SEC Proposes Rule Requiring Service Provider Due Diligence and Monitoring by Registered Investment Advisers

On October 26, the Securities and Exchange Commission (SEC) issued a rule release (Release) that proposed new and amended rules (Proposed Rule) under the Investment Advisers Act of 1940, as amended (Advisers Act).¹ The Proposed Rule seeks to establish an oversight framework across SEC-registered investment advisers that outsource covered functions (Covered Functions) to service providers (Service Providers), as such terms are defined below. The Proposed Rule would require advisers to consider and document their consideration of specified factors in their diligence of Service Providers. This was previously left to advisers’ discretion, subject to their fiduciary duty to clients. 

Background

While acknowledging that outsourcing can benefit advisers and their clients in a number of ways—such as providing investment guidelines, portfolio management, models related to investment advice, custom indexes, investment risk services or software, trading services or software, or portfolio accounting services—the Release provided a lengthy discussion of risks presented by advisers outsourcing necessary advisory functions without appropriate oversight. The SEC specifically cited the risks of:

• A disruption or interruption of outsourced services affecting an adviser’s ability to provide services to its clients
• An adviser’s poor oversight leading to financial losses for its clients, including through market losses, increased transaction costs, or missed investment opportunities
• An adviser’s excessive oversight resulting in costs to the adviser and its clients that outweigh the intended benefits of outsourcing
• Compliance gaps enabling fraudulent, deceptive, or manipulative activity by employees and agents of a third party to occur or continue unaddressed.
• An outsourced provider’s major technical difficulties preventing an adviser from executing an investment strategy or accessing an account, or causing the loss or misuse of sensitive client information and data
• A third party’s conflicts of interests harming an adviser’s clients when the third party recommends or otherwise highlights investments that it also owns or manages for others
  
  

Scope of the Proposed Rule

Covered Functions

The Proposed Rule would apply to Covered Functions, which are services or functions that (1) are necessary to provide advisory services in compliance with federal securities laws and (2) would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services if not performed or if performed negligently. Whether a service or function is a Covered Function will depend on the facts and circumstances. 

With respect to the first prong of the definition of Covered Function—whether a service or function is necessary to provide advisory services in compliance with the federal securities laws—the Release provided several categories of services or functions that are often Covered Functions when outsourced by advisers:

• Adviser/Subadviser
• Client Services
• Cybersecurity
• Investment Guideline/Restriction Compliance
• Investment Risk
• Portfolio Management
• Portfolio Accounting
• Pricing
• Reconciliation
• Regulatory Compliance
• Trading Desk
• Trade Communication and Allocation
• Valuation
  
  

With respect to the second prong of the definition of Covered Function—whether a service or function would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services if not performed or performed negligently—the Release identified a number of factors advisers may consider when determining what would be reasonably likely to have a material negative impact:

• The day-to-day operational reliance on the Service Provider
• The existence of a robust internal backup process at the adviser
• Whether the Service Provider is making or maintaining critical records, among other things
  
  

Functions and services that are merely clerical, ministerial, utility, and general office would be excluded from the definition of Covered Function. The Release provided that Covered Functions would not include an adviser’s lease of commercial office space or equipment, use of public utility companies, utility or facility maintenance services, or licensing of general software providers of widely commercially available operating systems, word processing systems, spreadsheets, or other similar off-the-shelf software. 

Because the determination of what constitutes a Covered Function depends on the facts and circumstances, certain services or functions may be Covered Functions for one adviser but not for another adviser. Therefore, parties that perform functions on behalf of advisers may be in the scope of the Proposed Rule with respect to one adviser but not for another adviser. 

Service Providers

The Proposed Rule would apply to Service Providers, which are defined as persons or entities that (1) perform one or more Covered Functions and (2) are not supervised persons of the adviser, as defined in the Advisers Act (Supervised Persons).² The definition does not include Service Providers independently selected and retained by clients. Importantly, it does include advisers’ affiliates or persons subject to other provisions of the Advisers Act (such as SEC-registered advisers) or other federal securities laws (such as broker-dealers). 

Required Oversight Framework

Due Diligence and Monitoring

The Proposed Rule would require advisers to identify and determine through due diligence that outsourcing the Covered Function to Service Providers is appropriate in each instance. In doing so, advisers would be required to consider the following factors in advance of engaging an outsourced provider:

• The nature and scope of the Covered Function
• Potential risks resulting from the Service Provider performing the Covered Function, including how to mitigate and manage such risks
• The Service Provider’s competence, capacity, and resources necessary to perform the Covered Function
• The Service Provider’s material subcontracting arrangements related to the Covered Function
• Coordination with the Service Provider for federal securities law compliance
• The orderly termination of the performance of the Covered Function
  
  

Advisers would then need to periodically monitor the Service Provider’s performance and reassess their selection of the Service Provider in accordance with the foregoing due diligence requirements. 

Additional Requirements for Third-Party Recordkeepers

The Proposed Rule would require advisers utilizing third-party recordkeepers to conduct due diligence and monitoring of such recordkeepers consistent with the requirements applicable to Covered Functions discussed above. The Proposed Rule would further require advisers to obtain reasonable assurances that the third-party recordkeeper will meet four standards, which address the third-party’s ability to:

• Adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of Rule 204-2 under the Advisers Act (Books and Records Rule) with respect to the books and records being maintained on behalf of the adviser 
• Make and/or keep records that meet all the requirements of the Books and Records Rule
• Provide access to electronic records
• Ensure the continued availability of records if the third-party recordkeeper’s relationship with the adviser or its operations cease
  
  

Books and Records and Form ADV 

The Proposed Rule would require advisers to make and keep a list or other record of Covered Functions that it has outsourced and the name of each Service Provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a Covered Function. This requirement could be satisfied by a written agreement between the adviser and Service Provider, explicitly stating that the function or service provided is a Covered Function under the Proposed Rule and the name of each Service Provider and potentially including the factors that led the function to be deemed a Covered Function. Instead, or in addition to a written agreement, the adviser might prepare a written memorandum or other document containing the required information. 

The Proposed Rule would also amend Form ADV to include a new Item 7.C in Part 1A and Section 7.C in Schedule D. These sections would require advisers to identify outsourced Covered Functions and provide census-type information about the Service Providers that provide Covered Functions. Such information would include the names and addresses of the Service Providers and an indication as to the types of services provided. Advisers would also have to indicate whether identified Service Providers are related persons.³

Our Thoughts

Most advisers are already conducting due diligence of outsourced providers that would be Service Providers under the Proposed Rule in accordance with their fiduciary duty to clients. To the extent they are not, they are already subject to potential enforcement actions for Service Provider-related failures or infractions occurring in the absence of appropriate due diligence and oversight. Further, the subjective nature of what constitutes a Covered Function will create confusion and uncertainty among advisers, leaving them open to potential enforcement actions depending on their application of the two-prong definition discussed above. Read broadly, the definition of Covered Function could include almost any function outsourced by an investment adviser, triggering the numerous oversight functions set forth in the Proposed Rule.

Advisers may also experience increased costs to meet the requirements of the Proposed Rule, as noted by the Release. The potential compliance costs of the Proposed Rule may be significant enough to cause advisers to cease outsourcing certain Covered Functions, which could cause a decrease in the overall quality of such advisers’ services. If advisers decide to perform Covered Functions in-house to avoid costs associated with the Proposed Rule, these functions may be performed less efficiently than they would have been had they been outsourced. And even if Covered Functions that advisers bring in-house are performed as efficiently as or more efficiently than they would have been performed by a Service Provider, there will be a resulting increase in in-house expenses. Increased costs may also cause Service Providers to terminate relationships with advisers, which creates the burden of finding suitable replacements or alternatives. In addition, compliance costs from the Proposed Rule may disproportionately impact small or newly emerging advisers more than large or established advisers that are better positioned to absorb or pass on these expenses.

Next Steps

The comment period for the Proposed Rule is open until December 27 or 30 days after publication in the Federal Register, whichever is later. Lowenstein Sandler will monitor the status of the Proposed Rule and provide additional updates and analysis in future Client Alerts so that advisers can determine whether changes are required to their existing compliance policies and procedures. Please contact one of the listed authors of this Client Alert or your regular Lowenstein Sandler contact if you have any questions regarding the Proposed Rule.

¹ The Proposed Rule can be found here: https://www.sec.gov/rules/proposed/2022/ia-6176.pdf.
² Section 202 of the Advisers Act defines “supervised person” as “any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser.”
³ The Glossary of Terms to Form ADV defines a “related person” as “[a]ny advisory affiliate and any person that is under common control with your firm.”