This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
IAA Letter to SEC on Service Provider Outsourcing
December 23, 2022
Ms. Vanessa A. Countryman
Secretary
Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549-1090
Re: Outsourcing by Investment Advisers; File No. S7-25-22
Dear Ms. Countryman:
The Investment Adviser Association (IAA)[1] appreciates the opportunity to comment on the Commission’s proposed new rule and related disclosure and recordkeeping amendments that would prohibit SEC-registered investment advisers from outsourcing certain services or functions to service providers without meeting minimum requirements.[2]
While we understand the Commission’s objectives, we strongly believe that the Proposal is unnecessary and unwarranted. It will have sweeping implications for all advisers and their service providers and substantial negative consequences for smaller advisers and smaller service providers. The Commission has significantly underestimated the potential costs of the Proposal, with little evidence of benefit. Accordingly, we urge the Commission not to move forward with this Proposal and instead consider alternative approaches to achieve its goals. Our comments here reflect our general views on the Proposal. We plan to submit a supplemental comment letter with specific comments and recommendations that we believe would improve the Proposal should the Commission move forward.[3]
As the Commission notes, investment advisers are increasingly using service providers to help with or perform a range of functions to support the adviser’s business, including, in many cases, functions that are necessary for the provision of the adviser’s investment advisory services.[4] Advisers are fiduciaries to their clients in all aspects of their advisory relationship, as scoped by their advisory agreement. As a fiduciary, an adviser remains responsible for all aspects of the agreed-upon advisory services, regardless of whether they are outsourced. An adviser may not disclaim this fiduciary duty. Pursuant to Rule 206(4)-7 under the Advisers Act (the Compliance Rule), advisers are also responsible for adopting and implementing written policies and procedures reasonably designed to prevent violations of the Advisers Act, including, at its core, the fiduciary duty. The Compliance Rule is intended to generate “systematic and organized reviews by … advisers of their operations and activities,”[5] which include their use of service providers. Advisers can tailor their compliance programs – including how they oversee outsourced functions – to the nature and risks of their businesses. This is the law today, which the Commission has the necessary tools to enforce.
We agree with the Commission that the asset management industry has grown in size, complexity, and risks since the adoption of the Advisers Act[6] – including with respect to its outsourcing of functions – and we share the Commission’s investor-protection goals, including with respect to the outsourcing of certain functions. The beauty of the principles-based fiduciary framework of the Advisers Act, however, is that it can evolve with and adapt to the changes in the landscape and the industry.
Yet, despite the existing evergreen framework that ensures that “the buck stops” at the adviser even as financial services evolve, and the fact that the Commission has not shown that the existing framework is lacking, the Commission has proposed a broad new oversight framework. While the new framework is vague in its contours, its requirements are overly prescriptive. Advisers must satisfy numerous specific requirements, which would need to be met by all SEC-registered advisers, regardless of size, client base, business model, or risk profile, or, indeed, whether it would be possible in some cases for advisers to comply. Adding to our concern, failure to satisfy any of these new requirements could be deemed a fraud on the adviser’s clients.
We believe that the Proposal is unnecessary and unwarranted, and we urge the Commission to reconsider the necessity for moving forward with a new rule. Instead, the Commission could consider providing additional principles-based guidance under the Compliance Rule to assist advisers in tailoring their oversight processes to an ever-evolving landscape. Even if the Commission determines that a new rule is called for, however, the Proposal, as crafted, is not sufficiently tailored to achieve its goals. It also fails to adequately assess the potential negative consequences for advisers, their clients, and service providers.
I. Executive Summary
We offer the following general comments on the Proposal:
A. The Proposal is unnecessary and unwarranted.
- Investment advisers are fiduciaries to their clients under the Advisers Act, including with respect to outsourced services, and are already required to oversee service providers diligently.
- We strongly object to the Commission’s shift towards prescriptive, and away from principles-based, regulation of advisers.
- It is fundamentally unfair to promulgate the prescriptive Proposal as an anti-fraud rule, where technical foot-faults and minor infractions could be deemed a fraud on an adviser’s clients.
- The Proposal is overbroad and vague.
- The Proposal includes elements that are impracticable, if not infeasible.
- The Commission should not try to extend its authority indirectly over service providers over which it has no independent jurisdiction, and it has more effective ways to reach the conduct of service providers it regulates.
B. The Proposal’s cost-benefit analysis is insufficient and performed in a vacuum. Its assessment of potential benefits is highly theoretical and it vastly underestimates the potential costs to and negative impacts on advisers, their clients, and their service It also fails to consider the cumulative impacts of the Proposal for all advisers, and for smaller advisers in particular.
- The Commission has not sufficiently considered the significant and disparate impact of the Proposal on smaller advisers.
- The Commission has not considered the interplay of the Proposal with other rule proposals or existing rules, or the cumulative impact of its many regulatory initiatives on advisers.
- The Commission has not adequately evaluated the potential impact of the Proposal on the service provider Nor has it sufficiently assessed the potential downstream effects on investors.
- The Commission has not demonstrated that the goals of the Proposal cannot be achieved through a more targeted and less onerous approach.
II. Discussion
A. The Proposal is unnecessary and unwarranted.
- Investment advisers are fiduciaries to their clients under the Advisers Act, including with respect to outsourced services, and are already required to oversee service providers diligently.
The Proposal recognizes that advisers are currently subject to fiduciary obligations with respect to outsourced services that relate to the services provided to clients under their advisory agreements.[7] The Compliance Rule also requires that advisers’ policies and procedures be reasonably designed to prevent violations of the Advisers Act, including breach of an adviser’s fiduciary duty. The Proposal is therefore unnecessary. It is also unwarranted because it does not point to evidence that would reasonably lead to the conclusion that this framework is not working or that there are gaps that a new rule needs to fill. We do not believe that the Commission has shown that advisers would not continue to satisfy their fiduciary obligations without a new top-down rule that essentially tells advisers how to run their businesses.[8]
We also do not believe that the Proposal should extend to an adviser’s obligations outside of the Advisers Act. Question 15 in the Proposal asks whether the outsourcing rule should be limited to the adviser’s provision of its advisory services in compliance with obligations under the Advisers Act only.[9] We strongly believe that it should. Advisers may be subject to myriad legal and regulatory requirements under the federal securities laws and otherwise, but their advisory services – and the attendant oversight obligations – the core functions of which are the subject of this Proposal, are framed and governed by the Advisers Act. Any rule adopted under the Advisers Act should only cover obligations under that statutory framework, as the Commission recognized in the Compliance Rule.[10]
- We strongly object to the Commission’s shift towards prescriptive, and away from principles-based, regulation of advisers.
The Advisers Act establishes a principles-based regulatory regime grounded in an adviser’s fiduciary duty to its clients. The Commission recognized the importance of this approach when it adopted the Compliance Rule in 2003, stating that “advisers are too varied in their operations for the [rule] to impose a single set of universally applicable required elements.”[11] As the Proposal notes, there is even more variation and complexity among advisers today, with respect to size, scale, geographic footprint, and client base, among other things.[12] The flexibility for every adviser to tailor its compliance program and oversight to its business is even more important today – a one-size-fits-all regulatory model is, simply put, not a good fit.
The Commission reaffirmed this approach more recently in the Fiduciary Interpretation, stating that “[i]n our experience, the principles-based fiduciary duty imposed by the Advisers Act has provided sufficient flexibility to serve as an effective standard of conduct for investment advisers, regardless of the services they provide or the types of clients they serve.”[13] Yet, in the Proposal, the Commission is moving away from principles-based regulation under the Advisers Act to a more prescriptive approach that operates to remove flexibility and raises the risk of whack-a-mole regulation and enforcement.
For example, for every “covered function” – which, depending on how the adviser interprets the term, could be a significant number[14] – an adviser would need to comply with six specific due diligence elements, regardless of whether it is even feasible for the adviser to meet the specific requirements under the facts and circumstances. Similarly, although the text of the proposed rule does not specify which functions are ”covered functions,” because the Proposal lists 13 categories of possible covered functions in its proposed Form ADV amendments, advisers will likely err on the side of caution and feel compelled to address every category listed, adopting the extensive due diligence and monitoring processes required out of fear that they could be found in hindsight to have misjudged their assessment of applicable covered functions.
The prescriptive nature of the Proposal increases the risks to advisers because the oversight rule is proposed as a standalone rule, rather than as part of the Compliance Rule. Because of this, a foot-fault violation of the restrictive requirements of the rule, even where the adviser’s compliance program is reasonably designed to prevent violations, could be a violation of the proposed rule. Finding a substantive violation despite a reasonable compliance program risks turning the standard underpinning the outsourcing rule to one of strict liability. The absence of reasonableness raises serious policy concerns and is a troubling by-product of adopting a prescriptive rule. Our concerns are magnified by the fact that the rule is proposed as an anti-fraud rule, which we address below.
- It is fundamentally unfair to promulgate the prescriptive Proposal as an anti-fraud rule, where technical foot-faults and minor infractions could be deemed a fraud on an adviser’s clients.
The proposed rule would be promulgated under Section 206(4) of the Advisers Act, which prohibits an adviser from engaging in “any act, practice, or course of business which is fraudulent, deceptive, or manipulative.” We are deeply concerned with the potential implications of this approach. The concern expressed above about adopting a prescriptive oversight rule is magnified by the Commission’s choosing to rely on its anti-fraud authority as the basis for that rule. Adopting such a rule as an anti-fraud rule would mean that, even with reasonably-designed policies and procedures relating to oversight, anytime an adviser fails to follow the letter of the prescribed elements or is second guessed as to a reasonable exercise of judgment, the adviser risks being subject to an exam deficiency or enforcement action, not just for a rule violation but for engaging in fraudulent, deceptive, or manipulative conduct at the expense of its clients.[15] The significant reputational risks to the adviser and the potential collateral consequences that would flow are not justified by any evidence presented in the Proposal.
We also believe that the imposition of prescriptive service provider oversight requirements as part of an anti-fraud rule is fundamentally unfair. Foot-fault violations for failure to follow prescribed requirements would not necessarily reflect any substantive weakness in an oversight program, nor would they necessarily result in any harm to or impact on clients.[16]
Indeed, given how challenging some of the prescribed requirements would be, the risk of technical violations is high. To illustrate this point, consider proposed Rule 206(4)-11(a)(iv), which would require an adviser to determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of a covered function. Even if an adviser has reasonably-designed policies and procedures and has taken reasonable steps to identify all material subcontracting arrangements, should the adviser fail to identify a subcontractor, it could be deemed to have engaged in a fraud on its clients. We do not understand how this would protect investors. Although the Commission invites advisers to tailor the rule’s many requirements to their own operations, as a practical matter, any deviation from an expansive application of each prescribed element would expose an adviser to the risk of adverse regulatory action.
Unless an adviser makes a material misstatement or omission – for instance about its service provider oversight risks or preparedness – or recklessly disregards a known threat or system weakness, it is hard to see how a failure to follow a prescribed requirement could rise to the level of fraud. At a minimum, if the Commission moves forward, it should confirm in the adopting release that it would not characterize a finding of a technical deficiency or minor infraction that does not result in a material negative impact on the client as a fraudulent, deceptive, or manipulative act.
- The Proposal is overbroad and vague.
The Proposal is extremely broad in other ways as well. First, the vagueness of the definition of “covered function” makes it difficult to distinguish between an outsourced function related to the adviser’s advisory function and the use of vendors to support the adviser’s infrastructure or other aspects of its business that arguably could relate to the advisory function. It is not clear where – or if – the Proposal intends to draw a line between them and, as discussed above, advisers will likely construe the term broadly out of fear of being second guessed by the Commission. We will offer recommendations in our supplemental letter on how the Commission could more appropriately determine what functions are in scope.
“Service provider” is also an extremely broad term and we will offer suggestions on this term as well in our supplemental letter. As proposed, service providers would, for example, bring in scope large firms with affiliated entities with which they share centralized or integrated vendor management processes or that operate as a single entity but are organized as separate legal entities. We do not believe inclusion of these affiliated entities is appropriate. The term would also bring in scope entities that are already subject to robust regulation by the Commission or by other regulators, such as broker-dealers and banks – thereby unnecessarily adding an overlay of duplicative requirements.
- The Proposal includes elements that are impracticable, if not infeasible.
The Proposal also contemplates ways to comply that are impracticable or infeasible. For example, it posits that an adviser could “mitigate and manage the risks of failing to perform a function” by, for example, “establish[ing] a redundancy in the outsourced service or function.”[17] The implication that an adviser may be responsible for – or could reasonably manage – having a redundant service provider or duplicative in-house functionality “ready to go” in the event of a business disruption or compliance violation is overly burdensome – not to mention extremely costly – and wholly unrealistic in practice. The Commission has appropriately recognized in the past that “it may not be feasible or may be cost-prohibitive for an adviser to retain backup service providers, vendors, and/or systems for all critical services. In such cases, an adviser should consider backup plans, functions and/or processes to address how it will manage the loss of a critical service.”[18] We agree with these statements and, should the Commission proceed, we ask that it make clear that it does not expect advisers to implement these types of redundancies to comply with their oversight obligations.
Another example of the practical difficulties raised by the Proposal is the challenge advisers will face in trying to obtain assurances from their service providers that those providers will coordinate with the adviser for purposes of the adviser’s legal and regulatory compliance. Many large service providers do not offer the option to negotiate their service agreements at all or entertain alternative written documentation that could accommodate the proposed reasonable assurance due diligence requirements. In addition, even in instances where service providers will agree to negotiate terms, many advisers of all sizes and most smaller advisers lack the leverage to negotiate successfully for specific terms.
Even if advisers had negotiating leverage, it is hard to believe that service providers would voluntarily subject themselves to potential legal or regulatory liability – including potential liability for aiding and abetting a fraud – by providing assurances that they will be involved in the adviser’s compliance efforts.[19] It seems to us more likely that service providers will either decline to provide the service or charge a sufficiently high price to cover their added risk. Either way, advisers will be left in a no-win situation, faced with choosing from among unsatisfactory options: paying a much higher price while not being able to be indemnified if the service provider is negligent; not obtaining the assurance and risking a fraud charge; or not being able to find a provider for a service that the adviser believes is in the client’s best interest. None of these alternatives will help achieve the Commission’s objectives. Moreover, the Commission has not pointed to evidence of a problem with advisers’ current oversight that would call for service provider assurances. As discussed above and recognized by the Commission, the adviser is and remains responsible for compliance with its regulatory obligations. It should be up to the adviser to determine how best to achieve that under its own facts and circumstances.
- The Commission should not try to extend its authority indirectly over service providers over which it has no independent jurisdiction, and it has more effective ways to reach the conduct of service providers it regulates.
While the Commission has jurisdiction over investment advisers, it does not have jurisdiction over many of the service providers that the Proposal appears designed to reach. The Commission should not try to do indirectly that which it has no authority to do directly. We do not believe that imposing prescriptive requirements on advisers that appear to be designed largely to affect the conduct of service providers is likely to be effective in achieving the Commission’s goals.
This concern is present for regulated service providers as well, even those subject to Commission jurisdiction. Instead of trying to impose additional regulatory constraints on these service providers through a back-door approach, the Commission could ameliorate concerns it has about disruptions in services performed by service providers it regulates directly through its regulatory authority over those entities. It should also coordinate with other relevant regulators to determine the best way to reach regulated service providers over which the Commission does not have authority.
B. The Proposal’s cost-benefit analysis is insufficient and performed in a vacuum.
The Proposal’s cost-benefit analysis is inadequate in many ways. Its assessment of potential benefits is highly theoretical and it vastly underestimates the potential costs to and negative impacts on advisers, their clients, and their service providers. It also fails to consider the cumulative impacts of the Proposal on all advisers, and on smaller advisers in particular, as well as on larger and smaller service providers.
A new prescriptive rule that requires inclusion of specific elements will, at a minimum, require that an adviser’s oversight processes be substantially revised, and, in many cases, that the current processes be entirely rebuilt. The breadth of the rule will also likely compel a bigger spend on compliance and legal resources more generally. There are also costs to the economy and the landscape for financial services and service providers.
In particular, we note the following weaknesses in the Proposal’s analysis:
- The Commission has not sufficiently considered the significant and disparate impact of the Proposal on smaller advisers.
We appreciate the Commission’s intention to craft a rule that is not overly burdensome or costly to implement, but believe that the Proposal will not achieve that goal and that its costs and burdens, both direct and indirect, will substantially exceed the Commission’s estimates. In particular, the Proposal, if adopted, will impose a disproportionately greater burden on smaller advisers, could create meaningful barriers to entry for new advisers, and increase pressure for industry consolidation, resulting in smaller advisers’ – many of which have uniquely personal relationships with their clients – being frozen out of the marketplace and larger advisers becoming larger, thereby reducing competition and the investment choices available to investors.
Smaller firms lack the internal infrastructure of larger firms. They have fewer resources to spend, limited leverage to negotiate terms with service providers, and very little ability to recognize savings through scaling. They have a limited number of personnel, many of whom perform multiple functions within the adviser, and face increasing challenges attracting and retaining qualified personnel, including for compliance roles. They also typically lack the expertise to bring many outsourced functions in house. As a result of these constraints, outsourcing by smaller advisers of, for example, middle- and back-office, technology, and cybersecurity services, is increasingly perceived as necessary to meet governance, operational, data management, security, and compliance demands.
The Commission expects that advisers will incur the bulk of the costs associated with compliance initially, rather than on an ongoing basis. While initial undertakings are likely to pose a greater burden on smaller advisers that may not have as much capacity to take on these immediate, substantial costs, we disagree with the Commission’s assessment that these costs will be transitory. On the contrary, the costs relating to ongoing compliance will continue to impose substantial burdens on smaller advisers. We also disagree with the Proposal’s view that the initial costs will largely be absorbed by advisers. Smaller advisers will have greater difficulty absorbing added costs, both on an initial and an ongoing basis.
We are also concerned that increased costs associated with implementation of the overly- prescriptive requirements could result in smaller firms needing to bring certain covered functions in house, including in areas with which they have less experience or expertise. This may not be in their clients’ best interest.
Unfortunately, under current federal regulations, the Commission is not required to conduct a realistic analysis of the impact the Proposal would have on smaller advisers,[20] and we believe that the Proposal severely underestimates the costs and burdens that would be imposed on smaller firms. The vast majority of advisers are small businesses[21] and they face unique challenges. Smaller advisers have been significantly burdened by one-size-fits-all regulations – both in isolation and cumulatively – that effectively require substantial fixed investments in infrastructure, personnel, technology more broadly, and systems relating to documentation, contract negotiation, monitoring, operations, custody, business continuity planning, and more.[22]
The IAA has long advocated for the Commission to utilize the data at its disposal and conduct a more realistic assessment of the impact of its rulemaking on this community of advisers and their clients. We have also long called on the Commission to take steps to tailor its rules to minimize this impact, for example through preserving a flexible, principles-based approach, excluding or exempting smaller advisers from requirements where the burdens on those advisers outweigh the benefits, and staggering implementation and compliance dates.[23] As we have discussed, however, we do not believe that the Commission adequately takes into account how its rules are likely to affect smaller advisers and it certainly has not done so in this Proposal.
- The Commission has not considered the interplay of the Proposal with other rule proposals or existing rules, or the cumulative impact of its many regulatory initiatives on advisers.
The Commission has issued the Proposal while numerous related regulatory initiatives are pending, such as the Commission’s cybersecurity, private fund advisers, and ESG proposals, to name just a few,[24] and in the face of new rules whose compliance dates have recently gone into effect, such as the new Advisers Act Marketing Rule and the Valuation and Derivatives Rules under the Investment Company Act.[25]
The Commission does not address how these proposals may overlap or interact with one another. The Proposal asserts that there are no Commission rules that explicitly require firms to conduct the comprehensive due diligence and monitoring of their service providers and the Proposal would be complementary to, rather than duplicative of, current and other proposed rules. However, rules interact in myriad ways, and the Commission has neither identified nor provided any guidance on how advisers should address overlapping, duplicative, or even inconsistent requirements. For example, due diligence of pricing vendors is required under proposed Rule 206(4)-11, yet the Valuation Rule already sets forth prescriptive requirements with respect to the due diligence of pricing vendors for mutual funds. Similarly, the Commission has proposed that advisers adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, and it is unclear how those policies and procedures are intended to fit into this Proposal.
In addition, costs and burdens continue to mount for advisers as a result of the quickly-changing and increasingly-complex regulatory landscape. For example, if adopted, the recent wave of proposed regulations will require advisers to develop and incorporate into their operations many new and complex infrastructure, technology, and surveillance systems with potentially simultaneous implementation timeframes. Yet there is no assessment in any of the recent proposals of the cumulative impacts of all these new requirements on advisers. We again urge the Commission to study holistically, and on a regular basis, the cumulative impacts of all its regulations on advisers, and particularly on smaller firms, and to consider these impacts in exploring whether less onerous alternatives could meet the Commission’s objectives.
The Commission’s Division of Economic and Risk Analysis has historically conducted only a rule-by-rule analysis of economic impacts (including assessment of the impact on small entities as defined by Commission rules). However, as pointed out in the AMAC Recommendations, “[g]iven the breadth, scope, and depth of the regulatory requirements on advisers and considering the growing aggregate or cumulative impact of compliance costs on all [advisers] and considering the growing aggregate or cumulative impact of compliance costs on the balance sheet health of small advisers …, economic analysis done in a vacuum has limited utility.”[26] While a rule-by-rule economic analysis is necessary, it is insufficient to provide the Commission – and the public – with the information needed to make sure that rulemaking strikes an appropriate balance between its benefits and its costs and other potential negative impacts.[27]
As discussed above, the IAA believes that a principles-based approach to rulemaking could significantly mitigate concerns of regulatory overlap and help manage cumulative costs.
- The Commission has not adequately evaluated the potential impact of the Proposal on the service provider landscape. Nor has it sufficiently assessed the potential downstream effects on investors.
We expect that the landscape of service providers would shift in response to the considerable costs and burdens associated with the implementation of the Proposal. Costs and operational burdens would likely facilitate consolidation in favor of larger service providers and result in barriers to entry for smaller service providers, raising costs and reducing choices for advisers, and hampering their access to valuable and often necessary services. In addition, service providers may decline to provide services to advisers due to concerns about confidentiality, liability, and attempts at indirect regulation by the Commission, leading to fewer and more expensive service providers. Costs attendant to the implementation of the Proposal would ultimately be borne by investors, as investment advisers would likely pass them on through increased fees. There could also be increased risk for investors as advisers may bring more functions in house where it might be better for the adviser and its clients for the function to remain outsourced.
- The Commission has not demonstrated that the goals of the Proposal cannot be achieved through a more targeted and less onerous approach.
As discussed above, we do not believe that the Commission has shown either that the Proposal is necessary to fill a regulatory gap, or that its benefits will outweigh its onerous costs. As much as the Proposal underestimates its likely negative effects, the benefits it posits are highly speculative.
We support the principle that an adviser should exercise sufficient oversight of its service providers to preserve the continuity of critical advisory services to clients. Robust service provider oversight processes, in addition to being part of an adviser’s fiduciary duty, are a prudent business practice. Accordingly, advisers have developed risk-based processes, tailored to the nature of their business and targeted at the greatest risks to their clients, their business, and their reputations.
Because the Proposal offers no meaningful evidence that the current regulatory framework is deficient in its ability to address the Commission’s concerns and its probable costs clearly outweigh its theoretical benefits, we believe it is incumbent on the Commission to consider less onerous alternatives to achieve its objectives.
As we note above, the Commission could, for example, issue guidance that reminds advisers of their oversight obligations, that they remain ultimately responsible for their outsourced functions, and that they cannot just “set it and forget it,” but must remain attentive to and address risks as they develop and evolve. The guidance could also provide factors advisers could consider in conducting their risk assessment of outsourced functions, as well as examples of processes and controls that could be effective to the extent they are a good fit for the particular adviser.
While we do not believe it is necessary, the Commission could also consider a narrower, principles-based rule, more directly targeted at areas of particular concern, and under which implementation of reasonably-designed policies and procedures would be a defense against a fraud charge. We will offer comments on this alternative in our supplemental letter.
III. Conclusion
The IAA appreciates the opportunity to submit comments on the Proposal. We believe that the Proposal is unnecessary and unwarranted, and we urge the Commission to reconsider the necessity for moving forward with a new rule. Should the Commission determine to move forward with the Proposal, we hope that the principles we discuss above will help guide it as it considers how to improve the Proposal.
* * *
We appreciate your consideration of the IAA’s comments and would be happy to provide any additional information that may be helpful. Please contact the undersigned at (202) 293-4222 if we can be of further assistance.
Respectfully,
Gail C. Bernstein
General Counsel
Dianne M. Descoteaux
Associate General Counsel
cc:
The Honorable Gary Gensler, Chair
The Honorable Hester M. Peirce, Commissioner
The Honorable Caroline A. Crenshaw, Commissioner The Honorable Mark T. Uyeda, Commissioner
The Honorable Jaime Lizárraga, Commissioner
William A. Birdthistle, Director, Division of Investment Management
[1] The IAA is the leading organization dedicated to advancing the interests of investment advisers. For more than 85 years, the IAA has been advocating for advisers before Congress and U.S. and global regulators, promoting best practices and providing education and resources to empower advisers to effectively serve their clients, the capital markets, and the U.S. economy. The IAA’s member firms manage more than $35 trillion in assets for a wide variety of individual and institutional clients, including pension plans, trusts, mutual funds, private funds, endowments, foundations, and corporations. For more information, please visit www.investmentadviser.org.
[2] Outsourcing by Investment Advisers, Advisers Act Rel. No. 6176 (Oct. 26, 2022) (Proposal), 87 Fed. Reg. 68816 (Nov. 16, 2022), available at https://www.govinfo.gov/content/pkg/FR-2022-11-16/pdf/2022-23694.pdf.
[3] The exceedingly short comment period for the Proposal – effectively made shorter because it includes the Thanksgiving, Hanukkah, and Christmas holidays, during which most of our members are spending time at home with their families – has not provided an appropriate amount of time to evaluate and comment thoroughly on the Proposal. Accordingly, we will address and make recommendations on certain substantive elements of the Proposal in a supplemental letter. We reiterate our concerns that the short comment periods now routinely provided by the Commission make it extremely challenging for commenters, including the IAA, to provide extensive and meaningful responses. See, e.g., Letter from IAA General Counsel Gail C. Bernstein to the Commission on Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (Apr. 11, 2022) (IAA Cyber Letter), available at https://www.investmentadviser.org/resources/comments-on-proposed-cybersecurity-rules-for-advisers/; Letter from IAA General Counsel Gail C. Bernstein to the Commission on Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews (Apr. 25, 2022), available at https://www.investmentadviser.org/resources/iaa- letter-to-sec-on-private-fund-advisers-proposal/; Letter from IAA General Counsel Gail C. Bernstein to the Commission on Modernization of Beneficial Ownership Reporting (Apr. 11, 2022), available at https://www.investmentadviser.org/resources/iaa-comment-letter-on-beneficial-ownership-schedules-13d-and-13g/; and Joint Letter Requesting Extension for Proposed Rules, Securities and Exchange Commission; Open-End Fund Liquidity Risk Management Programs and Swing Pricing, Form N-PORT; Outsourcing by Investment Advisers (Nov. 16, 2022), available at https://www.investmentadviser.org/resources/iaa-joins-request-to-extend-comment-deadlines/.
[5] Compliance Programs of Investment Companies and Investment Advisers, Advisers Act Rel. No. 2204 (Dec. 17, 2003), 68 Fed. Reg. 74714, 74728 (Dec. 24, 2003).
[7] See Proposal at 68819. Further, the Proposal continues, “Outsourcing a particular function or service does not change an adviser’s obligations under the Advisers Act and the other Federal securities laws. In addition, the adviser is typically responsible for the advisory services through an agreement with the client that represents or implies the adviser is performing all the functions necessary to provide the advisory services. An adviser remains liable for its obligations, including under the Advisers Act, the other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. In addition, an adviser cannot waive its fiduciary duty. Accordingly, an adviser should be overseeing outsourced functions to ensure the adviser’s legal obligations are continuing to be met despite the adviser not performing those functions itself.”
[8] If the Commission nonetheless believes that new policy making is necessary, as an alternative to a new rule, we would support guidance by the Commission that reaffirms that an adviser’s fiduciary duty applies to outsourcing of an advisory function in the same way that it applies when the adviser performs the relevant function itself, and that the Compliance Rule requires reasonably-designed policies and procedures that address adviser outsourcing. The Division of Examinations could also issue Risk Alerts with examination observations – including observed best practices – related to adviser outsourcing. To increase their value to advisers, it is important that these Risk Alerts distinguish between larger and smaller firms as well as among different business models.
[10] We are not suggesting that advisers should not diligently oversee other outsourcing functions, either as required by other applicable laws and regulations or as prudent management of their business. Different statutes were enacted for different reasons and have different compliance requirements and enforcement mechanisms. Advisers’ obligations under those separate frameworks should be governed by and enforced through those frameworks and not under the Advisers Act anti-fraud authority.
[11] See Compliance Programs of Investment Companies and Investment Advisers, Advisers Act Rel. No. 2204 (Dec. 17, 2003), 68 Fed. Reg. 74714, 74715-16 (Dec. 24, 2003).
[12] As we discuss more fully below, most advisers are small businesses by any rational measure and they will be severely and disproportionately harmed by prescriptive oversight requirements. In fact, of the 14,806 firms in the IAA’s most recently published Investment Adviser Industry Snapshot, 88% have fewer than 50 non-clerical employees and the median adviser has fewer than 10. See IAA-NRS Investment Adviser Industry Snapshot 2022 (June 2022), available at https://www.investmentadviser.org/wp-content/uploads/2022/06/Snapshot2022.pdf.
[13] Commission Interpretation Regarding Standard of Conduct for Investment Advisers, Advisers Act Rel. No. 5248 (June 5, 2019), 84 Fed. Reg. 33669, 33671 (July 12, 2019) (Fiduciary Interpretation).
[14] We will address issues related to the definition of “covered function” in our supplemental letter.
[15] This likely result is quite different from a violation of a principles-based rule, where examination and enforcement staff can evaluate, and an adviser can explain, the reasonableness of its actions in light of specific facts and circumstances.
[16] In this regard, the IAA has long called for amending Rule 206(4)-5, the Advisers Act Pay-to-Play Rule, for the same reasons – technical foot-faults lead to draconian consequences, the policy behind which is hard to understand. We urge the Commission not to proceed down a similar path here. See Letter from IAA President & CEO Karen L. Barr to SEC Chair Gary Gensler on the Regulation of Investment Advisers (May 17, 2021) (Gensler Letter), available at https://www.investmentadviser.org/resources/regulation-of-investment-advisers/. See also the recent enforcement cases finding willful violations of Section 206(4) and Rule 206(4)-5 for minor strict-liability infractions. In re Asset Management Group of Bank of Hawaii, Advisers Act Rel. No. 6127 (Sept. 15, 2022); In re Canaan Management, LLC, Advisers Act Rel. No. 6126 (Sept. 15, 2022); In re Highland Capital Partners LLC, Advisers Act Rel. No. 6128 (Sept. 15, 2022); and In re StarVest Management, Inc., Advisers Act Rel. No. 6129 (Sept. 15, 2022).
[18] Adviser Business Continuity and Transition Plans, Advisers Act Rel. No. 4439 (June 28, 2016), 81 Fed. Reg. 43530 (July 5, 2016).
[19] There is a critical distinction between an adviser’s entering into an agreement for a specific service done in a specific way that the adviser has determined is necessary for it to comply with its obligations – in this case the service provider is agreeing only to provide the agreed-upon services in the agreed-upon way – and a situation in which the adviser requires the service provider, as a condition of retaining the provider, to assist the adviser with – i.e., take on potential liability for – its regulatory compliance.
[20] The current asset-based definition of small business or small organization makes the Commission’s analysis of the economic impact of its regulations on smaller investment advisers under the Regulatory Flexibility Act virtually meaningless. Rule 0-7 under the Advisers Act defines “small business” or “small organization” as including an investment adviser that has less than $25 million in assets under management. With few exceptions, advisers are not permitted to register with the Commission unless they have at least $100 million in assets under management.
[22] See the SEC’s Asset Management Advisory Committee’s (AMAC’s) Final Report and Recommendations for Small Advisers and Funds (Nov. 3, 2021) (AMAC Recommendations), at 4, available at https://www.sec.gov/files/final-recommendations-amac-sec-small-advisers-and-funds-110321.pdf (“[D]espite deploying activities and strategies that typically involve less risk, regulatory compliance expenses, as a percentage of revenue, for these firms tends to be “outsized” as compared to the small number of large firms.”).
[23] See, e.g., Gensler Letter; IAA Cyber Letter. See also AMAC Recommendations.
[24] Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, 87 Fed. Reg. 13524 (Mar. 9, 2022), available at https://www.govinfo.gov/content/pkg/FR- 2022-03-09/pdf/2022-03145.pdf; Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews, 87 Fed. Reg. 16886 (Mar. 24, 2022), available at https://www.govinfo.gov/app/details/FR- 2022-03-24/2022-03212; and Enhanced Disclosures by Certain Investment Advisers and Investment Companies About Environmental, Social, and Governance Investment Practices, 87 Fed. Reg. 36654 (June 17, 2022), available at https://www.govinfo.gov/content/pkg/FR-2022-06-17/pdf/2022-11718.pdf.
[25] Investment Adviser Marketing, 86 Fed. Reg. 13024 (Mar. 5, 2021) (Marketing Rule); Good Faith Determinations of Fair Value, 86 Fed. Reg. 748 (Jan. 6, 2021) (Valuation Rule); and Use of Derivatives by Registered Investment Companies and Business Development Companies, 85 Fed. Reg. 83162 (Dec. 21, 2020) (Derivatives Rule).
[26] AMAC Recommendations at 7. For example, advisers’ implementation of the sweeping new Marketing Rule, adopted by the Commission in December 2020 with a compliance date of November 2022, calls for a significant allocation of personnel and operational resources. When these required resources are added to the resources that would be required by the open proposals discussed above, the cumulative costs are staggering. Using the Commission’s own Regulatory Flexibility Act analyses required to be conducted for small entities in each of these open proposals – which we believe severely underestimate the true costs – each small entity would be cumulatively subject to initial and annual ongoing costs of over $700,000. These costs may pose an existential threat to a smaller adviser’s ability to continue serving clients.
[27] See id., recommending that the Commission periodically engage in an assessment of the cumulative impact of its regulations on smaller advisers.