SEC Proposes New Rule and Related Amendments Addressing Outsourcing by Investment Advisers

On October 26, 2022, the SEC proposed a new rule and related rule amendments under the Investment Advisers Act[1] (the “Proposed Rules”) (available here) that would establish a new oversight framework for outsourcing by investment advisers that are registered or required to be registered with the SEC (“advisers”). According to the proposing release, the SEC has observed an increase in advisers outsourcing functions that are necessary for the provision of advisory services and issues related thereto. While this outsourcing may be intended to help advisers meet the evolving and increasingly complex demands of clients in a cost-effective way, the proposing release states that there is a risk that, without appropriate adviser oversight, investors could be harmed. If adopted, the Proposed Rules would:

• require advisers to conduct due diligence prior to engaging a “service provider” to perform a “covered function” (each, as defined below) and to periodically monitor the performance and reassess the retention of the service provider;
• require advisers to conduct due diligence prior to engaging a third party to perform a “recordkeeping function” (as defined below) and to periodically monitor the performance and reassess the retention of the third-party recordkeeper, as well as to obtain reasonable assurances that the third party will meet certain standards;
• require advisers to make and/or keep books and records related to the foregoing due diligence and monitoring requirements; and
• amend Form ADV to collect census-type information about advisers’ use of service providers.

Importantly, the proposing release emphasizes that an adviser remains liable for its obligations, including under the Investment Advisers Act (including its fiduciary duties), other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. The proposing release further provides that “[a]n adviser’s use of service providers should include sufficient oversight by an adviser so as to fulfill the adviser’s fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm.”

Outsourced Functions Covered by the Proposed Rules

The Proposed Rules would apply to advisers that outsource a “covered function” to a “service provider.”[2]

A “covered function” is defined as:

• a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws,[3] and
• that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact[4] on the adviser’s clients or on the adviser’s ability to provide investment advisory services.

Clerical, ministerial, utility, or general office functions or services are excluded from the definition.

Whether an outsourced function is a covered function would depend on the facts and circumstances of the particular adviser. Examples of potential covered functions discussed in the proposing release include: adviser/subadviser, client services, cybersecurity, investment guideline/restriction compliance, investment risk, portfolio management (excluding adviser/subadviser), portfolio accounting, pricing, reconciliation, regulatory compliance, trading desk, trade communication and allocation, and valuation.

Due Diligence

Before retaining a service provider to perform a covered function, an adviser would be required to reasonably identify and determine through due diligence that it would be appropriate to outsource the covered function, that it would be appropriate to select that service provider, and once selected, that it is appropriate to continue to outsource the covered function. In particular, the Proposed Rules would require an adviser to:

• identify the nature and scope of the covered function the service provider is to perform;
• identify and determine how it would mitigate and manage the potential risks to clients or to the adviser’s ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function;
• determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner;
• determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identifying and determining how the adviser will mitigate and manage potential risks to clients or to the adviser’s ability to perform its advisory services in light of any such subcontracting arrangement;
• obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws; and
• obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.

Monitoring

Once a service provider is engaged, the Proposed Rules would require an adviser to periodically monitor the service provider’s performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements of the Proposed Rules. The adviser would be required to monitor in a manner and frequency such that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider.

Recordkeeping Obligations Related to Due Diligence and Monitoring

An adviser would be required to make and keep certain records documenting the due diligence of a service provider of a covered function including: a list or other record of covered functions that the adviser has outsourced to a service provider and the name of each service provider, along with a record of the factors that led the adviser to list it as a covered function, and documentation of the due diligence assessment. In addition, an adviser would be required to make and keep a copy of any written agreement with a service provider regarding covered functions. Finally, an adviser would be required to make and keep records documenting the periodic monitoring of a service provider of a covered function.

Form ADV

Additionally, an adviser would be required to report census-type information about these service providers on Form ADV. In particular, advisers would be required to identify their service providers that perform covered functions, provide the location of the office principally responsible for the covered functions, provide the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, specific information that would clarify the services or functions they provide would also be required.

Enhanced Oversight of Third-Party Record Keepers

Many advisers outsource various “recordkeeping functions.”[5] Some of these functions involve record creation,[6] others focus solely on record storage and retention,[7] and many will include creation as well as storage and retention functions. The Proposed Rules would require an adviser that relies on a third-party recordkeeper to conduct due diligence and monitoring of that third party consistent with the requirements for covered functions performed by service providers under the Proposed Rules (as discussed above). An adviser would also be required to make and keep records documenting its due diligence and monitoring of that third-party recordkeeper as though the recordkeeping function were a covered function and the third party were a service provider.

In addition, advisers would be required to obtain reasonable assurances that the third party will meet four standards, which address the third party’s ability to:

• adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of the recordkeeping rule applicable to the books and records being maintained on behalf of the adviser;
• make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser;
• provide access to electronic records; and
• ensure the continued availability of records if the third party’s relationship with the adviser or its operations cease.

Next Steps

The public comment period will remain open until the later of December 27, 2022 or the date that is 30 days after the publication of the Proposed Rules in the Federal Register. If adopted, the SEC is proposing a ten-month transition period following the effective date for advisers to come into compliance with the Proposed Rules. The Proposed Rules would apply to any new engagements made after the transition period. The monitoring requirements of the Proposed Rules would apply to existing engagements beginning after the transition period.

*       *       *

[1]        Investment Advisers Act of 1940, as amended (the “Investment Advisers Act”).

[2]        A “service provider” is defined as a person or entity that: (i) performs one or more covered functions; and (ii) is not a supervised person, as defined in section 2(a)(25) of the Investment Advisers Act, of the adviser. A “supervised person” is any partner, officer, director, (or other person occupying a similar status or performing similar functions), or employee of an adviser, or other person who provides investment advice on behalf of the adviser and is subject to the supervision and control of the adviser. The Proposed Rules do not distinguish between third-party service providers and affiliated service providers.

[3]        Generally, the SEC would consider functions or services that are related to an adviser’s investment decision-making process and portfolio management to meet the first element of the definition. The SEC would also consider functions or services that help ensure the adviser complies with the regulatory requirements to meet the first element of the definition.

[4]        Determining what constitutes a material negative impact would depend on the facts and circumstances but may include a material financial loss to a client or a material disruption in the adviser’s operations resulting in the inability to effect investment decisions or to do so accurately.

[5]        A “recordkeeping function” is where an adviser relies on a third party to make and/or keep any books and records required by rule 206-4 (commonly referred to as the “recordkeeping rule”) under the Investment Advisers Act. These service providers are referred to as third-party recordkeepers.

[6]        An example would be a firm that calculates performance or rates of return for one or more portfolios that the adviser may use to manage the investments in the portfolios, include in statements to clients or marketing materials provided to prospective clients, or show on its website.

[7]        Examples include: data- and record-management companies, offsite storage companies, or information technology companies (e.g., cloud service providers) that store or retain records.