Last week, the Securities and Exchange Commission (SEC) released a new rule proposal and amendments under the Investment Advisers Act of 1940, which would prohibit SEC-registered investment adviser (RIA) firms from outsourcing certain services without conducting due diligence and monitoring of the third-party service providers and recordkeepers. The SEC’s proposed rule 206(4)-11, will also require RIAs to maintain books and records related to the new oversight obligations, as well as report census-type information on the service providers in the Form ADV.
In its release, the SEC states the newly proposed requirements are in response to the increased use of third-party service providers by investment advisers. Advisers outsource various core-business services, such as portfolio management and trading services or software, to increase efficiencies within their firms.
The SEC continues by adding that advisers can “continue to meet their obligations to the investing public” by conducting due diligence and periodic monitoring of these service providers.
Investment advisers are obligated as fiduciaries to act in the best interest of their clients. The SEC illustrates how this obligation applies to the performance of all advisory services, including third-party service providers. Therefore, RIAs should be reasonably certain that these third-party service providers meet certain standards.
The proposed oversight framework applies to “covered services” defined as those services:
- necessary to provide advisory services in compliance with the Federal securities laws, and (2) if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services. Clerical, ministerial, utility, and general office functions or services would be explicitly excluded from the proposed rule.
Please note that the proposal’s requirement would not apply to situations where a client independently selects and retains a custodian through a written agreement. This is because the adviser is not directly retaining the service provider to perform a function necessary for the adviser to provide its advisory services.
RIA firms’ due diligence would have to include reasonable attempts at identifying:
- The nature and scope of the outsourced function.
- Potential risks including how to mitigate and manage such risks.
- The service provider’s competence, capacity, and resources necessary to perform the covered function.
- The service provider’s material subcontracting arrangements related to the covered function.
- Coordination with the service provider for Federal securities law compliance.
- The orderly termination of the performance of the covered function.
In addition, firms would be required to periodically monitor the performance of their service providers and reassess the selection of the providers. The SEC does not clearly state how often the reassessment needs to take place, only that the efforts would need to be documented in Item 7 of the firm’s Form ADV. As consultants to RIA firms, we recommend adding the vendor assessments to the annual compliance review at a minimum, if the rule goes into effect as written.
For firms partnering with third-party recordkeepers, the rule would require due diligence and monitoring to ensure the recordkeeper (i) follows processes that meet the requirements of the books and records rule and (ii) provides electronic access to the records, even after the business relationship ceases.
The proposal is subject to a 60-day comment period after the date of issuance and publication on SEC.gov or 30 days after the date of publication in the Federal Register, whichever period is longer.
RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.