Last week, the Securities and Exchange Commission (the “SEC”) released a proposed rule (the “Proposed Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”) that, if adopted as proposed, would require SEC registered investment advisers (“RIAs”) meet certain minimum requirements before outsourcing certain services or functions related to their business.[1] In the accompanying press release, the SEC stated that the use of third-party service providers has increased, and the Proposed Rule would protect investors by ensuring that an RIA’s outsourcing “is consistent with [the RIA’s] obligations to their clients.”[2] However, many in the industry have noted that the RIA already owes a duty to its clients in outsourcing services to third-parties and there is no evidence that RIAs currently misunderstand their fiduciary obligations in engaging and outsourcing services to third-parties.[3]

Generally, the Proposed Rule provides the manner in which an RIA must conduct diligence and oversee a third-party service provider that provides certain services for the RIA, including enhanced oversight of third-party recordkeepers. The Proposed Rule also would amend Form ADV to require RIAs disclose whether it outsources covered functions.

A summary of some of the key elements of the Proposed Rule are described below:

Scope of the Proposed Rule

The Proposed Rule would create a new Section 206(4)-11, which would provide for an oversight framework covering RIAs that outsource “covered functions” to “service providers.”

A “covered function” is defined in the Proposed Rule as a function or service that is both: (i) necessary in order for the RIA to provide investment advisory services in compliance with the Federal securities laws, and (ii) one that if it were not performed or were performed negligently, would be reasonably likely to cause a “material negative impact” on the RIA’s clients or on the RIA’s ability to provide investment advisory services.[4] Under the Proposed Rule, whether a service or function is a covered function is a facts and circumstances determination.[5] However, the Proposed Rule provides a non-exhaustive list of examples which the SEC considers “covered functions” in the proposed amended Form ADV, where an RIA would have to disclose if the RIA outsourced certain enumerated functions.[6] Additionally, clerical, ministerial or general office functions or services would not be “covered services” under the Proposed Rule.[7]

The Proposed Rule defines a “service provider” as a person performing one or more covered functions that is not a “supervised person” under the Advisers Act.[8]

Due Diligence and Oversight

If adopted as proposed, the Proposed Rule would require an RIA, before retaining a service provider to perform a covered function, to reasonably identify and determine through due diligence that outsourcing the covered function to that particular service provider would be appropriate. In conducting its diligence, the RIA must consider:

• the nature and scope of the covered function;
• potential risks (and mitigation of risks) resulting from the service provider performing the covered function;
• The service provider’s competence, capacity, and resources necessary to perform the covered function;
• The service provider’s material subcontracting arrangements related to the covered function;
• Coordination with the service provider for Federal securities law compliance; and
• The orderly termination of the performance of the covered function.[9]

The Proposed Rule also would require the adviser periodically to monitor the service provider’s performance and reassess the selection of the service provider under the due diligence requirements of the rule.[10] Additionally, the Proposed Rule would require the RIA to report information about these service providers on Form ADV, and the RIA would have recordkeeping obligations related to its due diligence and monitoring of these service providers.[11]

Enhanced Oversight of Third-Party Recordkeepers

Under the Proposed Rule, if an RIA engages a third-party recordkeeper, the RIA will need to, in addition to the disclosure and oversight obligations outlined above, obtain reasonable assurances that the third party will meet four standards, which address the third party’s ability to:

• Adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of the applicable recordkeeping rule;
• Make and/or keep records that meet the requirements of the applicable recordkeeping rule;
• Provide access to electronic records; and
• Ensure the continued availability of records if the third-party service provider ceased operations or terminated its relationship with the RIA.[12]

Comment Period

The public comment period for the Proposed Rule will remain open for at least sixty days following publication of the proposing release on the SEC’s website.

***

Whether or not the proposed rule would result in more thorough diligence than RIAs already conduct on non-ministerial/non-clerical third-party service providers is unclear. However, if the Proposed Rule is adopted as proposed, it will cause RIAs to increase possibly expand or refine documentation of the diligence and oversight expressly required under the final rule.