The SEC’s Office of Information and Regulatory Affairs recently released the Spring 2023 Unified Agenda of Regulatory and Deregulatory Actions (the Agenda). The word salad of a title hints at the fact the SEC is considering a plethora of new rules. Indeed, many of the new rules, if finalized, would impact broker-dealers (BD) and investment advisers (IA). Below are some of the notable proposed rules of which to take stock:
Registration Requirements: The SEC is “recommending that the Commission propose amendments to the exemption for internet advisers from the prohibition against registration under the Investment Advisers Act of 1940.” These are colloquially referred to as robo-advisors.
Digital Engagement Practices: The SEC is considering separate rules for BDs and IAs, which address conflicts of interest concerning the use of predictive data analytics, artificial intelligence, machine learning and similar technologies.
Changes to Net Cap: The SEC is considering proposing amendments to the Net Capital Rule to require that certain large broker-dealers compute their customer and PAB reserve deposit requirements daily.
Safeguarding Advisory Client Assets: The SEC’s goal is to significantly expand the current custody rule to include all client assets and impose new requirements governing the relationship between advisers and qualified custodians.
Outsourcing: The SEC is considering a new rule to prohibit IAs from outsourcing certain services or functions without first meeting minimum requirements, including those relating to engaging a service provider. IAs would specifically be required to periodically monitor the performance and reassess the retention of the service provider in accordance with due diligence requirements to reasonably determine that it is appropriate to continue to outsource those services or functions to that service provider.
Cybersecurity Risk Management: The SEC is considering two rules: (1) for IAs and investment companies; and (2) for others, including BDs. Both rules would generally require that such entities adopt written policies and procedures reasonably designed to address cybersecurity risks and report significant cybersecurity incidents to the SEC.
Regulation S-P: IAs and BDs would need to adopt written policies and procedures to respond to incidents of unauthorized access to/use of customer information. They would additionally have to provide affected customers with notification of any such breach.
Expand the Definition of “Dealer”: Under the Exchange Act of 1934, certain investment advisers and private funds would now need to register as dealers.
As Chair Gensler emphasized, the Agenda “would advance [the SEC’s] three-part mission: to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation. Translated differently: IAs and BDs need to ensure that they stay light on their regulatory toes.
