requirements. Citing increasing use of third-party service providers and concern about investor harm resulting from such outsourcing, the SEC stated in the release relating to the Proposals1 (the Proposing Release) that the proposed “consistent oversight framework” for all advisers would help to protect investors’ interests and provide the SEC with visibility into advisers’ oversight practices and the related potential risks.
Specifically, the Proposals would require advisers to:
- Perform due diligence on a “service provider” before retaining that provider to perform a “covered function” (defined below);
- Monitor a service provider’s performance and reassess the selection of the service provider to perform the covered function; and
- Maintain books and records relating to its due diligence and monitoring activities.
Among other types of service providers, it is likely that fund administrators and outsourced chief financial officers would be encompassed by the Proposed Rule, and the SEC indicated that outsourced chief compliance officers–among certain other compliance functions–would definitely be covered by the Proposed Rule. The Proposals also would require advisers to conduct similar due diligence on and monitoring of third-party recordkeepers, as well as obtain “reasonable assurances” that the recordkeepers will meet specific standards. Although most (if not all) investment advisers already conduct due diligence on, and monitor the services provided by, many of their service providers, the Proposals will likely pose additional challenges to such advisers. We discuss some of these challenges, including the difficulty in determining which functions and service providers will be covered by the Proposals, below.
The Proposals also may result in additional obligations not only being imposed on advisers but also on service providers. While they are not the subject of the Proposals, from a commercial perspective, advisers may increase the scope and depth of their due diligence of service providers in order to satisfy the requirements of the Proposals. Advisers also may negotiate into service provider agreements more robust representations, warranties, and reporting obligations, and they may seek to use the Proposals as an opportunity to shift commercial risk through more adviser-friendly exculpation and indemnity standards for service providers.
Comments to the Proposals are due the later of 27 December 2022 or 30 days after publication in the Federal Register. If adopted, advisers would be expected to comply with the Proposed Rule starting 10 months from the rule’s effective date.
Identifying a “Covered Function”
Under the Proposed Rule, a “covered function” is defined as a service or function that:
- Is necessary to provide advisory services in compliance with the federal securities laws; and
- If not performed, or if performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.
While the SEC stresses in the Proposing Release that the definition is not intended to include clerical, ministerial, utility, or general office functions or services, it also indicates that, in addition to functions central to an adviser’s advisory services (e.g., portfolio management), certain middle- and back-office functions relating to such services could also potentially be covered functions. Whether or not such a service would be a covered function will depend on the relevant facts and circumstances, thereby charging advisers with a duty to make their own reasonable determinations based on their own businesses and circumstances. For example, in assessing whether there would be a material negative impact, an adviser should consider factors such as its day-to-day operational reliance on the service provider, internal backup at the provider, and whether critical records are made or maintained by the service provider. As such, certain functions may be deemed covered functions for one adviser but not for another. In the Proposing Release, the SEC did provide some guidance as to what it expects would be considered covered functions and thus subject to the Proposed Rule.2 In its proposed amendments to Form ADV (Section 7.C of Schedule D), the SEC provides the following broad examples of potential covered function categories:
Potential Covered Function Categories
- Adviser and Subadviser
- Client Services
- Investment Guideline and Restriction Compliance
- Investment Risk
- Portfolio Management (excluding Advise and /Subadviser)
- Portfolio Accounting
- Regulatory Compliance
- Trading Desk
- Trade Communication and Allocation
In addition, the SEC indicated that it views the following activities as being subject—or not subject—to the Proposed Rule:
|Covered Functions||Not Covered Functions|
|Engaging an index provider for purposes of developing an investment strategy for the adviser’s clients.
||Licensing a widely available index from an index provider to use as a performance hurdle.|
|Outsourcing compliance functions, including its chief compliance officer, and regulatory filings.
||Functions performed by marketers and solicitors.|
|Valuation and pricing services to assist in fair-value determinations.
||Common market data providers providing publicly available information.|
|Engaging an index provider to create or lease an index for the adviser to follow as a strategy for its advisory clients.||Purchasing a license to utilize a commonly available index solely as a comparison benchmark for performance and not to inform the adviser’s investment decisions.
|Technology integral to investment decision-making process, such as artificial intelligence.
||Licensing of general software providers of widely commercially available operating systems.|
|Providing orders to a broker-dealer and allocating securities to client accounts after trades are made.
||Lease of commercial office space or equipment.|
|Identifying which portfolios to include in or exclude from a transaction.
||Use of public utility companies, or utility or facility maintenance services.|
Despite the foregoing guidance in the Proposing Release regarding the SEC’s views, advisers may find the definition of “covered function” vague. For example, at certain times, such as during a fund launch, legal counsel could be reasonably viewed as a covered function under the proposed definition, even though it is unlikely that advisory clients expect the adviser to oversee its legal counsel. In addition, an adviser could reasonably determine that, based on the proposed definition, a consulting service, such as one providing proxy voting guidance, is a covered function, which would then require the adviser to conduct due diligence on such consultant, which, depending on the provider, could prove unpracticable.
Identifying a “Service Provider”
Under the Proposed Rule, a “service provider” is defined as a person or entity that:
- Performs one or more covered functions; and
- Is not an adviser’s “supervised person” as such term is defined in the Advisers Act.3
As indicated above, the Proposed Rule does not distinguish between third-party and affiliated service providers. The SEC stated in the Proposing Release that the risks that the Proposed Rule is designed to address exist regardless of any affiliation, and an affiliation does not ensure adviser oversight. In addition, the Proposed Rule would not exclude service providers that are already subject to other federal securities laws, such as SEC-registered broker-dealers and other SEC-registered investment advisers. Furthermore, to the extent that a subadviser retained by the adviser itself engages a service provider, that subadviser would be required to comply with the Proposed Rule as it relates to such engagement. The SEC is seeking numerous comments in connection with the foregoing proposed definitions, including whether the term “covered function” should be more broad or more narrow and whether the definition of “covered function” should be expanded to include functions or services necessary for the adviser to comply with the federal securities laws or with the Advisers Act. It also invites comments regarding, among other things, whether particular provisions are sufficiently clear or should be revised.
Request for Comment
In connection with these proposed reforms, the SEC is seeking comment on, among other things, whether there should be exclusions from the definition of “service provider” for subadvisers, dually registered broker-dealers, and affiliated and related persons of an adviser. The SEC is also seeking comment on whether there should be an explicit exception for when a registered investment company retains the service providers listed in Rule 38a-1 under the Investment Company Act of 1940 (i.e., principal underwriter, fund administrator, and transfer agent). In addition, it has requested comment on whether the Proposed Rule should include a provision that excludes—entirely or in part—an adviser’s existing engagement with a service provider that occurred prior to any compliance date of the Proposed Rule.
Due Diligence Prior to Engaging a Service Provider
Prior to engaging a service provider to perform a covered function, the adviser must have reasonably identified and determined through due diligence that it would be appropriate to outsource the covered function, and it would be appropriate to select that service provider, by complying with the following six elements that address:
- The nature and scope of the services;
- Potential risks resulting from the service provider performing the covered function, including how to mitigate and manage such risks;
- The service provider’s competence, capacity, and resources necessary to perform the covered function;
- The service provider’s subcontracting arrangements related to the covered function;
- Coordination with the service provider for federal securities law compliance; and
- The orderly termination of the provision of the covered function by the service provider.
The Proposed Rule requires that the due diligence be conducted prior to the initial engagement or the addition of any new covered function.4 Whether an adviser’s due diligence is reasonable is a facts-and-circumstances analysis, and due diligence must be reasonably tailored to the covered function to be outsourced, as well as to the particular service provider.
Introducing a specific formulation for due diligence could be potentially burdensome, as advisers are arguably already required to conduct due diligence on their service providers in connection with the advisers’ fiduciary duties, and they are thus already conducting due diligence that they determined to be appropriate. The elements of such due diligence may differ from that proposed by the SEC in the Proposed Rule. In addition, satisfying the prescribed six elements may prove challenging to certain advisers with respect to service providers for which there is little transparency, easy accessibility, or competition. For example, depending on an adviser’s resources, it may not have various options when selecting a printing service to prepare offering documents or brochures, and the service may not be equipped—or willing—to respond to comprehensive due diligence requests or provide certifications, particularly when such requests are received by numerous investment advisers seeking to comply with the Proposed Rule. While an adviser may seek to negotiate service provider agreements to provide for certain representations by the service provider on which it may rely, it is unclear whether this would be sufficient to satisfy the due diligence requirement.
Request for Comment
In connection with the due diligence requirement, the SEC is seeking comment on, among other things, whether it should exempt certain service providers or covered functions from some or all of the due diligence requirements. Noting that the Proposed Rule does not currently require advisers to adopt specific procedures relating to service provider oversight (as advisers are currently already required by Rule 206(4)-7 under the Advisers Act to have policies and procedures reasonably designed to prevent violations of the Advisers Act and the rules thereunder), the SEC is also seeking comment on whether the Proposed Rule should require such specific policies and procedures and whether Rule 38a-1 under the Investment Company Act of 1940 should be amended to require particular policies and procedures with respect to registered investment companies.
Periodic Monitoring of Service Providers
The Proposed Rule would also require an adviser to periodically monitor the performance of a service provider and to reassess whether the engagement should be continued. This assessment would be based on the same due diligence requirements set forth above. The Proposed Rule would require an adviser to revisit its findings from its initial due diligence and consider whether any adjustments should be made in light of, among other things, changes to the covered function performed by the service provider and any relevant industry or market changes. The Proposals also would require an adviser to document and keep records relating to its periodic monitoring of service providers.5
The Proposed Rule does not specify the manner (including the frequency) in which the monitoring and reassessment must be performed. Rather, advisers will be responsible for monitoring their service providers in a way that they reasonably determine is appropriate in light of the applicable facts and circumstances. For example, the frequency of monitoring will depend on factors such as how often the service provider conducts the covered function, the covered function’s complexity, or the risk that nonperformance, or negligent performance, of the covered function would present to clients. Any change in risk profile for the covered function also should be considered in determining the frequency of monitoring.
Recordkeeping for Covered Functions
The Proposals include an amendment to Rule 204-2 under the Advisers Act (which governs books and records) to require advisers to make and keep a record of covered functions outsourced to service providers, including the name of the service provider and, with respect to each covered function, the factors that led the adviser to view it as a covered function. This requirement could be satisfied by, among other things, entering into a written agreement with the service provider that includes an express statement that the service is a covered function and lists the factors that lead to a determination that the service is a covered function, or it could be satisfied by recording in a written memorandum the names of the applicable service providers, explaining why a service is a covered function, and stating the factors that led to the service being deemed a covered function.
Additional New Requirements
The Proposals would require advisers to disclose census-type information relating to service providers that perform covered functions on Form ADV through new Item 7.C in Part 1A and Section 7.C in Schedule D. This information would include, among other information, the identification of service providers, their location, the date first engaged to provide the covered function, and whether they are a related person of the adviser. The SEC notes that the proposed disclosures would provide more public information about outsourced functions and advisers’ use of third-party service providers. The SEC further notes that the new disclosures would help the SEC better understand the services and functions outsourced to service providers and to identify the use of particular service providers that may present a risk to adviser clients and investors.
Request for Comment
In connection with the proposed Form ADV requirements, the SEC is requesting comments on, among other things, whether advisers have concerns with the public disclosure of service providers that perform covered functions and whether private fund advisers should be required to provide information about their service providers to private fund investors through additional or different disclosure requirements.
Under the Proposals, an adviser relying on a third-party recordkeeper must comply with an oversight framework requiring the same due diligence, monitoring, and record retention as a “covered function” outsourced to a “service provider.” An adviser also would be required to obtain reasonable assurances that the recordkeeper will satisfy the following four specific standards:
- The third party will have internal processes for making or keeping records that would satisfy all requirements under the recordkeeping rules;
- When making or keeping records, the third party will in practice do so in compliance with all requirements of the recordkeeping rule as applicable to the adviser;
- With respect to electronic records, the third-party will permit the adviser and the SEC to easily access the records though computers or other systems during the required period for retention; and
- Arrangements will be made to ensure continued availability of records, in compliance with the recordkeeping rules, in the event the relationship is terminated or the service provider otherwise ceases operations.
The SEC noted that the manner in which assurances are obtained may vary by arrangement, and they could include a written agreement setting out the standards or the use of letters of understanding or statements of work.
Transition and Compliance
As noted above, if the Proposals are adopted, advisers would be required to comply with the new requirements starting 10 months following the effective date of the rule. This is an aggressive compliance period, particularly in light of the number of other proposed rules—and adopted new rules—approved by the SEC in the last year. Compliance within this time period may prove particularly challenging for smaller advisers with fewer resources and personnel.
The Proposals are broad with potentially far-reaching implications. For example, advisers that utilize passive investment strategies and engage various index providers in connection therewith may need to conduct more formal, more enhanced, or otherwise different due diligence, monitoring, and recordkeeping than they are currently conducting. While the SEC provided some examples of the types of functions it views as covered functions, that was not an exclusive list, and each adviser will need to make its own reasonable assessment—which provides the opportunity for second-guessing. Given the scope of service providers potentially within purview of an adviser’s oversight obligations under the Proposals, the due diligence and ongoing monitoring requirements may be quite burdensome for advisers.
We acknowledge the contributions to this publication from our law clerk Crystal Liu.
1 Outsourcing by Investment Advisers, Release No. IA-6176 (Oct. 26, 2022), https://www.sec.gov/rules/proposed/2022/ia-6176.pdf.
2 The Proposed Rule would apply even where there is no written agreement with a service provider to perform a covered function, and it would apply to affiliated service providers. The SEC suggests, however, that advisers consider the use of a written agreement as a best practice.
3 Section 2(a)(25) defines a “supervised person” as any partner, officer, director (or other person occupying a similar status or performing similar functions), employee of an adviser, or other person who provides investment advice on behalf of the adviser and is subject to the supervision and control of the adviser. Supervised persons are excluded as likely already subject to oversight of the adviser.
4 With respect to existing engagements, an adviser would be expected to comply with the proposed ongoing monitoring and reassessment requirements (discussed below).
5 The SEC indicates that these records would likely include: performance reports from the service provider; summaries of any financial, operational, or third-party assessments of the service provider; any new or increased risks relating to the service provider and how the adviser will mitigate or manage such risks; any amendments to written agreements with the service provider; the adviser’s monitoring-related written policies and procedures; any changes to the nature and scope of the covered function; and a record of any inadequate or failed performance by the service provider and subsequent responses from the adviser.
This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.