Skip to main content

IAA Supports Modernizing Recordkeeping Requirements

May 1, 2026

Download PDF

Ms. Vanessa A. Countryman
Secretary
U.S. Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549-1090

 

Re: Investment Adviser Recordkeeping Requirements

Dear Ms. Countryman:

The Investment Adviser Association[1] and the Investment Company Institute[2] write to express our strong support for modernizing the books and records rule under the Investment Advisers Act of 1940 (Advisers Act).[3] Since the Securities and Exchange Commission adopted the Recordkeeping Rule in 1961, the nature of communications and the technologies used to create, store, and manage records have evolved significantly, and interpretive issues have arisen, making it increasingly important that the Commission update the rule.

As the Commission considers potential changes to the adviser recordkeeping framework, we strongly recommend that it avoid imposing a strict liability standard. Strict liability does not further the Commission’s policy goals and exposes even the most diligent advisers to excessive liability and uncertainty.[4] In addition, the Commission should create an updated recordkeeping framework that is technology-neutral and appropriately tailored in scope, considers cybersecurity and data privacy risks, and recognizes reasonably-designed record retention programs.

 

Avoid Imposing a Strict Liability Standard and Create a Safe Harbor Under the Recordkeeping Rule

Our members are particularly concerned that the Commission’s past approach to recordkeeping has created a near strict liability standard under which the Commission holds advisers liable for recordkeeping violations regardless of their good faith efforts, the strength of their compliance programs, and the lack of any fraud or discernible investor harm. This is neither a reasonable nor appropriate standard, and, given the severity of recent regulatory actions and undertakings, it creates the public perception that financial institutions that serve the U.S. investing public have inadequate compliance standards.[5] As the Commission considers the Recordkeeping Rule framework, we urge it to consider the costs and burdens, especially for smaller firms, and avoid this near strict liability standard for all advisers moving forward. Strict liability does not further the Commission’s policy goals, especially given the rapid evolution of technology and cybersecurity and data privacy concerns.

The off-channel communications cases displayed the near-impossibility of compliance under this type of standard.[6] These cases demonstrate just how difficult and complicated it is to comply with the outdated Recordkeeping Rule. Despite taking robust measures,[7] and even when a technical misstep was minor, inadvertent, and caused no investor harm, the Commission held firms to a virtually impossible strict liability standard for failing to maintain off-channel communications with vastly out-of-proportion penalties. These forms of communication are increasingly difficult for firms to monitor and control, given individual privacy concerns and the rapid evolution of technology since the “snail mail” and landline days in which the rule was originally written.[8] As a result, the current recordkeeping framework, while well-intentioned for the world that existed over 60 years ago, has not kept pace. These recent enforcement actions underscore the need to update the rule.

We thus support SIFMA’s recommendation to provide a safe harbor for investment advisers that establish and maintain policies and procedures that are reasonably designed (in light of the firm’s business) to retain required communications.[9] Providing a safe harbor in cases where policies are reasonably designed and implemented is consistent with the Advisers Act’s approach in other contexts.[10] It also would assure firms that their best efforts, consistent with appropriate industry practices and available technologies, would not result in unreasonable liability. This approach would recognize the complexities of recordkeeping and foster development of robust compliance programs by providing a more predictable and equitable regulatory landscape without sacrificing the Commission’s policy goals.

As the Commission considers proposing amendments to the Recordkeeping Rule, it should consider, in the interim, whether the investment adviser industry would benefit from Commission or staff guidance on the application of the rule to new and emerging technologies. We ask the Commission to engage with industry stakeholders to ensure that any amendments and guidance are clear, practical, and aligned with current sound practices. Such engagement is essential to providing regulatory certainty, resolving ambiguities, and fostering just and balanced enforcement and continued technological innovation.

Create an Appropriately Tailored Framework That Is Technology Neutral, Considers Cybersecurity and Data Privacy Risks, and Recognizes Reasonably Designed Record Retention Programs

We strongly support the Commission’s emphasis on investor protection and strengthening market integrity. With these shared goals in mind, we recommend that, in modernizing the rule, the Commission incorporate the following principles into its recordkeeping framework:

  • Be technology neutral and evergreen: Create a framework for recordkeeping that can adapt and remain effective as technologies and business practices continue to evolve. No specific technology should drive the Recordkeeping Rule, and the rule should not be so prescriptive as to form and substance that innovation is stifled.
  • Prioritize needs and strike the right balance to rightsize the rule: Assess whether the current framework appropriately balances the scope of required communications with how advisory businesses operate today. Prioritize records evidencing advisory services, client interactions, and transactions necessary for market integrity, regulatory oversight, and investor protection. Avoid overbroad retention requirements that increase burdens and risk, obscure relevant information, and reduce the effectiveness of examinations. For example, advisers already face significant operational challenges and risks from capturing large volumes of internal communications that are often preliminary, deliberative, or duplicative, and do not meaningfully advance the Commission’s examination or investor protection objectives.
  • Consider cybersecurity and data privacy risks: The more records that the Commission requires advisers to keep, and the longer it requires advisers to keep them, the higher the cybersecurity and data privacy risks to advisers and their clients. For these reasons, the Commission must have good policy reasons for subjecting records to the rule. The increasing use of AI and other technologies adds to the challenges due to the proliferation and types of data generated.[11]

* * *

Thank you for considering these important issues. Please do not hesitate to contact the IAA at (202) 293-4222 or ICI at (202) 326-5824 if we can provide any additional information.

 

Respectfully,

Karen L. Barr
President & CEO
Investment Adviser Association

Eric J. Pan
President & CEO
Investment Company Institute

 

cc:
The Honorable Paul S. Atkins, Chairman
The Honorable Hester M. Peirce, Commissioner
The Honorable Mark T. Uyeda, Commissioner
Brian Daly, Director, Division of Investment Management
Sarah ten Siethoff, Associate Director, Division of Investment Management

 

[1] The Investment Adviser Association (IAA) is the leading organization dedicated to advancing the interests of fiduciary investment advisers. For more than 85 years, the IAA has been advocating for advisers before Congress and U.S. and global regulators, promoting best practices and providing education and resources to empower advisers to effectively serve their clients, the capital markets, and the U.S. economy. Our members range from global asset managers to the medium- and small-sized firms that make up the majority of our industry. Together, the IAA’s member firms manage more than $57 trillion in assets for a wide variety of individual and institutional clients, including pension plans, trusts, mutual funds, private funds, endowments, foundations, and corporations. For more information, please visit www.investmentadviser.org.

[2] The Investment Company Institute (ICI) is the leading association representing the asset management industry in service of individual investors. ICI’s members include mutual funds, exchange-traded funds (ETFs), closed-end funds, and unit investment trusts (UITs) in the United States, and UCITS and similar funds offered to investors in other jurisdictions. Its members manage $44.7 trillion invested in funds registered under the U.S. Investment Company Act of 1940, serving more than 125 million investors. Members manage an additional $10.4 trillion in regulated fund assets managed outside the United States. ICI also represents its members in their capacity as investment advisers to collective investment trusts (CITs) and retail separately managed accounts (SMAs). ICI Associate Members include service providers to member firms and CIT trust companies. ICI has offices in Washington DC, Brussels, and London.

[3] § 275.204-2 Books and records to be maintained by investment advisers (Recordkeeping Rule or the rule). If the Commission amends the Recordkeeping Rule, we ask it to consider similar updates to the investment company recordkeeping requirements under the Investment Company Act of 1940.

[4] We note that the Securities Industry and Financial Markets Association has also recommended that the Commission modernize the Recordkeeping Rule. See Letter from Kenneth E. Bentsen, Jr., President & CEO, SIFMA, to The Honorable Paul Atkins, Chairman, SEC, dated Oct. 15, 2025 (SIFMA Letter), available at https://www.sifma.org/wp-content/uploads/2025/10/SIFMA-Proposal-for-Modernizing-Communications-Retention-Rules-SEC-October-15-2025-FINAL.pdf.

[5] For example, several administrative orders in the Commission’s off-channel communications actions imposed severe monetary penalties and extensive remedial undertakings, including requiring settling firms to hire an independent compliance consultant for two years, report any employee discipline for off-channel communications, and have their internal audit departments review and report on the firm’s respective policies and procedures. The Commission recently noted that, since fiscal year 2022, it had brought 95 actions and $2.3 billion in penalties against firms, including investment advisers, for books and records violations, observing that these cases identified no direct investor harm and produced no investor benefit or protection. See SEC Press Release, SEC Announces Enforcement Results for Fiscal Year 2025 (Apr. 7, 2026), available at https://www.sec.gov/newsroom/press-releases/2026-34.

[6] We use the term “off-channel communications” to refer to text messages, chat applications, and personal email outside firm-approved systems.

[7] These robust measures included: requiring employees to use firm-issued devices for business communications, including client interactions; continuously monitoring employee messages under various applications; requiring employee attestations; providing regular training on firm policies; and enforcing appropriate disciplinary actions when employees violate firm policies. See, e.g., In the Matter of Qatalyst Partners, LP, Rel. No. 34-101143 (Sept. 24, 2024), available at https://www.sec.gov/files/litigation/admin/2024/34-101143.pdf.

[8] We agree with Director Daly that “The world the recordkeeping rule was built for no longer exists. Today, we live in a digital, cloud-based, multi-platform environment. Yet the language of the rule still reflects a paper-based mindset.” See Remarks to the American Bar Association’s Federal Regulation of Securities Committee’s Private Funds Subcommittee and Investment Advisers and Investment Companies Subcommittee, Brian Daly, Director, Division of Investment Management (Dec. 2, 2025), available at https://www.sec.gov/newsroom/speeches-statements/daly-remarks-aba-fed-reg-ia-ic-subcommittees-120225.

[9] We also recommend assuring advisers that an inadvertent violation of the Recordkeeping Rule will not by itself create a presumption that an adviser’s policies and procedures were not reasonably designed or implemented under § 275.206(4)-7, the Compliance Program Rule.

[10] See, e.g., Advisers Act §203(e)(6) (establishing a safe harbor for investment advisers from failing to supervise any person if: (A) it establishes procedures, and a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as practicable, any employee violation; and (B) such person has reasonably discharged the duties and obligations incumbent upon the person without reasonable cause to believe that such procedures and system were not being complied with).

[11] Expanded recordkeeping requirements raise concerns around security, access controls, and record integrity. Longer retention periods also heighten breach and misuse risks, underscoring the need to balance regulatory obligations with sound data risk management and lifecycle practices.

Tags: Books & Records, Recordkeeping

You are now leaving Investment Adviser Association

The IAA provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by the IAA, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.