On October 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed a new Rule 206(4)-11 and amendments to Rule 204-2 under the U.S. Investment Advisers Act of 1940 (Advisers Act), as well as amendments to Form ADV, regarding the use of third-party service providers by investment advisers who are registered or required to be registered under the Advisers Act (advisers).1
In an accompanying statement, SEC Chair Gary Gensler said, “When an investment adviser outsources work to third parties, it may lower the adviser’s costs, but it does not change an adviser’s core obligations to its clients. [The proposed rule is] designed to ensure that advisers’ outsourcing is consistent with their obligations to clients.”2
The proposed rule is designed to prohibit advisers from outsourcing “covered functions” to “service providers” (each as described further below) without meeting minimum requirements, including the following:
- Due Diligence. Conduct due diligence on service providers prior to outsourcing;
- Monitoring. Periodically monitor service providers’ performance;
- Books and Records. Make and keep books and records related to diligence and monitoring;
- Third-Party Recordkeeping. Conduct diligence on and monitor third-party recordkeepers, and obtain reasonable assurances that they will meet certain standards; and
- Form ADV. Report service providers on Form ADV.3
“Covered function” means a function or service that is necessary for the investment adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.4
The SEC provides the following non-exclusive checklist of covered functions in proposed amendments to Form ADV: adviser/subadviser, client servicing, cybersecurity, investment guideline/restriction compliance, investment risk, portfolio management (excluding adviser/subadviser), portfolio accounting, pricing, reconciliation, regulatory compliance, trading desk, trade communication and allocation, and valuation.5
However, the proposal excludes “clerical, ministerial, utility, or general office functions or services” from the definition of covered function.6 For example, “lease[s] of commercial office space or equipment, use of public utility companies, utility or facility maintenance services, or licensing of general software providers of widely commercially available operating systems, word processing systems, spreadsheets, or other similar off-the-shelf software” would not be considered covered functions.7
The determination of whether an activity is a covered function is fact-specific and may vary among advisers.
A “service provider” is a person or entity that (i) performs a covered function and (ii) is not a “supervised person” of the adviser.8
While the SEC excludes “supervised persons” of the adviser from the definition of service providers, it does not go so far as to exclude affiliates. The “risks that the proposed rule are designed to address exist whether the service provider is affiliated or unaffiliated … As such, even though the affiliate may be in a control relationship with the adviser, it remains important for the adviser to determine if it is appropriate to retain the affiliate’s services and to oversee the affiliate’s performance of a covered function.”9
In a similar vein, “[t]he proposed rule would not include an exception for service providers that are subject to other provisions of the Advisers Act, including SEC-registered advisers, or other Federal securities laws.”10
Requirements Under Proposed Rule
The proposed rule would require advisers to conduct the following due diligence on service providers before engaging with them (or agreeing to add new covered functions or services to an existing engagement):
- reasonably identify the covered function to be outsourced;
- determine that it would be appropriate to outsource the covered function; and
- determine that it would be appropriate to select the service provider to perform the covered function.11
The adviser would fulfill its due diligence requirements by:
- identifying the nature and scope of the covered function the service provider is to perform;
- identifying, and determining how it will mitigate and manage, the potential risks to clients or to the adviser’s ability to perform its advisory services resulting from engaging a service provider to perform the covered function and engaging that service provider to perform the covered function;
- determining that the service provider has the competence, capacity and resources necessary to perform the covered function in a timely and effective manner;
- determining whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the investment adviser’s ability to perform its advisory services in light of any such subcontracting arrangement;
- obtaining reasonable assurance from the service provider that it is able to, and will, coordinate with the investment adviser for purposes of the investment adviser’s compliance with the Federal securities laws, as applicable to the covered function; and
- obtaining reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.12
The adviser’s due diligence should be reasonably tailored to the identified service provider and to the functions or services to be outsourced.13
The proposed rule would require advisers to periodically monitor the service provider’s performance of the covered function and to reassess the retention of the service provider in accordance with the due diligence requirements set forth above and with a manner and frequency such that advisers reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider.14
Books and Records
The proposed rule would amend Rule 204-2 (the Books and Records Rule) to require advisers to make and keep true, accurate and current books and records for the following:
- records of any covered functions outsourced to a service provider, including the name of each service provider and a record of the factors, corresponding to each listed function, that led the adviser to list it as a covered function;
- records documenting the due diligence assessment conducted pursuant to Rule 206(4)-11, including any policies and procedures or other documentation as to how the adviser will comply with its requirement to identify, and determining how it will mitigate and manage, the potential risks to clients or to the adviser’s ability to perform its advisory services resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function;
- copies of written agreements, including any amendments, appendices, exhibits and attachments, entered into with a service provider regarding covered functions; and
- records documenting the periodic monitoring of service providers required under Rule 206(4)-11.15
The proposed rule would require that all such records be maintained in an easily accessible place throughout the time period during which the investment adviser has outsourced a covered function to a service provider and for a period of five years thereafter.16
The proposed rule would require any adviser that relies on a third party to make and/or keep any books and records required by Rule 204-2 to:
- perform due diligence and monitor the third party as described in proposed Rule 206(4)-11, with respect to the recordkeeping function, and make and keep such records as prescribed above, as if recordkeeping were a covered function and the third party were a service provider; and
- obtain reasonable assurances that the third party will:
- adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the adviser that meet all of the requirements of Rule 204-2 as appliable to the adviser;
- make and/or keep the adviser’s records in a manner that meets all of the requirements of Rule 204-2 as applicable to the adviser;
- for such records of the adviser that are made and/or kept by the third party in electronic format, allow the investment adviser and SEC staff to access the records easily through computers or systems during the required retention period described above; and
- make arrangements to ensure the continued availability of any such records of the adviser in the event that the third-party recordkeeper’s relationship with the adviser is terminated.17
The proposed rule would also amend Form ADV to collect information about the adviser’s relationship with service providers. Investment advisers will be required to disclose whether they outsource any covered functions to service providers and disclose, in a new Section 7.C of Schedule D, the service provider’s name and address, whether it is a related person of the adviser, the date it was first engaged to provide a covered function and type of covered function provided.
The proposed rule, if adopted, would apply to any engagement of new service providers made on or after the compliance date of the proposed rules and amendments. The ongoing monitoring requirements, if adopted, would apply to existing engagements beginning on the compliance date.18
Although the proposed rule does not require additional explicit written policies and procedures related to service provider oversight, if the proposed rule were adopted, investment advisers would be required under existing Rule 206(4)-7 to have policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act, and this requirement would apply to the proposed rule.19
If the SEC’s proposed rules are adopted substantially as proposed, investment advisers will face the complex task of developing and implementing a due diligence and monitoring process, in addition to the books and records requirements, for service providers who perform covered functions. The proposed rule, if adopted, will require careful consideration of the facts and circumstances of an investment adviser’s business and a tailored approach for compliance.
The comment period will remain open until December 27, 2022.
2 SEC Chair Gary Gensler, “Statement on Proposed Amendment Regarding Service Providers Oversight” (October 26, 2022).
4 Proposed rule 206(4)-11(b).
5 Proposal at 231.
6 Proposed rule 206(4)-11(b).
7 Proposal at 25.
8 Proposed rule 206(4)-11(b). A “supervised person” is any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of the adviser, or any other person who provides investment advice on behalf of the adviser and is subject to the supervision and control of the adviser. 15 U.S.C. § 80b-2(a)(25).
9 Proposal at 26-27.
10 Proposal at 27.
11 Proposal at 40-41; proposed rule 206(4)-11(a)(1).
12 Proposed rule 206(4)-11(a)(1)(i) – (vi).
13 Proposal at 42.
14 Proposed Rule 206(4)-11(a)(2). In the proposal, the SEC cautions, “[w]hen considering the manner and frequency of monitoring, an adviser should be mindful that it remains liable for its obligations, including under the Advisers Act, other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions.” Proposal at 67.
15 Proposed rule 204-2(a)(24)(i) – (iv).
16 Proposed rule 204-2(e)(4).
17 Proposed rule 204-2(l).
18 Proposal at 96.
19 Proposal at 17-18.