On October 26, 2022, the SEC released Proposed Rule 206(4)-11, which would require advisers to conduct due diligence prior to engaging a 3rd party service provider and to periodically monitor the performance of service providers to reassess their retention. The proposed rule also adds specific requirements with respect to 3rd party recordkeepers.
Who would have to comply with this proposed rule?
The SEC proposes this rule under the Investment Advisers Act of 1940. It applies to advisers that are registered or required to be registered with SEC.
Does the rule apply to every 3rd party service provider engaged by an adviser?
No. The rule does not apply to all outsourced functions, only those that the Commission defines in the proposed Rule as a “Covered Function.” For an outsourced function to be a “Covered Function” and therefore subject to the proposed Rule, both of the following must be true:
- The function or service is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, AND
- If function is not performed (or performed negligently), it is reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.
Some examples of common functions that would not be considered “Covered Functions” under the proposed Rule are:
- General office functions or services
(article continues below)
DOWNLOAD THIS SUMMARY
What would be required of the Adviser in terms of oversight?
Interestingly, the rule does not actually impose any new duties on the adviser. Instead, it provides a required framework to satisfy existing duties. This may end up being the proposed rule’s downfall, as even those within the commission have questioned the efficacy of rulemaking that usurps the judgment of professionals. Nevertheless, this article is not to critique the proposed Rule, but simply to summarize it.
The commission laid out the following framework for oversight of 3rd parties providing “Core Functions”
Before engaging a service provider…
- Reasonably identify and determine through due diligence that it would be appropriate to outsource the covered function, and that it would be appropriate to select that service provider, by complying with six specific elements. These elements address:
- The nature and scope of the services;
- Potential risks resulting from the service provider performing the covered function, including how to mitigate and manage such risks;
- The service provider’s competence, capacity, and resources necessary to perform the covered function;
- The service provider’s subcontracting arrangements related to the covered function;
- Coordination with the service provider for Federal securities law compliance; and
- The orderly termination of the provision of the covered function by the service provider.
- Monitor the service provider’s performance and reassess the selection of such a service provider under the due diligence requirements of the proposed Rule.
With respect to policies and procedures…
- Rule 206(4)-7 requires policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act. This requirement would apply to this proposed Rule.
With respect to documenting compliance with the proposed Rule…
- Make and keep certain books and records attendant to their obligations under the proposed oversight framework, such as:
- Lists or records of covered functions
- Records documenting due diligence and monitoring of each service provider
With respect to 3rd party Recordkeepers…
- Conduct due diligence and monitoring of 3rd party recordkeepers consistent with the requirements under proposed rule 206(4)-11
- Obtain reasonable assurances that the third party will meet four standards.
- Ability to adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of the recordkeeping rule applicable to the adviser in providing services to the adviser;
- Make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser;
- Provide access to electronic records
- Ensure the continued availability of records if the third party’s operations or relationship with the adviser cease
With respect to Regulatory Filings?
New item 7.C. in Part 1A and Section 7.C. in Schedule D would require advisers to provide census-type information about these providers.
It remains to be seen if this proposed rule will take effect as currently proposed. It is likely the final rule handed down will be materially different from this proposal. However, what is important for advisors and institutions to take away from this proposal is that the duty of 3rd party service provider oversight is nothing new, and it is certainly on the SEC’s radar.
Firms should seek to identify the 3rd party services providers they are using today that would be considered a “covered function” under the proposed Rule. Firms should also use this summary of the proposed Rule as a guidepost to determine if current practices are in line with the proposal.
Third-party service providers should also consider the use of independent evaluations that can be leveraged by multiple advisory clients to help fulfil their duty of prudent oversight.
 One exception that could be considered a new duty has to do with 3rd party recordkeepers and the requirement to attain certain reasonable assurances that are detailed later in this article.
 See Statement by Commissioner Peirce on Proposed Amendments Regarding Service Providers Oversight, Harvard Law School Forum on Corporate Governance (Oct. 31, 2022), available at https://corpgov.law.harvard.edu/2022/10/31/statement-by-commissioner-peirce-on-proposed-amendments-regarding-service-providers-oversight/ (Commissioner Hester Pierce states, “The approach we are taking—incrementally displacing their judgment with our own—is neither statutorily grounded nor protective of investors. […] I cannot support repackaging existing fiduciary obligations into a new set of prescriptions for investment advisers.”).