Outsourcing by Investment Advisers, 68816-68883 [2022-23694]

Download as PDF 68816 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 275, and 279 [Release Nos. IA–6176; File No. S7–25–22] RIN 3235–AN18 Outsourcing by Investment Advisers Securities and Exchange Commission. ACTION: Proposed rule. AGENCY: The Securities and Exchange Commission (‘‘Commission’’ or ‘‘SEC’’) is proposing a new rule under the Investment Advisers Act of 1940 (‘‘Advisers Act’’) to prohibit registered investment advisers (‘‘advisers’’) from outsourcing certain services or functions without first meeting minimum requirements. The proposed rule would require advisers to conduct due diligence prior to engaging a service provider to perform certain services or functions. It would further require advisers to periodically monitor the performance and reassess the retention of the service provider in accordance with due diligence requirements to reasonably determine that it is appropriate to continue to outsource those services or functions to that service provider. We also are proposing corresponding amendments to the investment adviser registration form to collect census-type information about the service providers defined in the proposed rule. In addition, we are proposing related amendments to the Advisers Act books and records rule, including a new provision requiring advisers that rely on a third party to make and/or keep books and records to conduct due diligence and monitoring of that third party and obtain certain reasonable assurances that the third party will meet certain standards. DATES: Comments should be received on or before December 27, 2022. ADDRESSES: Comments may be submitted by any of the following methods: SUMMARY: khammond on DSKJM1Z7X2PROD with PROPOSALS2 Electronic Comments • Use the Commission’s internet comment form (https://www.sec.gov/ rules/submitcomments.htm); or • Send an email to rule-comments@ sec.gov. Please include File Number S7– 25–22 on the subject line. Paper Comments • Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 All submissions should refer to File Number S7–25–22. The file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all comments on the Commission’s website (https:// www.sec.gov/rules/proposed.shtml). Comments are also available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Operating conditions may limit access to the Commission’s Public Reference Room. All comments received will be posted without change. Persons submitting comments are cautioned that the Commission does not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly. Studies, memoranda, or other substantive items may be added by the Commission or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on the Commission’s website. To ensure direct electronic receipt of such notifications, sign up through the ‘‘Stay Connected’’ option at www.sec.gov to receive notifications by email. FOR FURTHER INFORMATION CONTACT: Christopher Chase, Senior Counsel; Christian Corkery, Senior Counsel; Juliet Han, Senior Counsel; Mark Stewart, Senior Counsel; Jennifer Porter, Senior Special Counsel; Holly Miller, Senior Financial Analyst; Melissa Roverts Harke, Assistant Director, Investment Adviser Regulation Office, Division of Investment Management, at (202) 551– 6787, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–8549. SUPPLEMENTARY INFORMATION: The Commission is proposing for public comment 17 CFR 275.206(4)-11 (‘‘proposed rule 206(4)-11’’) under the Advisers Act [15 U.S.C. 80b–1 et seq.]; and amendments to 17 CFR 275.204–2 (rule 204–2) and Form ADV [17 CFR 279.1] under the Advisers Act.1 Table of Contents I. Introduction 1 Unless otherwise noted, when we refer to the Advisers Act, we are referring to 15 U.S.C. 80b, and when we refer to rules under the Advisers Act, we are referring to title 17, part 275 of the Code of Federal Regulations [17 CFR 275]. In addition, unless otherwise noted, when we refer to the Investment Company Act, we are referring to 15 U.S.C. 80a. PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 A. Background B. Overview of Rule Proposal II. Discussion A. Scope 1. Covered Function 2. Service Provider 3. Recordkeeping of Covered Functions B. Due Diligence 1. Nature and Scope of Covered Function 2. Risk Analysis, Mitigation, and Management 3. Competence, Capacity, Resources 4. Subcontracting Arrangements 5. Compliance Coordination 6. Orderly Termination 7. Recordkeeping Provisions Related to Due Diligence C. Monitoring 1. Recordkeeping Provisions Related to Monitoring D. Form ADV E. Third-Party Recordkeeping F. Existing Staff No-Action Letters and Staff Statements G. Transition and Compliance III. Economic Analysis A. Introduction B. Baseline 1. Affected Parties 2. Adviser Use of Service Providers 3. Applicable Law Impacting Use of Service Providers C. Broad Economic Considerations D. Benefits and Costs 1. Due Diligence 2. Monitoring 3. Recordkeeping 4. Form ADV E. Effects on Efficiency, Competition, and Capital Formation 1. Efficiency 2. Competition 3. Capital Formation F. Reasonable Alternatives 1. Alternatives to the Proposed Scope 2. Alternatives to the Proposed Due Diligence and Monitoring Requirements 3. Alternatives to the Proposed Amendments to the Books and Records Rule 4. Alternatives to the Form ADV Requirements 5. Alternatives to the Transition and Compliance Period G. Request for Comment IV. Paperwork Reduction Act Analysis A. Introduction B. Rule 204–2 C. Form ADV D. Request for Comment V. Initial Regulatory Flexibility Act Analysis A. Reason For and Objectives of the Proposed Action 1. Proposed Rule 206(4)–11 2. Proposed Amendments to Rule 204–2 3. Proposed Amendments to Form ADV B. Legal Basis C. Small Entities Subject to the Rules and Rule Amendments 1. Small Entities Subject to Proposed Rule 206(4)–11 and Proposed Amendments to Rule 204–2 and Form ADV D. Projected Reporting, Recordkeeping and Other Compliance Requirements 1. Proposed Rule 206(4)–11 2. Proposed Amendments to Rule 204–2 E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 3. Proposed Amendments to Form ADV E. Duplicative, Overlapping, or Conflicting Federal Rules 1. Proposed Rule 206(4)–11 2. Proposed Amendments to Rule 204–2 3. Proposed Amendments to Form ADV F. Significant Alternatives 1. Proposed Rules 206(4)–11 and 204–2 2. Proposed Amendments to Form ADV G. Solicitation of Comments VI. Consideration of Impact on the Economy VII. Statutory Authority I. Introduction khammond on DSKJM1Z7X2PROD with PROPOSALS2 A. Background The asset management industry has evolved greatly since Congress adopted the Investment Advisers Act of 1940 (‘‘Advisers Act’’ or ‘‘Act’’). For instance, many advisers now seek to provide full service wealth management and financial planning (e.g., tax, retirement, estate, education, and insurance), and they use electronic systems to provide those services and keep their records.2 Clients and investors also are seeking to invest in types of securities and other assets that were not commonly traded or did not exist at that time, including, for example, derivatives and exchangetraded funds.3 At the same time, fee pressures for advisers have increased.4 As a result, advisers are under pressure to meet evolving and increasingly complex client demands in a costeffective way.5 The demand for advisory 2 See Financial Advisers Now Help with College Plans, Family Counseling, Cremains, The Wall Street Journal (Aug. 23, 2019), available at https:// www.wsj.com/articles/financial-advisers-now-helpwith-college-plans-family-counseling-cremains11566558002; Beyond Finances: Holistic Life Planning Trends Among Advisors, Investment News (2020), available at https://www.investment news.com/beyond-finances-holistic-life-planningtrends-among-advisors. 3 See Young, Confident, Digitally Connected— Meet America’s New Day Traders, Reuters (Feb. 2, 2021), available at https://www.reuters.com/article/ us-retail-trading-investors-age/young-confidentdigitally-connected-meet-americas-new-day-tradersidUSKBN2A21GW; College Students Are Buying Stocks—But Do They Know What They’re Doing?, CNBC (Aug. 4, 2020), available at https:// www.cnbc.com/2020/08/04/college-students-arebuying-stocks-but-do-they-know-what-theyredoing.html. 4 See, e.g., Adviser Industry Fee Pressures in Focus, Planadviser (Feb. 4, 2022), available at https://www.planadviser.com/exclusives/adviserindustry-fee-pressures-focus/ (stating that fee compression has impacted adviser revenue models in recent years due to increasing automation, stiffer competition and ongoing industry consolidation); CaseyQuirk Remarks and Discussion, U.S. Securities and Exchange Commission Asset Management Advisory Committee (Jan. 14, 2020), available at https://www.sec.gov/files/BenPhillipsCaseyQuirk-Deloitte.pdf (stating that buyers are becoming more fee-sensitive and showing an annualized reduction in global effective fees between 2015 and 2018). 5 A recent survey indicated that advisers are reducing their own expenses in response to fee compression, with 52% of surveyed respondents planning to reduce expense ratios on some VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 services has grown as well.6 For example, regulatory assets under management (‘‘RAUM’’) have increased from $47 trillion to $128 trillion over the past 10 years; while RAUM managed for non-high net worth advisory clients have increased from approximately $3.7 trillion to approximately $7 trillion.7 Many advisers are adapting to the changes discussed above by engaging service providers to perform certain functions (‘‘outsourcing’’).8 In some cases, service providers may support the investment adviser’s advisory services and processes. Supporting functions may include, for example, investment research and data analytics, trading and risk management, and compliance. In other cases, advisers hire service providers to perform or assist with functions that support middle- and back-office functions essential to asset management (e.g., collateral management, settlement services, pricing or valuation services, and performance measurement). Additionally, investment advisers have engaged service providers to perform activities that form a central part of their advisory services.9 Advisers products. C-Suite Asset Management Survey, Brown Brothers Harriman & Co. (2020), at 6 (‘‘C-Suite Asset Management Survey’’), available at https:// www.bbh.com/content/dam/bbh/external/www/ investor-services/insights/c-suite-asset-managersurvey/C-Suite%20Asset%20 Manager%20Survey%20PDF_data.pdf (finding more than half of respondent asset managers are planning to reduce expense ratios or fees in the following year). See also Fees Were Already Under Pressure. Then the Pandemic Hit, Institutional Investor (Dec. 8, 2020), available at https:// www.institutionalinvestor.com/article/ b1plj6z9wsv5nf/Fees-Were-Already-Under-PressureThen-the-Pandemic-Hit. 6 See AWM: From ‘A Brave New World’ to a New Normal, PwC (2020), at 6, available at https:// www.pwc.lu/en/asset-management/awm-from-abrave-new-world-to-a-new-normal.html (calculating worldwide assets under management in 2019 as $110.9 trillion, including a 9% compound annual growth rate since 2015). 7 Registered investment advisers report $7.096 trillion in RAUM for non-high net worth advisory clients, based on analysis of data reported on Form ADV through the Investment Adviser Registration Depository (IARD) system as of April 30, 2022. The data consists of assets that are reported by both advisers and sub-advisers, including mutual fund and ETF assets. Prior to the October 2017 changes to Form ADV, clients and client RAUM were estimated based on the midpoint of ranges reported. 8 See, e.g., The Race to Scalability 2020: Current Insights from a Decade of Advisor Research on Investment Management Trends, Flexshares (2020), available at https://go.flexshares.com/outsourcing; Christopher Newman, Asset Managers Continue to Outsource Middle Office Functions, EisnerAmper (Oct. 21, 2020), available at https:// www.eisneramper.com/asset-managers-outsourceai-blog-1020/. 9 See Smart Outsourcing Can Be a Game-Changer for RIAs, ThinkAdvisor (Mar. 18, 2021), available at https://www.thinkadvisor.com/2021/03/18/ smart-outsourcing-can-be-a-game-changer-for-rias/ (describing benefits to registered investment PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 68817 increasingly have engaged index providers to develop bespoke indexes that an adviser may replicate or track in portfolios for its clients, advisers engage subadvisers to manage some or all of a client’s portfolio, and advisers use third parties to provide technology platforms for offering robo-advisory services. Service providers may give the adviser or the adviser’s clients access to certain specializations or areas of expertise, reduce risks of keeping a function in-house that the adviser is not equipped to perform, or otherwise offer efficiencies that are unavailable to or unachievable by an adviser alone. Use of service providers can provide staffing flexibility by reducing the burdens on advisers’ existing personnel and may mitigate the need to hire new personnel (which generally entails hiring and onboarding costs in addition to salaries and benefits). This flexibility may be particularly useful for services that the adviser uses on a periodic or ad hoc basis but may not need or wish to dedicate permanent staffing. Advisers with few personnel in particular may find benefits by allowing service providers to handle tasks that would otherwise be time-consuming or costly given the lack of economies of scale. Engaging a service provider also may prove efficient because it allows an adviser to allocate specific duties to a single service provider, rather than relying on multiple internal personnel to complete a function. Clients also can benefit from outsourcing, including through better quality of service, lower fees (if the adviser passes along any cost savings), or some combination. There is a risk that clients could be significantly harmed, however, when an adviser outsources to a service provider a function that is necessary for the provision of advisory services without appropriate adviser oversight. The risk is in addition to any risks that would exist from the adviser providing these functions and should be managed. For example, a significant disruption or interruption to an adviser’s outsourced services could affect an adviser’s ability to provide its services to its clients. Outsourcing a service also presents a conflict of interest between an adviser providing a sufficient amount of oversight versus the costs of providing that oversight or the cost of the adviser providing the function itself. Poor oversight could lead to financial losses for the adviser’s clients, including through market losses and as a result of advisers of using service providers, including outsourcing management of individual portfolios and possibility of ‘‘keep[ing] some core functions in-house and outsourc[ing] others’’). E:\FR\FM\16NOP2.SGM 16NOP2 68818 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 increased transaction costs or the loss of investment opportunities. Excessive oversight can result in costs to the adviser, and potentially its clients, that outweigh the intended benefits. Outsourcing also has the potential to defraud, mislead or deceive clients. For example, outsourcing necessary advisory functions could have a material negative impact on clients, such as: inaccurate pricing and performance information that advisory clients rely on to make decisions about hiring and retaining the adviser and that advisers rely on to calculate advisory fees; 10 compliance gaps that enable fraudulent, deceptive or manipulative activity by employees and agents of such service providers to occur or continue unaddressed; 11 or poor operational management or risk measurement that leads to client losses. A service provider’s major technical difficulties could prevent the adviser from executing an investment strategy or accessing an account. Additionally, sensitive client information and data could be lost 12 and used to the client’s detriment, or client holdings or trade order information could be negligently maintained by a service provider and misused by the service provider’s employees or other market participants in trading ahead or front-running activities. Clients also may be harmed when a service provider has significant operations in a single geographic region because weather events, power outages, geopolitical events and public health events in that location raises concerns that the service provider can continue to perform its functions during these events. Risks related to a service provider’s conflicts of interests also may cause harm to an adviser’s clients. There may be conflict of interest risks when a service provider recommends or otherwise highlights investments to advisory clients that the service provider also owns or manages for others. In that circumstance, the service 10 See Armental, Maria, BNY Mellon to Pay $3 Million to Resolve Massachusetts Probe Over Glitch, The Wall Street Journal (Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay3-million-to-resolve-massachusetts-probe-overglitch-1458581998. 11 See In the Matter of Aegis Capital, LLC, Investment Advisers Release No. 4054 (Mar. 30, 2015) (settled order) (failures of an outsourced Chief Compliance Officer and the adviser’s Chief Operating Officer resulted in Form ADV filings that grossly overstated the registrant’s AUM and total number of clients). 12 See Tokar, Dylan et. al., Fund Administrator of Fortress, Pimco and Others Suffers Data Breach Through Vendor, The Wall Street Journal (Jul. 27, 2020), available at https://www.wsj.com/articles/ fund-administrator-for-fortress-pimco-and-otherssuffers-data-breach-through-vendor-11595857765. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 provider has an incentive to influence investing behavior in a way that benefits the service provider to the detriment of the adviser’s clients. For example, an index provider that holds an investment it subsequently adds to its widely followed index has a conflict of interest because it would directly benefit from creating or increasing demand for that investment and clients could be harmed if the investment does not perform as well as other investments the index provider could have added instead. The risks of harm may be particularly pronounced where services that are necessary for the provision of advisory services are highly technical or proprietary to the service provider, or where the services require expertise or data the adviser lacks. For example, if an adviser engages a service provider that uses proprietary technology to measure portfolio risk or performance of client investments, the adviser likely would not be able to replicate such measurements for its clients. If such technology fails to provide accurate measurements, it would be difficult for the adviser to detect such issues and manage the portfolios or report performance for its clients without the adviser having a plan in place for managing and mitigating the risks of such a failure. The risks of harm are also heightened where the service provider has further outsourced one or more necessary functions to another service provider (possibly without the adviser’s awareness or influence), or where the service provider delivers some services from locations outside of the United States, which introduces potential oversight and regulatory gaps or oversight challenges. In each of these cases, the disruption, interruption, or failures in the service provider’s services could affect the ability of every adviser using that service provider to deliver advisory services to its clients or otherwise meet its obligations, including under the Advisers Act or other Federal securities laws. The use of service providers could create broader market-wide effects or systemic risks as well, particularly where the failure of a single service provider would cause operational failures at multiple advisers.13 For 13 See, e.g., The International Organization of Securities Commissions (‘‘IOSCO’’) FR07/2021, Principles on Outsourcing: Final Report (Oct. 2021), (‘‘IOSCO Report’’), available at https:// www.iosco.org/library/pubdocs/pdf/ IOSCOPD687.pdf. The IOSCO Report cites examples of risks that could lead to systemic risk if multiple entities use a common service provider including: (1) if the service provider suddenly and unexpectedly becomes unable to perform services that are material or critical to the business of a significant number of regulated entities, each entity PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 example, there could be concentration risks to the extent that one service provider supplies several services to an adviser or multiple service providers merge to become a single market leader. Multiple regulated entities could use a common service provider,14 particularly because service providers have become more specialized in recent years,15 and for certain functions there may be only a few entities offering relevant (often information technology-dependent) services. If a large number of investment advisers and their clients use a common service provider, operational risks could be correspondingly concentrated, which could, in turn, lead to an increased risk of broader market effects during times of market instability. One example where the failure of a service provider had a broad impact occurred when a corrupted software update to accounting systems at a widely used fund accounting provider caused industrywide concern over the accuracy of fund values for several days.16 An estimated 66 advisers and 1,200 funds were unable to obtain system-generated net asset values (‘‘NAVs’’) for several days, suggesting that an error in a system used by many advisers could disrupt entire markets.17 will be similarly disabled, (2) a latent flaw in the design of a product or service that multiple regulated entities rely upon may affect all these users, (3) a vulnerability in application software that multiple regulated entities rely upon may permit an intruder to disable or corrupt the systems or data of some or all users, and (4) if multiple regulated entities depend upon the same provider of business continuity services (e.g., a common disaster recovery site), a disruption that affects a large number of those entities may reduce the capacity of the business continuity service. 14 Financial Stability Board, Regulatory and Supervisory Issues Relating to Outsourcing Third Party Relationships: Discussion Paper (Nov. 9, 2020), at 2 (‘‘FSB Discussion Paper’’), available at https://www.fsb.org/wp-content/uploads/ P091120.pdf. 15 The IOSCO Report, supra footnote 13. 16 See Armental, Maria, BNY Mellon to Pay $3 Million to Resolve Massachusetts Probe Over Glitch, The Wall Street Journal (Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay3-million-to-resolve-massachusetts-probe-overglitch-1458581998. 17 See id. See also, e.g., BlackRock: The monolith and the markets, The Economist (Dec. 7, 2013), available at https://www.economist.com/briefing/ 2013/12/07/the-monolith-and-the-markets (stating that 7% of the world’s $225 trillion of financial assets were supported by the same system and stating, ‘‘If that much money is being managed by people who all think with the same tools, it may be managed by people all predisposed to the same mistakes.’’); IOSCO FR06/22, Operational resilience of trading venues and market intermediaries during the COVID–19 pandemic & lessons for future disruptions: Final Report, at 23 (July 2022), available at https://www.iosco.org/library/pubdocs/ pdf/IOSCOPD706.pdf (stating that disruption of outsourced services could lead to losses, such as clients unable to access accounts or have orders executed during market volatility). E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules Our observations underscore the risks associated with advisers outsourcing functions to service providers. We have observed an increase in such outsourcing and issues related to the outsourcing and advisers’ oversight. One recent example is an enforcement action for alleged violations of section 206 of the Advisers Act against investment advisers that used models and volatility guidelines from a thirdparty subadviser without first confirming that they worked as intended.18 In another recent action, an adviser allegedly failed to oversee a third-party vendor that did not properly safeguard customers’ personal identifying information.19 Additionally, we are troubled that the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing. In response to our staff’s requests for documents, some advisers have not provided the information necessary to demonstrate compliance with the Advisers Act and its rules because of outsourcing. For example, some advisers that use client relationship management providers have asserted that they have complied with rule 204–3 because brochure delivery is programmed into the providers’ software, though they cannot produce records to evidence that delivery took place.20 These observations illustrate that despite the existing legal framework regarding the duties and obligations of investment advisers, more needs to be done to protect clients and enhance oversight of advisers’ outsourced functions. An adviser has a fiduciary duty to its clients. The Advisers Act establishes a federal fiduciary duty for investment advisers that comprises a duty of loyalty and a duty of care and is made enforceable by the antifraud provisions of the Advisers Act.21 This combination of obligations has been characterized as requiring the khammond on DSKJM1Z7X2PROD with PROPOSALS2 18 See In the Matter of Aegon USA Investment Management, LLC, et al, Investment Advisers Act Release No. 4996 (Aug. 27, 2018) (settled order). 19 See Morgan Stanley Smith Barney LLC, Investment Advisers Act Release No. 6138 (Sept. 20, 2022) (settled order). 20 See 17 CFR 275.204–3 21 See Transamerica Mortgage Advisors, Inc. v. Lewis, 444 U.S. 11, 17 (1979) (‘‘§ 206 establishes federal fiduciary standards to govern the conduct of investment advisers.’’) (quotation marks omitted); SEC v. Capital Gains Research Bureau, Inc., 375 U.S. 180, 191 (1963); Commission Interpretation Regarding Standard of Conduct for Investment Advisers, Investment Advisers Act Release No. 5248 (June 5, 2019), at 6–8 [84 FR 33669 (July 12, 2019)] (‘‘Standard of Conduct Release’’). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 investment adviser to act in the best interests of its client at all times.22 When an investment adviser holds itself out to clients and potential clients as providing advisory services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so.23 Outsourcing a particular function or service does not change an adviser’s obligations under the Advisers Act and the other Federal securities laws. In addition, the adviser is typically responsible for the advisory services through an agreement with the client that represents or implies the adviser is performing all the functions necessary to provide the advisory services. An adviser remains liable for its obligations, including under the Advisers Act, the other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. In addition, an adviser cannot waive its fiduciary duty. Accordingly, an adviser should be overseeing outsourced functions to ensure the adviser’s legal obligations are continuing to be met despite the adviser not performing those functions itself. As a fiduciary, an investment adviser cannot just ‘‘set it and forget it’’ when outsourcing. In this regard, we are concerned that outsourcing these necessary functions (defined as ‘‘Covered Functions’’ in proposed rule 206(4)–11) in particular, without further oversight by the investment adviser, can undermine the adviser’s provision of services and compliance with the Federal securities laws, and can directly harm clients. We also believe it is a deceptive sales practice and contrary to the public interest and investor protection for an investment adviser to hold itself out as an investment adviser, but then outsource its functions that are necessary to its provision of advisory services to its clients without taking appropriate steps to ensure that the clients will be provided with the same protections that the adviser must 22 See SEC v. Tambone, 550 F.3d 106, 146 (1st Cir. 2008) (‘‘Section 206 imposes a fiduciary duty on investment advisers to act at all times in the best interest of the fund . . .’’); SEC v. Moran, 944 F. Supp. 286, 297 (S.D.N.Y 1996) (‘‘Investment advisers are entrusted with the responsibility and duty to act in the best interest of their clients.’’). See also Standard of Conduct Release, supra footnote 21, at 6–8 (discussing various interpretations of an adviser’s fiduciary duty spanning several decades). 23 See Standard of Conduct Release, supra footnote 21 (discussing various interpretations of an adviser’s fiduciary duty spanning several decades). See also section 205(a)(2) of the Advisers Act makes it unlawful for an SEC-registered adviser to enter into or perform any investment advisory contract unless the contract provides that no assignment of the contract shall be made by the adviser without client consent. PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 68819 provide under its fiduciary duty and other obligations under the Federal securities laws. We believe a reasonable investor hiring an adviser to provide investment advisory services would expect the adviser to provide those services and, if significant aspects of those services are outsourced to a provider, to oversee those outsourced functions effectively. To do otherwise would be misleading, deceptive, and contrary to the public interest. Moreover, disclosure cannot address this deception. We do not believe any reasonable investor would agree to engage an investment adviser that will not perform functions necessary to provide the advisory services for which it is hired, and instead will outsource those functions to a service provider without effective oversight over the service provider. An adviser’s use of service providers should include sufficient oversight by an adviser so as to fulfill the adviser’s fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm. Accordingly, in light of the increase in the use of service providers, the services provided, and the risks of client harm described above, we believe that a consistent oversight framework across investment advisers is needed for outsourcing functions or services that are necessary for the investment adviser to provide its advisory services in compliance with the Federal securities laws. Proposed new rule 206(4)–11 under the Advisers Act is designed to address these issues by requiring investment advisers to comply with specific elements as part of a due diligence and monitoring process to oversee the provision of covered functions. Given the increasing use of service providers by investment advisers, we are also concerned that the Commission has limited visibility into advisers’ outsourcing and thus the potential extent to which advisory clients face outsourcing-related risks. The Commission currently collects only limited information about an adviser’s use of certain service providers through forms filed with the Commission, such as third-party keepers of advisers’ books and records and certain service providers for private funds reported on Form ADV, or during examinations conducted by Commission staff.24 If the Commission had additional information about which service providers all registered advisers are using that are necessary to perform their advisory services, for example, it could quickly 24 See Form ADV Part 1A, Schedule D, Sections 1.L. and 7.B.1. E:\FR\FM\16NOP2.SGM 16NOP2 68820 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules analyze the potential breadth of the impact from a market event. In the event of a critical failure at an asset management service provider, the Commission would be able to identify quickly all advisers reporting that firm on Form ADV as a service provider of one or more covered functions, which can help inform the Commission’s course of action. Finally, we are concerned that when an investment adviser outsources its books and records obligations to a third party, the adviser may not be properly ensuring that it can comply with the Commission’s recordkeeping requirements. Currently, rule 204–2 requires advisers to make and keep specified records, including standards for keeping those records electronically, but does not expressly impose specific requirements when an adviser outsources recordkeeping functions to a third party.25 We believe that specific conditions should apply to all advisers using third parties to make and keep records required by rule 204–2. khammond on DSKJM1Z7X2PROD with PROPOSALS2 B. Overview of Rule Proposal The proposed rule would establish a set of minimum and consistent due diligence and monitoring obligations for an investment adviser outsourcing certain functions to a service provider. Proposed rule 206(4)–11 under the Advisers Act would apply to advisers that are registered or required to be registered with us and that outsource a covered function.26 The definition of a 25 Commission staff addressed third party recordkeeping in two staff letters. See OMGEO, LLC, SEC Staff No-Action Letter (Aug. 14, 2009), at n.3 (‘‘OMGEO NAL’’), available at https:// www.sec.gov/divisions/investment/noaction/2009/ omgeo081409.htm (citing First Call and National Regulatory Services, SEC Staff No-Action Letter (Dec. 2, 1992)); First Call Corporation, SEC Staff NoAction Letter (Sept. 6, 1995) (‘‘First Call NAL’’), available at https://www.sec.gov/divisions/ investment/noaction/1995/firstcall090695.pdf. The staff no-action letters represent the views of the staff of the Division of Investment Management. They are not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved their content. The staff no-action letters, like all staff statements, have no legal force or effect: they do not alter or amend applicable law, and they create no new or additional obligations for any person. See also infra section II.F. 26 Proposed rule 206(4)–11(a). The rule number assigned to the proposed rule 206(4)–11 is based on the numbering for other rule amendments the Commission previously proposed. See, e.g., Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, available at https://www.sec.gov/rules/proposed/2022/3311028.pdf (proposing rule 206(4)–9 related to cybersecurity policies and procedures of investment advisers); Private Fund Advisers: Documentation of Registered Investment Adviser Compliance Reviews, available at https://www.sec.gov/rules/ proposed/2022/ia-5955.pdf (proposing rule 206(4)– 10 related to private fund adviser audits). This VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 covered function has two parts: (1) a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and (2) that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.27 Clerical, ministerial, utility, or general office functions or services are excluded from the definition.28 Before engaging a service provider to perform a covered function, the adviser would have to reasonably identify and determine through due diligence that it would be appropriate to outsource the covered function, and that it would be appropriate to select that service provider, by complying with six specific elements. These elements address: • The nature and scope of the services; • Potential risks resulting from the service provider performing the covered function, including how to mitigate and manage such risks; • The service provider’s competence, capacity, and resources necessary to perform the covered function; • The service provider’s subcontracting arrangements related to the covered function; • Coordination with the service provider for Federal securities law compliance; and • The orderly termination of the provision of the covered function by the service provider.29 The proposed rule also would require the adviser periodically to monitor the service provider’s performance and reassess the selection of such a service provider under the due diligence requirements of the rule.30 Each of these elements is included in the rule to address specific areas of risks and concerns that we have observed, as described above. Although the proposed rule does not require additional explicit written policies and procedures related to service provider oversight, if the proposed rule were adopted, advisers would be required under existing rule 206(4)–7 to have policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act, and this requirement would apply to the proposed rule. In addition, we are proposing to require advisers to make and keep number could change based on future Commission actions. 27 Proposed rule 206(4)–11(b). 28 Proposed rule 206(4)–11(b). 29 Proposed rule 206(4)–11(a)(1). 30 Proposed rule 206(4)–11(a)(2). PO 00000 Frm 00006 Fmt 4701 Sfmt 4702 certain books and records attendant to their obligations under the proposed oversight framework, such as lists or records of covered functions and records documenting their due diligence and monitoring of each service provider.31 The requirement to make and keep such books and records would help advisers monitor, and determine whether to modify, their approach to outsourcing a particular function. These records would also assist the Commission and its staff in evaluating adviser representations about their services and the extent to which an adviser complies with the rule. We are also proposing to add a new provision in the recordkeeping rule requiring every investment adviser that relies on a third party to make and/or keep books and records required by the recordkeeping rule to conduct due diligence and monitoring of that third party consistent with the requirements under proposed rule 206(4)–11 and obtain reasonable assurances that the third party will meet four standards. These standards address the third party’s ability to: (i) adopt and implement internal processes and/or systems for making and/or keeping records that meet the requirements of the recordkeeping rule applicable to the adviser in providing services to the adviser; (ii) make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser; (iii) provide access to electronic records; and (iv) ensure the continued availability of records if the third party’s operations or relationship with the adviser cease. The requirements are intended to protect required records from loss, alteration, or destruction and to help ensure that such records are accessible to the investment adviser and the Commission staff while allowing investment advisers to continue to contract with a wide variety of service providers to assist with recordkeeping functions. Finally, we are proposing amendments to Form ADV that are designed to improve visibility for the Commission and advisory clients relating to service providers that perform covered functions. New item 7.C. in Part 1A and Section 7.C. in Schedule D would require advisers to provide census-type information about these providers.32 These disclosures would provide more information about outsourced functions, enabling clients 31 See proposed rule 204–2(a)(24). Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the information in proposed new Item 7.C would be structured (i.e., machine-readable) as well. 32 Because E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules to make better informed decisions about the retention of an adviser and enabling the Commission and its staff to identify and address risks related to outsourcing by advisers and oversee advisers’ use of service providers better. II. Discussion A. Scope Under proposed rule 206(4)–11, as a means reasonably designed to prevent fraudulent, deceptive, or manipulative acts, practices, or courses of business within the meaning of section 206(4) of the Act, it would be unlawful for an investment adviser registered or required to be registered with the Commission to retain a service provider to perform a covered function unless the investment adviser conducts certain due diligence and monitoring of the service provider.33 A covered function is defined in the proposed rule as a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.34 The proposed rule defines a service provider as a person or entity that performs one or more covered functions and is not an adviser’s supervised person as defined in the Advisers Act.35 A covered function would not include clerical, ministerial, utility, or general office functions or services.36 khammond on DSKJM1Z7X2PROD with PROPOSALS2 1. Covered Function We are proposing to define ‘‘covered function’’ more narrowly than all of the functions an investment adviser might outsource to a service provider. Advisers outsource many services beyond their core advisory functions, and the failure of many of those functions could have little to no effect on an adviser’s clients. Accordingly, we are targeting those outsourced functions that meet two elements: (1) those necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws; and (2) those that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s 33 See proposed rule 206(4)–11(a). rule 206(4)–11(b). 35 Proposed rule 206(4)–11(b). 36 Proposed rule 206(4)–11(b). 34 Proposed VerDate Sep<11>2014 17:47 Nov 15, 2022 ability to provide investment advisory services.37 The proposed rule applies if an adviser retains a service provider to perform a covered function, whether by a written agreement or by some other means. The Commission is not specifying how an adviser might retain a service provider to perform a covered function, but an adviser should consider using a written agreement as a best practice. The determination of whether an adviser has retained a service provider to perform such a covered function would depend on the facts and circumstances. For example, an adviser that enters into a written agreement with a valuation provider to value all of its clients’ fixed income securities or with a subadviser to manage fixed income portfolios for several of its clients would be considered to retain a service provider under the proposed rule to perform a function that is necessary for the adviser to provide its advisory services. In contrast, custodians that are independently selected and retained through a written agreement directly with the client would not be covered by the proposed rule because the adviser is not retaining the service provider to perform a function that is necessary for the adviser to provide its advisory services. The determination of what is a covered function also would depend on the facts and circumstances, as the proposed rule is meant to encompass functions or services that are necessary for a particular adviser to provide its investment advisory services. In addition, certain functions may be covered functions for one adviser but not for another adviser, and so certain persons or entities that perform functions on behalf of advisers may be a service provider in the scope of the rule with respect to one adviser but not for another adviser. We are providing examples of potential covered function categories an adviser may wish to consider in the amendments we are proposing to Form ADV, Section 7.C of Schedule D, which would include: Adviser/Subadviser; Client Services; Cybersecurity; Investment Guideline/ Restriction Compliance; Investment Risk; Portfolio Management (excluding Adviser/Subadviser); Portfolio Accounting; Pricing; Reconciliation; Regulatory Compliance; Trading Desk; Trade Communication and Allocation; and Valuation. Advisers outsource functions that are essential to asset management or directly support the adviser’s advisory services and processes. Depending on 37 See Jkt 259001 PO 00000 the specific facts and circumstances, when problems arise with these types of functions, clients could experience a material negative impact, such as interruptions in advisory services or the adviser’s inability or failure to comply with its legal responsibilities. We believe an adviser should take specific oversight steps required by the proposed rule to reduce the likelihood that these types of problems will occur and to reduce their impact when they do occur. In addition when an investment adviser holds itself out to clients and potential clients as providing advisory services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so. We believe it is contrary to the public interest and investor protection if the adviser then outsources covered functions without effectively overseeing those outsourced functions. Accordingly, an adviser should be overseeing outsourced functions to ensure the adviser’s legal obligations are continuing to be met despite the adviser not performing those functions itself. Generally, we would consider functions or services that are related to an adviser’s investment decisionmaking process and portfolio management to meet the first element of the definition. For example, some functions and services covered under the first element would be those related to providing investment guidelines (including maintaining restricted trading lists), creating and providing models related to investment advice, creating and providing custom indexes, providing investment risk software or services, providing portfolio management or trading services or software, providing portfolio accounting services, and providing investment advisory services to an adviser or the adviser’s clients (subadvisory services).38 Covered functions can 38 These providers’ activities, in whole or in part, may cause them to meet the definition of ‘‘investment adviser’’ under the Advisers Act. In a separate action, the Commission issued a request for public comment related to the status and registration of certain information providers, including index providers, model portfolio providers, and pricing services, under the Advisers Act. See Request for Comment on Certain Information Providers Acting as Investment Advisers, Investment Advisers Release No. 6050 (Jun. 15, 2022) [87 FR 37254 (Jun. 22, 2022)] (‘‘Information Providers Request for Comment’’), available at https://www.sec.gov/rules/other/2022/ ia-6050.pdf. The comment letters on the Information Providers Request for Comment (File No. S7–18–22) are available at https://www.sec.gov/ comments/s7-18-22/s71822.htm and we are continuing to consider all of the comments received. Several commenters noted that many advisers and fund boards oversee information proposed rule 206(4)–11. Frm 00007 Fmt 4701 Sfmt 4702 68821 Continued E:\FR\FM\16NOP2.SGM 16NOP2 68822 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 include technology integral to an adviser’s investment decision-making process and portfolio management or other functions necessary for the adviser to provide its investment advisory services. For example, if an adviser’s investment decision-making process relies on artificial intelligence or software as a service, those services may form part of the covered function even though they are provided through technology. As discussed above, certain of these functions may be covered functions for one adviser but not for another adviser, depending on the facts and circumstances. For example, an adviser may choose to engage an index provider for the purposes of developing an investment strategy for its clients, which would be a covered function under the proposed rule, while another may license a widely available index from an index provider to use as a performance hurdle, in which case the proposed rule would not apply. We believe that the services of an index provider, if retained by an adviser for purposes of formulating the adviser’s investment advice, would meet the first element of the definition of a covered function because such services would be necessary for the adviser to provide investment advice to its client. Implementing an investment decision also may meet this element, including identifying which portfolios to include or exclude, determining how to allocate a position among portfolios, and submitting the final orders to the broker. In order to provide investment advisory services in compliance with the Federal securities laws, an adviser might also seek to outsource its compliance functions, including outsourced chief compliance officers and other outsourced compliance functions such as making regulatory filings on behalf of providers and that advisers are fiduciaries bearing the ultimate responsibility for information providers’ services. See, e.g., Comment Letter of ETF BILD (Aug. 16, 2022); Comment Letter of Investment Advises Association (Aug. 16, 2022); Comment Letter of Index Industry Association (Aug. 16, 2022); Comment Letter of Invesco Ltd. (Aug. 16, 2022); Comment Letter of Investment Company Institute (Aug. 16, 2022) (‘‘Comment Letter of ICI’’); Comment Letter of Independent Directors Council (Aug. 16, 2022); Comment Letter of NASDAQ (Aug. 16, 2022) (‘‘Comment Letter of NASDAQ’’); Comment Letter of S&P Dow Jones Indices (Aug. 16, 2022); Comment Letter of S&P Global Market Intelligence (Aug. 15, 2022); Comment Letter of the Securities Industry and Financial Markets Association (Aug. 16, 2022) (‘‘Comment Letter of SIFMA’’). Some commenters also suggested as an alternative to regulating these information providers as investment advisers, that the Commission consider regulating adviser oversight of information providers. See, e.g., Comment Letter of Healthy Markets Association and CFA Institute (Aug. 16, 2022); Comment Letter of ICI; Comment Letter NASDAQ; Comment Letter of SIFMA. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 the adviser, and valuation and pricing services.39 Ensuring the adviser complies with the regulatory requirements applicable to its advisory services is a necessary part of providing those services and would be covered under the rule. We would not consider functions performed by marketers and solicitors to be covered functions, however, because such services are not used by an adviser to provide investment advice to its clients.40 The second element of the proposed definition of ‘‘covered function’’ limits the definition to those functions or services that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.41 Determining what is a material negative impact would depend on the facts and circumstances, but it could include a material financial loss to a client or a material disruption in the adviser’s operations resulting in the inability to effect investment decisions or to do so accurately. An adviser should consider a variety of factors when determining what would be reasonably likely to have a material negative impact, such as the day-to-day operational reliance on the service provider, the existence of a robust internal backup process at the adviser, and whether the service provider is making or maintaining critical records, among other things. For example, if an adviser used a service provider for portfolio management functions that experienced a cyberincident that caused an inability for the adviser to monitor risks in client portfolios properly, it would be reasonably likely to cause a material negative impact on the adviser’s clients and its ability to provide investment advisory services.42 A covered function would not include clerical, ministerial, utility, or general office functions or services.43 These types of functions or services are not functions that an adviser would perform on its own or they are not likely to qualify as a covered function under the 39 For example, an adviser may use valuation service providers to assist in fair value determinations. Such services would be included under the proposed rule as covered functions, as opposed to, for example, common market data providers providing publicly available information. 40 Marketers and solicitors must determine whether they are subject to statutory or regulatory requirements under Federal law, including the requirement to register as a broker-dealer pursuant to section 15(b) of the Securities Exchange Act of 1934. See 15 U.S.C. 78o(b). 41 See proposed rule 206(4)–11(b). 42 See infra section II.B.4. 43 Proposed rule 206(4)–11(b). PO 00000 Frm 00008 Fmt 4701 Sfmt 4702 proposed rule because they are not necessary for an adviser to provide investment advisory services in compliance with the Federal securities laws or they are not likely to cause a material harm to clients if not performed properly. For example, covered functions would not include the adviser’s lease of commercial office space or equipment, use of public utility companies, utility or facility maintenance services, or licensing of general software providers of widely commercially available operating systems, word processing systems, spreadsheets, or other similar off-theshelf software. To illustrate how to apply the definition of a covered function, if an adviser engaged an index provider to create or lease an index for the adviser to follow as a strategy for its advisory clients, it would likely fall under both elements of the definition. First, using a bespoke index created specifically for the adviser to follow would serve as a material service that is necessary for the adviser to provide investment advisory services to the extent the index is used by the adviser to provide investment advice and make investments on behalf of the advisory client. Second, if the function is not performed or performed negligently, it would have a material negative impact on the adviser’s ability to provide investment advisory services because if, for instance, the service provider failed to provide the index, the adviser would not be able to make investments for the client as needed. Similarly, if an adviser licenses a commonly available index and its stated investment strategy involves management against that index, failure to receive the index or an inaccurate delivery of the index could have a material negative impact on the adviser’s ability to manage that portfolio. In contrast, if an adviser purchases a license to utilize a commonly available index solely as a comparison benchmark for performance and not to inform the adviser’s investment decisions as part of its advisory services, that index provider would most likely not be providing a covered function because, in that context, the adviser is not using the index to provide investment advice. 2. Service Provider An investment adviser would be required to comply with the proposed rule if the adviser retains a service provider. The term ‘‘service provider’’ is defined as a person or entity that: (1) performs one or more covered functions; and (2) is not a supervised person of the E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules adviser.44 The proposed rule excludes supervised persons of an adviser from the definition of a service provider since such persons are already being directly overseen by the adviser.45 The proposed rule does not, however, make a distinction between third-party providers and affiliated service providers because the risks that the proposed rule are designed to address exist whether the service provider is affiliated or unaffiliated, and the service provider is not necessarily already being overseen by the adviser. For example, the ability to have direct control or full transparency may be limited when an adviser outsources, even to an affiliated service provider, which may increase the risk for failed regulatory compliance. As such, even though the affiliate may be in a control relationship with the adviser, it remains important for the adviser to determine if it is appropriate to retain the affiliate’s services and to oversee the affiliate’s performance of a covered function. The proposed rule would not include an exception for service providers that are subject to other provisions of the Advisers Act, including SEC-registered advisers, or other Federal securities laws. An adviser remains liable for its legal and contractual obligations and should be overseeing outsourced functions to ensure the adviser meets its legal and contractual obligations, regardless of whether the service provider has its own legal obligations under the Federal securities laws. For example, if an adviser engages a brokerdealer to provide an electronic trading platform to submit orders from the adviser and allocate trades among the adviser’s client accounts after the trades have been executed, then the adviser’s engagement of the broker-dealer for those services would not be excepted from the proposed rule. We believe providing orders to a broker-dealer and allocating securities to client accounts after the trade are part of an investment adviser’s services and responsibilities that cannot be outsourced without further oversight because, particularly in a discretionary account, instructing a broker-dealer about the trades the adviser is recommending and then allocating trades among client accounts is a critical component of an adviser’s provision of investment advisory 44 See proposed rule 206(4)–11(b). proposed rule 206(4)–11(b). A supervised person is defined in section 2(a)(25) of the Advisers Act as any partner, officer, director, (or other person occupying a similar status or performing similar functions), or employee of an adviser, or other person who provides investment advice on behalf of the adviser and is subject to the supervision and control of the adviser. 45 See VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 services. Additionally, we believe it would be reasonable for a client to expect initial and continued adviser oversight of that function, and the broker-dealer’s failure to perform or negligent performance of its covered function could be reasonably likely to cause a material harm to the adviser’s clients and its ability to provide its advisory services. For example, without proper oversight of this function, failing to perform the function could result in an adviser being unable to submit orders or allocate trades. A service provider performing asset allocations on behalf of the adviser also might allocate shares in a manner that favors certain clients over others or might fail to consider whether allocating additional shares would violate a client’ investment guidelines. If an adviser engages an SECregistered adviser as a subadviser to manage and evaluate investments within a portfolio, then the adviser would not be excepted from the proposed rule. Even if the subadviser would be subject to its own compliance with the Federal securities laws, the adviser remains responsible for its advisory services and should perform its own due diligence and monitoring of the subadviser to ensure its obligations continue to be met. Moreover, the adviser’s compliance with the proposed rule would not alleviate the subadviser’s own compliance with the Federal securities laws, including the proposed rule. In the event that an SEC-registered subadviser were to hire a service provider itself, for example to help manage and evaluate the investments within a managed portfolio, the subadviser would be required to comply with the proposed rule with respect to that service provider. The subadviser would have the same obligations and duties to its client as any other SECregistered adviser, whether the subadviser’s client is another adviser or a client of another adviser, and the subadviser should engage in the same oversight requirements as any other adviser. All advisers registered or required to be registered are subject to the proposed rule if they engage a service provider to perform a covered function, regardless of the identities of their clients or their relationships to other advisers. 3. Recordkeeping of Covered Functions An adviser would first need to determine which functions are covered functions in order to comply with the requirements of the proposed rule. Accordingly, we are proposing to revise the Advisers Act books and records rule to require an adviser to make and keep a list or other record of covered PO 00000 Frm 00009 Fmt 4701 Sfmt 4702 68823 functions that the adviser has outsourced to a service provider and the name of each service provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a covered function.46 The recordkeeping requirement might be satisfied by a written agreement between the adviser and service provider, explicitly stating that the function or service provided is a covered function under the proposed rule and the name of each service provider. The written agreement could include the factors that led the function to be deemed a covered function, or that information could be memorialized in a separate record. Alternatively, there might be a written memorandum or other document prepared by the adviser that lists the names of the service providers; that explains how a particular function or service is one that is deemed to be necessary to provide investment advisory services in compliance with the Federal securities laws and that would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services if not performed or performed negligently; and that provides the factors that led the function to be deemed a covered function. The adviser’s written compliance policies also could identify the covered functions and the factors considered for each, such as the type of function or service provided or whether the adviser could provide investment advisory services without the covered function. The method by which the adviser meets this proposed requirement (e.g., written agreement, memorandum to file, etc.) and the factors relevant to the adviser’s determination would likely vary depending on each function or service for which an adviser engages a service provider. Accordingly, we are not specifying any particular method for making the list or record of factors to consider.47 Due to the unique nature of an adviser’s relationship with a service provider, we are also proposing to revise the Advisers Act books and records rule 46 See proposed rule 204–2(a)(24)(i). The rule number assigned to subparagraph (24) of the proposed amendments to rule 204–2(a) is based on the numbering for other rule amendments the Commission previously proposed. See e.g., Private Fund Advisers: Documentation of Registered Investment Adviser Compliance Reviews, available at https://www.sec.gov/rules/proposed/2022/ia5955.pdf (proposing rule 204–2(a)(20) to (23)). The proposed rule’s subsection number could change based on future Commission actions. 47 See proposed rule 204–2(e)(1). E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68824 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules to require that the records be maintained in an easily accessible place throughout the time period that the adviser has outsourced a covered function to a service provider, and for a period of five years thereafter.48 This amendment would help facilitate the Commission’s inspection and enforcement capabilities. We request comment on the proposed scope of the rule: 1. Is the proposed scope of the rule appropriate? Why or why not? In what ways, if any, could the proposed scope of the rule or the proposed definition of covered function better match our policy goals? Does it need to be made clearer? 2. Instead of oversight requirements when an adviser outsources a covered function, should we only require Form ADV disclosure to clients and potential clients of any outsourcing of certain functions? Would it be sufficient for an adviser to disclose that it would outsource these services and not oversee them and would any reasonable investor agree to this approach? Or would a more limited approach to the oversight of service providers be appropriate instead of the proposed requirements? If so, what should that limited approach be? 3. In addition to the proposed oversight requirements when an adviser outsources a covered function, should the rule include an express provision that prohibits an adviser from disclaiming liability when it is not performing a covered function itself? 4. Is the proposed definition of ‘‘covered function’’ clear? Why or why not? In what ways, if any, could the proposed definition be made clearer? 5. The proposed rule is designed to apply in the context of outsourcing core advisory functions. The proposed rule does so by qualitatively describing what we believe is a core advisory function— namely, a function or service that is necessary for the investment adviser to provide its investment advisory services in compliance with the Federal securities laws. Does the proposed definition of covered function capture this intended core advisory function scope? Should the rule explicitly state that its application is limited to core investment advisory services? If yes, how would we identify and define what would be considered ‘‘core investment advisory services’’? 6. Instead of our proposed definition, should we define ‘‘covered functions’’ as a specified list of core investment advisory activities, such as ‘‘services that are central to the selection, trading, valuation, management, monitoring, 48 See rule 204–2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 indexing, and modeling of investments’’? Are there other specific functions or services that should be included or excluded from this list? Please explain. Are the services in this list clear? For example, would we need to define trading in this alternative definition to include allocation and communications related to trades? Would it be clear that subadvisers and portfolio management would be included as ‘‘management’’ in this alternative definition or that risk management is part of management and monitoring? Would it be confusing to list management and selection as well as indexing and modeling in this alternative definition? Is there overlap among the categories? If there is overlap, should the rule list only certain of these categories, such as selection and management, or would certain core services or functions be inadvertently excluded? 7. Should the Commission include or exclude in the definition of covered function any particular functions or services discussed within the release? Should services related to investment risk identification or monitoring be specifically identified, or would they be assumed to be included as part of the selection or management of investments? Instead should the specified list of covered functions/ services be the same as those provided by service provider types listed in the proposed amendments to Form ADV? 8. Are there particular types of service providers to which the rule should apply? For example, should the rule explicitly include the service providers advisers would be required to identify in proposed amendments to Form ADV (portfolio management, trade communication and allocation, pricing services, valuation services, investment risk services, portfolio accounting services, client servicing, subadvisory services, and/or regulatory compliance)? Should we explicitly require the rule to apply to index providers, model providers, valuation agents, or other service providers that may be central to an adviser’s investment decisionmaking process? 9. What would be the advantages and disadvantages of explicitly identifying the types of functions or providers that would trigger the rule? For instance, is there a risk of being over-inclusive and under-inclusive if we take such an approach? Are there certain services or functions that should be considered ‘‘core’’ for all advisers, or does what constitutes a ‘‘core’’ advisory function vary from one adviser to the next? Should what is considered ‘‘core’’ correlate to a certain percentage of PO 00000 Frm 00010 Fmt 4701 Sfmt 4702 clients who receive (and presumably can therefore be affected by) the service provider’s services? That is, would a service provider’s functions be considered ‘‘core’’ to an adviser if they could have an impact on a certain minimum percentage of the adviser’s clients? Should it correlate to a certain percentage of regulatory assets under management that receive (and, again, presumably can be affected by) the service provider’s services? That is, would a service provider’s functions be considered ‘‘core’’ to an adviser if they could have an impact on a certain minimum percentage of the adviser’s regulatory assets under management? What would be a percentage of either such measurement that should trigger application of the rule? 5%? 10%? 15%? 20%? Please explain your answer. 10. Should data providers be explicitly included within the scope of the rule? Are there specific types of data providers that might be considered ‘‘covered functions,’’ such as providers of security master data, corporate action data, or index data? 11. Instead of considering certain compliance functions to be a ‘‘covered function’’ under the rule, should we amend rule 206(4)–7 to require advisers to comply with the due diligence and monitoring requirements of proposed rule 206(4)–11 and 204–2(a)(24) for all outsourced compliance functions, as we are proposing for records made and kept by third parties, as described below? 12. Should we revise the proposed exclusion for clerical or ministerial services? Should we provide different or additional specific exclusions from the definition of covered function under the rule? Which ones, if any? For example, should we use the same definition of supervised person as in the Advisers Act? Should we explicitly exclude broad-based and widely published indices or specific clerical or ministerial services such as basic utilities and widely commercially available operating systems, word processing systems, or spreadsheets, utilities, or general office functions or services? Should we exclude functions or categories of services or should we list specific service providers that should be excluded? How should we view these services or functions when they are integral to the provision of a covered function (e.g., when investment performance is calculated in a spreadsheet or an order management system is hosted in the cloud)? 13. Should we define ‘‘covered function’’ more broadly or more narrowly, and if so, how? For example, should we only use the first prong of the proposed definition and broaden the E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules definition to any function or service that is necessary for the investment adviser to provide its advisory services in compliance with the Federal securities laws, regardless of the likely impact on clients of non- or negligent performance? Or should we only use the second prong of the definition to apply the rule to any services or functions that, if not performed or performed negligently, could potentially have a material negative impact, regardless of whether they are necessary for the adviser to provide its advisory services in compliance with the Federal securities laws? Should we change the second prong of the definition, for example, by applying the rule to any services or functions that if not performed or performed in a manner materially different from the adviser’s representations or undertakings could potentially have a material negative impact? 14. Should the definition of ‘‘covered function’’ be expanded to include functions or services necessary for the adviser to comply with the Federal securities laws or with the Advisers Act instead of limiting the definition to functions or services necessary to provide investment advisory services in compliance with the Federal securities laws? Should the definition include other third-party providers of services to the adviser’s clients, such as brokerdealers and custodians? Should the definition include any third-party providers that the adviser recommends to clients even if those providers enter into an agreement directly with the client and not with the investment adviser? 15. Is ‘‘necessary for the adviser to provide its advisory services in compliance with the Federal securities laws’’ sufficiently clear? Is the term ‘‘necessary’’ too restrictive and, if so, should alternate language be used, such as ‘‘supports the adviser in making investment selections and otherwise providing its advisory services in compliance with the Federal securities laws’’? Should the proposed rule be limited to providing its advisory services in compliance with obligations only under the Advisers Act? 16. Is the proposed definition of ‘‘service provider’’ clear? Why or why not? In what ways, if any, could the proposed definition be made clearer? 17. Are the meanings of ‘‘material negative impact’’ and ‘‘reasonably likely’’ clear? Why or why not? Should we define these phrases or provide additional guidance? If so, how? Is there a different phrase we should use that conveys the same idea? VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 18. Should the rule define what it means to retain a service provider to perform a covered function? If so, how? Should we explicitly state that outsourcing would include affiliated entities of an adviser, including parent organizations? 19. Should we define when an adviser would retain a service provider for purposes of the proposed rule? Are there specific factors that should be relevant in determining whether a service provider arrangement should be subject to the rule? For example, should the rule apply where the adviser recommends the service provider to some or all of its clients? Would a relevant factor be the extent to which the adviser makes arrangements for the client to engage the service provider? Should the approach differ depending on whether the client is a fund (registered or not) or a separately managed account and the extent to which the adviser is a control person of the fund or has some control over the fund’s contracting arrangements? Or should the proposed rule only include service providers that contract directly with the adviser? If so, why? Should we provide an explicit exclusion for all advisers that engage service providers to perform covered functions as part of a larger program or arrangement, such as the sponsor of a wrap fee program or other separately managed account program in which the sponsor is subject to the proposed rule with respect to the participation of the service providers in the program? 20. The proposed rule does not specify how an adviser would ‘‘retain’’ a service provider in compliance with the proposed rule. Should we require a written agreement or some other written documentation between the adviser and service provider to perform a covered function under the proposed rule? If so, what provisions should we require? For example, should certain elements of the proposed rule’s due diligence requirements instead be required in a contract between the adviser and service provider? Should there be a written agreement requirement for certain covered functions and not others? For example, should the rule identify a subset of the proposed definition of covered function as critical covered functions and require a written agreement in those circumstances only? If the final rule were to, instead, define covered function by listing certain specific functions, such as described in request for comments 5, 6, 7, and 8 above, should we require a written contract between the adviser and these service providers? Are there any contexts in which a written agreement may be more PO 00000 Frm 00011 Fmt 4701 Sfmt 4702 68825 feasible than others? Alternatively, should we not require a written agreement but instead require disclosure in Form ADV Part 1A of whether an adviser has a written agreement for each covered function or require disclosure only if the adviser does not have a written agreement for a particular covered function? 21. Is the scope of the proposed rule sufficiently clear in its application to various advisory arrangements such as, among others, separately managed accounts, wrap-fee programs, roboadvisory services, and model portfolio providers? Is it clear how it applies when technology is used as part of advisory services, such as artificial intelligence, foundation models, or software as a service? Why or why not? 22. With respect to an adviser’s clients, should the rule apply to any service providers an adviser retains on behalf of all of the adviser’s clients, as proposed, including clients that are registered investment companies or private funds? Why or why not? Should services provided to a fund, such as fund administration, transfer agent, principal underwriter or custody services, be deemed to be ‘‘investment advisory services’’ or otherwise covered under the proposed rule and related recordkeeping requirements? Should we provide an explicit exception for advisers when a registered investment company retains the listed service providers in rule 38a–1 under the Investment Company Act of 1940 (‘‘Investment Company Act’’) instead (i.e., principal underwriter, fund administrator, and transfer agent)? What about with respect to private funds, which are not subject to rule 38a–1? Should we provide an explicit exception from the proposed rule if any such engagement is approved, in the case of a registered fund, by the board, including a majority of the independent directors, or in the case of a private fund, by a majority of the Limited Partner Advisory Committee or equivalent body? 23. Should we include subadvisers within the scope of the rule, as proposed? Why or why not? Should this differ based on whether the subadviser for a fund is engaged by the adviser or the fund itself? 24. The proposed rule excludes a supervised person of an investment adviser from the definition of provider. Do commenters agree that it would be duplicative to apply the rule in this context? Should the proposed rule also exclude an adviser’s affiliated or related persons? Should such an exclusion depend on whether the affiliate or related person is separated from the E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68826 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules adviser by information barriers? Why or why not? 25. Would it be duplicative or otherwise unnecessary to apply the rule in the context of an adviser’s affiliates, as proposed? If so, please explain. 26. Should the proposed rule provide an exception for firms that are dually registered broker-dealers? For example, should we provide an exception for firms that comply with existing brokerdealer provisions such as FINRA Rule 3110 (Supervision) to meet a dual registrant’s obligation under these rules? Should there be an exception for outsourcing to SEC-registered advisers or other service providers that are themselves subject to regulation under the Federal securities laws? Should such an exception be limited to outsourcing to another adviser or manager (including banks and trust companies) when the other adviser or manager treats the client as its own client (as may be evidenced, for example, by the client’s entry into documentation appointing the adviser or manager, the inclusion of the client as a client on the books and records of the adviser or manager, or the delivery of disclosure documents of the adviser or manager to the client)? 27. To what extent do advisers already take the steps that would be required by the proposed rule? Do commenters believe that the proposed rule is necessary? Why or why not? To the extent that commenters believe that the proposed rule is already covered by the general fiduciary duty enforceable under Section 206 of the Advisers Act, do commenters believe there is sufficient clarity in the industry as to the obligations for an adviser in the context of retaining service providers? And if so, how do those obligations differ from what is outlined in this proposed rule? 28. Are the proposed changes to the books and records rule appropriate? Are there alternative or additional recordkeeping requirements we should impose? For example, should we require that the record include specific information or be memorialized in a written memo or report? Should we require advisers to update the list of covered functions within prescribed time periods such as monthly, quarterly or annually? 29. Should we require advisers to make and keep true, accurate, and current a list of covered functions? Why or why not? Should we specify any particular method for making the list or record of factors to consider? Should we require a specific method of maintaining the list of covered functions such as in its policies and procedures? VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 30. Do commenters believe it would be overly burdensome to require a record of factors that led the adviser to list each covered function, as proposed? Why or why not? Should we instead only require the list of covered functions without requiring the record of factors for each covered function? B. Due Diligence The proposed rule would require advisers to conduct reasonable due diligence before engaging a service provider to perform a covered function.49 We believe it is essential for an investment adviser to evaluate whether and how it will continue to meet its obligations to its clients, and the requirements of the Federal securities laws, including its obligations as a fiduciary, when it chooses to outsource.50 The due diligence requirement would provide guidelines to help ensure that the nature and scope of the covered function, as well as the risks associated with the adviser’s use of service providers are identified and appropriately mitigated and managed. This also could reduce the risk that the adviser’s outsourced services are not performed or are performed negligently. Specifically, the proposed rule would require an adviser to reasonably identify and determine that it would be appropriate to outsource the covered function, that it would be appropriate to select the service provider, and once selected, that it is appropriate to continue to outsource the covered function, by complying with six specific elements: (i) Identify the nature and scope of the covered function the service provider is to perform; (ii) Identify and determine how it would mitigate and manage the potential risks to clients or to the investment adviser’s ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function; (iii) Determine that the service provider has the competence, capacity, 49 See proposed rule 206(4)–11(a)(1). In the Matter of AssetMark, Inc. (f/k/a Genworth Financial Wealth Management, Inc.), Investment Advisers Act Release No. 4508 (Aug. 25, 2016) (settled order) (AssetMark’s due diligence was insufficient to confirm the accuracy of performance data from a third-party and therefore AssetMark failed to have a reasonable basis for the accuracy of the performance and performancerelated claims made in its advertisements); see also In the Matter of Pennant Management, Inc., Investment Advisers Act Release No. 5061 (Nov. 6, 2018) (settled order) (Pennant negligently failed to perform adequate due diligence of a third party which ultimately contributed to substantial client losses). 50 See PO 00000 Frm 00012 Fmt 4701 Sfmt 4702 and resources necessary to perform the covered function in a timely and effective manner; (iv) Determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the adviser’s ability to perform its advisory services in light of any such subcontracting arrangement; (v) Obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws; and (vi) Obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function. The proposed rule requires that the due diligence be conducted ‘‘before engaging’’ a service provider, which would be before the adviser and service provider agree to the engagement, or agree to add new covered functions or services to an existing engagement.51 It would not be appropriate for the adviser to assess the risks of outsourcing a covered function to a particular service provider, for the first time, after it engaged the service provider.52 Conducting initial due diligence after engagement would unnecessarily subject the adviser’s clients to potentially unknown and unmitigated risks associated with outsourcing the covered function to the service provider. Those risks could result in harm to the client that could have been avoided had due diligence been conducted beforehand. The proposed rule also requires that service provider due diligence be conducted ‘‘reasonably.’’ This would mean an adviser’s due diligence must reasonably be tailored to the function or services that would be outsourced and to the identified service provider. An adviser’s analysis of a specific service provider’s competence, capacity, and resources generally would not require boundless analysis or the identification of every conceivable risk of outsourcing, but must be reasonable under the facts and circumstances. The proposed rule is intended to allow registrants to tailor their due diligence practices to fit the nature, scope, and risk profile of a 51 For written agreements, this would be the date it is executed by both parties, or if different days, the later of the dates each party executes it. 52 See infra section II.G (Transition and Compliance and related discussion). E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules covered function and potential service provider. For example, in determining whether to engage a third-party digital investment advisory platform, a registrant may not need to conduct a detailed analysis and review of the underlying computer code. However, the registrant generally should obtain a reasonable understanding of how the platform is intended to operate, determine that the platform operates as intended, and confirm the platform generates advice that is suitable for the registrant’s clients. The registrant could consider also the risks of the digital platform that could result in material harm to a client and conclude that it can mitigate and manage those risks. In conducting this analysis, the adviser could review factors such as: • Comparative digital platform methodologies, including their respective parameters, benefits, and risks; • The digital platform’s compliance and operational policies and procedures for the protection of client accounts and key systems, and its policies and procedures addressing the maintenance and oversight of the digital platform; • The sufficiency of the digital platform’s client questionnaire for enrolling clients in the advisory service; • The digital platform’s general process for developing, revising, and updating the advice or recommendations that it generates; • The general process for and results of the service provider’s testing and backtesting of the digital platform and the post-implementation monitoring of its performance; and • The digital platform’s prevention and detection of, and response to, cybersecurity threats.53 Ultimately, conducting due diligence is not a one-size-fits-all process. Whether an adviser tailors its due diligence such that it is reasonable under the proposed rule would depend on the facts and circumstances applicable to the services to be performed and the identified service provider. khammond on DSKJM1Z7X2PROD with PROPOSALS2 1. Nature and Scope of Covered Function The first element in the proposed due diligence requirements would require an adviser to identify the nature and scope of the covered function the 53 Commission staff addressed similar issues in a guidance update. See Robo-Advisers, IM Guidance Update, No. 2017–02 (Feb. 2017) (discussing roboadviser specific factors that an adviser may consider in adopting written policies and procedures). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 service provider is to perform.54 This might include documenting a description of the nature and scope of the covered function in a written agreement, memo to file, database, or other form the adviser deems appropriate.55 As part of its identification, an investment adviser generally should understand what services will be provided and how the service provider will perform those services. We believe such identification is important to reduce the risks of performance shortfalls by the service provider due to the adviser’s or its service provider’s insufficient understanding of the nature and scope of the covered function. A clear understanding between the adviser and service provider of the nature and scope of the applicable covered function should help ensure that the service provider is performing the function that the adviser believes is being performed and reduce the risk of harm to clients and investors as a result of inadequate, negligent, or otherwise insufficient performance of the covered function. What is included in ‘‘nature and scope’’ under the proposed rule would vary depending on the facts and circumstances, and the level of detail should reasonably reflect relevant factors such as the nature, size, and complexity of the covered functions involved. For example, if the service provider performing a covered function is an index provider, then the identification of the nature and scope of the covered function might relate to such things as index license terms, rebalancing frequency, and frequency of data delivery from the provider to the adviser. If an adviser outsources its trading desk functions, then the adviser might wish to identify descriptions of the trading desk services, as well as any ancillary activities related to those services, such as software or other technological support and maintenance, business continuity and disaster recovery, employee training, and customer service, including the extent to which the provider would perform the services itself or hire others to perform them. As part of this analysis, an adviser also might wish to identify the frequency, content, and format of the 54 Proposed rule 206(4)–11(a)(1)(ii). As further discussed below, we are also proposing a new books and records provision, rule 204–2(a)(24) that would require advisers to make and retain a list or other record of covered functions that the adviser has outsourced to a service provider. 55 We are also proposing amendments to Form ADV Part 1A under which an adviser would be required to disclose information about its service providers of covered functions. See supra section II.D. PO 00000 Frm 00013 Fmt 4701 Sfmt 4702 68827 service provider’s covered function. The analysis also might vary depending on the types of risks identified during the adviser’s due diligence process. If an adviser identifies certain risks related to outsourcing a particular task or related to using a particular service provider, then the adviser generally should take those risks into account when identifying the nature and scope of the covered function. For example, the adviser might wish to determine how the adviser’s information, facilities, and systems (including access to and use of the adviser’s or the adviser’s clients’ information) would be used and any protections that would be put in place for use of such items. If an adviser were to engage a service provider to perform portfolio management services for its clients, and the adviser would be sharing non-public trading information and/or its advisory clients’ personally identifiable information, the adviser generally should negotiate and identify how such information would be managed in order to mitigate the risk that such information may be mishandled.56 2. Risk Analysis, Mitigation, and Management The proposed rule would require an adviser to identify the potential risks to clients, or to the adviser’s ability to perform its advisory services, resulting from outsourcing a covered function. In doing so, we believe an adviser generally should assess and consider prioritizing the risks created by outsourcing the function in light of the adviser’s particular business processes.57 As discussed above, 56 Rules related to maintaining the privacy of client information also would apply. See, e.g., 17 CFR 248.11(a) (reuse and redisclosure of nonpublic personal information that nonaffiliated trading services provider receives from adviser limited to performing trading services for the adviser’s clients). See also 17 CFR 248.201(e)(4) (applicable to advisers that are a financial institution or creditor with covered accounts); Reg. S–ID, Appendix A, at Section VI(c). 57 We believe a risk prioritization approach is a commonly used and effective practice in the industry. Also, the Commission proposed a risk prioritization approach for cybersecurity risk assessment. We encourage commenters to review that proposal to determine whether it might affect their comments on this proposing release. See Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Investment Advisers Act Release No. 5956 (Feb. 9, 2022) [87 FR 13524 (Mar. 9, 2022)] (‘‘Proposed Cybersecurity Release’’) (stating that ‘‘[a]s an element of an adviser’s or fund’s reasonable policies and procedures, the proposed cybersecurity risk management rules would require advisers and funds periodically to assess, categorize, prioritize, and draft written documentation of, the cybersecurity risks associated with their E:\FR\FM\16NOP2.SGM Continued 16NOP2 68828 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 outsourcing an investment adviser’s function without a minimum and consistent framework for identifying, mitigating, and managing risks, can undermine the adviser’s provision of services and mislead or otherwise harm clients. A lack of such a framework could indicate that it is unreasonable for an adviser to outsource the function. Potential client harm caused by a service provider’s failure to perform or negligent performance of the outsourced function could be significantly mitigated, or even avoided, if the adviser first identifies the risk, and then determines, before outsourcing a function, how to mitigate and manage the risk. There are a variety of potential risks that an adviser should generally consider, such as the sensitivity of information and data that would be subject to the service or to which the service provider may have access, the complexity of the function being outsourced, the reliability and accuracy of the service or function delivered by the service provider, extensive use of particular service providers by the adviser or several advisers, available alternatives in the event a service provider fails or is unable to perform the service, the speed with which a function could be moved to a new service provider, existing and potential conflicts of interest of the service provider,58 geographic location of the service provider, unwillingness to provide transparency, known supplychain challenges, and the availability of market resources skilled in the service. Key to this process might include determining the likely potential impact—particularly to the adviser’s clients, to investors in the adviser’s fund clients, or to the adviser’s ability to perform its advisory services—of the failure, or improper performance, of the function to be outsourced. For example, outsourcing records administration, personal securities trading clearance and compliance, or client trading services may result in the service provider gaining access to the adviser’s non-public trading information (e.g., client account positions, active trade orders, restricted securities trading list), or personally identifiable information (‘‘PII’’) about an adviser’s information systems and the information residing therein.’’). 58 Advisers may have disclosure obligations related to conflicts of interest that arise from other provisions of the Federal securities laws. See, e.g., Form ADV Part 2, General Instruction 3 (stating that advisers ‘‘must seek to avoid conflicts of interests with [their] clients, and, at a minimum, make full disclosure of all material conflicts of interest . . . that could affect the advisory relationship.’’). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 clients. In these circumstances, it would be important for the adviser to consider whether use of a service provider would increase the likelihood that the nonpublic trading information or PII could be mishandled, misused, subject to unauthorized access, or otherwise subject to a heightened risk.59 This risk may be amplified when outsourcing to an offshore service provider that is unfamiliar with applicable U.S. laws and regulations, is potentially subject to laws that apply a different standard, and may cause delays in production of records. In the case of an offshore service provider, the adviser should consider whether the service provider’s policies, procedures, and operations comply with applicable United States laws and regulations, and whether the service provider is able to demonstrate experience servicing clients that are subject to Federal securities laws. Further, the adviser should consider the potential impact to its advisory business and its clients if the non-public trading information or PII were subject to a breach via the service provider. When an adviser outsources any covered function it introduces new relationships and the potential for new conflicts of interest, such as the service provider’s incentives to meet its obligations to some clients ahead of others, to devote more resources to a different line of business than the one for which the provider was hired, or to favor affiliates.60 The adviser should identify these risks and determine how it will mitigate and manage them. For example, outsourcing some client portfolio management functions to a model provider may introduce new conflicts of interest issues for the service provider that the adviser may want to consider. In such a circumstance, an adviser generally should consider potential issues such as whether the service provider also provides services to the service provider’s affiliates and how the service provider prioritizes providing models among clients that pay different fees to the service provider. This is because the service provider could have a financial incentive to provide favorable prioritization or terms to its affiliates or clients paying the service provider a 59 Advisers should also note that outsourcing that transfers PII to third parties could implicate legal restrictions on sharing by the adviser of such information. 60 As fiduciaries, advisers must seek to avoid conflicts of interest with clients, and, at a minimum, make full disclosure of all material conflicts of interest between the adviser and clients that could affect the advisory relationship. See Form ADV Part 2 General Instructions. Advisers may disclose this information in their Part 2 of Form ADV or by some other means. PO 00000 Frm 00014 Fmt 4701 Sfmt 4702 higher fee. If so, the adviser generally should consider how to mitigate this conflict of interest through approaches such as obtaining contractual representations and warranties about the service provider’s procedures, reviewing the service provider’s applicable written policies and procedures, or obtaining a contractual right to audit the service provider. Another common example that illustrates the importance of an adviser’s risk analysis occurs when an adviser seeks to outsource all or portions of its compliance function. There can be benefits to relying on a third party with potentially greater compliance experience and expertise, but an adviser also generally should consider the nature of its business and whether a potential provider can sufficiently understand, ingest, and address the unique compliance needs of the adviser’s business. The adviser can seek to mitigate and manage this risk by generally considering certain steps such as seeking references from other clients of the service provider, conducting interviews of key service provider personnel, ensuring the compliance service provider will customize its services to meet the needs and unique aspects of the adviser’s particular business, obtaining written assurances about the experience and skills of the service provider personnel that will be assigned to the adviser’s account, and obtaining the right to audit the functions being performed by the service provider periodically. The proposed rule also would require advisers to identify the risks of outsourcing to a particular service provider. We understand that many advisers currently take a variety of steps to understand the risks of their service providers and those of certain service providers. These steps may include reviewing a summary of a service provider’s business continuity plan, due diligence questionnaires, an assurance report on controls by an independent party, certifications or other information regarding a provider’s operational resiliency or implementation of compliance policies, procedures, and controls relating to its systems, results of any testing, and conducting periodic onsite visits. The nature, depth, and complexity of this analysis would be dependent, in part, on the adviser’s assessment of risks associated with the function being outsourced. If an adviser determines that the risk of outsourcing a particular function is relatively high, then the adviser generally should consider adjusting its due diligence of the particular provider commensurate with that risk assessment. An adviser E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules also generally should consider that a provider may pose unique or novel risks such as international operations, limited financial or operational history, lack of financial or operational transparency, lack of sufficient operating capital to support long-term operations, inability or unwillingness to provide client references, insufficient availability of qualified personnel, infrastructure susceptibility to extreme weather, lack of adequate data security, and prior service failures. For example, if the outsourced function involves valuation of illiquid or private securities, the adviser generally should consider whether the particular service provider has the capability and experience to provide accurate and timely information. Inaccurate or untimely valuation information could affect the adviser’s strategy, resulting in negative financial consequences for the adviser’s clients. A lack of necessary sophistication or inability to perform timely are examples of service provider issues that generally should be identified and addressed before the service provider is engaged. The proposed rule would also require an adviser to determine how it will mitigate and manage the identified risks. This could be accomplished through a variety of means, including actions taken by the adviser, or actions taken by the service provider at the adviser’s request or direction. If an adviser determines that risks cannot be mitigated or managed adequately, the adviser generally should consider factors such as whether it is consistent with an adviser’s fiduciary responsibility to its clients to move forward with outsourcing the function, whether outsourcing the function may increase the risk of fraud against the adviser’s clients, or whether there is a viable alternative to outsourcing. There are a multitude of ways that an adviser may mitigate or manage risks, subject to the applicable facts and circumstances surrounding the function. To mitigate the identified risks, an adviser generally may consider the potential impacts of the risks occurring, the frequency with which the risks may occur, and how to avoid or lessen those impacts. This could include considering whether the service provider allows sufficient transparency such that the adviser reasonably can monitor the outsourced functions to confirm they are performed correctly and developing and implementing written policies and procedures to oversee the service provider. For example, if an adviser incorporates a service provider’s software to manage its portfolio risk, a flaw in the software could adversely VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 affect client portfolios. It would therefore be important that the service provider sufficiently explains and demonstrates how the software operates so that the adviser can understand, identify, and determine whether it can mitigate any risks that the use of the software may pose. The adviser also generally should consider whether and how the service provider would provide notice of software failure, and how the service provider will respond in the event of a failure. Similarly, in the event the adviser is U.S.-based and outsourcing to a non-U.S.-based service provider, the adviser generally should consider whether and how it can effectively monitor the performance of the covered function, and whether there are any unique limitations or risks posed by the location where the services will be provided, such as geopolitical instability, heightened exposure to extreme weather, lack of U.S. legal jurisdiction and ability to enforce legal rights, infrastructure challenges such as instability in the power grid or internet services, or lack of access to an experienced workforce. If the adviser determines it cannot effectively monitor the performance of a covered function, it generally should consider whether outsourcing is consistent with the adviser’s fiduciary responsibility to its clients, whether outsourcing may increase the risks for the adviser’s clients, and whether there is a viable alternative to outsourcing. An adviser may also mitigate and manage the risks of failing to perform a function by implementing contractual safeguards or pursuing alternative options. For example, if a service provider placing trades for the adviser’s clients experienced a trading delay or stopped trading altogether, there may be material negative impacts on the adviser’s clients. To mitigate the risk of this scenario, the adviser could enter into a contractual agreement with the service provider that identified, in advance of such an event, a substitute trading arrangement to be implemented within a timeframe that would cause as little disruption to clients as possible. An adviser also could establish a redundancy in the outsourced service or function. For example, an adviser could engage a primary pricing provider for illiquid securities, and also have an arrangement with a secondary pricing provider. The secondary provider could provide prices in the instance that the first pricing service fails, and otherwise be used, for example, to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider. Such PO 00000 Frm 00015 Fmt 4701 Sfmt 4702 68829 contractual provisions may be particularly important in preventing harm to the adviser’s clients. Regardless of who a contract indicates should remedy such a situation or who is liable for a particular breach, a service provider’s failure to perform does not excuse the adviser from its fiduciary duty and other legal obligations and liabilities. 3. Competence, Capacity, Resources Once an adviser has identified the risks related to outsourcing the function and the risks of the service provider, the proposed rule would require the adviser to determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner. Outsourcing an investment adviser’s function to a service provider without making this determination can undermine the adviser’s provision of services and mislead or otherwise harm clients. When an investment adviser holds itself out as providing advisory services or agrees with a client to provide such services, the adviser implies that it remains responsible for the performance of those services and will act in the best interest of the client in doing so. If an adviser retains a service provider without ensuring the service provider is able to perform the function in a timely and effective manner, the adviser would not be ensuring its obligations will be met and clients could be harmed if the service provider fails to perform or negligently performs the covered function. Therefore, in order to comply with its legal obligations when outsourcing a function, the adviser should confirm that the service provider is able to perform the applicable function timely and effectively to the same standards directly applicable to the adviser. The determination of competence, capacity, resources, and performing the function timely and effectively should be based on the facts and circumstances of the functions being outsourced. For example, if outsourcing a function is high risk due to the complexity of the function, the adviser may want to assess competence by focusing on the experience and expertise of the service provider’s personnel and the comprehensiveness of their processes and methodologies. If the function is labor intensive, the adviser may wish to consider factors such as whether the service provider has the necessary staffing capacity to provide the function and the service provider’s historical staff retention rates. If the function requires specialized equipment or E:\FR\FM\16NOP2.SGM 16NOP2 68830 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 technology, the adviser may wish to seek evidence that the service provider possesses those resources. If the function is novel or is unique to the adviser, the adviser may wish to consider whether it is even appropriate to outsource due to a lack of service providers with the necessary competence, capacity, or resources to perform the function. In all of these instances, the adviser may consider whether and how the service provider can perform the covered function such that it effectively addresses the adviser’s and its client’s needs. In addition to considering the facts and circumstances of the function being outsourced, we believe an adviser’s analysis of competence generally should include an understanding of how the service provider will perform the function. For this, the adviser generally should verify that the service provider is able to explain and demonstrate clearly how the function will be performed. This enables the adviser to confirm it is outsourcing to a competent service provider, mitigates the risk of potential harm to the adviser’s clients of a failure to perform, and educates the adviser in order to better monitor the service provider once engaged. For example, if an adviser is outsourcing its robo-advisory product to a third-party digital investment platform the adviser generally should understand the client factors considered by the platform, the methodology used by the platform to generate any recommendations, the factors that may alter that methodology, any highly technical or complex aspects of the methodology such as incorporation of artificial intelligence, and the service provider’s procedures for testing and oversight of the methodology. 4. Subcontracting Arrangements The proposed rule would require that the adviser determine whether the service provider has any subcontracting arrangements that would be material to the performance of the covered function. In the event of such a subcontracting arrangement, the proposed rule would also require that the adviser identify and determine how it will mitigate and manage potential risks to clients or its ability to perform advisory services in light of any such subcontracting arrangement.61 In making these determinations, an adviser generally could rely on representations provided by the service provider or could develop policies and procedures with certain limitations or conditions when engaging a service 61 Proposed rule 206(4)–11(a)(1)(iv). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 provider that uses subcontractors. For example, an adviser may implement a policy that prevents the adviser from retaining a service provider that primarily relies on subcontractors to perform the covered function, or implement a procedure to audit the service provider’s oversight of its subcontractors. An adviser also may enter into a written agreement with the service provider that requires the service provider to notify the adviser of any material incidents that take place at the subcontractor that may cause a failure to perform a covered function by the service provider. When determining how to mitigate and manage potential risks of outsourcing in light of any subcontracting arrangement, the adviser could consider relying on written representations the service provider makes about steps it is taking to mitigate and manage such risks. Service providers may utilize subcontracting arrangements for any advisory services and functions, which creates a chain of service providers to an adviser. The absence of a direct relationship with a subcontractor may affect the adviser’s ability to assess and manage risks that develop as a result of outsourcing. Outsourcing risks are heightened when an adviser uses service providers for ‘‘covered functions’’ that, by definition under the proposed rule, if not performed or performed negligently would be reasonably likely to cause a material negative impact on an adviser’s clients or its ability to provide advisory services. Because the adviser ultimately has the responsibility for providing advisory services and complying with the Federal securities laws, we believe it is important that the adviser know about material subcontracting arrangements so that it can oversee the covered function properly. Requiring the adviser to determine whether the service provider has any subcontracting arrangements might provide more visibility into the outsourcing chain by the adviser. However, we also recognize that a service provider may use a large number of subcontractors for a variety of functions or services at various points in time. As a way to balance the burden of having to determine how the adviser will mitigate and manage potential risks with respect to every subcontractor with the benefit of the adviser having some visibility into the use of subcontractors, we believe that the determination should be limited to subcontracting arrangements that would be material to the service provider’s performance of the covered function. To determine whether a subcontracting arrangement is PO 00000 Frm 00016 Fmt 4701 Sfmt 4702 material, we believe it is appropriate generally to follow the standard used in the proposed definition of covered function. Thus, a subcontracting arrangement would be material if nonperformance or negligent performance would be reasonably likely to cause a significant negative impact on the service provider’s ability to perform the covered function. A subcontracting arrangement that is subject to this standard would depend on the type of subcontractor being used and the nature and scope of the subcontracting arrangement. For example, if an adviser engaged a subadviser to manage certain of its clients’ portfolios, and the subadviser outsourced some or all of its portfolio management to a subcontractor, we generally would consider this to be material because the subadviser would be outsourcing the function that the adviser had engaged the subadviser to perform. In such an instance, we believe the subcontractor’s failure to perform or negligent performance of portfolio management would be reasonably likely to cause a significant negative impact on the subadviser’s performance of the covered function, which would be reasonably likely to cause a material negative impact on the adviser’s ability to provide its investment advisory services. We believe that requiring this determination and risk assessment of any subcontracting arrangements that would be material to performance of a covered function is important because having a chain of providers increases the risk of lack of transparency and control by the adviser if there were an issue within the chain. We believe that to the extent a service provider uses any subcontractors that are material to the performance of its covered function, the adviser generally should conduct further monitoring and put in place risk management processes to mitigate potential harm to the adviser, and its advisory clients. 5. Compliance Coordination The proposed due diligence provision would require an adviser to obtain reasonable assurance from a service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws, as applicable to the covered function. An adviser remains liable for its obligations, including under the Advisers Act, other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. The proposed requirement would alert the service provider to those responsibilities E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 and obtaining reasonable assurances would help the adviser ensure that it can continue to meet its compliance obligations despite outsourcing those functions. For example, an adviser may rely on a service provider for part of its portfolio management function. While not required under the proposed rule, that adviser may wish to consider obtaining written assurances or written representations from the service provider that it is aware of the adviser’s obligations under the Advisers Act, and that it will assist the adviser, as applicable, in complying with its obligations as a fiduciary. For additional clarity, the adviser may wish to consider articulating specific responsibilities of the service provider in relation to assisting the adviser to comply with its legal obligations. As another example, an adviser may rely on an outsourced chief compliance officer or compliance consultant for updating and filing the adviser’s Form ADV, including Form CRS. Such an adviser may want to obtain assurances or representations from the service provider that it has sufficient knowledge of the adviser’s business such that the adviser’s Form ADV will be accurate and contain all required disclosure. In discussions with our staff regarding Form ADV compliance, some advisers have claimed ignorance of a filing not having been made, or of missing, inadequate or inaccurate disclosure, due to the adviser’s reliance on an outsourced chief compliance officer or compliance consultant. Similarly, in response to our staff’s requests for documents, advisers often indicate that they lack access to information necessary to demonstrate compliance with a provision of the Advisers Act and its rules or other Federal securities laws because of outsourcing. In instances where our staff has requested records demonstrating compliance with the brochure delivery rule,62 some advisers that use client relationship management providers have asserted that they have complied with the rule because brochure delivery is programmed into the providers’ software, though they cannot produce records to evidence that delivery took place. 6. Orderly Termination The proposed rule would require an investment adviser to obtain reasonable assurance from the Service Provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.63 62 See rule 204–3. rule 206(4)–11(a)(2)(vi). 63 Proposed VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 This provision is designed to mitigate risks of an interruption in advisory services or the adviser’s compliance with the Federal securities laws in the event that the outsourced relationship is discontinued. An abrupt termination of a covered function without a process to continue services in another way, transfer records, and otherwise provide a smooth transition could have a material negative impact on an adviser’s clients or an adviser’s ability to provide investment advisory services to clients. For example, if an adviser relied on a software provider to provide an order management and trading application for the purposes of placing orders on behalf of the adviser’s clients, and the software provider abruptly terminated its services without the adviser being able to replace the provider or move the services in-house, then the termination would be reasonably likely to cause a material negative impact on the adviser’s ability to provide investment advisory services. This is because the adviser may not be able to place orders at or near normal volumes or as efficiently. Such harm could be mitigated by the proposed due diligence requirement to obtain reasonable assurance from a service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function. Orderly termination of a service provider’s performance of a covered function might include the adviser ensuring that no ongoing operational and technological dependency on the service provider remains after the termination of the relationship with the service provider. For example, an adviser might consider obtaining reasonable assurance, whether through a written agreement or some other means, from the service provider that it will provide a notice of intent to terminate in a specified amount of time or other similar process so that the service provider does not abruptly terminate its services to the detriment of the adviser and its clients. Given the variety of advisers and providers and different levels of complexity with respect to outsourced functions, the proposed rule is designed to afford advisers and service providers the flexibility to establish what would constitute ‘‘orderly’’ termination in light of the risks involved. The adviser must be able to stay in compliance with its obligations under the Advisers Act and its rules during and after termination. Accordingly, the process that allows for ‘‘orderly’’ termination generally should reflect consideration of certain factors such as the type of covered function and applicable regulatory requirements. For PO 00000 Frm 00017 Fmt 4701 Sfmt 4702 68831 example, if the covered function were recordkeeping services, then the adviser should account for how to continue to stay in compliance with the regulatory requirements with respect to recordkeeping after termination of the agreement. If the covered function were valuation services, then the adviser should consider how to transition different client accounts prior to complete termination and how to stay in compliance with any valuation requirements. In addition to ensuring proper transfer or retention of records, advisers generally should consider how they would maintain operational, regulatory, or other capabilities as a result of terminating the service provider engagement. An ‘‘orderly’’ termination process also should be designed to handle confidential and other sensitive information securely. The adviser and service provider generally should consider ways to ensure that no confidential data or information remains with the service provider other than that required to meet the service provider’s contractual obligations or the service provider’s own legal obligations, if any. For example, a service provider that performs valuation services may have been granted access to certain adviser back-office or middle-office systems and internal reports, and the adviser and service provider might wish to agree to allow for verification that the provider’s access is terminated either immediately upon notification of termination or after a reasonable amount of time once all accounts have been closed by the service provider. The adviser and service provider might also agree to the return or destruction of any copies of reports or confidential information after the terms of termination are satisfied, depending on the length of time it would take. Relatedly, an ‘‘orderly’’ termination process also generally should contemplate reasonable time frames to allow for timely transfer or destruction of any data, as appropriate or necessary. Such provisions would facilitate the continuity and quality of the outsourced functions in the event of termination. For example, if an adviser wants to protect its ability to change its subadviser when appropriate without undue restrictions, limitations, or cost, then the adviser generally should consider termination and transfer arrangements with reasonable time frames to allow for timely transfer of confidential adviser and client information from the original service provider to the new service provider. In addition to ensuring the adviser stays in compliance with its regulatory E:\FR\FM\16NOP2.SGM 16NOP2 68832 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 obligations during and post-termination of a relationship with a service provider, the adviser might consider provisions in a written agreement or some other form to protect itself against certain failures or breaches by the service provider such as termination rights, clear delineation of ownership of intellectual property, and the obligation of the service provider to assist and provide support for a successful and complete transition or termination. 7. Recordkeeping Provisions Related to Due Diligence Finally, the proposal would amend the Advisers Act books and records rule to require advisers to make and retain specific records related to their due diligence assessment.64 These records include a list or other record of covered functions the adviser outsourced to a service provider including the name of each service provider, the factors that led to listing it as a covered function on Form ADV, and documentation of the adviser’s due diligence assessment. The due diligence records would include any policies or procedures or other documentation showing how the adviser would mitigate and manage the risks it identifies, both at a covered function and a service provider level. The proposed amendments would also revise the books and records rule to require a copy of any written agreement, including any amendments, appendices, exhibits, and attachments, entered into with a service provider regarding covered functions. The records would have to be maintained in an easily accessible place while the adviser outsources the covered function and for a period of five years thereafter.65 This aspect of the proposal is designed to facilitate our staff’s ability to assess an adviser’s compliance with the proposed rule. We believe it would similarly enhance an adviser’s compliance efforts as well. We request comment on all aspects of the proposed due diligence requirement and corresponding proposed amendments to the Advisers Act books and records rule, including the following items: 31. Should we adopt the due diligence requirements as proposed? Are there other aspects of due diligence that should be required additionally or instead? Conversely, should we exclude any of the proposed due diligence requirements? 32. Should we require advisers to obtain third-party experts, audits, and/ or other assistance to oversee a service 64 See 65 See proposed rule 204–2(a)(24). proposed rule 204–2(e)(4). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 provider when the adviser is outsourcing a function that is highly technical, or the oversight requires expertise or data the adviser lacks? For example, if an adviser is outsourcing to a service provider that provides valuation or pricing of complex or private securities, or a service provider that incorporates artificial intelligence into its services, should that adviser be required to confirm it has sufficient internal expertise to effectively oversee the service provider, and if not, obtain a third-party expert to provide such oversight? 33. Advisers are currently required under rule 206(4)–7 to have policies and procedures reasonably designed to prevent violations of the Advisers Act and rules under the Act, and this requirement would apply to the proposed rule. The proposed rule does not require additional explicit written policies and procedures related to service provider oversight. Should the rule require specific policies and procedures in addition to or instead of the requirements in the proposed rule? And if so, what specific provisions should be required? Should we also include changes to rule 38a–1 under the Investment Company Act? 34. Should we exempt certain service providers or covered functions from some or all of the due diligence requirements? If so, which service providers should we exempt, which due diligence requirements should we exempt, and why? 35. Should we exempt certain categories of advisers or service providers from the due diligence requirements, such as smaller (e.g., a small business or small organization as defined in 17 CFR 275.0–7 or a small business as defined by the U.S. Small Business Administration) advisers or service providers or newly registered advisers? If so, which ones and why? Alternatively, should we provide scaled due diligence requirements, and if so, how? Would the proposed due diligence requirements raise any particular challenges for smaller or different types of advisers? If so, what could we do to help mitigate these challenges? 36. The proposed rule requires that the due diligence be conducted before the service provider is engaged. Are there reasons that due diligence cannot be completed prior to engaging a service provider? If so, please explain and provide examples. For example, should there be an exception for emergencies? How would we define emergency? Should an exception for emergencies be time-limited (e.g., one month) or permitted for the duration of the emergency? PO 00000 Frm 00018 Fmt 4701 Sfmt 4702 37. Are there other core factors that advisers should be required to consider in conducting due diligence? If so, what are those factors? For example, should advisers be required to confirm the financial stability of a service provider through the review of audited financials, or should certain service providers be required to provide certain third-party certifications or reports such as a Systems and Organizational Controls report 66 (‘‘SOC 1’’) or other internal control report? Should service providers be required to have thirdparty financial support, such as fidelity bonds, errors and omissions insurance, or other support? If so, what type and level of support should be required? 38. Is it clear what we mean by identifying the ‘‘nature and scope’’ of the services? If not, how can it be made clearer? 39. The proposed rule is intended to provide flexibility to investment advisers in the methods they use to identify outsourcing risks. Should we dictate a specific method by which risks are identified? For example, should we require that investment advisers prioritize the identified risks and create a record of that prioritization? 40. For purposes of identifying the risks of engaging a service provider in the due diligence process, should the rule include a materiality threshold? 41. Should the rule require advisers to adopt and implement service provider risk management strategies, as proposed? Should the Commission take a different approach to address these risks instead, such as requiring disclosure of the risks to clients, or limiting the services that can be outsourced? 42. Should the proposed rule require advisers to make determinations about the service providers’ competence, capacity, and resources as proposed? Should the Commission take a different approach instead? For example, should we require advisers to make reasonable assessments instead? How much independent research would advisers be able to accomplish to comply with this requirement? 43. Should the proposed due diligence books and records amendments be expanded or limited in any way? Are there alternative, explicit, or additional recordkeeping requirements we should impose? 44. The proposed due diligence provision requires that the adviser determine whether the service provider 66 See System and Organizational Controls: SOC Suite of Services, AICPA, available at https:// us.aicpa.org/interestareas/frc/assuranceadvisory services/sorhome.html. E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules has any subcontracting arrangements that are material to the service provider’s performance of the covered function (emphasis added). Should we provide more guidance on the term ‘‘material’’? Should we broaden the requirement to any subcontracting arrangements? Should we exempt or alter this requirement for service providers that are also investment advisers? Finally, should we omit the requirement that the adviser determine whether the service provider has any subcontracting arrangements? 45. The proposed due diligence provision requires an adviser to determine how it will mitigate and manage potential risks to clients or the adviser’s ability to perform its services in light of subcontracting arrangements that would be material to a service provider’s performance of a covered function. Should we exempt certain advisers from, alter, or delete this requirement, and if so why? 46. Is the provision requiring the adviser to obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of compliance with the Federal securities laws, as applicable to the covered function, appropriate? Maintaining records required by the Federal securities laws is one component of an adviser’s regulatory compliance. Is there any overlap between this provision requiring coordination for legal compliance more broadly and the proposed requirement discussed below for an adviser to obtain reasonable assurance from third-party recordkeepers to provide required records to the adviser and Commission? If so, should we address any potentially duplicative requirements? 47. Is the proposed requirement to obtain reasonable assurance that the service provider is able, and will, provide a process for orderly termination appropriate? Is it clear what we mean by ‘‘orderly?’’ Should we define what ‘‘orderly’’ means instead? If so, how should we define it? 48. Are there circumstances in which an adviser might determine that abrupt termination was reasonably necessary to protect clients? If so, should the provision requiring obtaining reasonable assurance for orderly termination of the performance of a covered function be revised to permit advisers to exercise their judgment in such cases? For advisers to registered investment companies, should abrupt termination by the adviser require notification to the investment company board? 49. Should the Commission adopt the related recordkeeping provisions as proposed or should they be changed? VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 For example, should the time period of retention be changed to five years after the entry was made or three years after the relationship between the adviser and service provider has been terminated? C. Monitoring Once a service provider is engaged, the proposed rule would require the adviser to periodically monitor the service provider’s performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements of the proposed rule with a manner and frequency such that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider.67 Monitoring is critical to an adviser’s ability to discover and address problems in a timely manner, continue providing its advisory services to clients, and comply with the Federal securities laws.68 For example, if an adviser is relying on a service provider’s robo advice platform, the adviser generally should monitor to ensure that the platform continues to operate and adjust to client inputs as the adviser understands it should perform. The proposed monitoring obligation also helps to support an adviser’s duty to monitor a client’s account over the course of the relationship.69 Therefore, it would be inappropriate for an adviser to take a ‘‘set-it-and-forget-it’’ mentality when outsourcing a function or service that the adviser has agreed to perform or would otherwise be performing itself in order to provide its advisory services or to satisfy compliance obligations. When considering the manner and frequency of monitoring, an adviser should be mindful that it remains liable for its obligations, including under the Advisers Act, other Federal securities laws and any contract entered into with the client, even if the adviser outsources functions. If an adviser cannot sufficiently monitor a service provider, or is concerned that the service provider’s actions or inactions may 67 See proposed rule 206(4)–11(a)(2). In the Matter of Virtus Investment Advisers, Inc., Investment Advisers Act Release No. 4266, at 7 (Nov. 16, 2015) (settled order) (‘‘Virtus had no written policies and procedures for evaluating and monitoring the accuracy of thirdparty-produced performance information or thirdparty marketing materials that Virtus directly or indirectly circulated or distributed to other persons.’’). 69 See Standard of Conduct Release, supra footnote 21, at 72 (stating that the duty of care includes, among other things, the duty to provide advice and monitoring over the course of the advisory relationship). 68 See PO 00000 Frm 00019 Fmt 4701 Sfmt 4702 68833 harm the adviser’s clients or result in a regulatory violation, then the adviser may need to terminate the service provider relationship if possible. In such an instance, an adviser generally should be cognizant of any contractual limitations with a service provider that may impose additional risks on the adviser’s clients or otherwise affect the adviser’s analysis of whether to terminate the relationship. The proposed monitoring requirement leverages processes similar to due diligence, which we have stated above is not a one-size-fits-all analysis. Thus, all monitoring generally should continue to take into account all of the required elements for due diligence, including the nature and scope of the service provider’s services as well as the risks of engaging the particular service provider performing that function. The adviser generally should periodically evaluate the validity of its conclusions drawn during the initial due diligence process, and should adjust its monitoring to reflect changes in the functions or services the service provider is engaged to perform, industry or market changes that may affect the covered function, and also adjust to reflect the findings of any preceding monitoring. In order to continue outsourcing the service or function to the service provider, the adviser should be able to determine reasonably that the outsourcing remains appropriate. The proposed rule would require an adviser to monitor its service providers with a manner and frequency such that the adviser reasonably determines that it is appropriate to continue (i) to outsource the covered function and (ii) to outsource to the service provider. The manner and frequency of an adviser’s monitoring would depend on the facts and circumstances applicable to the covered function, such as the materiality and criticality of the outsourced function to the ongoing business of the adviser and its clients.70 For example, certain functions may require periodic onsite visits where other services may be monitored remotely. Methods of monitoring could include, for example, automated scans or reviews of service provider data feeds, periodic meetings with the provider to review service metrics, or contractual obligations to test and approve new systems prior to implementation. The frequency of an 70 The Commission similarly concluded that different frequencies of the required periodic reassessment of valuation risks may be appropriate for different funds or risks. See Good Faith Determinations of Fair Value, Investment Company Act Release No. 34128 at 14 (Dec. 3, 2020) [86 FR 748 (Jan. 6, 2021)]. E:\FR\FM\16NOP2.SGM 16NOP2 68834 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 adviser’s periodic monitoring also would be subject to factors such as the frequency with which the covered function is conducted, the complexity of the function, or the risk to clients of a failure to perform or of negligently performing the function. In determining an appropriate frequency of monitoring, advisers should consider whether there has been any change in the risk profile of the covered function or the service provider. For example, if a service provider announced significant layoffs of personnel, then it may be necessary for the adviser to increase temporarily or permanently the frequency and alter the manner of its monitoring to determine whether the service provider continues to have the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner. Alternatively, if new laws or regulations were implemented that affected a specific function, then it similarly may be necessary to alter temporarily or permanently the frequency and manner of monitoring to determine that the service provider continues to perform its services properly. 1. Recordkeeping Provisions Related to Monitoring Finally, the proposal would amend the Advisers Act books and records rule to require advisers to make and keep records documenting the periodic monitoring of a service provider of a covered function.71 Advisers generally should consider including information such as performance reports received from the service provider, the time, location, and summary of findings of any financial, operational, or third-party assessments of the service provider, identification of any new or increased service provider risks and a summary of how the adviser will mitigate or manage those risks, any amendments to written agreements with a service provider, the adviser’s written policies and procedures applicable to monitoring, a record of any changes to the nature and scope of the covered function the service provider is to perform, and a record of any inadequate or failed performance by a service provider of a covered function and responses from the adviser. The records would have to be maintained in an easily accessible place while the adviser outsources the covered function and for a period of five years after the adviser ceases outsourcing the covered function.72 Like other proposed amendments to the 71 See 72 See proposed rule 204–2(a)(24)(iv). proposed rule 204–2(e)(4). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 books and records rule, this aspect of the proposal is designed to facilitate our staff’s ability to assess an adviser’s compliance with the proposed rule. We believe it would similarly enhance an adviser’s compliance efforts as well. We request comment on all aspects of the proposed monitoring requirement, including the following items: 50. Should we adopt the monitoring requirements as proposed? Are there other aspects of monitoring that should be required under the rule? Conversely, should we exclude any of the proposed monitoring requirements from the rule? 51. Should we prescribe the frequency of monitoring instead of requiring an adviser to monitor its service providers with a manner and frequency such that the adviser reasonably determines that it is appropriate to continue to outsource the covered function and to outsource to the service provider, as proposed? Or should we prescribe a minimum frequency of monitoring? For example should we require that monitoring of service providers be conducted monthly? Quarterly? No less than annually? Why or why not? 52. As proposed, the rule requires that advisers make and maintain records documenting the periodic monitoring of a service provider, but it does not specify the specific records that must be maintained. Should the rule identify specific records to be maintained? If so, what records should be made and maintained and why? For example, should the rule require retention of due diligence questionnaires, third party audits, memos to file, or service provider reports? 53. Should we exempt certain categories of advisers or service providers from the proposed monitoring requirements, such as smaller or newer advisers or service providers? If so, which ones and why? Alternatively, should we provide for scaled monitoring requirements by any of these categories of advisers, and if so, how? 54. Should we prescribe the manner in which monitoring is conducted? For example, should we require that advisers conduct onsite visits of service providers on a periodic basis, or that advisers require periodic written certifications of compliance on a periodic basis, or engage third-party experts to conduct formal reviews? Why or why not? Are there any other monitoring actions that we should require? 55. Should the proposed monitoring books and records amendments be expanded or limited in any way? If so, how? PO 00000 Frm 00020 Fmt 4701 Sfmt 4702 D. Form ADV Data collected from Form ADV is of critical importance to our regulatory program and our ability to protect clients and investors.73 We use information reported to us on Form ADV Part 1A for a number of purposes, one of which is to allocate our examination resources efficiently based on the risks we discern or the identification of common business activities from information provided by advisers. The data disclosed in Form ADV Part 1A is structured such that it is readily used to create risk profiles of investment advisers and permits our examiners to prepare better for, and more efficiently conduct, their examinations. Moreover, the information in Form ADV Part 1A allows us to understand better the investment advisory industry as well as evaluate and form regulatory policies and improve the efficiency and effectiveness of the Commission’s oversight of markets for investor protection. To enhance our ability to oversee investment advisers and provide additional public information about the use of service providers as defined in proposed rule 206(4)–11, we are proposing to amend Form ADV Part 1A to require registered advisers to identify their service providers that perform covered functions, provide the location of the office principally responsible for the covered functions, provide the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, we would also require specific information that would clarify the services or functions they provide.74 This information would provide us with a better understanding of the material services and functions that advisers 73 Advisers use Form ADV to apply for registration with us (Part 1A) or with state securities authorities (Part 1B), and must keep it current by filing periodic amendments as long as they are registered. See Advisers Act rules 203–1 and 204– 1. Form ADV has three parts. Part 1(A and B) of Form ADV provides regulators with information to process registrations and to manage their regulatory and examination programs. Part 2 is a uniform form used by investment advisers registered with both the Commission and the state securities authorities. See Instruction 2 of General Instructions to Form ADV. Part 3: Form CRS describes the requirements for a relationship summary. See General Instructions to Form ADV. This release discusses proposed changes to Form ADV Part 1A. To the extent that state securities authorities consider making similar changes that affect advisers registered with the states, we would forward comments to the North American Securities Administrators Association for consideration by the state securities authorities. 74 See proposed Form ADV, Part 1A, Item 7.C., and Section 7.C. of Schedule D. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 outsource to service providers, would help us better understand potential broader market effects of outsourcing to service providers, and would permit us to enhance our assessment of advisers’ reliance on service providers for purposes of targeting our examinations. The information also would help us identify advisers’ use of particular service providers that may pose a risk to clients and investors, such as in situations where we learn that a service provider experiences a significant and ongoing disruption to its operations. Finally, the information would provide public information about advisers’ use of third party service providers. This new reporting item would appear in Item 7 of Form ADV and consistent with the scope of proposed rule 206(4)–11, would only require reporting by investment advisers registered or required to be registered with the Commission.75 Currently, Item 7 requires advisers to disclose information about financial industry affiliations and activities, and to state whether they advise any private funds, and if so, provide certain information related to those private funds.76 New Item 7.C. would require SEC-registered advisers to check a box to indicate whether they outsourced any covered functions to a service provider. The required reporting will be limited to covered functions that are outsourced to service providers, as defined in proposed rule 206(4)–11(b).77 The determination of what is a covered function would vary depending on the facts and circumstances and, as a result, some advisers may report a service on Form ADV as a covered function while other firms may not. For those services 75 See proposed rule 206(4)–11(a). We are also proposing conforming amendments to Form ADV Part 1A, General Instructions and Glossary of Terms. Because Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the information in proposed new Item 7.C would be structured (i.e., machine-readable) as well. Advisers submitting an other-than-annual amendment to Form ADV Part 1 would not be required to update their responses to Item 7.C, even if the responses to those items have become inaccurate, which is consistent with the updating requirements for the rest of Item 7. See Instruction 4 to General Instructions to Form ADV. 76 These new Form ADV reporting requirements are being proposed in conjunction with proposed Rule 206(4)–11. Proposed rule 206(4)–11 would not apply to exempt reporting advisers, and therefore proposed Item 7.C. would not apply to exempt reporting advisers. We believe that requiring only investment advisers registered or required to be registered to complete the items we propose appropriately enhances our ability to oversee investment advisers that are subject to the proposed rule and enhances client and investor disclosure as it relates to the proposed rule. 77 See also proposed rule 204–2(a)(24)(i) (requiring a record of covered functions that the adviser has outsourced to a service provider). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 determined to be covered functions and outsourced to one or more service providers, advisers would report more detailed information about each such service provider in new Section 7.C. of Schedule D. This would include the legal and primary business names of the service provider, the legal entity identifier (if applicable), and the address of the service provider. Having this identifying information for each listed service provider would give us a more complete picture of the extent to which the adviser’s operations depend on one or more service providers, and help us consider the potential effects in the event of an industry wide failure by a particular service provider. Section 7.C. also would require noting whether the identified service provider is a related person 78 of the adviser, and noting the date the service provider was first engaged. Both of these data points would be helpful to us in conducting our risk assessments for developing and targeting examinations. Knowing whether a service provider is a related person would assist us and clients or investors in understanding the conflicts of interest that may be present, and would also assist in understanding better the potential impacts of a service provider’s non-performance or negligent performance. Finally, Section 7.C. would require an adviser to report those covered functions or services the service provider is actively engaged in providing from predetermined categories of covered functions or services set forth in the item. The nonexhaustive list of categories is intended to encompass those services or functions that may be commonly outsourced and could fall within the definition of a covered function. If the service or function performed by the service provider was not represented in a predetermined category, the adviser would be permitted to select ‘‘other’’ with a free form field to identify the unlisted category. The covered function categories that we are proposing to include in Item 7.C of Schedule D are: Adviser/Subadviser; Client Services; Cybersecurity; Investment Guideline/ Restriction Compliance; Investment Risk; Portfolio Management (excluding Adviser/Subadviser); Portfolio Accounting; Pricing ; Reconciliation; Regulatory Compliance; Trading Desk; Trade Communication and Allocation; Valuation; and Other. For example, we believe regulatory compliance would generally include outsourced chief 78 See Glossary of Terms to Form ADV. A related person includes ‘‘[a]ny advisory affiliate and any person that is under common control with your firm.’’ PO 00000 Frm 00021 Fmt 4701 Sfmt 4702 68835 compliance officer and other compliance consultant functions. This proposed disclosure would improve our ability to assess service provider conflicts for those service providers that perform a covered function as defined by the proposed rule, and could serve as an input to the risk metrics by which our staff identifies potential risk and allocates examination resources. The staff conducts similar analyses today, but have limited inputs, which constrains their effectiveness. For instance, it would be relevant to us to identify easily advisers using a service provider that we are separately investigating for involvement in alleged misconduct. The ability to identify readily other advisers using such a service provider would allow us to assess quickly and take appropriate actions. The proposed disclosure would also improve our ability to evaluate the adequacy and completeness of advisers’ conflicts of interest disclosures by identifying additional potential sources of conflict. The information would be publicly available as is other information on Form ADV, and we believe it may benefit the public in supplementing the information available about the adviser and may provide investors with additional context in which to consider an investment adviser’s provision of advisory services. The public would be able to identify quickly and consider any implications of an adviser’s use of one or more service providers or the outsourcing of any service or function. For example, if a client learns of a significant disruption at a major service provider, that client could easily and quickly determine whether its adviser uses that service provider for a service or function the client considers material and whether to take remedial action. We request comment on the proposed Form ADV requirements: 56. Are the proposed requirements to disclose service providers that perform a covered function as defined in rule 206(4)–11 appropriate? Should we instead require all registered advisers that outsource any services to provide the specified information and then mark each service to indicate whether it is a covered function within rule 206(4)–11 or not? Or should we include a broader Form ADV reporting requirement, such as requiring all advisers (e.g., exempt reporting advisers and advisers registering with state securities authorities) to provide the specified information regarding any outsourced service or function or only those that are subject to rule 206(4)–11 or any substantially similar regulation? E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68836 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 57. Do commenters agree with the proposed list of covered functions categories under Section 7.C of Schedule D? Do the proposed categories adequately capture the range of covered functions? Are the categories understandable? If not, which categories require additional explanation? Should we add or remove any categories? If so, please identify the category and explain why the change is appropriate. For example, should we include additional categories relating to investment data/ analytics, information technology (e.g., IT infrastructure or application software and support), or middle and back office functions (e.g., client reporting and/or billing, performance measurement, collateral management, post-trade processing, etc.)? Alternatively, should the categories be consolidated (e.g., pricing and valuation), retitled or otherwise revised? For example, do commenters agree that regulatory compliance would generally include such services as outsourced chief compliance officer and other compliance consultant functions? If not, how should the category be revised to encompass these types of outsourced functions? 58. Should we require additional or different reporting with respect to service providers that perform functions related to books and records required under rule 204–2? If so, how should reporting requirements be changed for these service providers and/or what additional information should be reported? 59. Do advisers have concerns with the public disclosure of service providers that perform covered functions? If so, what are those concerns? For example, are there categories of service providers that should not be disclosed publicly due to competitive, trade secret, compliance, or other risks? Should we require such disclosure to be reported non-publicly to the Commission in a format other than the Form ADV? If so, how? 60. Should the proposed ADV disclosure include the ability to incorporate by reference to other parts of the form? For example, should we allow advisers to cross reference private fund service providers that are currently required to be disclosed in Section 7.B. of Schedule D? 61. Are the proposed definitions of ‘‘covered function’’ and ‘‘service provider’’ in the Glossary of Terms to Form ADV appropriate? Do commenters agree that these defined terms should cross-reference proposed rule 206(4)– 11(b)? Alternatively, should we provide the full text of each term, as defined in proposed rule 206(4)–11(b), in the VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 Glossary of Terms to Form ADV without cross-reference to the proposed rule? 62. Would any additional or other information be material to an adviser’s clients or prospective clients regarding outsourcing that is not included in the proposal and is not currently disclosed to investors through Form ADV or elsewhere (e.g., whether the service provider arrangement is subject to a written agreement or information about passed-through fees)? Should we add any other service provider information to the Form ADV disclosure? If so, what information and why? For example, should Form ADV, Part 2 require information in the adviser’s brochure about the use of service providers and related conflicts and other risks? Or is information about outsourced services already adequately being disclosed in connection with disclosures related to conflicts of interest or other risks? For example, should we require disclosure of potential conflicts of interest of the service provider? Should we require that, in addition or in place of the service provider’s principal office, advisers report the principal office where the service provider’s services are performed? Alternatively, should we delete any of the service provider information proposed to be disclosed? If so, what information and why? 63. Do advisers have concerns it will be difficult to compile, maintain and disclose this information on service providers? Could this place an undue burden on smaller advisers? If so, which information may be difficult to compile, maintain and disclose? Please explain. 64. Should private fund advisers be required under rule 206(4)–11 to provide information about their service providers to private fund investors through additional or different disclosure requirements in Form ADV? If so, what information should be required? 65. Should we require advisers to add narrative disclosures about their service providers in their Form ADV Part 2 brochures or wrap fee program brochures? If so, what information should be included? E. Third-Party Recordkeeping Many investment advisers seek to outsource various recordkeeping functions. Some of these functions may involve record creation, others may focus solely on record storage and retention, and many will include creation as well as storage and retention functions. Investment advisers may contract with data- and recordmanagement companies, offsite storage companies, or information technology companies (e.g., cloud service PO 00000 Frm 00022 Fmt 4701 Sfmt 4702 providers) to store or retain records. An adviser may also rely on a third party to perform a function that creates records, such as a firm that calculates performance or rates of return for one or more portfolios that the adviser may use to manage the investments in the portfolios, include in statements to clients or marketing materials provided to prospective clients, or show on its website. While the performance calculation provider’s primary function is to calculate performance, this provider relies on records and data that substantiate the performance calculations and, in turn, those calculations create new records that need to be stored and retained. As another example, if a service provider were providing accounting, investment operations, or middle office services for the adviser, many of the records generated by the service provider would likely correspond to records that the existing Federal securities laws require registered investment advisers to make and keep.79 An adviser therefore may not directly possess all of the documentation and records that are required to be created or maintained by an investment adviser under the existing Federal securities law requirements. The continuing accessibility and integrity of adviser records are critical to the fulfillment of our oversight responsibilities, where such records may represent a primary means in which to demonstrate an investment adviser’s compliance with various Federal securities laws. If advisers are not required to protect their records from inadvertent or intentional alteration or destruction and provide examiners with meaningful access to all required records, then the records become unreliable, and the examination process may be impaired. Recordkeeping requirements ensure that the Commission staff will have access to appropriate and helpful information in order to carry out its examination program. The ability to conduct timely and comprehensive examinations plays a significant role in proactively promoting compliance with the Federal securities laws and aids in preventing problems before they occur as well as promoting improvements in relevant areas. Accessing records also can be critical for an investment adviser to provide advisory services and fulfill its fiduciary 79 See, e.g., rule 204–2(a), which requires registered advisers to maintain, among other things, journals, ledgers, check books, memorandums of each order given for the purchase or sale of a security, and bills or statements relating to the business of the adviser. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 duty to clients. For example, accessing account information from prior periods can help an investment adviser substantiate portfolio performance that has been presented to prospective clients.80 Issues arising with an investment adviser’s books and records can disrupt the adviser’s ability to provide its services and may result in material harm to its clients. For example, if an adviser engages a cloud services provider to maintain critical client information, such as their account and personal information, and the cloud services provider inadvertently experiences a loss of client records, this would be reasonably likely to cause a material negative impact on the adviser’s ability to provide its services and on its advisory clients. The adviser would either have no records or inaccurate records to verify, for example, the client’s account information. The adviser might not have all the records it needs to execute certain investments or make other decisions on behalf of its client. In addition, if the adviser does not have accurate and timely information on client holdings and transactions, this could result in misinformed purchase or sales decisions as well as trade errors. The adviser may also lack the trading information to be able to report to its clients or track its trading activity in the portfolio, and, in turn, that could deprive clients and the adviser an opportunity to respond to market changes or timely remedy potential issues with the broker-dealer or custodian involving the trades. An investment adviser’s compliance monitoring and internal audit functions also require timely access to records in order to function efficiently, such as when monitoring portfolio diversification and other client investment guidelines. As another example, accessing communication records regarding trade order execution may assist with monitoring whether an investment adviser is adhering to its own written policies and procedures concerning best execution. When an adviser outsources recordkeeping functions without sufficient oversight, the risk that an issue with an adviser’s books and records may arise can increase. 80 Advisers generally should consider the specific retention periods for each type of record, such as records to substantiate a performance track record pursuant to rule 204–2(a)(16), and require all records to be available for the necessary retention periods. Advisers or their third parties relying on custodian statements, for example, to document data used in performance calculations may wish to consider retaining copies of such statements in the event the adviser no longer has access to the custodian’s systems for a specific client’s account. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 Regardless of whether records are made or kept by a third party or by the investment adviser directly, the investment adviser remains responsible to comply with the Advisers Act recordkeeping requirements and other Federal securities laws. Rule 204–2, the Advisers Act recordkeeping rule, details the types of records required to be made and kept ‘‘true, accurate and current’’ as well as the manner, location, and duration of records to be maintained by investment advisers registered or required to be registered with the Commission. It does not, however, prescribe requirements for when an adviser outsources one or more of the required recordkeeping functions to a third party. Accordingly, the proposed amendments to the Advisers Act recordkeeping rule include a new provision requiring every investment adviser that relies on a third party to make and/or keep any books and records required by the recordkeeping rule (‘‘recordkeeping function’’) to comply with a comprehensive oversight framework, consisting of due diligence, monitoring, and recordkeeping elements.81 Specifically, an investment adviser would be required to perform due diligence and monitoring as prescribed by proposed rule 206(4)– 11(a)(1) and (a)(2) with respect to the recordkeeping function and make and keep such records as prescribed in proposed rule 204–2(a)(24) as though the recordkeeping function were a ‘‘covered function’’ and the third party were a ‘‘service provider,’’ each as defined in proposed rule 206(4)–11(b). In addition, an investment adviser relying on a third party for such recordkeeping functions would also be required to obtain reasonable assurances that the third party will meet four specific standards related to the recordkeeping rule’s requirements. The proposed amendments would provide a comprehensive oversight framework for third-party recordkeepers to protect against loss, alteration, or destruction of an adviser’s records, and to help ensure that those records are accessible to the investment adviser as well as Commission staff. The proposed amendments would require advisers to conduct reasonable due diligence before engaging a third party to perform a recordkeeping function required by the recordkeeping rule.82 Specifically, an investment adviser would be required to reasonably identify and determine through due diligence that it would be 81 See supra sections II.B and II.C; proposed rule 204–2(l)(1); proposed rule 206(4)–11(a). 82 See proposed rule 204–2(l)(1). PO 00000 Frm 00023 Fmt 4701 Sfmt 4702 68837 appropriate to outsource the recordkeeping, and that it would be appropriate to select a particular thirdparty recordkeeper, by complying with each of the six due diligence elements specified in proposed rule 206(4)– 11(a)(1). These elements address: the nature and scope of the services; potential risks resulting from the thirdparty recordkeeper performing the recordkeeping function, including how to mitigate and manage such risks; the recordkeeper’s competence, capacity, and resources necessary to perform the function; the recordkeeper’s subcontracting arrangements related to the function; coordination with the recordkeeper for Federal securities law compliance; and the orderly termination of the provision of the function by the recordkeeper. Consistent with these requirements, an adviser’s due diligence of a thirdparty recordkeeper generally should be tailored reasonably to the nature, scope, and risk profile of the recordkeeping function or service that would be provided as well as to the identified third party. For example, the adviser generally should consider whether the particular third-party recordkeeper has the capability and experience to both make and maintain the required records in a format that is consistent with an adviser’s books and records requirements. Therefore, the required due diligence of an adviser seeking to engage a third-party cloud provider to make and keep records on behalf of the adviser should take into account the third party’s competence, capacity, and resources generally, but the adviser may not need to understand the intricacies of the cloud service’s operations. The adviser generally should have a reasonable understanding of the cloud service and the risks of the service, and be able to conclude that it can mitigate and manage those risks. In conducting this due diligence, the adviser could review factors such as: • Comparative cloud-based recordkeeping services, including their respective parameters, benefits, and risks, • The cloud service provider’s capability and experience with making and/or keeping records required under the recordkeeping rule, • The cloud service’s compliance and operational policies and procedures for the protection of data, and its policies and procedures addressing the maintenance and oversight of the data, • The cloud service’s prevention and detection of, and response to, cybersecurity threats, and • The experience or lack thereof of other similarly situated advisers that E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68838 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules have previously engaged the cloud service and any risks identified in those experiences or lack thereof. Once a third party is engaged to provide recordkeeping functions required by the recordkeeping rule, proposed rule 204–2(l) would require the adviser to monitor the third party’s performance of the recordkeeping function periodically and reassess the retention of the third party in accordance with the monitoring requirements prescribed by proposed rule 206(4)–11(a)(2). Monitoring thirdparty recordkeepers is critical to an adviser’s ability to discover and address issues relating to the adviser’s records in a timely fashion before such records may be inadvertently altered, lost or destroyed or otherwise rendered inaccessible. As discussed in section II.C above, the manner and frequency of an adviser’s monitoring would depend on the facts and circumstances applicable to the recordkeeping function. For example, sufficient monitoring of an off-site physical record storage company may reasonably differ from that of an electronic media storage company due to the inherent differences in the nature and scope of their respective functions. Further, an investment adviser would be required to comply with the attendant recordkeeping requirements prescribed in proposed rule 204– 2(a)(24) with respect to such functions. Thus, in addition to performing the required due diligence and monitoring for a third party recordkeeping, an adviser would also be required to make and keep records documenting its due diligence and periodic monitoring of that third party as though the recordkeeping function were a ‘‘covered function’’ and the third party were a ‘‘service provider’’, each as defined in proposed rule 206(4)–11(b).83 Requiring an adviser to make and keep records of its oversight of third-party recordkeepers is intended to enhance an adviser’s compliance efforts and facilitate the Commission’s inspection and enforcement capabilities. In addition to due diligence and monitoring obligations, an investment adviser that relies on a third party to perform any recordkeeping function under rule 204–2 would be required to obtain reasonable assurances that the third party will meet four standards specific to recordkeeping.84 First, the adviser must have reasonable assurance that the third party will adopt and implement internal processes and/or systems for making and/or keeping 83 See 84 See proposed rule 204–2(a)(24)(ii). proposed rule 204–2(l)(2). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 records on behalf of the investment adviser that meet all of the requirements of the recordkeeping rule. Second, the adviser must have reasonable assurance that, when making and/or keeping records on behalf of the adviser, the third party will, in practice, actually make and/or keep records in a manner that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser. Third, for electronic records, the adviser must have reasonable assurance that the third party will allow the investment adviser and Commission staff to access the records easily through computers or systems during the required retention period of the recordkeeping rule. Whether computers or systems satisfy this provision of the rule would be determined based on the facts and circumstances, and could include, for example, computers and proprietary systems owned and operated by an adviser as well as computers and systems rented, licensed or otherwise made available to an adviser (e.g., web portals, cloud computing, storage area networks, and electronic recordkeeping systems) which may be used to access such electronic records. Fourth, the adviser must have reasonable assurance that arrangements will be made to ensure the continued availability of records that will meet all of the requirements of the recordkeeping rule as applicable to the investment adviser in the event that the third party ceases operations or the relationship with the investment adviser is terminated.85 These standards, coupled with the prescribed due diligence and monitoring requirements, are intended to assist with making and keeping true, accurate, and current records of the adviser, protect those records from loss, alteration, or destruction, and ensure that those records are accessible to the investment adviser and the Commission staff, while maintaining appropriate freedom for investment advisers to contract with service providers to assist with recordkeeping functions. We expect that the arrangements between investment advisers and service providers for recordkeeping services may vary significantly among firms due to differences in the structure, operation, or scope of services amongst investment advisers and service providers. Whether an investment adviser’s arrangement with a third-party service provider satisfies the requirements 85 The Commission staff has previously addressed third-party recordkeeping subject to certain conditions in staff letters. See, e.g., First Call NAL, supra footnote 25; OMGEO NAL, supra footnote 25. PO 00000 Frm 00024 Fmt 4701 Sfmt 4702 under proposed rule 204–2(l)(2) would depend on the particular facts and circumstances of the arrangement including, among other things, the type of record, where the records are located, the medium and method of storage, and how promptly records or copies of records can be provided. When a third party is retained to assist with recordkeeping, the making and keeping of records still must satisfy the applicable requirements prescribed by rule 204–2. Thus, the adviser must obtain reasonable assurance that the third party will adopt and implement internal processes and/or systems for both making and keeping records on behalf of the investment adviser that meet the applicable requirements of rule 204–2.86 For example, rule 204–2(g) permits an investment adviser to maintain records electronically as long as certain requirements are met, including that the adviser shall, upon request, promptly provide the Commission legible, true, and complete copies of records in the medium and format in which they are stored, printouts of such records, and a means to access, view, and print the records. Therefore, under proposed rule 204– 2(l)(2), where a service provider will keep email archives (e.g., in cloud storage or an external storage database) on behalf of an investment adviser, the adviser should have reasonable assurance that the service provider will, among other things, adopt and implement internal processes and/or systems for making and/or keeping the records in such a manner to enable a prompt response to Commission requests for such records in the format required.87 We are aware of instances where advisers engage a third party to learn only later that the third party cannot produce required records in a reviewable format. These are issues that should be identified and addressed before a third-party recordkeeper is engaged. The recordkeeping rule also addresses the location and length of time that required records under the rule must be maintained. Rule 204–2 generally requires that, among other things, such records be maintained and preserved in an easily accessible place and, for a period of time, in an appropriate office of the investment adviser.88 Consistent with these requirements, if an adviser outsources the storage of records under the recordkeeping rule, the adviser should seek to ensure that those records 86 See proposed rule 204–2(l)(2)(i). proposed rule 204–2(l); 17 CRF 275.204– 2(g)(2)(ii). 88 See 17 CFR 275.204–2(e). 87 See E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules will be easily accessible for the duration of the required retention period. For example, if an investment adviser retains an off-site physical storage company to assist with maintaining physical records of records such as trade confirmations, those records should be maintained in an appropriate office of the adviser for the applicable period first, and then when the records are moved to the off-site location, they must be maintained in an easily accessible place.89 For electronic records, the proposed amendments would require an investment adviser to have the ability to access electronic records easily through computers/systems because such required records may be stored on servers or other storage devices that are owned or operated by a third party (e.g., a cloud service provider).90 However, pursuant to rule 204–2, the records still must be available in the adviser’s office for a period of time.91 The computers and/or systems that provide access to the required records could include computers and proprietary systems owned and operated by an adviser as well as computers and systems rented, licensed or otherwise made available to an adviser (e.g., web portals, cloud computing, storage area networks, and electronic recordkeeping systems). This element of the proposed amendments is intended to safeguard an investment adviser’s access to its required records while providing firms with the ability to use electronic platforms to make and keep their records. If an adviser has essentially immediate access to a record through a computer or system located at an appropriate office of the adviser, then that record could be considered to be maintained at an appropriate office of the adviser.92 For example, if an investment adviser relies on a service provider to store trade confirmations in the service provider’s electronic database, one way the adviser could seek to ensure that the records will be easily accessible would be to require access to the records at any time through computers and/or systems for the record’s required retention period under rule 204–2.93 In addition, in such an arrangement, the adviser should also seek to ensure such records are maintained in such a manner to permit them to be promptly provided to the Commission upon request. When engaging a third party to provide recordkeeping services under 89 See rule 204–2(e). proposed rule 204–2(l)(2)(iii). 91 See rule 204–2(e). 92 See, e.g., First Call NAL, supra footnote 25. 93 See proposed rule 204–2(l)(2)(iii); see also, e.g., OMGEO NAL, supra footnote 25. rule 204–2, the investment adviser should account for how to continue to stay in compliance with the rule’s requirements after termination of the arrangement either by the adviser or the third party.94 Rule 204–2(f) addresses circumstances where an investment adviser may discontinue its business and requires, among other things, that the adviser arrange for and be responsible for the preservation of required records under the rule. Similarly, a service provider may also discontinue its business or arrangement with an investment adviser. To seek to protect records required by the recordkeeping rule against loss and destruction when outsourced recordkeeping arrangements change or terminate, we are proposing to require an investment adviser to obtain reasonable assurance that a third party will make arrangements to ensure the continued availability of the required records under the recordkeeping rule as applicable to the adviser should the third party cease operations or its relationship with the investment adviser be terminated.95 For example, if an adviser were retaining records with a cloud storage service provider, the adviser may consider requiring that the cloud service provider agree to retain and grant the adviser access to such records for the legally required amount of time. Alternatively, the adviser may want to require that the service provider agree to assist in the transfer of such records to the adviser or another agreedupon third party at the termination of the contractual relationship. This would allow the adviser to continue to retain such records in compliance with its legal obligations and provide them to the Commission staff upon request.96 While many investment advisers may already have service provider agreements or other arrangements that contain these proposed standards as part of their policies and procedures or best practices to mitigate or manage risks the investment advisers identified when performing due diligence and monitoring, we believe that all investment advisers should obtain reasonable assurances that service providers will meet these four standards in an outsourced recordkeeping arrangement. We understand that the manner in which an investment adviser obtains reasonable assurances that the service provider will adhere to these standards may vary depending on the arrangement. One way an investment 90 See VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 94 See 17 CFR 275.204–2(f); proposed rule 204– 2(l)(2)(iv)). 95 See proposed rule 204–2(l)(2)(iv). 96 See proposed rule 204–2(l)(2)(iv). PO 00000 Frm 00025 Fmt 4701 Sfmt 4702 68839 adviser could consider accomplishing this is by having a written agreement that expressly includes the four standards. Alternatively, an investment manager may seek to ensure these requirements are satisfied through one or more letters of understanding, statements of work, or other means. In some cases, the adviser might elect to receive and retain duplicate records from the service provider that the adviser stores and retains directly. Finally, we are not proposing new Form ADV reporting requirements specific to third-party recordkeepers because current Item 1.L of Form ADV Part 1A already requires disclosure regarding the location of an adviser’s books and records required under Section 204 of the Advisers Act when such books and records are maintained somewhere other than the principal office and place of business of the Adviser.97 An adviser is required to provide, among other things, the name of the entity and location where the books and records are maintained as well as a description of the books and records maintained at such location.98 An adviser should include third-party recordkeepers that maintain such books and records for the investment adviser in their responses to this item, which may include, among other things, arrangements such as electronic dataand record-management, offsite storage, and information technology (e.g., cloud services) providers. Therefore, current reporting requirements already provide the Commission with information regarding advisers’ use of third-party recordkeepers. We request comment on the proposed third-party recordkeeping requirements: 66. Do commenters agree that the proposed requirements for investment advisers that rely on third parties for recordkeeping functions under rule 204–2 are appropriate? Do the proposed amendments provide appropriate flexibility for investment advisers to engage third-party service providers in various capabilities? Are the proposed standards appropriately flexible in light of changing technology and digital infrastructure trends? If not, how should they be changed? 67. Should we broaden the proposed requirements to encompass all outsourced recordkeeping functions related to an adviser’s obligations under the Federal securities laws, which would include rule 204–2? For example, should rule 204–2(l) apply to any records that are made and/or kept by a 97 See 15 U.S.C. 80b–4; Form ADV Item 1.L & Schedule D, Section 1.L. 98 See Form ADV Schedule D, Section 1.L. E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68840 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules third party on behalf of an investment adviser in accordance with fulfilling the adviser’s obligations under the Federal securities laws? 68. Should analogous requirements be added to rules under the Investment Company Act of 1940 (e.g., rules 31a– 1 and 31a–2) for registered investment companies? If so, should the requirements be different for registered investment companies than for advisers when outsourcing recordkeeping functions? Why or why not? 69. Do commenters agree that it is appropriate to require similar due diligence and monitoring requirements as prescribed in proposed rule 206(4)– 11 for outsourced recordkeeping functions? Why or why not? 70. Should we adopt the due diligence requirements for third-party recordkeepers as proposed? Are there other aspects of due diligence that should be required additionally or instead? Conversely, should we exclude any of the proposed due diligence requirements? 71. Should we adopt the monitoring requirements for third-party recordkeepers as proposed? Are there other aspects of monitoring that should be required additionally or instead? Conversely, should we exclude any of the proposed monitoring requirements? 72. Do commenters agree that the proposed recordkeeping requirements related to an adviser’s due diligence and monitoring of service providers of covered functions, as defined in proposed rule 206(4)–11(b), should also be required for third-party recordkeepers? Why or why not? 73. Are the types of service provider arrangements that would be encompassed under proposed rule 204– 2(l) sufficiently clear? Is this scope sufficiently defined? Should the scope be clarified in any other way? 74. Are there certain types of thirdparty recordkeeping arrangements that should be included or excluded (e.g., cloud service providers or service providers which are subject to existing government or self-regulatory organization oversight, such as brokerdealers or banks)? If so, explain why. Are there types of third-party recordkeeping arrangements that should be subject to different or alternative oversight requirements? If so, explain why and, if applicable, suggest alternative requirements to the proposed rule text. 75. Do investment advisers currently have service provider agreements that VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 meet the recordkeeping standards in proposed rule 204–2(l)? If not, what types of service provider arrangements do not these standards? Do investment advisers currently obtain reasonable assurances that service providers will meet the recordkeeping standards in proposed rule 204–2(l) through their policies and procedures and/or due diligence practices? If so, do commenters believe the proposed rule is necessary? 76. Should proposed rule 204–2(l) require a written agreement between an investment adviser and a third party where the investment adviser relies on the third party for recordkeeping functions under rule 204–2? Should proposed rule 204–2(l)(2) require that the four standards under the proposal be expressly covered by a written agreement or, alternatively, a written undertaking? Should the standards be clarified in any manner? Should additional standards be included as part of the proposal? 77. Are the four standards enumerated in proposed rule 204–2(l)(2) sufficiently understandable? If not, which standards require additional clarity and detail? Do commenters believe certain terms should be defined within rule 204–2? If so, what terms? 78. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the applicable requirements of rule 204–2? Why or why not? 79. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will make and/or keep records on behalf of the investment adviser that meet all of the applicable requirements of rule 204–2? Why or why not? 80. Do commenters agree that it is appropriate to require advisers to obtain reasonable assurances that service providers will allow the investment adviser and staff of the Commission to access the adviser’s electronic records easily through computers or systems? Why or why not? If not, what level of access should be required for records required by rule 204–2 when such records are maintained by a third party? Should certain types of electronic records be excluded from this requirement or otherwise subject to different or alternative requirements? If so, please explain. PO 00000 Frm 00026 Fmt 4701 Sfmt 4702 81. Do commenters agree that it is appropriate for investment advisers to make arrangements with service providers to ensure the continued availability of records in the event that the third party ceases operations or the relationship with the investment adviser is terminated? Why or why not? Should we prescribe more specific requirements for the retention of records under the recordkeeping rule when a third party recordkeeping arrangement with an investment adviser is terminated? 82. We are not proposing to require additional Form ADV reporting for third-party recordkeepers. Are all thirdparty recordkeepers already reported in Section 1.L. of Schedule D, and if not, should we explicitly require that they be reported on Form ADV? Should we require advisers to report all third-party recordkeepers in Section 7.C of Schedule D or cross reference to their disclosure in Section 1.L. of Schedule D? Should we allow advisers to report more than one principal office for a service provider in Section 1.L. of Schedule D? F. Existing Staff No-Action Letters and Staff Statements Consistent with the proposed amendments, staff in the Division of Investment Management is reviewing certain of our staff’s no-action letters addressing the application of the recordkeeping rules to determine whether any such letters should be withdrawn in connection with any adoption of this proposal. If the rule is adopted, some of these letters would be moot, superseded, or otherwise inconsistent with the amended rules and, therefore, would be withdrawn. We list below the letters that are being reviewed for withdrawal as of the dates the proposed amendments, if adopted, would be effective after a transition period. If interested parties believe that additional staff letters or other staff statements should be potentially withdrawn, they should identify the letter or statement, state why it is relevant to the proposed amendments, and how it should be treated and the reason therefor. To the extent that a letter listed below relates both to a topic identified in the list below and another topic, the portion unrelated to the topic listed is not being reviewed in connection with the adoption of this proposal. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 68841 LETTERS TO BE REVIEWED CONCERNING RULE 204–2 Letter and date Topic subject to withdrawal First Call Corporation (pub. avail. Sept. 6, 1995) ................................................................................... Omgeo LLC (pub. avail. Aug. 14, 2009) ................................................................................................ G. Transition and Compliance khammond on DSKJM1Z7X2PROD with PROPOSALS2 We are proposing to require advisers registered or required to be registered with the Commission to comply with the proposed rule, if adopted, starting ten months from the rule’s effective date (the ‘‘compliance date’’). This would provide a transition period during which a registered investment adviser can prepare to develop and adopt appropriate procedures to comply with the proposed rule, if adopted. Pursuant to our proposal, the proposed rule, if adopted, would apply to any engagement of new service providers made on or after the compliance date of the proposed rules and amendments. The ongoing monitoring requirements, if adopted, also would apply to existing engagements beginning on the compliance date. The adviser would be required to monitor periodically the service provider’s performance of the existing covered function and reassess the retention of the service provider in accordance with the due diligence requirements. If adopted, the rule would require such monitoring and reassessment to occur with a manner and frequency such that the investment adviser reasonably determines that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider. We request comment on the following: 83. Do commenters agree that a tenmonth transition period following the effective date of any final rule is appropriate? If not, how long of a transition period would be appropriate? For example, would 90 days be an appropriate amount of time? Would longer be necessary, e.g., eighteen months, and if so, why? Should we have different compliance dates for larger or VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 smaller entities? For example, should we require compliance for larger advisers within ten months and require eighteen months for smaller advisers? Why or why not? 84. Under our current proposal, all current applicable adviser engagements with service providers would fall within the purview of the proposed rule and would be subject to the due diligence and monitoring requirements as outlined within the proposal as of the compliance date. We understand that this requirement may result in advisers having to revisit existing arrangements with service providers to review for compliance and perhaps even requiring advisers to amend current contracts to satisfy the requirements of the proposed rule. We request comment on whether the rule should include a provision that excludes an adviser’s existing engagement with a service provider that occurred prior to any compliance date of the proposed rule. Alternatively, should the proposed rule exempt advisers with existing service provider engagements from complying with certain proposed actions within the proposal? What requirement(s) should receive this treatment and why is it necessary? Are there certain types of service provider relationships that should be covered by such a provision in order to prevent the imposition of an unfair or unreasonable burden on the adviser or to prevent the imposition of excessive costs? If so, please explain the unfair burden or excessive costs that could result. 85. Would it be preferable to provide a different transition period for advisers that have existing relationships with service providers to come into compliance with any final rule than the transition period for new relationships? Do advisers need a different time period to review current service provider PO 00000 Frm 00027 Fmt 4701 Sfmt 4702 Investment keeping. Investment keeping. adviser electronic record- adviser electronic record- engagements and determine what further actions may be needed to bring the adviser into compliance with any final rule? 86. Should we provide an exception for service provider engagements that are short-term in nature (e.g., less than three months)? Should we provide advisers with a safe harbor during periods where an adviser has determined to transition a covered function from one service provider to another? For example, should we provide a ten-day safe harbor to allow for advisers to transition a covered function from a service provider if the adviser makes a determination that it no longer remains appropriate to outsource the covered function to that service provider? III. Economic Analysis A. Introduction We are mindful of the costs imposed by, and the benefits obtained from, our rules. Section 202(c) of the Advisers Act provides that when the Commission is engaging in rulemaking under the Act and is required to consider or determine whether an action is necessary or appropriate in the public interest, the Commission shall also consider whether the action will promote efficiency, competition, and capital formation, in addition to the protection of investors. The following analysis considers, in detail, the likely significant economic effects that may result from the proposed rule and proposed amendments to rules and forms, including the benefits and costs to clients and investors and other market participants as well as the broader implications of the proposed rule and amendments for efficiency, competition, and capital formation. E:\FR\FM\16NOP2.SGM 16NOP2 68842 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules Where possible, the Commission quantifies the likely economic effects of its proposed amendments and rules. However, the Commission is unable to quantify certain economic effects because it lacks the information necessary to provide estimates or ranges of costs. Further, in some cases, quantification would require numerous assumptions to forecast how investment advisers, service providers, and other affected parties would respond to the proposed rule and amendments, and how those responses would in turn affect the broader markets in which they operate. In addition, many factors determining the economic effects of the proposed rule and amendments would be investment adviser-specific or service provider-specific. Investment advisers vary in size and sophistication, as well as in the products and services they offer. As a result, the extent to which investment advisers outsource covered functions as well as the kinds of covered functions they outsource differ, making it inherently difficult to quantify economic effects on advisers. Similarly, service providers vary in size and sophistication, as well as in the services they offer or could potentially offer, making it inherently difficult to quantify economic effects on service providers. Even if it were possible to calculate a range of potential quantitative estimates, that range would be so wide as to not be informative about the magnitude of the benefits or costs associated with the proposed rule. Many parts of the discussion below are, therefore, qualitative in nature. As described more fully below, the Commission is providing a qualitative assessment and, where practicable, a quantified estimate of the economic effects. B. Baseline The economic baseline against which we evaluate and measure the economic effects of the proposed rules and amendments, including its potential effects on efficiency, competition, and capital formation, is the state of the world in the absence of the proposed rules. 1. Affected Parties Registered Investment Advisers. The proposed rule would generally apply to a registered investment adviser (‘‘RIA’’) that outsources a covered function to a service provider.99 As of June 2022 there were 15,169 investment advisers registered with the Commission. RIAs reported $128.2 trillion in regulatory assets under management (‘‘RAUM’’) with $116.87 trillion in discretionary RAUM attributable to 47 million accounts and $11.36 trillion in nondiscretionary RAUM attributable to 14 million accounts. The average RAUM among RIAs was $8.45 billion and the median was $396.8 million. TABLE 1—REGISTERED INVESTMENT ADVISERS STATISTICS BY MAJORITY CLIENT TYPE Number of registered investment advisers Majority client type Average RAUM (millions) Median RAUM (millions) High net worth individuals ........................................................................................................... Pooled investment vehicles ......................................................................................................... Non-high net worth individuals .................................................................................................... Investment Companies ................................................................................................................ Pension and profit sharing plans ................................................................................................. Corporations ................................................................................................................................ State/municipal entities ................................................................................................................ Other investment advisers ........................................................................................................... Other client type .......................................................................................................................... Insurance companies ................................................................................................................... Charities ....................................................................................................................................... Banking or thrift institutions ......................................................................................................... Business development companies .............................................................................................. Foreign institutions ....................................................................................................................... 6,389 4,174 2,191 767 474 238 198 190 173 123 109 67 47 29 $2,059.1 8,897.0 3,130.6 65,849.5 11,269.7 4,224.2 16,534.5 7,072.5 2,701.5 55,691.3 5,470.1 9,634.3 3,353.5 30,971.1 $300.2 1,025.1 127.6 1,250.2 897.5 490.9 1,840.3 631.5 646.8 4,474.4 631.1 2,717.1 998.5 2,538.8 Total ...................................................................................................................................... 15,169 8,453.9 396.8 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Source: Form ADV, Part 1A, Item 5D. The majority client type represents the client type to which the RIA attributes the majority of their RAUM. All data reflect updated records as of July 2022. Average and median RAUM vary by the type of client to which the RIA attributes the majority of its RAUM.100 For example, for RIAs with a majority of investment company clients, the average and median RAUMs were $65.849 billion and $1,250.2 million, respectively. For RIAs with a majority of non-high net worth individual clients, the average and median RAUMs are much smaller—$3.130 billion and $127.6 million, respectively. Service Providers. Service providers would also be affected by the proposed rule. Covered functions are potentially 99 See proposed rule 206(4)–11(a). ADV, Part 1A, Item 5.D. 101 See 100 Form VerDate Sep<11>2014 17:47 Nov 15, 2022 performed by: (1) an adviser’s supervised person, (2) a related-party service provider, or (3) a third-party service provider. Under the proposed rule a service provider would be a person or entity that performs one or more covered functions and is not an adviser’s supervised person as defined in the Act, where covered functions are those that are (1) necessary for the adviser to provide investment advisory services in compliance with the Federal securities laws and (2) if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.101 The determination of what is a covered function would depend on the facts and circumstances and encompass functions or services that are necessary for an adviser to provide its investment advisory services in compliance with the Federal securities laws.102 Certain functions may be covered functions for one adviser but not for another adviser, depending on strategy and business model, and so certain persons or entities that perform functions on behalf of supra section II.A.2. 102 Id. Jkt 259001 PO 00000 Frm 00028 Fmt 4701 Sfmt 4702 E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules advisers may be a service provider in the scope of the rule with respect to one adviser but not for another adviser. In this section, we discuss a variety of persons or entities that perform functions on behalf of advisers under the term ‘‘service provider,’’ though these persons or entities may only be service providers in the scope of the rule for certain advisers. Few current disclosures require advisers to identify if a service provider is a related-party or third-party service provider. One item on Form ADV identifies the use of administrators and whether the administrator is a related party or a third party, but only for clients that are private funds.103 Of the 5,378 advisers to private funds reported on Form ADV, 4,213 (78%) report at least one third-party administrator and 140 (3%) report at least one relatedparty administrator. 104 68843 Although we believe that if an RIA has a related party that provides a particular function, the adviser may make use of that related-party service provider, Form ADV currently does not require RIAs to specifically provide that information. We can, however, identify whether an RIA has a related party that is a service provider on Form ADV, which is illustrated in Table 3.107 For example, approximately a third of RIAs report a related party that is another investment adviser such as a financial TABLE 2—ADVISER USE OF planner, and many RIAs report a related ADDITIONAL SERVICE PROVIDERS party that is a broker-dealer, municipal securities dealer, government securities Chief Record broker or dealer, or insurance company compliance keeping officer or agency. However, the actual proportion of RIAs with related party Count ................ 789 7,178 Percent ............. 5 47 service providers may be lower, to the extent that these related parties are not Source: Form ADV, Part 1A, Items 1.J.(2) functioning as service providers to an and 1.L & Schedule D, Section 1.L. All data adviser’s clients. reflect updated records as of July 2022. Certain items in Form ADV data provide information on RIAs’ outsourcing of services, but do not distinguish between third-party and related-party service providers. In particular, Form ADV data include information on RIAs’ use of certain service providers of potentially covered functions: (1) chief compliance officers,105 and (2) record-keepers.106 Table 2 provides information on the use of these service providers by advisers. I I TABLE 3—PERCENTAGE OF RIAS REPORTING EACH TYPE OF RELATED PARTY % of RIAs reporting type of related-party Related-party type Sponsor, general partner, managing member (or equivalent), excluding pooled investment vehicles .............................................. Other investment adviser (including financial planners) ..................................................................................................................... Broker-dealer, municipal securities dealer, or government securities broker or dealer (registered or unregistered) ........................ Commodity pool operator or commodity trading advisor (whether registered or exempt from registration) ...................................... Insurance company or agency ............................................................................................................................................................ Accountant or accounting firm ............................................................................................................................................................. Banking or thrift institution ................................................................................................................................................................... Trust company ..................................................................................................................................................................................... Sponsor or syndicator of limited partnerships (or equivalent), excluding pooled investment vehicles .............................................. Pension consultant .............................................................................................................................................................................. Lawyer or law firm ............................................................................................................................................................................... Real estate broker or dealer ................................................................................................................................................................ Registered municipal advisor .............................................................................................................................................................. Registered security-based swap dealer .............................................................................................................................................. Futures commission merchant ............................................................................................................................................................ Major security-based swap participant ................................................................................................................................................ 36 29 16 16 16 7 5 5 5 4 3 3 2 1 1 0 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Source: Form ADV, Part 1A, Item 7.A. All data reflect updated records as of July 2022. Clients. Clients of RIAs may also be affected by the proposed rule, to the extent they either benefit from increased oversight and/or face additional costs that are passed on to them from advisers, including those that service providers pass on to advisers. Form ADV requires RIAs to indicate the approximate number of advisory clients and the amount of total RAUM attributable to various client types.108 Table 4 provides information on the 103 Form ADV, Part 1A, Schedule D, Section 7.B.(1), Item 26. Items 25 and 28 identify custodians and marketers. As discussed above, custodians and marketers are not within the scope of the rule and so our analysis is limited to administrators. See supra section II.A. 104 See Form ADV, Part 1A, Item 7B(1). The data reflects updated records as of July 2022. An adviser must file a separate Section 7.B of Schedule D for each private fund that it manages. Because these items are only provided by private fund advisers, this analysis is not representative of the broader investment adviser industry. There may also be other categories of service providers not captured by Form ADV. 105 Form ADV, Part 1A, Item 1.J.(2). 106 Form ADV, Part 1A, Item 1.L & Schedule D, Section 1.L. Items 1.I and 5.B.(6) identify entities that provide website or social media services and individuals who solicit clients on an adviser’s behalf. Because these entities are unlikely to be within the scope of the rule, they are excluded from this analysis. See supra section II.A. 107 Form ADV, Part 1A, Item 7.A. requires advisers to provide information about their related persons, including foreign affiliates. Advisers’ related persons are all advisory affiliates and any persons that are under common control with the adviser. In particular, Item 7.A. requires an adviser to disclose if the adviser has a related person that is: (1) broker-dealer, municipal securities dealer, or government securities broker or dealer (registered or unregistered), (2) other investment adviser (including financial planners), (3) registered municipal advisor, (4) registered security-based swap dealer, (5) major security-based swap participant, (6) commodity pool operator or commodity trading advisor (whether registered or exempt from registration), (7) futures commission merchant, (8) banking or thrift institution, (9) trust company, (10) accountant or accounting firm, (11) lawyer or law firm, (12) insurance company or agency, (13) pension consultant, (14) real estate broker or dealer, (15) sponsor or syndicator of limited partnerships (or equivalent), excluding pooled investment vehicles, and (16) sponsor, general partner, managing member (or equivalent), excluding pooled investment vehicles. 108 If a client fits into more than one category, Form ADV requires an adviser to select one category that most accurately represents the client (to avoid double-counting clients and assets). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00029 Fmt 4701 Sfmt 4702 E:\FR\FM\16NOP2.SGM 16NOP2 68844 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules number of client accounts, total RAUM, and the number of RIAs attributable to each client type. For instance, non-high net worth individuals account for over 43 million clients, or approximately 83.14% of all advisory clients, while investment companies make up about 25 thousand clients, less than one percent of all advisory clients. Investment companies account for $43,838 billion in RAUM, or approximately 35.5% percent of reported RAUM. Business development companies, on the other hand, account for around $211 billion in RAUM, under 1% of total RAUM. TABLE 4—RIA MARKET SIZE BY CLIENT TYPE Clients (millions) Client type Non-high net worth individuals .................................................................................................... High net worth individuals ........................................................................................................... Other investment advisers ........................................................................................................... Pension and profit-sharing plans ................................................................................................. Other client types ......................................................................................................................... Corporations ................................................................................................................................ Charities ....................................................................................................................................... Pooled investment vehicles ......................................................................................................... State/municipal entities ................................................................................................................ Investment companies ................................................................................................................. Insurance companies ................................................................................................................... Banking or thrift institutions ......................................................................................................... Foreign institutions ....................................................................................................................... Business development companies .............................................................................................. 43.824 6.917 0.908 0.431 0.377 0.340 0.121 0.095 0.027 0.025 0.013 0.011 0.002 0.000 Total RAUM (billions) 7,093 11,832 1,427 8,106 1,156 3,267 1,613 34,584 4,285 43,838 7,630 966 2,209 211 RIAs 8,286 8,989 814 5,271 1,374 4,934 5,134 5,763 1,299 1,603 1,028 432 363 98 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Source: Form ADV, Part 1A, Item 5D. All data reflects updated records as of July 2022. 2. Adviser Use of Service Providers Reasons for use of Service Providers. Advisers use service providers for a variety of reasons. First, advisers may rely on service providers for a covered function because the adviser faces difficulties performing the function themselves as a matter of operations. Advisers may also choose to use a service provider for a function that could be performed internally, because advisers believe they may give the adviser or its clients access to certain specializations or areas of expertise, or otherwise offer efficiencies that are unavailable to or unachievable by an adviser alone.109 For instance, in some circumstances, service providers may be able to provide the same or similar levels of service as an adviser in a manner that is more cost-effective to clients. Outsourcing can also provide staffing flexibility by reducing the burdens on advisers’ existing personnel. These burdens generally entail hiring and onboarding costs in addition to salaries and benefits, and the flexibility may be particularly useful for services that are periodic or otherwise infrequent and may not require permanent staffing by the adviser. Advisers with few personnel in particular may find benefits in allowing service providers to handle tasks that would otherwise be time-consuming or costly given the lack of economies of scale. Engaging a service provider also may prove efficient because it allows an adviser to allocate specific duties to a single service provider, rather than relying on multiple internal personnel to complete a function. Clients also can benefit from outsourcing, including through lower fees (if the adviser passes along any cost savings) and better quality of service.110 There are a wide variety of functions that an adviser might outsource. For example, advisers might outsource functions that operationally support an adviser’s business functions (e.g., investment research and data analytics, trading and risk management, compliance). Advisers might also hire service providers to perform or assist with functions that support middle- and back-office functions essential to asset management (e.g., collateral management, settlement services, pricing or valuation services, and performance measurement).111 Lastly, advisers might hire service providers to support the investment advisers’ core advisory services and processes (e.g., provision of bespoke indexes, subadvisory services, and platforms for robo-advisory services). Risks Associated with use of Service Providers. While the use of service providers might offer investment advisers significant advantages, the use of service providers may also present elevated risks of potential material harm to clients, and on the adviser’s ability to perform its advisory services, resulting from outsourcing a covered function. Elevated risks can manifest in several ways: (1) increased operational risks 110 See 109 See supra section I.A. VerDate Sep<11>2014 17:47 Nov 15, 2022 111 See Jkt 259001 PO 00000 supra footnote 5. supra section I.A. Frm 00030 Fmt 4701 from individual service providers to individual advisers, (2) increased risks associated with expanded or additional conflicts of interest resulting from principal-agent and moral hazard problems, (3) increased operational risk resulting from an adviser relying on a single service provider to provide multiple functions, (4) increased broader or systemic operational risk from a service being provided by a small number of service providers, (5) increased risks from reduced regulatory transparency, (6) increased risk of harm when clients and investors are misled as to the adequacy of the adviser’s due diligence in engaging service providers and oversight of outsourced functions, and (7) increased risk of harm from rare but catastrophic operational failures that may be difficult for advisers and clients to predict, and thus price into their negotiated agreement. We discuss each of these in turn. Use of a service provider could reduce an adviser’s direct control over, or visibility into, a function. Reduced control over or visibility into a function could increase existing operational risks or introduce new operational risks. For example, without proper oversight of trade allocation, an adviser could be left unable to submit orders or allocate trades, or could have a service provider allocating shares in a manner that favors certain clients over others or failing to consider whether allocating additional shares would violate a client’ investment guidelines.112 As another 112 See Sfmt 4702 E:\FR\FM\16NOP2.SGM supra section II.A.2. 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules example, where a service provider manages data for an adviser, an operational failure could result in advisers making investment decisions based on incorrect data about their client’s assets.113 For example, if an adviser has incorrect data on a client’s holdings of a particular security, the adviser may mistakenly not sell as much of their client’s holdings in the event of a market downturn as they would otherwise. This may also include advisers outsourcing critical functions to service providers in geographical areas with unique heightened risks, such as risks from weather events, power outages, geopolitical events and public health concerns in their location.114 An investment adviser’s loss of control over, or visibility into, an outsourced function could also create potential or actual conflicts of interest between investment advisers and service providers. This is because the relationship between client and an adviser is generally one where the principal (the client) relies on an agent (the adviser) to work on the principal’s behalf.115 To the extent that principals and their agents do not have aligned preferences and goals, agents (advisers) may take actions that increase their well-being at the expense of principals (clients). These conflicts of interest are particularly relevant for oversight of outsourced functions because of the client’s limited visibility and limited ability to observe and independently monitor the adviser’s oversight of the service provider. This scenario is defined as a moral hazard problem: When an agent’s actions cannot be observed or directly contracted for by the principal, it is difficult to induce agents to supply the proper amounts of productive inputs or appropriately share risk with the principal.116 While an 113 See supra section II.A.1. supra section I.A. 115 See Michael C. Jensen & William H. Meckling, Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure, 3 J. Fin. Econ. 305 (1976). 116 See, e.g., Bengt Holmstrom, Moral Hazard and Observability, 10 Bell J. of Econ. 1 (1979). (‘‘It has long been recognized that a problem of moral hazard may arise when individuals engage in risk sharing under conditions such that their privately taken actions affect the probability distribution of the outcome . . . . The source of this moral hazard or incentive problem is an asymmetry of information among individuals that results because individual actions cannot be observed and hence contracted upon.’’); Bengt Holmstrom, Moral Hazard in Teams, 13 Bell J. of Econ. 2 (1982). (‘‘Moral hazard refers to the problem of inducing agents to supply proper amounts of productive inputs when their actions cannot be observed and contracted for directly.’’). In other contexts, moral hazard refers to a party taking on excessive risk khammond on DSKJM1Z7X2PROD with PROPOSALS2 114 See VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 oversight failure can result in costs to an adviser vis-a`-vis reputational costs, fiduciary liabilities, or other costs, an adviser’s oversight activities are at least partially unobservable to the client. This results in a moral hazard problem that exacerbates the risk of the adviser taking actions that increase their well-being at the expense of their clients, such as pursuing cost savings on decisions to outsource, due diligence, monitoring, and recordkeeping, where the cost savings accrue to the adviser but increase operational risks for clients and investors.117 Further potential or actual conflicts of interest can emerge between advisers, service providers, and the adviser’s clients, because either the adviser or the service provider can act as an agent to the adviser’s clients, benefitting at the client’s expense. These conflicts of interest may therefore be exacerbated by the client’s limited visibility into the service provider’s practices. For example, without oversight, the service provider may pursue cost savings on its operations that increase risk to the adviser’s clients, because the service provider benefits from cost savings but operational risks are costly to the adviser’s client. As another example, as discussed above, there may be conflict of interest risks when a service provider recommends or otherwise highlights investments to advisory clients that the service provider also owns or manages for others.118 An adviser’s use of service providers to provide multiple functions could also increase operational risk.119 If an adviser is dependent on a service provider for a large number of services, any disruption or interruption to those when knowing another party will be responsible for negative outcomes. This alternative definition may be viewed as a special case of the broader economic definition associated with the difficulty of contracting for privately taken actions. See, e.g., Adam Carpenter, Moral Hazard Definition, U.S. News (Aug. 11, 2022), available at https://money. usnews.com/investing/term/moral-hazard. 117 Conversely, an adviser’s reputation motives— the fear of market-imposed loss of future profits— should generally work against the tendency to underinvest in oversight of service providers. However, for smaller advisers—who do not enjoy economies of scale or scope, and generally have less valuable brands—the cost of implementing robust service provider oversight would be relatively high, while their reputation motives would be more limited, because there is less reputational capital to lose. Thus, smaller advisers can be expected to be especially prone to moral hazard problems and resulting underinvestment in service provider oversight. 118 See supra section I.A. 119 See supra section I.A. However, it is not always the case that an adviser that only outsources a single function is less at risk than an adviser that outsources multiple, if the single outsourced function is more critical to the adviser’s provision of advisory services. PO 00000 Frm 00031 Fmt 4701 Sfmt 4702 68845 services could affect an adviser’s services to its clients. If the service provider becomes unable to perform those functions, clients of the investment adviser may be harmed to the extent the investment adviser is unable to find a suitable replacement for the service provider or provide the services itself. The more services provided by a given service provider, the greater the potential effect on investment advisory clients, through any of the previously discussed risks or channels of harm. In certain circumstances, the use of service providers could create broader or systemic risks as well. In particular, to the extent that the failure of a single service provider would cause operational failures at multiple advisers, that service provider may represent a source of systemic risk. For example, because service providers have become more specialized in recent years,120 for certain functions there may be only a few entities offering relevant (often information technology-dependent) services, and so multiple regulated entities could use a common service provider.121 In other cases, multiple service providers may merge to become a single market leader.122 These or related circumstances could, in turn, concentrate operational risk.123 If a large number of investment advisers were to use a common service provider, operational risks could be correspondingly concentrated. Increased concentration of operational risk could, in turn, lead to an increased risk of broader market effects during times of market instability, compounding any of the previously discussed risks and channels of harm.124 For example, in one instance a corrupted software update to accounting systems at a 120 IOSCO Report, supra footnote 13. Discussion Paper, at 2, supra footnote 14 122 See supra section I.A. 123 IOSCO Report, supra footnote13. The IOSCO Report cites examples of risks that could lead to systemic risk if multiple entities use a common service provider including: (1) if the service provider suddenly and unexpectedly becomes unable to perform services that are material or critical to the business of a significant number of regulated entities, each entity will be similarly disabled, (2) a latent flaw in the design of a product or service that multiple regulated entities rely upon may affect all these users, (3) a vulnerability in application software that multiple regulated entities rely upon may permit an intruder to disable or corrupt the systems or data of some or all users, and (4) if multiple regulated entities depend upon the same provider of business continuity services (e.g., a common disaster recovery site), a disruption that affects a large number of those entities may reduce the capacity of the business continuity service. 124 Investment advisers and their clients may not currently be aware of, or currently have enough information or otherwise be able to assess, concentration risks where multiple investment advisers use a common service provider. 121 FSB E:\FR\FM\16NOP2.SGM 16NOP2 68846 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules widely-used fund accounting provider caused industry-wide concern over the accuracy of fund values for several days, in which an estimated 66 advisers and 1,200 funds were unable to obtain system-generated NAVs for several days.125 This could also include cases where advisers discount the risks of a service provider failing because they view the service provider as ‘‘too big to fail,’’ and assume that regulators will deploy public funds to rescue the service provider in the event of its failure.126 When a function is performed internally, advisers have access to information necessary to demonstrate compliance with the Advisers Act or rules. Such information is helpful for the Commission’s use in its regulatory programs, including examinations, investigations, and client and investor protection efforts. Transparency in outsourced functions, likewise, is helpful for assessing regulatory compliance and remediating problems as they occur. For example, if several advisers follow an investing strategy based on a particular third-party investment model, an error by the model provider may cause widespread errors in the client accounts invested relying on the model, and with greater transparency the Commission could quickly analyze the potential breadth of the impact and take appropriate actions.127 Further, advisers that outsource a certain function sometimes indicate that because they outsource the function, they lack access to the information necessary to demonstrate compliance with a provision of the Advisers Act or rules.128 In addition, investment advisers have limited disclosure or books and records obligations with respect to their use of service providers.129 In other cases, a service provider may deliver some services from locations outside of the United States, which introduces potential oversight and regulatory gaps 125 See supra footnotes 16, 17, and accompanying khammond on DSKJM1Z7X2PROD with PROPOSALS2 text. 126 The Financial Conduct Authority observed UK asset managers in 2012 and expressed concern that some firms appear to rely on the fact that an outsourced service provider is a large financial institution, which regulators might look to rescue using public funds, in order to justify minimal oversight, among other potential gaps in service provider oversight practices. See FSA, To the CEOs of Asset Managers (Dec. 2012), available at https:// webarchive.nationalarchives.gov.uk/ukgwa/ 20140305053157mp_/https://www.fsa.gov.uk/static/ pubs/ceo/review_outsourcing_asset_ management.pdf. 127 See supra section I.A. 128 See supra section I.A for more detailed discussion. 129 See supra section III.B.1; see also infra section III.B.3. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 or oversight challenges.130 The resulting reduced transparency into the use of service providers, then, creates the potential that the Commission does not have information that could enhance its ability to evaluate and form regulatory policies and to assess markets for client and investor protection.131 Clients or investors may also face heightened risk of harm from each of these risks to the extent that they are misled about the adequacy of the adviser’s due diligence in engaging service providers and the adviser’s oversight of outsourced functions. If clients or investors understood clearly the extent of an adviser’s oversight and management of risks associated with outsourcing a covered function, the price of advisory services could account for expected operational risks to the extent that clients have bargaining power. But when an adviser holds itself out to clients and potential clients or investors as an investment adviser that can provide certain advisory functions or services, the adviser implies that it remains responsible for the performance of those services and it will act in the best interest of the client in doing so. An adviser remains liable for its obligations, including those under the Advisers Act, the other Federal securities laws, and any contract entered into with the client, even if the adviser outsources the function.132 Finally, clients or investors may face increased risk of harm from rare but catastrophic operational failures that may be difficult for advisers and clients or investors to predict, and thus price into their negotiated agreements. These types of events, because they are rare and difficult to predict, may go unaccounted for in the pricing of instruments, investments, or contracts.133 Similar to the previous discussion, rare but catastrophic operational risks may result from the compounding of different categories of operational risks. For example, such risks may result from an adviser who has outsourced multiple critical functions to service providers in a single geographic region, all of whom the adviser may assume are typically reliable and thus not proactively monitored by the adviser, but who may 130 See supra section I.A. supra section I.A. For example, the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing. 132 See supra section I.A; see also infra section III.B.3. 133 See, e.g., Howard Kunreuther & Mark Pauly, Insuring Against Catastrophes in The Known, the Unknown, and the Unknowable in Financial Risk Management (Francis X. Diebold, Neil A. Doherty and Richard J. Herring eds., 2010), at 210–238. 131 See PO 00000 Frm 00032 Fmt 4701 Sfmt 4702 all simultaneously face disruption in the face of extreme weather, a geopolitical event or public health crisis. To the extent that advisers have outsourced critical functions to third-party service providers who are often reliable but are not subject to the adviser’s oversight, these service providers represent potential risks that investors and advisers may not be able to price into their contracts. Patterns in Adviser Use of Service Providers. One motivation for an adviser to outsource a function is that outsourcing might offer efficiencies that are unavailable to or unachievable by the adviser.134 Potential gains in efficiency may not be the same for all advisers. For example, gains may be related to factors such as adviser size (as measured by RAUM), or the types of clients advisers serve. As discussed above, Form ADV identifies the use of certain service providers and whether these service providers are related parties or third parties, but only for private funds.135 For administrators, a higher proportion (80%) of the largest 10% of advisers rely on third-party service providers than is the case for the smallest 10% advisers (75%).136 Additionally, the use of related-party administrators is rare, ranging from 1%–6% across adviser size deciles, in comparison to the use of third-party administrators, which ranges from 74%–80%.137 Additionally, as discussed above, certain additional items on Form ADV provide information on all RIAs’ outsourcing of services, but also do not distinguish between third-party and related-party service providers.138 Table 5 below provides information on the extent to which the use of these service providers varies across advisers as a function of RAUM.139 As is the case with advisers’ use of administrators above, Table 5 shows that larger advisers are more likely than smaller 134 See supra section I.A. supra section III.B.1. 136 Adviser size is measured by RAUM. 137 Source: Form ADV, Schedule D, Section 7B(1), Item 26. All data reflect updated records as of July 2022. Also as discussed above, because these items are only reported by private fund advisers, this analysis is not representative of the broader investment adviser industry. There may also be other categories of service providers not captured by Form ADV. See supra footnote 104. 138 See supra section III.B.1. 139 As discussed above, Form ADV provides information on certain types of related-party service providers, but does not include whether an adviser outsources to the related-party service provider. Because Form ADV does not include information indicating whether an adviser outsources to a related-party service provider, we focus the information provided in Table 6 on advisers’ use of third-party service providers. 135 See E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules advisers to report using these categories of service providers. TABLE 5—ADVISER USE OF ADDITIONAL SERVICE PROVIDERS Chief compliance officer (%) Size decile Smallest ............ 2 ........................ 3 ........................ 4 ........................ 5 ........................ 6 ........................ 7 ........................ 8 ........................ 9 ........................ Table 6 below provides further TABLE 5—ADVISER USE OF ADDITIONAL SERVICE PROVIDERS—Con- information on the extent to which adviser use of service providers varies tinued Chief compliance officer (%) Size decile Record keeping (%) 8 4 5 6 5 6 6 6 5 33 28 29 33 37 40 51 61 73 68847 Largest .............. I 2 Record keeping (%) I across advisers as a function of the type of client to which the registered investment adviser attributes a majority of their RAUM. 88 Source: Form ADV, Part 1A, Item 1J(2) and 1L. The table shows the within-size-decile percentage off all RIAs. Item 1J(2) may undercount the Chief Compliance Officer figure since it excludes those employed by a registered investment company. Item 1L may overcount the Record Keeping estimate since it does not exclude branch offices. All data reflects updated records as of July 2022. TABLE 6—ADVISER USE OF ADDITIONAL SERVICE PROVIDERS BY MAJORITY CLIENT TYPE Chief compliance officer (%) Client type High net worth individuals ....................................................................................................................................... Pension and profit-sharing plans ............................................................................................................................. Banking or thrift institutions ..................................................................................................................................... Charities ................................................................................................................................................................... Other investment advisers ....................................................................................................................................... Investment companies ............................................................................................................................................. State/municipal entities ............................................................................................................................................ Pooled investment vehicles ..................................................................................................................................... Non-high net worth individuals ................................................................................................................................ Foreign institutions ................................................................................................................................................... Business development companies .......................................................................................................................... Insurance companies ............................................................................................................................................... Corporations ............................................................................................................................................................ Other client types ..................................................................................................................................................... Record keeping (%) 4 5 7 4 9 13 5 5 6 0 19 8 6 15 30 44 42 54 45 68 62 76 32 76 79 67 48 55 Source: Form ADV, Part 1A, Item 1J(2) and 1L. Item 1J(2) may undercount the Chief Compliance Officer figure since it excludes those employed by a registered investment company. Item 1L may overcount the Record Keeping estimate since it does not exclude branch offices. All data reflects updated records as of July 2022. khammond on DSKJM1Z7X2PROD with PROPOSALS2 3. Applicable Law Impacting Use of Service Providers Advisers who use service providers, whether a related-person or third-party service provider, may currently conduct activities related to each of the proposed obligations, such that varying degrees of due diligence, risk mitigation and management, monitoring, recordkeeping, and other oversightrelated activities may already occur in the marketplace. Certain advisers may currently conduct some or all of the proposed activities to satisfy a variety of legal requirements.140 First, an adviser who has outsourced a function to a service provider remains liable for its obligations, including under the Advisers Act or other Federal securities laws.141 Advisers’ fiduciary 140 In addition to regulatory requirements, advisers may already currently conduct some or all of the proposed activities solely as a matter of good business practice. 141 See supra section I.A. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 duty comprises a duty of loyalty and a duty of care, the latter of which includes providing investment advice in the best interest of the client, based on the client’s objectives.142 For example, where an investment adviser has the responsibility to select broker-dealers to execute client transactions, the adviser is obligated to seek to obtain ‘‘best execution’’ of client transactions given the circumstances pertaining to the transactions.143 142 Id. 143 See Standard of Conduct Release, supra footnote 21, at section I.A. (‘‘When seeking best execution, an adviser should consider ‘the full range and quality of a broker’s services in placing brokerage including, among other things, the value of research provided as well as execution capability, commission rate, financial responsibility, and responsiveness’ to the adviser.’’) (quoting Interpretive Release Concerning the Scope of Section 28(e) of the Securities Exchange Act of 1934 and Related Matters, Exchange Act Release No. 23170 (Apr. 28, 1986)); Commission Guidance Regarding Client Commission Practices under Section 28(e) of the Securities Exchange Act of 1934, Exchange Act Release No. 54165 (July 18, PO 00000 Frm 00033 Fmt 4701 Sfmt 4702 Where an investment adviser fails to satisfy its obligations, including fulfilling its fiduciary duty to clients or complying with the Advisers Act and other Federal securities laws, its conduct may result in potential liability under the antifraud provisions of the Federal securities laws. Investment advisers are subject to Section 206 of the Advisers Act, which prohibits engaging ‘‘in any act, practice, or course of business which is fraudulent, deceptive, or manipulative.’’ 144 Section 206(4) specifically empowers the Commission to adopt rules defining fraudulent acts and practices and to prescribe means reasonably designed to prevent their occurrence. In addition to the antifraud provision of the Advisers Act, investment advisers are also subject to other antifraud provisions under the Federal securities laws and misconduct 2006), available at https://www.sec.gov/rules/ interp/2006/34-54165.pdf. 144 15 U.S.C. 80b–6(4). E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68848 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules by an adviser may result in liability under such other provisions, including Section 17 of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and rule 10b–5 thereunder.145 Second, investment advisers registered with the Commission are required to adopt and implement written policies and procedures reasonably designed to prevent violation of the Federal securities laws. The Commission has said that Rule 206(4)– 7 requires advisers to consider their fiduciary and regulatory obligations under the Advisers Act and to formalize policies and procedures to address them.146 The rule does not enumerate specific elements that advisers must include in their policies and procedures and each adviser should adopt policies and procedures that take into consideration the nature of that firm’s operations.147 Registered investment companies are subject to similar compliance procedures and practices pursuant to rule 38a–1 under the Investment Company Act of 1940 and to the extent certain advisers have clients that are registered investment companies, the adviser and certain specified service providers may be subject to relevant provisions of the rule.148 As discussed, many investment advisers outsource various functions supporting the adviser’s services and processes. Investment advisers who presently outsource covered functions may already conduct any or all of the proposed required due diligence and monitoring obligations with respect to outsourced covered functions. Further, such advisers may already incorporate these practices into their written policies and procedures. However, while there is an existing framework under which advisers may oversee certain service providers, there is no existing provision under the Advisers Act expressly requiring due diligence and monitoring for those service providers.149 For example, advisers may already conduct some due diligence and monitoring with respect to service providers relating to the handling of sensitive client information in complying with their obligations under applicable laws. Section 204A of the Advisers Act requires advisers to maintain and enforce written policies and procedures with the aim of preventing the firm or any person associated with the firm from misusing material non-public information, with rule 204A–1 thereunder requiring, among other things, that an adviser’s code of ethics set forth requirements that certain advisory personnel report personal securities trading and that the adviser’s supervised persons must comply with Federal securities laws.150 Thus, some investment advisers may currently conduct due diligence and monitoring in enforcing their code of ethics, which encompasses certain aspects of the adviser’s relationship with service providers. Third, investment advisers use Form ADV to register with the SEC, register with one or more state securities regulators, and amend those registrations.151 Form ADV elicits detailed information concerning the adviser and its owners, business practices, employees, and disciplinary history. While Form ADV requires reporting on certain parties, such as the adviser’s industry affiliations and certain clients, it does not currently require reporting on all service providers that perform what would be covered functions under the proposal. Fourth, the Federal securities laws require investment advisers, registered 145 See 15 U.S.C. 77q; 15 U.S.C. 78l; and 17 CFR 240.10b–5. 146 See Compliance Programs of Investment Companies and Investment Advisers, Investment Advisers Act Release No. 2204 (Dec. 17, 2003), at section II.A.1 (adopting rule 206(4)–7), available at https://www.sec.gov/rules/final/ia-2204.htm. 147 See id. 148 Rule 38a–1 requires policies and procedures to provide for oversight of certain service providers to the registered investment company, including its investment advisers, principal underwriters, administrators, and transfer agents. The rule also requires the registered investment company’s board of directors, including a majority of its independent directors, to approve its investment adviser’s policies and procedures based on a finding that the policies and procedures are reasonably designed to prevent violation of the Federal securities laws by the registered investment company and the adviser. In addition, the registered investment company is required to review its policies and procedures, as well as those of its investment adviser, annually. See 17 CFR 270.38a–1. 149 Certain entities may be subject to particularized requirements under other regulatory regimes. For example, firms that are dually registered broker-dealers are subject to FINRA Rule 3110 which requires members to, among other provisions, establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations. This supervisory system must, among other requirements, designate an appropriately registered principal with authority to carry out the supervisory responsibilities of the member for each type of business in which it engages for which registration as a broker-dealer is required. See, e.g., Rule 3110 Supervision, available at https:// www.finra.org/rules-guidance/rulebooks/finrarules/3110. 150 See 15 U.S.C. 80b–4a and 17 CFR 275.204A– 1. However, rule 204A–1 is intended to apply only to ‘‘access persons’’ of an investment adviser and does not apply to unrelated third parties. 151 Form ADV also serves as a reporting form for exempt reporting advisers. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00034 Fmt 4701 Sfmt 4702 investment companies, and others to make and keep books and records. The recordkeeping requirements are a key part of the Commission’s regulatory program for advisers and funds, as they allow us to monitor adviser and fund operations, and to evaluate their compliance with the Federal securities laws. Existing Rule 204–2, which would be amended by the proposal, currently provides certain requirements for books and records to be maintained by investment advisers while various rules under the Investment Company Act of 1940, as amended, provide similar requirements for specified records to be maintained by registered investment companies.152 To the extent certain advisers have clients that are registered investment companies, those advisers may be subject to relevant recordkeeping obligations under the 1940 Act. For example, if the board of directors of a registered investment company has designated performance of fair value determinations to the adviser under rule 2a–5 of the 1940 Act, the adviser is obligated to maintain the records required by the related recordkeeping provision.153 Rule 204–2 details the types of required records as well as the manner, location and duration of records to be maintained by registered investment advisers. For example, rule 204–2(g) permits investment advisers to use electronic storage media for records required to be maintained under Rule 204–2. However, the rule does not prescribe specific requirements for when an adviser outsources one or more of the required recordkeeping functions to a third party. Commission staff has addressed thirdparty recordkeeping in two staff letters, which include certain similar components to the proposed amendments to rule 204–2.154 Although it is not required by rule, advisers who presently outsource covered functions may already make and keep relevant books and records with respect to their oversight of service providers.155 Fifth, Regulation S–P: Privacy of Consumer Financial Information (‘‘Regulation S–P’’ or ‘‘Reg S–P’’) provides requirements to adopt written policies and procedures reasonably designed to: (i) insure the security and confidentiality of customer records and information; (ii) protect against any 152 See infra section V.E.; see, e.g., 17 CFR 270.31a–1, 17 CFR 270.31a–2, 17 CFR 270.31a–3, 17 CFR 270.31a–4. 153 See 17 CFR 270.2a–5; 17 CFR 270.31a–4. 154 See OMGEO NAL, supra footnote 25, at n.3 (citing First Call and National Regulatory Services, SEC Staff No-Action Letter (Dec. 2, 1992)); First Call NAL, supra footnote 25. 155 See infra section V.A.2. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules anticipated threats or hazards to the security or integrity of customer records and information; and (iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.156 All registered investment advisers who are financial institutions or creditors with covered accounts are also subject to Regulation S–ID: Identity Theft Red Flags (‘‘Regulation S–ID’’ or ‘‘Reg. S– ID’’), under which they are required to develop and implement a written identity theft program that includes policies and procedures to identify relevant types of identity theft red flags, detect the occurrence of those red flags, and to respond appropriately to the detected red flags.157 Sixth, some advisers may be subject to additional regulatory regimes that implicate customer information safeguards. For example, advisers to private funds may be subject to the Federal Trade Commission’s Standards for Safeguarding Customer Information (‘‘FTC Safeguards Rule’’) that contains a number of modifications to the existing rule with respect to data security requirements to protect customer financial information.158 Additionally, advisers that are affiliated with banks may be indirectly subject to safeguarding standards that include a requirement for a data breach response plan or program.159 Advisers who anticipate needing to comply with these privacy regulations may already conduct any or all of the proposed required obligations with respect to service providers who are responsible for customer information. Lastly, registered investment advisers are subject to a variety of disclosure requirements that they must make to their investors, including certain disclosures vis-a`-vis the registration forms of the funds they advise. For instance, open end funds register using Form N–1A, and closed end funds 156 See 17 CFR 248.30. CFR 248.201(d)(2); 17 CFR pt. 248, subpt. C, app. A. See also infra section V.E. 158 16 CFR pt. 314; see also 86 FR 70308 (Dec. 9, 2021) (Jan. 10, 2022, effective date; Dec. 9, 2022, applicability date for certain provisions). 159 See 70 FR at 15752, available at https:// www.federalregister.gov/d/05-5980. Specifically, The Banking Agencies’ Incident Response Guidance provides, among other things, that when an institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to determine promptly the likelihood that the information has been or will be misused. If the institution determines that misuse of the information has occurred or is reasonably possible, it should notify affected customers as soon as possible. khammond on DSKJM1Z7X2PROD with PROPOSALS2 157 17 VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 register using Form N–2.160 A fund’s registration form includes information related to its basic operating structure, including its advisers and some of its service providers. However, there are no particularized requirements for these fund registration documents to discuss fund outsourcing, due diligence, or monitoring practices. C. Broad Economic Considerations As discussed above, investment adviser clients and investors rely on the delegated asset management industry, which includes investment advisers registered or required to be registered with the Commission, for a wide variety of wealth management and financial planning functions to their advisers, including tax, retirement, estate, education, and insurance services.161 These services are critical for investors to plan for the future and diversify their investment risks. Investment advisers are responsible, under existing regulatory regimes,162 for a wide variety of functions in order to provide these advisory services. Over time, investment advisers have in turn outsourced certain functions that are necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws as a response to competitive pressures, growing demand for advisory services, and increasingly complex client demands.163 Without a minimum and consistent framework for identifying, mitigating, and managing risks to clients, outsourcing can lead to client harm through the channels described above, such as clients being misled, their adviser making investment decisions based on incorrect data, having sensitive information misappropriated, potential or actual conflicts of interest, or failures to provide records for regulatory oversight.164 While many advisers may be aware of the risks and account for them appropriately when deciding whether and how to engage or continue to use service providers, our staff has observed that not all advisers provide a sufficient level of oversight with respect to their service providers, despite the existing fiduciary duty and other legal obligations applicable to advisers.165 This is because, while advisers and funds face relevant competitive market 160 See Form N–1A, available at https:// www.sec.gov/about/forms/formn-1a.pdf; see Form N–2, available at https://www.sec.gov/files/formn2.pdf. 161 See supra section I.A. 162 See supra section I.A, III.B.3. 163 See supra section I.A, III.B.2. 164 See supra section III.B.2. 165 See supra section I.A, III.B.3. PO 00000 Frm 00035 Fmt 4701 Sfmt 4702 68849 forces and therefore have private reputational incentives to maintain some level of oversight of service providers,166 market failures can lead their chosen levels of oversight to be sub-optimally low, both from the perspective of what each individual adviser’s clients and investors would prefer, and from the perspective of optimal levels of oversight for broader or systemic operational risks. These market failures provide the economic rationale for the proposed rule because they indicate that, without Commission action, clients and advisers have limited abilities and incentives to implement effective reforms, such as those in the proposed rules, for several reasons. First, there are a number of practical issues investment advisers and their clients and investors may face in coming to agreement on, measuring, and accounting for risks due to outsourcing. Second, the client’s inability to observe an adviser’s effort in oversight of service providers gives rise to principal-agent and moral hazard problems that can contribute to an adviser exerting too little effort on oversight of its service providers. These problems are exacerbated by instances in which the adviser has limited visibility into a service provider’s operations. Lastly, in addition to the effects from moral hazard and principal-agent problems, advisers’ individual incentives to exert effort into oversight are likely to be lower than optimal where operational failures at service providers can carry broader or systemic risks. This is because individual advisers do not have incentives to consider the benefits that their oversight may provide to the investment advisory industry as a whole, including (and in particular) competing advisers. These difficulties are consistent with the outcomes discussed above, in which the Commission has observed operational failures by service providers affecting advisers’ abilities to deliver services to their clients, despite existing fiduciary duty and other regulations,167 and we next discuss each of these difficulties in turn. With respect to the practical issues that currently may limit the ability or incentive of clients and advisers to adequately address the risks of outsourcing: First, because of the substantial variety and complexity of functions offered by service providers (such as client servicing, investment risk management, pricing, and reconciliation, among others), advisers and their clients may face difficulty in 166 See 167 See E:\FR\FM\16NOP2.SGM supra section III.B.2. supra section I.A. 16NOP2 68850 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 coming to agreement on and developing a common, consistent set of expected practices. These difficulties may be particularly pronounced in the case of covered functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience.168 Second, even if clients and advisers agree on the adviser’s obligations, clients may face risks from rare but catastrophic operational events that are inherently difficult to predict, and thus difficult to account for when negotiating the terms of advisory services.169 While some degree of operational risk is inevitable, we believe that the proposed rule may help lower these risks through its due diligence and monitoring requirements. Additionally, principal-agent problems, moral hazard problems, and related conflicts of interest in the relationships between clients, advisers, and service providers may limit incentives for private reform and the ability of these market participants to implement reform. The investment adviser relationship is subject to agency problems, including those resulting from conflicts, to the extent clients (the principals) and investment advisers (the agents) have different preferences and goals. Investment advisers may take actions that increase their well-being at the expense of clients, thereby imposing agency costs on their clients.170 Moreover, because an adviser’s oversight of a service provider cannot be observed (and thus cannot be contracted for by the clients or investors), there is a moral hazard problem that may make it difficult for clients and investors to induce advisers to supply the proper amounts of oversight.171 Advisers may 168 For example, for an adviser who lacks experience in algorithmic-based trading but has retained an algorithmic trading firm and outsourced certain trading activity to that firm, clients and investors may benefit substantially from new requirements for risk analysis and due diligence on the part of the adviser. While the adviser would not need to fully understand the technical intricacies of the algorithmic trading service, it generally would need to have a reasonable understanding of the service and its associated risks, and be able to conclude that it can mitigate and manage those risks. See supra section II.B for more discussion. 169 See supra section III.B.2. While clients and advisers could price these risks into their contracts for advisory services through premiums for insurance coverage for operational failures, this would require clients and advisers to agree on the scope of coverage required. 170 See Standard of Conduct Release, at 31–32, supra footnote 21. An adviser’s fiduciary duty can mitigate these agency problems and reduce agency costs by deterring investment advisers from taking actions that expose them to legal liability. 171 See supra section III.B.2, see also, e.g., Bengt Holmstrom, Moral Hazard and Observability, 10 Bell J. of Econ. 1 (1979). (‘‘It has long been recognized that a problem of moral hazard may VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 therefore be able to avoid implementing reforms of service provider oversight practices. It may also be likely for service providers to avoid reforms, because minimal oversight on the part of the adviser may open opportunities for service providers to pursue cost savings that increase operational risks, or opportunities for other conflicts of interest that could benefit the service provider or adviser at the client’s expense.172 These principal-agent problems, moral hazard problems, and conflicts of interest may therefore be particularly strong in the context of conducting due diligence and monitoring of service providers, because clients have even less visibility into service provider functions than they do adviser functions.173 Lastly, because operational failures at service providers can carry broader or systemic risks, advisers’ individual incentives to exert effort into oversight are likely to be lower than optimal from a societal standpoint. For instance, when a function is provided to many advisers by a small number of service providers,174 each adviser may not take into account the broader, systemic operational risk associated with that service provider’s failure when determining the level of oversight that they individually, or privately, find optimal.175 For example, an investment adviser may not take into account the benefits that its own oversight of a service provider creates for its competitors. Moreover, to the extent that broader or systemic operational failures reduce client confidence in markets, there may be even greater differences in each adviser’s privately optimal level of oversight and the optimal level of oversight from a societal standpoint. This is because an operational failure at a service provider for one adviser may reduce client confidence in other advisers, and arise when individuals engage in risk sharing under conditions such that their privately taken actions affect the probability distribution of the outcome . . . . The source of this moral hazard or incentive problem is an asymmetry of information among individuals that results because individual actions cannot be observed and hence contracted upon.’’); Bengt Holmstrom, Moral Hazard in Teams, 13 Bell J. of Econ. 2 (1982). (‘‘Moral hazard refers to the problem of inducing agents to supply proper amounts of productive inputs when their actions cannot be observed and contracted for directly.’’). 172 See supra section I.A. 173 See supra section III.B.2. 174 See supra section III.B.2. 175 See Andreu Mas-Colell, et. al., Microeconomic Theory (Oxford University Press)(1995), at Chapter 11, for a general discussion of externalities. Through the lens of the theory of externalities and public goods, we believe that due diligence is equivalent to a public good supplied at a suboptimal quantity, which may be improved by the current proposed rule. PO 00000 Frm 00036 Fmt 4701 Sfmt 4702 advisers may not account for the additional impact of their service provider’s operational failures on client trust in the investment advisory industry as a whole, including (and in particular) competing advisers. The proposed rules would therefore impose a set of minimum and consistent obligations on investment advisers registered or required to be registered with the Commission in the course of their outsourcing processes. These obligations are designed to address the risks and market failures described above in the context of outsourcing core advisory functions. These reforms are designed to promote a more comprehensive framework to address— and thereby reduce—risks to advisers and their clients that result from an adviser’s use of service providers. These reforms also are designed to give the Commission and advisers’ clients better information for oversight of advisers’ use of service providers. The scope of the proposed rule would be limited to investment advisers registered or required to be registered who have retained a service provider to perform a covered function. The proposed rule would restrict its scope to a covered function to provide sufficient oversight in those specific circumstances where the function or service is one that is necessary for the adviser to provide advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services. A service provider would be a person or entity that performs one or more covered functions and is not a supervised person as defined in the Act. Excluding supervised persons from the definition of a service provider allows advisers to avoid the costs of complying with the proposed rule in those circumstances where the service provider is subject to the supervision and control of the adviser and the requirements of the rule would be duplicative. Clients and investors would benefit from this minimum and consistent regulatory framework for identifying, mitigating, and managing risks associated with outsourced functions. They would benefit through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, improved confidence for clients and investors that advisers will be able to carry out their regulatory obligations, E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules and greater regulatory transparency and resulting effectiveness of the Commission’s client and investor protection efforts.176 Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience, such as algorithmic-based trading or use of predictive data analytics. The costs of the proposed rules would include the costs of meeting the minimum regulatory requirements of the rules, including the costs to advisers of updating, as appropriate, their compliance programs in response to the due diligence, monitoring, and record keeping requirements. For SECregistered investment advisers, the costs would also include the costs of updating their Form ADV filings to include the new required reporting. To the extent advisers currently outsource covered functions, the cost of outsourcing covered functions is typically borne by advisers—some or all of which, may be passed on to clients. Under the proposed rule, compliance costs would be borne by advisers that currently outsource covered functions or that may outsource covered functions in the future. For example, and as an initial matter, advisers would incur costs associated with determining if outsourced functions are subject to the requirements of the proposed rule. Those advisers, in turn, may attempt to pass costs on to their clients. The ability of advisers to pass compliance costs to their clients may depend on the willingness of clients to incur those additional costs. Further, service providers of covered functions would incur costs outside of their normal course of business as a result of adviser requests for information to comply with their due diligence and monitoring requirements of the proposed rule. These costs would likely lead to some service providers charging additional 176 See supra section I.A, III.B.2; see also infra section III.D.4. For example, the Commission staff have observed some advisers unable to provide timely responses to examination and enforcement requests because of outsourcing. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 fees to advisers, some or all of which may be passed on to advisers’ clients. We believe the costs of the proposed rules would be limited by several factors. First, some advisers may already meet certain portions of the obligations that would be required under the proposed rules in the course of complying with existing legal obligations,177 and their costs would only include the costs associated with obligations they do not already meet. Second, certain advisers may determine that the costs of completing a function themselves with equal efficiency and quality as their service provider are less than the costs of the service provider plus the regulatory oversight costs. For these advisers, the costs of the proposal would be no greater than the costs associated with transitioning to completing the function themselves, as this choice would place the covered function in the purview of a supervised person of the adviser, and therefore outside of the scope of the proposed rule. However, this mitigating factor may be less relevant for smaller advisers, who may be less able to perform their outsourced functions themselves with equal efficiency and quality as their service provider. Our discussion in section III.D below describes in more detail how each of the benefits and costs would result from each of the elements of the proposed rules. D. Benefits and Costs 1. Due Diligence The proposed rule would require advisers to conduct reasonable due diligence before engaging a provider.178 Through this due diligence, advisers would be required to: (i) identify the nature and scope of the covered function the service provider is to perform; (ii) identify and determine how it would mitigate and manage the potential risks to clients or to the investment adviser’s ability to perform its advisory services, resulting from engaging a service provider to perform a covered function and engaging that service provider to perform the covered function; (iii) determine that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner; (iv) determine whether the service provider has any subcontracting arrangements that would be material to the service provider’s performance of the covered function, and identifying and determining how 177 See 178 See PO 00000 supra section III.B.3. proposed rule 206(4)–11(a)(1). Frm 00037 Fmt 4701 Sfmt 4702 68851 the investment adviser will mitigate and manage potential risks to clients or to the investment adviser’s ability to perform its advisory services in light of any such subcontracting arrangement; (v) obtain reasonable assurance from the service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws; and (vi) obtain reasonable assurance from the service provider that it is able to, and will, provide a process for orderly termination of its performance of the covered function.179 a. Benefits A minimum and consistent due diligence framework would benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, and greater regulatory transparency and resulting effectiveness of the Commission’s client and investor protection efforts.180 Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience. Certain prongs of the proposed due diligence requirement of the rule would provide further individualized contributions to these benefits, to the extent that advisers do not already complete each of the proposed requirements in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties.181 First, because advisers must determine the nature and scope of any covered function that a service provider is to perform,182 advisers would be required to have a basic understanding of what the service provider will do and how they will do it. This preliminary step would enhance the effectiveness of any other component of an adviser’s due diligence process, including the 179 See supra section II.B. The benefits and costs of the required recordkeeping provisions associated with due diligence are discussed in section III.D.3. 180 See supra section III.C. 181 See supra sections III.B.2, III.C. 182 See supra section II.B.1. E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68852 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules proposed required framework, by ensuring that the adviser has taken basic steps to prepare to actively engage with the service provider to address issues as they arise. These benefits may be particularly pronounced in the case of new or experimental functions for which the adviser has limited expertise or experience. Additionally, analyzing the nature and scope of a covered function could allow for early implementation of safeguards in response to identified vulnerabilities, which could benefit clients by reducing the risk of harm arising from preventable performance shortfalls by service providers. For example, if an adviser seeks to outsource portfolio management activity, it may discover through its nature and scope analysis that its clients’ personally identifiable information may be exposed, or that the service provider would be subject to a conflict of interest with another adviser. The adviser could then either take steps to mitigate and manage these risks or choose to retain directly supervised persons to manage its advisers’ portfolios. Second, the proposed rule would require an adviser with an outsourced covered function to identify and determine how it would mitigate and manage the potential risks of outsourcing. This would include an analysis of the general risks of outsourcing a covered function, as well as the particular risks of the specific service provider selected by the adviser.183 Potential client harm caused by a service provider’s failure to perform (or a service provider performing negligently) the outsourced function could be significantly mitigated, or even avoided, if the adviser conducts appropriate risk analysis, mitigation, and management prior to outsourcing a function. Third, by requiring advisers to determine service providers have the competence, capacity, and resources necessary to provide the services they offer in a timely and effective manner, the proposed rule could benefit advisers’ clients through early identification of a variety of risks associated with the service provider’s business. Clients and investors would benefit, because outsourcing an investment adviser’s function to a service provider without the necessary competence, capacity, and resources to perform that function can undermine the adviser’s provision of services and mislead or otherwise harm clients. We believe that the lack of any of these elements in a service provider can 183 See supra section II.B.2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 hinder the ability of an adviser to outsource to that service provider and also remain consistent with the adviser’s fiduciary duty to its clients. For instance, an adviser may discover a service provider of a labor-intensive service has insufficient staff, or that a service provider lacks sufficient specialized systems or equipment to carry out a particular technical function. These conditions may be contrary to the client’s understanding of their agreement with the adviser, because the adviser is responsible for these operations even though the service is outsourced. In these cases, both the adviser and its clients would benefit from the opportunity to identify a more appropriate provider of the covered function in question, though these benefits may be mitigated to the extent that identifying such a provider is costly.184 Fourth, operational risks may be heightened in instances where a service provider uses many subcontractors or when a service provider switches subcontractors for arrangements that are material to the performance of the covered function. The proposed rule is designed to mitigate this heightened risk by including subcontracting arrangements in the scope of an adviser’s required due diligence and requiring the adviser to mitigate and manage potential risks in light of the subcontracting arrangements, provided the subcontracting arrangement is material to the service provider’s performance of the covered function. This additional layer of required due diligence can provide more oversight and visibility into the full set of functions managed by service providers. For example, this component of the proposed due diligence would provide greater oversight and visibility into an arrangement in which a service provider that provides trading platform services engages a subcontractor to write software code, test the software, or retrieve data for use on the trading platform.185 In turn, clients and investors may benefit from the opportunity to evaluate the risks presented by a service provider that might otherwise be hidden in the service provider’s set of subcontractors. Fifth, by requiring advisers to obtain reasonable assurance from their service 184 These circumstances may particularly arise in the context of affiliated service providers where a parent entity determines that an adviser must purchase services or otherwise consume services from the parent or from another affiliate. The adviser that is outsourcing, if permitted to do its own analysis, might have opted to use a different provider or not to outsource at all. 185 See supra section II.B.4. PO 00000 Frm 00038 Fmt 4701 Sfmt 4702 providers of coordination for purposes of the advisers’ compliance with the Federal securities laws, the proposed rule would likely improve confidence for clients and improve communications between advisers and service providers. When advisers set clear processes and ground rules with their service providers in order to remain compliant with the Federal securities laws, clients may have additional confidence that their advisers will be able to carry out their regulatory obligations. Additionally, obtaining such reasonable advance assurance from service providers may lead to more efficient and effective lines of communication between advisers and their service providers. This improved communication between advisers and service providers may be especially helpful to advisers to mitigate client harm in times of market stress and where a service provider is not be directly subject to the Federal securities laws and therefore is unaware of the potential impact of their services on the adviser’s compliance with those obligations. Sixth, the orderly termination requirement may have the benefit of mitigating the risk to clients that advisory services are abruptly disrupted due to an agreement between the client’s adviser and a service provider being terminated. It also may decrease the risk that an adviser will find itself unable to comply with the Federal securities laws in the event of such a disruption. By compelling advisers to prepare for an orderly termination, the rule may prevent heightened costs of staying compliant with the Federal securities laws or maintaining good business practices in a disorderly termination. Further, by potentially increasing the protection of confidential or sensitive information during or after termination, such as the return or destruction of documents or revocation of service provider access or privileges, the rule may give clients and investors more confidence in procuring advisory services from registered investment advisers. Finally, to the extent that the rule requires reasonable assurance of termination rights and processes, the rule may reduce costly legal disputes between these parties. For example, these risks may be heightened in the case where an adviser terminates a service provider covering valuation services, where the process of transitioning client accounts may result in those accounts falling out of compliance with valuation requirements. By compelling advisers to prepare for an orderly termination, the E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules rule would help to protect clients from inaccurate valuations of their assets, it would help to protect clients from misappropriation of confidential or sensitive information regarding their portfolio holdings, and it would help to ensure proper transfer and retention of records, among other protections.186 The magnitude of the benefits would depend on the extent of advisers’ current due diligence functions that they complete in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties.187 Advisers that currently engage service providers may already have the proposed processes or similar processes in place.188 To the extent advisers currently have processes in place that would be in compliance with the proposed rule, the client and investor protection benefit of the proposed due diligence processes would be diminished.189 b. Costs Similar to the benefits, the magnitude of the costs would depend on the extent of advisers’ current due diligence on their covered functions.190 However, most advisers would likely face certain minimum costs, as even an adviser who conducts little outsourcing or who already conducts substantial due diligence in accordance with their fiduciary duty would likely still undertake a careful review in order to confirm that they are in compliance with the rule.191 Service providers would also face increased costs as a result of these due diligence requirements, which may be partially or fully passed on to advisers. These would include costs to service providers who respond to requests from advisers for information or otherwise participate in the adviser’s due diligence, costs to service providers to update or reform their operations, as well as costs to negotiate or re-negotiate service arrangements. These khammond on DSKJM1Z7X2PROD with PROPOSALS2 186 See supra section II.B.6. 187 See supra sections III.B.2, III.C. 188 See supra section III.B.3. 189 With respect to the proposed compliance coordination requirements in particular, advisers that engage service providers today may already be taking steps to mitigate the risk that these arrangements do not impede an adviser’s ability to remain compliant with the Federal securities laws. The benefits of the proposed compliance coordination requirement would therefore be lessened the more advisers currently satisfy the proposed requirement. 190 See supra section III.B.3, III.C. 191 For example, an adviser who already conducts substantial due diligence would still need to review their due diligence processes to confirm that their processes constitute appropriate risk analysis, mitigation, and management. See supra section II.B.2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 requirements would involve senior business, legal and compliance personnel, external costs for counsel, and potential costs for hiring of additional personnel to help with these burdens. Any portion of the resulting costs that is not borne by service providers would ultimately be passed on to advisers,192 and may in turn be passed on to clients and investors. These costs are likely to be high initially, and decline over time as advisers develop their due diligence systems.193 However, ongoing costs of the proposed due diligence requirements would not decline to zero over time. Advisers would face ongoing annual due diligence costs, separate from their monitoring costs, when they change service providers, renegotiate contractual relationship with service providers, change which of their functions they outsource, or implement other such changes that require new due diligence. Advisers would also face certain costs anytime they consider implementing such changes to their business, even if they do not proceed with the change, because part of their necessary evaluation of the business decision would include evaluating the due diligence they would need to undertake. In addition, some advisers may choose to update their systems and internal processes and procedures for due diligence in order to better respond to this requirement. These updates may require the time and attention of business and operational personnel, which may detract from their regular functioning. Additionally, business and operational personnel may incur costs that arise from negotiating contractual safeguards with service providers in order to comply with due diligence requirements. The costs of those improvements would be an indirect cost of the rule, to the extent they would not occur otherwise, and they are likely to 192 The division of the service provider’s direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties. In certain cases, the service provider may accommodate adviser requests without charging additional fees or raising prices. This may particularly be the case for smaller service providers, who may have less bargaining power relative to their adviser customers. In other cases, the service provider may charge the full amount of their increased costs as a fee to the adviser. This may particularly be the case for smaller advisers, who may have less bargaining power relative to their service providers. 193 The costs estimated in this section are associated with actually conducting the proposed due diligence requirements, and are thus in addition to the PRA costs discussed below, which are limited to the collection of information costs of the proposed recordkeeping requirements associated with the proposed due diligence requirements. See infra section IV. PO 00000 Frm 00039 Fmt 4701 Sfmt 4702 68853 be higher initially than they would be on an ongoing basis. Finally, as noted in section III.C above, the collective costs of this proposal are unlikely to exceed the cost to the adviser of providing the covered function in-house, as this choice would place the covered function in the purview of a supervised person of the adviser, and therefore outside of the scope of the proposed rule.194 However, to the extent that an adviser responds to the proposed due diligence rules by providing a covered function in-house and does so less efficiently or at a lower quality than a service provider would, this loss of efficiency or quality would represent an additional burden of the proposed rule. Similarly, there may be cases where advisers currently have multiple service providers, but the due diligence costs would cause an adviser to reduce its reliance to only a single provider, even if it would result in less reliable or lower quality service to the adviser’s clients, because of the costs to properly diligence a provider. Any portion of these costs that is not borne by advisers would ultimately be passed on to clients and investors. Similar to the benefits, there would be individualized costs associated with certain prongs of the proposed due diligence requirements. First, because determining whether a function is a covered function at all requires an analysis of the facts and circumstances of the function,195 advisers generally may have to undertake legal and other expenses to evaluate which of their functions are covered functions and thus in the scope of the rule. This analysis may be particularly costly for certain functions for which it may require thorough investigation to evaluate whether the function is necessary for the adviser to provide investment advisory services, or for which it may require thorough investigation to evaluate whether there would be a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services if the function was not performed, or if performed negligently. Advisers may also face additional costs to the extent they conservatively evaluate their outsourced functions, and ultimately conduct the proposed required due diligence activities on functions that may not be covered 194 See supra section III.C. However, this mitigating factor may be less relevant for smaller advisers, who may be less able to perform their outsourced functions themselves with equal efficiency and quality as their service provider. 195 See supra section II.A.1. E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68854 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules functions.196 As such, any costs of the proposed rule to service providers may additionally be faced by certain service providers who would be outside the scope of the rule, to the extent that advisers retaining their services conservatively determine they should exercise additional due diligence on them. Second, for the purposes of the due diligence on nature and scope of covered functions, time and personnel costs may be necessary to obtain a sufficient understanding of the covered function to be outsourced. Fundamentally, an adviser may outsource a covered function if it is more efficient than devoting internal resources, or if the service provider can provide higher quality operations.197 To a lesser degree, the required nature and scope analysis may be costly, particularly when more complex or technical functions must be understood. This cost may present a necessary change in personnel duties whenever covered functions are considered for outsourcing, or as additional hiring of third-party experts to evaluate the processes of potential service providers if the adviser lacks the requisite experience to make an informed evaluation with available personnel. Similarly, service providers may incur costs associated with responding to requests for information from advisers, whether in the form of internal staff time, or costs of third parties providing independent assessments, and service providers may pass some or all these costs on to advisers, who may in turn pass on these costs to their clients and investors. Third, to the extent advisers’ current processes for service provider risk analysis, mitigation, and management differ from the proposal, there would be direct costs necessary to comply with the specific proposed requirements. Also, to the extent that they are not already doing so in a manner that would meet the proposed rule’s standards, advisers would incur costs to mitigate and manage any additional conflicts of interest created by outsourcing covered functions. The above costs would include demands on personnel time to verify that the depth and complexity of the analysis is consistent with the adviser’s assessment of risks associated with the function being outsourced. There are a variety of paths that advisers could take to complete these 196 The Commission requests comment on whether the proposed rule should explicitly list certain service providers or covered functions that the rule would apply to. See supra section II.A. 197 See supra section III.B.2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 requirements and meet these demands, and the costs would depend on the adviser’s chosen route. For example, an adviser also could establish a redundancy in the outsourced service or function, such as by arranging a secondary pricing provider to provide pricing services in the event a primary pricing service provider fails, and could be used to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider.198 Such redundancy would increase costs to clients and investors, or could deter some advisers from engaging such third parties (even when it might be beneficial to offer clients and investors access to those services). Fourth, to the extent advisers’ processes for lessening the risks associated with service providers’ competence, capacity, and resources differ from the proposal, there would be direct costs necessary to comply with the proposed requirements. The cost of complying with this new requirement would be limited to the additional costs necessary to bring current practice into compliance with the proposed rule. Because this analysis should be based on the facts and circumstances of the functions being outsourced, costs will likely vary across functions that are being outsourced, but there will also be specific costs required to analyze the facts and circumstances of each function being outsourced. For example, if outsourcing a function is determined to be high risk due to the complexity of the function, the adviser may want to focus on the experience and expertise of the service provider’s personnel. If the function is labor intensive, the adviser may consider whether the service provider has the necessary staffing to provide the function. The costs associated with these two circumstances are likely to be different. These requirements may also result in additional costs to service providers, to the extent they revise their practices in order to satisfy an adviser’s requests to ensure that the service provider has the competence, capacity, and resources necessary to perform the covered function in a timely and effective manner. Fifth, for large service providers, there may be many subcontractors that materially contribute to the service provider’s covered function. In such cases, it may be more burdensome for advisers to assess the potential risks each of these subcontracting arrangements may pose to the service provider’s provision of the covered function. Similar to the costs associated 198 See PO 00000 supra section III.B.2. Frm 00040 Fmt 4701 Sfmt 4702 with evaluating the nature and scope of covered functions, there may be extra costs to advisers in the case where it is ambiguous which subcontractors are material to the service provider’s ability to perform the covered function. Further, advisers may face difficulty in getting providers or subcontractors to cooperate with risk assessment efforts. Lastly, depending on the amount of non-advisory business a service provider has, there may be a risk that a service provider would discontinue business with advisers rather than cooperate with the adviser’s riskassessment efforts to conduct due diligence on sub-contractors. As a closely related matter, and in addition, cooperating with advisers’ assessment of subcontracting arrangements may impose additional time and effort costs on service providers. In particular, service providers may face costs associated with determining which of their own subcontractors’ services are material, meaning that nonperformance or negligent performance would be reasonably likely to cause a significant negative impact on the service provider’s ability to perform the covered function.199 These would include similar costs that advisers would face in determining which outsourced operations are covered functions, including extra costs to service providers where it is ambiguous which subcontractors’ services would be material to their ability to perform the covered function. Sixth, in the case of the compliance coordination requirement, direct involvement by business or operational personnel may be required to ensure that reasonable assurance of coordination for purposes of the adviser’s compliance with the Federal securities laws has been obtained from service providers. Similarly, service providers may face costs in providing this reasonable assurance to advisers, requiring time of senior business, legal, and compliance personnel, as well as external costs for counsel. We expect such costs to be potentially high initially, but decrease over time as advisers adopt more streamlined systems to obtain this reasonable compliance. However, there may be instances in which advisers encounter reluctance from service providers to commit to cooperating. For instance, large service providers with many nonadviser customers, such as general cloud computing service providers, may be unwilling to accommodate as-needed unscheduled due diligence or 199 See E:\FR\FM\16NOP2.SGM supra section II.B.4. 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 monitoring requests by individual customers. In such cases, these service providers may either not do business with advisers or assess additional fees (which may be passed on to clients) to help advisers comply with the Federal securities laws. Finally, it is possible that some service providers, who are not themselves regulated by the Commission, may provide certain assurances to the adviser of compliance with the Federal securities laws and then simply fail to deliver on those assurances, resulting in an adviser needing to implement an unexpected and sudden termination of the service provider or transfer of operations to a different service provider, which we expect would be costly to the adviser and its clients.200 Lastly, if service providers perceive the requirement to provide reasonable assurance that they can terminate their services in an orderly fashion to be too burdensome, or if they believe such assurance would not be reasonable, they may choose not to enter into agreements with registered advisers. In this case, advisers may be left with a limited selection of service providers, which may increase the costs or lower the overall quality of services. To the extent that additional costs outside of their normal course of business are required to provide such reasonable assurance to advisers, service providers would likely charge additional fees, some or all of which may be passed on to adviser’s clients. Finally, the costs imposed by the orderly termination requirement may provide an incentive for certain advisers to avoid discontinuing business relationships with inefficient or lowquality service providers.201 However, this outcome may be unlikely, as the continued monitoring requirements described above would require advisers to reasonably determine that it remains appropriate to outsource to the service provider.202 We estimate the direct costs to advisers associated with the proposed due diligence requirements, including legal expenses for an adviser to identify its covered functions and service 200 However, these costs would potentially be mitigated by the proposed rule’s requirement that advisers obtain reasonable assurance from the Service Provider is able to, and will, provide a process for orderly termination of its performance of the covered function. See supra section II.B.6. 201 Advisers may particularly avoid discontinuing business relationships with inefficient or lowquality service providers to the extent that the proposed rule would reduce the population of viable service providers, either by preventing service provider entry, causing certain service providers to exit because of their increased costs, or causing service provider fees to increase. See infra section III.E.2. 202 See supra section II.B.6. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 providers, legal expenses for review of contracts to determine the nature and scope of the services provided for those covered functions, time and personnel costs to obtain a sufficient understanding of the covered function to be outsourced, securing of various reasonable assurances from service providers (which could be provided through written agreements, correspondence, or other written documentation, or through oral negotiations), and additional legal costs to review subcontracting arrangements, among others. Because the nature and magnitude of these expenses are likely to vary across advisers and across covered functions, in particular because many advisers likely already satisfy many of the proposed requirements for due diligence processes as a result of competitive market forces and resulting reputational effects on individual advisers and in accordance with their fiduciary duty or other applicable law,203 we anticipate a range of possible costs of the rule. At minimum, we estimate that the proposed due diligence requirements would be completed by compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/ hour), senior operations managers ($400/hour), operations specialists ($150/hour), compliance clerks ($77/ hour), and general clerks ($68/hour).204 Certain advisers may need to hire additional personnel to meet these requirements. Advisers would face initial, one-time direct costs associated with coming into compliance with the proposed due diligence requirements, as well as ongoing annual direct costs associated with the due diligence requirements. As discussed throughout this section, the initial, one-time direct costs associated with coming into compliance with the proposed due diligence requirements are likely to be higher than the ongoing annual costs. For example, to the extent that advisers analyze the facts and circumstances analysis of each outsourced function, advisers may face 203 See supra section III.B.3. Commission’s estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association’s Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV. 204 The PO 00000 Frm 00041 Fmt 4701 Sfmt 4702 68855 substantial initial costs in determining their full set of covered functions.205 To estimate monetized costs to advisers, we multiply the hourly rates above by estimated hours per professional. We estimate that on average, advisers would require at a minimum 40 hours of time from each of the personnel identified above as an initial burden in coming into compliance with the proposed rule, assuming an average of 8 hours per covered function and five covered functions per adviser.206 As noted above, we believe it is likely that these minimum costs would be required even for an adviser who conducts little outsourcing or who already conducts substantial due diligence in accordance with their fiduciary duty, because such an adviser would likely still undertake a careful review in order to confirm that they are in compliance with the rule.207 For example, we believe the substantial majority of, if not all, advisers would elect to prepare some form of written agreement with their service providers as part of their means of complying with the proposed due diligence requirements. These minimum-cost assumptions indicate a one-time initial burden of 440 total labor hours and $132,320 per adviser, or a total one-time initial burden of 6,492,640 labor hours and $1.953 billion across all advisers. As noted above, certain due diligence costs would be ongoing, separate from monitoring costs. These include costs associated with the adviser changing service providers, renegotiating contractual relationship with service providers, changing which of their 205 See supra section II.A. certain of these categories of professionals, these hours may be imposed on two professionals of each, who would face one-time costs of 20 hours each. Other categories may require four professionals who would face one-time costs of ten hours each. For some, such as the Chief Compliance Officer, these hours would come/originate from one staff member. While there are no publicly available granular data on adviser outsourcing of operations that would be covered functions, this assumption is consistent with frequent outsourcing of custodial, administrative, prime brokerage, auditing, and recordkeeping services among RIAs. See supra section III.B.1; see also infra section IV. Service providers may also face direct costs, such as personnel costs for providing reasonable assurances to advisers, but for the purposes of estimating minimum costs to advisers, we assume that service provider costs are not passed on to advisers. Individual estimates correspond to the aggregated average cost per adviser, where the average is taken across all advisers. Some advisers, particularly the smallest advisers or those who do no outsourcing, are likely to face costs that are below this lower bound for the average cost across all advisers. 207 Also as noted above, an adviser who conducts substantial due diligence would still need to review its due diligence processes to confirm its processes constitute appropriate risk analysis, mitigation, and management. See supra section II.B.2. 206 For E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68856 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules functions they outsource, implementing other such changes that require new due diligence, or evaluating a need to implement any of these changes. We estimate that the ongoing annual burden of the due diligence requirement would be one-third the initial burden,208 resulting in minimum-cost ongoing annual burden of 146.67 labor hours and $44,106.67 per adviser and 2,164,213 labor hours and $650,837,973 across all advisers. However, many due diligence costs would be likely to be higher for certain advisers. Larger advisers, with more outsourcing of covered functions, may have greater costs. An adviser needing to revise its existing practices, needing to hire new personnel, choosing to switch service providers in response to the rule, and multiple other factors may cause costs to increase as well. The factors that may increase due diligence costs are difficult to quantify. For example, an adviser may implement a policy that prevents the adviser from retaining a service provider that primarily relies on subcontractors to perform the covered function, or implement a procedure to audit the service provider’s oversight of its subcontractors. These internal adviser policy limitations or audits may represent additional costs, such as increased prices for using service providers. Similarly, any audit procedure would entail audit fees or costs for new personnel. As another example, as noted above, certain advisers may elect to retain a secondary pricing provider to provide pricing services in the event a primary pricing service provider fails, and could be used to validate accuracy and identify potential anomalies in the data provided by the primary pricing provider, even though no such secondary pricing provider would be required by the proposed rules.209 While the potential sources of increased costs are difficult to quantify, we anticipate that very few advisers would face a burden that exceeds three times the above-described minimum burden. To the extent that the average adviser faces this upper bound of three times the minimum burden, this would indicate that a potential upper bound for due diligence costs would be initial costs of 1,320 hours and $396,960 per adviser and 19,477,920 hours and $5.858 billion across all advisers, and ongoing annual costs of 440 hours and $132,320 per adviser and 6,492,640 hours and $1.953 billion across all 208 See 209 See infra section IV. supra section II.B.2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 advisers.210 We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range of costs that could hold for different advisers.211 Additional direct costs would be generated by the impact of the proposed rules on service providers, distinct from those costs directly faced by advisers as a result of the proposed due diligence requirements. Some of these costs would result from responding to adviser requests for information, as noted in this section. These costs may include the time of service provider personnel required in communicating directly with the adviser, understanding the nature of the requests, and compiling the information to be provided. Larger service providers serving many advisers may benefit from economies of scale in responding to these informational requests, as similar information may be requested by multiple advisers. Additionally, there would be costs to service providers who elect to update or reform their operations due to increased adviser due diligence resulting from this rule.212 Similar to costs for information requests, larger service providers may be able to update or reform their operations with greater economies of scale than smaller service providers. We are unable to quantify these direct costs that would be incurred by service providers as a result of this rule, as the cost range would be too wide to be informative. In particular, the direct costs that would be incurred by service providers are subject to substantially greater uncertainty than the direct costs that would be incurred by advisers. This uncertainty is due to a number of factors, including variation in complexity of covered functions outsourced to service providers, the degree of market concentration across service provider markets (and hence the number of advisers a service provider may need to work with to comply with the rule), and variation in current service provider practices. The costs to any single service provider of meeting the burden for any single covered function for any single adviser may therefore have substantial variance. For example, if few service providers perform a particular covered function, those service providers may perform the same covered function for many advisers and hence benefit from 210 Individual estimates correspond to the aggregated average cost per adviser, where the average is taken across all advisers. Some advisers, particularly the largest advisers, are likely to face costs that substantially exceed this upper bound for the average cost across all advisers. 211 See infra section III.G. 212 See supra section III.D.1.a. PO 00000 Frm 00042 Fmt 4701 Sfmt 4702 economies of scale. By contrast, for service providers in less concentrated industries, the rule would potentially impose higher costs per service provider. The costs to service providers would also depend on the degree to which service providers are able to increase their prices and pass those costs on to advisers. We request comment on any data that could enable us to calculate the effect of the proposed rule on service providers.213 2. Monitoring The proposed rule would require the adviser, once a service provider has been engaged, to periodically monitor the service provider’s performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements of the proposed rule with such a frequency that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource the covered function to the service provider.214 The manner and frequency of an adviser’s monitoring would depend on the facts and circumstances applicable to the covered function, such as the materiality and criticality of the outsourced function to the ongoing business of the adviser and its clients. We discuss the benefits and costs of the proposed monitoring requirement of the rule below. a. Benefits Advisers’ clients rely on adviser monitoring of service providers for prevention and timely detection of potential harms resulting from operational risk and conflicts of interest, including ensuring their clients are continuing to receive advisory services. The enhanced client and investor protections resulting from the proposed periodic monitoring requirement would benefit clients to the extent that requiring such periodic monitoring mitigates operational risks and risks posed by conflicts of interest, or reduces the effect of negative outcomes, should they occur. For example, periodic monitoring of service providers’ performance would allow advisers to evaluate service providers’ performance over time, comparing current to past performance and more easily identifying any changes or trends in that performance, and taking remedial action where appropriate. As with the other 213 See infra section III.G. supra section II.C. The benefits and costs of the required recordkeeping provisions associated with monitoring are discussed in section III.D.3. 214 See E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules components of the proposed rules, the proposed monitoring rule would thereby benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, and greater regulatory transparency and resulting effectiveness of the Commission’s client and investor protection efforts. Clients and investors may additionally benefit from a reduction in operational risk as a result of service providers electing to update or reform their operations in response to adviser oversight. These benefits may vary across advisers and across covered functions. For example, benefits may be minimal for advisers who outsource very few covered functions. By contrast, and as mentioned above, benefits may be substantial for advisers who outsource functions that are of significance to investment performance but are new or experimental functions for which the adviser has limited expertise or experience. The magnitude of the benefit would depend on the extent to which advisers currently periodically monitor the service provider’s performance and reassess their due diligence in response to the competitive market forces they face, their reputational considerations, or their fiduciary duties.215 While advisers are not required to have specific processes in place today, as fiduciaries, and as a matter of business practice, advisers that engage service providers today should be monitoring those providers.216 To the extent advisers currently have such, or similar, processes in place, and to the extent those processes include all of the elements required by the rule, the client and investor protection benefit of the requirement would be lessened. However, this factor would not mitigate the broader benefits of clients and investors being able to consistently rely on the existence of a minimum and consistent framework for identifying, mitigating, and managing risks associated with outsourced functions. khammond on DSKJM1Z7X2PROD with PROPOSALS2 b. Costs Advisers’ current processes for monitoring service providers may differ from those specified by the proposed rule. The cost of complying with this new requirement would be limited to the additional costs necessary to comply with the more specific requirements of 215 See 216 See supra sections III.B.2, III.C. supra section III.B.3. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 the proposed rule.217 These costs would include demands on personnel time to verify that an adviser’s monitoring of service providers is in compliance with the proposed rule. As with due diligence requirements, periodic monitoring would also impose distinct costs on service providers associated with service provider time and cooperation with adviser requests for information, costs to update or reform their operations in response to adviser oversight, and costs to negotiate or renegotiate service arrangements. Any portion of the resulting costs that is not borne by service providers would ultimately be passed on to advisers.218 Likewise, any portion of adviser costs that is not borne by advisers would ultimately be passed on to clients and investors. Similar to the benefits, the costs associated with implementing this requirement are likely to vary depending on advisers’ and service providers’ current practices, as advisers may already engage in monitoring in response to relevant competitive market forces and resulting reputational effects on individual advisers. In addition, some advisers may choose to update their systems and internal processes and procedures for tracking their monitoring of service providers in order to better respond to this requirement, and some service providers may choose to update their systems and internal processes and procedures for responding to advisers’ monitoring requests. These updates may require the time and attention of business and operational personnel, which may detract from their regular functioning. However, they are also likely to vary their monitoring based on the particular service provided. For instance, for information technology services, the implementation of automated scans or reviews of service provider data feeds, could require more significant costs upfront to the adviser with minimal maintenance costs. Additionally, business and operational personnel may incur costs that arise from negotiating contractual safeguards with service providers in order to comply with this due diligence requirement. The costs of those improvements would be an indirect cost 217 The costs estimated in this section are associated with actually conducting the proposed monitoring requirements, and are thus in addition to the PRA costs discussed below, which are limited to the collection of information costs of the proposed recordkeeping requirements associated with the proposed monitoring requirements. See infra section IV. 218 The division of the service provider’s direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties. See supra section III.D.1.b. PO 00000 Frm 00043 Fmt 4701 Sfmt 4702 68857 of the rule, to the extent they would not occur otherwise, and they may be higher initially than they would be on an ongoing basis. Other costs such as those associated with periodic meetings and ongoing monitoring are more likely to persist, instead of consisting of upfront costs that decline over time. For instance, some functions may require periodic onsite visits, and advisers may specify contractual obligations to approve new systems prior to implementation.219 Similar to due diligence requirements, to the extent that an adviser responds to the proposed monitoring rules by providing a covered function in-house and does so less efficiently or at a lower quality than a service provider would, this loss of efficiency or quality would represent an additional cost of the proposed rule.220 Similarly, there may be cases where advisers currently have multiple service providers, but the monitoring costs would cause an adviser to reduce its reliance to only a single provider, even if it would result in less reliable or lower quality service to the adviser’s clients, because of the costs to properly monitor a provider. Advisers may also face additional costs to the extent they spend money and staff time on evaluating as well as enhancing their due diligence and monitoring for a broader range of their outsourced functions than they ultimately determine to be covered functions.221 Because the direct costs associated with the proposed monitoring requirements primarily constitute periodically monitoring the service provider’s performance of the covered function and reassessing the due diligence requirements of the proposed rule, we anticipate that the costs of the monitoring requirements would be closely related to the costs of the due diligence requirements. In particular, we anticipate that the proposed monitoring requirements would require the same staff as the due diligence requirements: compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/hour), senior operations managers ($400/hour), 219 See supra section II.C. noted above, smaller advisers may be less able than larger advisers to provide a covered function in-house as efficiently and with equal quality as a service provider. See supra section III.C. 221 The Commission requests comment on whether the proposed rule should explicitly list certain service providers or covered functions that the rule applied to. See supra section II.A. 220 As E:\FR\FM\16NOP2.SGM 16NOP2 68858 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules operations specialists ($150/hour), compliance clerks ($77/hour), and general clerks ($68/hour).222 As for the number of hours required for these personnel, we estimate that a typical adviser would face one third of its due diligence costs as additional monitoring costs. This indicates a lower bound for initial costs of 146.67 hours and $44,106.67 per adviser and 2,164,213 hours and $650,837,973 across all advisers, and a lower bound for ongoing annual costs of 48.89 hours and $14,702.22 per adviser and 721,404 hours and $216,945,991 across all advisers. This also indicates an upper bound for initial costs of 440 hours and $132,320 per adviser and 6,492,640 hours and $1.953 billion across all advisers, and an upper bound for ongoing annual costs of 146.67 hours and $44,106.67 per adviser and 2,164,213 hours and $650,837,973 across all advisers. We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range of costs that could hold for different advisers.223 As with the proposed due diligence requirements, we are unable to quantify the costs that would be incurred by service providers as a result of this rule, as the cost range would be too wide to be informative.224 3. Recordkeeping We are proposing to revise the Advisers Act books and records rule in connection with the scope, due diligence, and monitoring provisions of the proposed rule, as well as provide four more general new requirements for outsourced recordkeeping.225 khammond on DSKJM1Z7X2PROD with PROPOSALS2 a. Benefits The proposed recordkeeping requirements would benefit clients and investors by enabling an examiner to verify more easily that an adviser is in compliance with the proposed rule and to facilitate the more timely detection and remediation of non-compliance.226 222 The Commission’s estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association’s Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV. Certain advisers may need to hire additional personnel to meet these requirements. 223 See infra section III.G. 224 See supra section III.D.1.b. 225 See supra sections II.A.3, II.B.7, I.A.1, and II.E. 226 Rule 206(4)–7 would already require advisers to adopt and implement written policies and procedures reasonably designed to prevent and detect violations of the proposed due diligence and monitoring requirements if adopted. However, rule VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 More generally, the recordkeeping requirements would enhance the transparency of outsourced services and enhance the Commission’s oversight capabilities. Enhancing the Commission’s oversight capabilities could benefit clients and investors through reduced risks of operational failures including broad or systemic operational failures, reduced risk of fraud associated with outsourced functions, reduced risks from potential or actual conflicts of interest, and greater regulatory transparency and resulting effectiveness of the Commission’s client and investor protection efforts. For example, the required recordkeeping would assist with outreach, examination, or investigation into cases where a service provider who is providing trade execution is not adhering to policies and procedures concerning best execution.227 The proposed requirements for outsourced recordkeeping would further benefit clients and investors by mitigating the risk of loss, alteration or destruction of all records maintained by a third-party service provider, as well as ensuring access to these records for investment advisers and their clients and investors. While many investment advisers may already have service provider agreements or other arrangements that contain these standards as part of their policies and procedures or best practices to mitigate or manage risks the investment advisers identified when performing due diligence, we believe that clients and investors would benefit from a minimum and consistent framework for third-party recordkeeping that applies to all service providers to mitigate the risk of loss, alteration or destruction of records. b. Costs The proposed recordkeeping requirements would impose costs on advisers related to creating and maintaining the required records. The quantifiable costs include those that can be attributed to senior business analysts, attorneys, and compliance professionals who would review and familiarize themselves with requirements as specified in the proposed rules. In particular, advisers would be required 206(4)–7 does not enumerate specific elements that advisers would need to include in their written policies and procedures, as the proposed recordkeeping requirements would. See supra section I.A, III.B.3; see also infra section V.D. The Commission staff have observed some advisers currently unable to provide timely responses to examination and enforcement requests because of outsourcing. See supra section I.A. 227 See supra section II.E. PO 00000 Frm 00044 Fmt 4701 Sfmt 4702 to make and retain a list of covered functions and contributing factors, document their due diligence efforts, retain any written agreements with service providers, and document periodic monitoring of retained service providers. Pursuant to the Paperwork Reduction Act analysis, we anticipate across all 14,756 RIAs an initial cumulative burden of 206,584 hours with an initial cumulative cost of $60,477,466 associated with this recordkeeping requirement.228 We anticipate on an ongoing annual basis across all 14,756 RIAs a cumulative burden of 2,985,903 internal annual hours with a cumulative annual cost of $237,527,702.229 These quantified estimates are solely for the time, effort, and financial resources expended to generate, maintain, retain, or disclose or provide information to or for the adviser or Commission. These estimates are in addition to the direct costs, discussed above, that would be imposed by the proposed requirements for actually conducting additional due diligence and monitoring.230 Additionally, the proposed rules include third-party recordkeeping requirements, which would impose further costs on advisers. An adviser that outsources either the storage, retention, or creation of records to a third party would need to obtain reasonable assurances that the third party would be able to meet the standards discussed above.231 These required standards would impose direct costs on advisers to the extent that they choose to outsource some or all recordkeeping to third-party providers. In particular, advisers may require time and effort of operational personnel to negotiate arrangements with third-party recordkeeping service providers to seek to ensure the standards enacted by this rule are met. Additionally, third-party providers of recordkeeping services would face costs associated with bringing their systems into compliance to the extent that they differ from the proposed third-party recordkeeping requirements. Because the direct costs associated with the proposed third-party recordkeeping requirements primarily constitute activities with similar 228 This burden corresponds to 88,536 hours with an initial cumulative cost of $25,918,914 for collection of information costs associated with making and retaining a list of outsourced covered functions and factors, plus 118,048 hours with an initial cumulative cost of $34,558,552 for collection of information costs associated with making and retaining records documenting the monitoring assessment. See infra section IV.B. 229 See infra section IV.B. 230 See supra section III.D.1.b, III.D.2.b. 231 See supra section II.E. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 principles as the proposed due diligence requirements, we anticipate that the costs of the third party recordkeeping requirements would be closely related to the costs of the due diligence requirements.232 In particular, we anticipate that the proposed monitoring requirements would require the same staff as the due diligence requirements: compliance managers ($339/hour), a chief compliance officer ($580/hour), attorneys ($455/hour), assistant general counsel ($510/hour), junior business analysts ($191/hour), senior business analysts ($300/hour), paralegals ($199/ hour), senior operations managers ($400/hour), operations specialists ($150/hour), compliance clerks ($77/ hour), and general clerks ($68/hour).233 As for the number of hours required for these personnel, we estimate that a typical adviser would face one fifth of its due diligence costs as additional third-party recordkeeping costs, as the estimated due diligence costs rely on an estimate of an adviser outsourcing five covered functions, and the burden of the third party recordkeeping requirements are approximately consistent with the due diligence burden on any other individual covered function.234 This indicates a lower bound for initial costs of 88 hours and $26,464 per adviser and 1,298,528 hours and $390,502,784 across all advisers, and a lower bound for ongoing annual costs of 29 hours and $8,821 per adviser and 432,843 hours and $130,167,595 across all advisers. This also indicates an upper bound for initial costs of 264 hours and $79,392 per adviser and 3,895,584 hours and $1.172 billion across all advisers, and an upper bound for ongoing annual costs of 88 hours and $26,464 per adviser and 1,298,528 hours and $390,502,784 across all advisers. We request comment on all aspects of this quantification, including the minimum estimated burden represented here and any range 232 There may be differences in the costs of recordkeeping as compared to due diligence, which would cause costs of recordkeeping to be higher than those estimated here. For example, the costs of implementing the proposed requirements as separate from the costs of obtaining reasonable assurances from recordkeeping requirements could require additional processes and personnel than those discussed here, and would result in greater costs. 233 The Commission’s estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association’s Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. See infra section IV. Certain advisers may need to hire additional personnel to meet these requirements. 234 See infra section IV.B. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 of costs that could hold for different advisers.235 As with the proposed due diligence requirements, we are unable to quantify the costs that would be incurred by service providers as a result of this proposed rule, as the cost range would be too wide to be informative.236 Any portion of the proposed required recordkeeping costs that is not borne by advisers would ultimately be passed on to clients and investors. 4. Form ADV We are proposing to amend Form ADV to require advisers to identify their service providers that perform covered functions as defined in proposed rule 206(4)–11, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, we would also require specific information that would clarify the services or functions they provide.237 Because Form ADV Part 1A is submitted in a structured, XML-based data language specific to that Form, the proposed information in proposed new Item 7.C would be structured (i.e., machinereadable). We discuss the benefits and costs of the proposed Form ADV requirements of the rule below. a. Benefits The proposed Form ADV requirements would provide direct and indirect benefits to clients. Form ADV disclosure would benefit clients of advisers directly by making it less costly to gather information necessary for investors and other clients to conduct more comprehensive due diligence when deciding to hire or retain advisers, to the extent that their choice of adviser is impacted by outsourcing of covered functions to service providers as defined in proposed rule 206(4)–11. Investors in fund clients (such as private funds) would similarly benefit, to the extent they obtain Form ADV information. Form ADV Part 1A is submitted using a structured data language (specifically, an XML-based data language specific to Form ADV), so the information in the new Item 7.C of Part 1A would be structured (i.e., machine readable). Also, clients of advisers would be able to identify quickly and consider any implications of an adviser’s use of a service provider or the outsourcing of any service or function. For example, clients that use multiple advisers for 235 See infra section III.G. supra section III.D.1.b. 237 See proposed Form ADV, Part 1A, Item 7.C., and Section 7.C. of Schedule D. 236 See PO 00000 Frm 00045 Fmt 4701 Sfmt 4702 68859 purposes of total return risk diversification could identify whether that diversification was lessened by all or many of their advisers relying on a single service provider, to the extent that their returns would be harmed by multiple advisers facing operational failures.238 We also expect the use of this information may help clients of advisers protect themselves against losses resulting from a service provider failure or service provider fraud. For example, if a client experienced a system failure relating to a service provider, and the adviser has identified that provider as a service provider defined in rule 206(4)–11 and reported that provider in Form ADV, the client could determine more easily and quickly whether its adviser uses that service provider for a covered function and take remedial action such as contacting the adviser to understand how the adviser is managing the issue or choosing to move to a new adviser. The proposed Form ADV requirements would also provide a benefit by facilitating the Commission in its oversight role. The disclosures would allow the Commission to understand better the investment advisory industry as well as enhance the ability of the Commission to evaluate and form regulatory policies and improve the efficiency and effectiveness of the Commission’s oversight of markets for client and investor protection. For example, for service providers that advisers identify as service providers defined in rule 206(4)–11 on Form ADV, the information in the required Form ADV disclosures would provide the Commission with a better understanding of the material services and functions that advisers outsource to service providers, and would enhance our assessment of advisers’ reliance on service providers for purposes of targeting our examinations. Also, the information would help the Commission identify advisers’ use of particular service providers that advisers have identified that may pose a risk to clients and investors. Additionally, the disclosures would improve our ability to assess service provider conflicts and potential risks when identifying firms for examination. Finally, the ability to identify readily other advisers using such a service provider would allow the Commission to assess quickly and react to the 238 As discussed in section III.C, when multiple regulated entities use a common service provider, operational risk could become concentrated. The proposed Form ADV requirements would make it less costly for clients to gather information necessary to mitigate concentrated operational risk. E:\FR\FM\16NOP2.SGM 16NOP2 68860 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules potential harm to advisory clients.239 The proposed rules would thereby benefit clients and investors through the Commission’s increased visibility into operational failures, greater regulatory transparency, and resulting effectiveness of the Commission’s client and investor protection efforts. khammond on DSKJM1Z7X2PROD with PROPOSALS2 b. Costs The Form ADV requirements would require the disclosure of certain information that is not currently required in the Form. Costs would likely vary across advisers, depending on the nature of an adviser’s business and its business model. For example, advisers that do not outsource functions or that outsource fewer functions would have fewer reporting requirements than advisers that outsource a large number of functions, to the extent that these functions would qualify as covered functions under the proposed rule. We believe, however, that much of the information we propose requiring would be readily available because we understand that it is information used by advisers in conducting their business.240 Lastly, the requirement that information in Item 7.C of Part 1A of Form ADV be provided in a custom XML-based data language is unlikely, by itself, to impose costs on advisers because the XML-based data language is not new and applies to existing Form ADV Part 1A disclosures. The additional burden on advisers due to proposed modifications to Form ADV would take the form of initial internal costs, annual internal costs, and external costs. We estimate that the proposed modifications would impose 1.5 additional hours of initial internal costs and 0.7 additional hours of annual internal costs per adviser. The total internal burden is anticipated to be $9,706,497 across all RIAs.241 239 As discussed in section III.B.2, if a large number of investment advisers used a common service provider, operational risks could be correspondingly concentrated. Increased concentration of operational risk could, lead to an increased risk of broader market effects during times of market instability. The ability to identify readily the advisers using such a service provider might allow the Commission to respond more quickly to such broader market effects. 240 To the extent that the proposed rule would require information not currently contained in adviser accounting or financial reporting systems to be reported, advisers may bear one-time costs to update systems to adhere to the new filing requirements. 241 See infra section IV. Calculated as 2.2 internal hours per adviser × 14,756 advisers at a blended hourly rate of $299.50. The total revised internal cost per adviser of $13,094.14 incorporates the increase in required hours and an inflation adjustment to the blended hourly rate, and the calculation here captures only the increase in required hours. Additionally, this aggregate cost VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 Additionally, initial external costs are anticipated for a subset of RIAs. We anticipate this additional external cost would be $7,794,857 across all RIAs.242 In total, the proposed modifications are expected to impose an additional burden of $17,517,585 across all RIAs. We anticipate that these information collection costs are likely to be the same initially as they are on an ongoing basis. Any portion of these costs that is not borne by advisers would ultimately be passed on to clients and investors. provider. For example, such a loss of efficiency could occur for any functions that experience economies of scale, and which may be currently provided by a single service provider for a large number of advisers, to the extent those advisers would perform the function inhouse in response to the proposed rules. As noted above, smaller advisers may be less able than larger advisers to provide a covered function in-house as efficiently and with equal quality as a service provider.243 E. Effects on Efficiency, Competition, and Capital Formation 2. Competition The proposed rules may lead clients to make better-informed decisions when selecting an adviser by increasing information about advisers outsourcing that clients would be able to access on Form ADV.244 As a result, competition among advisers could increase. An increase in competition could, presumably, manifest itself in terms of better service, better pricing, or some combination of the two, for clients, to the extent that clients and investors access and use the additional Form ADV information generated by advisers as a result of this proposed rule. Alternatively, the proposed rule could have the opposite effect on competition. As an initial matter, the proposed rule would create new costs of providing advisory services, which could disproportionately impact small or newly emerging advisers who may be less able to absorb or pass on these new costs. New costs, especially fixed costs, could also disproportionately impact small or newly emerging advisers. To the extent these costs discourage entry of new advisers or cause certain advisers to exit the market, competition would be harmed. It is also possible that the costs borne by advisers may be large enough to cause some advisers to stop outsourcing some or all of their covered functions.245 If advisers were to stop outsourcing some or all of their covered functions, clients could experience a decrease in the quality of advisers’ services. Alternatively, if advisers were to try to pass on the costs, or some component thereof, to clients, these 1. Efficiency The proposed rules may affect the efficiency with which clients’ and investors’ capital is allocated in two ways. First, the proposed rule would result in an increase in information about advisers outsourcing that clients would be able to access on Form ADV. To the extent that clients access this information and rely on it, that increased information could permit clients to make better informed decisions about allocating their capital. For example, clients may choose to diversify investments across multiple advisers who engage different service providers to perform certain covered functions, such as advisers who rely on different index providers or model providers, or advisers who rely on service providers offering different predictive data analytics methods. Therefore, to the extent that clients and investors access and make use of the additional Form ADV information generated by advisers as a result of this proposed rule, we would expect a more efficient allocation of client and investor capital among advisers. Second, and alternatively, if some advisers were to elect to perform certain covered functions in-house to avoid the compliance costs associated with outsourcing the covered functions, or if the service provider terminates the relationship as a result of its own increased costs and the adviser cannot identify a suitable replacement, the function may be performed less efficiently as compared to the service 243 See supra section III.C. supra section III.E.1. 245 See supra section III.E.1. If there are fixed costs associated with the proposed regulations, then smaller advisers would generally tend to bear a greater cost, relative to adviser size, than larger advisers. If there are material fixed costs associated with the proposed rule, then we would expect the possible negative effect on competition to be greater for smaller advisers who engage service providers because the proposed regulations would tend to increase their costs more (relative to adviser size) than for larger advisers that engage service providers. 244 See reflects only the current investment advisory industry size, and does not incorporate the expected net addition of 552 RIAs per year. 242 See infra section IV. Calculated as 1 hour of external legal services × 0.25 × 14,756 advisers × $531 per hour + 1 hour of external compliance consulting services × 0.5 × 14,756 advisers × $791 per hour = $7,794,857. The additional burden resulting from this rule is calculated using estimated additional hours and inflation-adjusted hourly costs of corresponding personnel. See supra footnote 241. PO 00000 Frm 00046 Fmt 4701 Sfmt 4702 E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 costs may cause some clients to seek other advisers or alternatives to registered advisers. The decreased demand for advisory services could result in a decline in the number of registered advisers and, a decrease in competition among registered advisers, as a result. A decrease in competition among registered advisers could manifest itself in terms of poorer service, poorer pricing, or some combination of the two, for clients. Finally, the proposed rules may affect competition among service providers or their subcontractors. The rules are designed to increase transparency into an adviser’s outsourced covered functions for clients and investors, as well as for the Commission. One possible result of this increased transparency may be increased competition among service providers with respect to the quality of their services. Advisers may be able to scrutinize service providers more closely, and thus better select more effective service providers or service providers who better align with their needs, to the extent these relationships are not already appropriately aligned, and service providers overall may seek to adjust the quality of their services accordingly. On the other hand, the proposed rules may have the opposite effect, in the event that the increased costs of the rule cause certain service providers to exit the market, or choose not to contract with investment advisers, either to avoid incurring new costs or to avoid the costs of improving the quality of their services. The increased costs associated with the rule could also dissuade new entry of service providers. In this case, the number of service providers to investment advisers may shrink, which may in turn result in higher service provider prices, although any change in the average quality of remaining providers would depend on whether higher or lower quality service providers would be more likely to exit to avoid new costs. 3. Capital Formation Lastly, the enhancements to client and investor protection as well as the additional information available to potential current clients and potential investors could result in current investors being willing to invest more and potential investors being more willing to invest for the first time. For example, potential investors may be more willing to invest for the first time knowing that outsourced covered functions would be subject to enhanced due diligence and monitoring, as well as knowing that any third-party service providers maintaining the records of VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 their investment would be subject to enhanced oversight.246 To the extent that the proposed rule leads to greater investment, we could expect greater demand for securities, which could, in turn, promote capital formation. F. Reasonable Alternatives 1. Alternatives to the Proposed Scope Scope of Covered Functions. As noted above, the proposed rule would generally apply to a registered adviser that outsources a covered function to a service provider.247 A covered function is defined in the proposed rule as a function or service that is necessary for the adviser to provide its investment advisory services in compliance with the Federal securities laws, and if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services.248 The Commission alternatively could define covered functions to include broader or narrower sets of outsourced functions. Changing the definition of covered functions could provide a benefit in terms of either (i) increased client protection and investor protection in the case of broadening the definition or (ii) a reduction in the cost of the compliance with the rule in the case of narrowing the definition. We believe the definitions that we have included in the proposed rule will provide additional protections with respect to advisers outsourcing that we think are important for the protection of clients and investors. Additionally, the definition of covered functions, in combination with other requirements of the proposed rule, would provide efficiencies for our examination staff, as well as provide the public with additional information about advisers to make more informed decisions about the selection and retention of investment advisers. Narrowing the scope of the definitions could reduce the cost of the proposed rule’s requirements, but could also result in a reduction in client and investor protections as a result of being underinclusive. For instance, the rule could have alternatively limited the scope of the definition of a covered function to a pre-identified list of specific functions, but this could limit the rule’s protections when there are material changes in the manner in which advisers operate that are outside the 246 See supra sections II.B, II.C, II.E. proposed rule 206(4)–11(a). 248 Proposed rule 206(4)–11(b). 247 See PO 00000 Frm 00047 Fmt 4701 Sfmt 4702 68861 scope of the stated functions. This list could be either the same as those provided by service provider types listed in the proposed amendments to Form ADV, or more expansive, or more restrictive. For example, it could define covered function as those services pertaining to the selection, trading, valuation, management, monitoring, indexing, use of predictive data analytics, and modeling of investments.249 The rule could also provide detailed guidance on variations of descriptions of functions that different service providers may use. For example, the rule could separately define ‘‘trading’’ and ‘‘execution,’’ and provide explicit instruction as to how they would be treated by the rule. As another example, the rule could provide separate explicit instruction for ‘‘management and selection’’ as separate from ‘‘indexing and modeling.’’ 250 The rule could also explicitly state that its application is limited to core investment advisory services, and provide an explicit definition for core investment advisory services. The rule could alternatively apply based on a percentage of either regulatory assets under management or clients directly affected by the service provider’s performance. These limitations may broadly have the effect of lowering compliance costs of the proposed rule, but they may not reflect what is core to any particular investment adviser. Alternatively, broadening the scope would have the opposite effect, increasing the cost of the proposed rule’s requirements but potentially resulting in greater client and investor protections. For instance, the rule could scope in service providers such as public utilities or providers of commercially available word processing software. We believe that the proposed rule strikes an appropriate balance in terms of the scope of its definition of covered functions by requiring advisers to provide sufficient oversight in those specific circumstances where the function or service is one that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on clients and is necessary for the adviser to provide advisory services.251 Scope of Service Providers. The proposed rule excludes supervised persons of an adviser from the definition of a service provider.252 The 249 See supra section II.A. supra section II.A.3. 251 The Commission requests comment on our analysis of the benefits and costs of both narrowing and expanding the scope. See supra section III.G. 252 See proposed rule 206(4)–11(b). 250 See E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68862 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules proposed rule does not, however, make a distinction between third-party providers and affiliated service providers. The Commission alternatively could exclude affiliated service providers from the definition of a service provider. Arguably, the use of affiliated service providers may create less risk. For example, use of an affiliated service provider could mitigate the risk of limited information about conflicts of interests associated with the use of a third-party service provider.253 Excluding affiliated service providers from the definition of a service provider, could benefit advisers by reducing the cost of compliance when using an affiliated service provider. We believe, however, that while certain risks may be diminished, risks the proposed rule are designed to address still exist whether the service provider is affiliated or unaffiliated. For example, the ability to have direct control or full transparency may be limited when an adviser outsources a covered function, even to an affiliated service provider, which increases the risk for failed regulatory compliance. There may also still be risks of conflicts of interest when the affiliated service provider performs services to more than one adviser. We believe that including affiliated service providers in the definition of service providers strikes the right balance in terms of mitigation of risk and the cost of complying with the proposed rule. Similarly, the proposed rule does not make an exception for sub-advisers that are registered as investment advisers with the Commission. This rulemaking alternatively could have excepted registered sub-advisers, which may have lowered the total cost of the rule. However, we believe that such an exception would diminish the effectiveness of the rule, as the fact that a sub-adviser is registered with the Commission does not negate the need for sufficient due diligence and monitoring to be undertaken for the benefit of the client. If an adviser allocates some or all of a client’s portfolio to a sub-adviser, the adviser is still ultimately responsible for reasonably ensuring that the services rendered are consistent with the adviser’s representation of the services to the client. We believe that reduced benefit from the resulting gap in adviser oversight would not be justified by the cost savings that could be obtained by 253 For example, an affiliated service provider who does not operate covered functions for multiple advisers would have no scope for benefiting one adviser’s clients at the expense of another. See supra section III.B.2. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 providing an exception to registered sub-advisers. The proposed rule could also have provided an exception for separately managed accounts and other wrap fee programs. As proposed, an adviser in such a program would be subject to the proposed rule if they retain a service provider for its provision of advisory services. As such, multiple advisers that retain the same service provider may need to conduct due diligence and monitoring on that service provider, depending on whether such services are covered function. As an alternative, the proposed rule could provide an exclusion for advisers that engage service providers to perform covered functions as part of a larger program or arrangement, such as the sponsor of a wrap fee program or other separately managed account program in which the sponsor is subject to the proposed rule with respect to the participation of the service providers in the program. One advantage of such an exception could be reducing the potential for redundancy in the due diligence and monitoring of service providers conducted in wrap fee programs. However, we believe that subadvisers that retain service providers are best positioned to conduct appropriate due diligence and monitoring of a service provider in connection with its particular sub-advisory role. For instance, while a sub-adviser overseeing fixed-income portfolio strategies and a sub-adviser overseeing equity portfolio strategies may retain the same service provider, there may be different operational risks, conflicts of interest, or other problems discovered upon due diligence or monitoring with respect to each of these roles. Therefore, we do not believe that it would be appropriate to provide an exception for such cases. 2. Alternatives to the Proposed Due Diligence and Monitoring Requirements One alternative to proposed new rule 206(4)–11 would be amendments to existing rules. For example, amendments to rule 204A–1 (which provides for minimum provisions to an investment adviser’s code of ethics) could introduce requirements for protections of sensitive client information.254 Amendments to Form ADV and/or rule 204–3 could introduce more requirements for advisers to disclose information about service providers to their clients in their brochures.255 These requirements could include greater detail on the adviser’s use of service providers, the adviser’s 254 See rule 204A–1, see also supra section III.B.3. rule 204–3, see also supra footnote 62 and accompanying text. 255 See PO 00000 Frm 00048 Fmt 4701 Sfmt 4702 understanding of the operational risks associated with those service providers, and the adviser’s existing due diligence and monitoring practices. Further protections in the case of advisers engaging service providers on behalf of registered investment companies could be achieved by amending rule 38a–1 to require advisers to approve compliance policies and procedures associated with service providers.256 We could also amend Advisers Act rule 206(4)–7 to require specific policy and procedure requirements for service provider oversight. However, these amendments would not create the same consistent framework requiring both due diligence and ongoing monitoring, as proposed rule 206(4)–11 would. We believe that a prophylactic rule that creates a consistent framework for advisers to use and continue to use a service provider is more likely to result in consistent client and investor protections than expanding the scope of rules that are not uniformly intended to address the risks associated with outsourcing. Moreover, amendments to existing rules would primarily address issues with dissemination of sensitive client information, and would not achieve the same benefits associated with broadly reducing risk of fraud or other harms associated with outsourced functions, advisers failing to secure regulatory oversight, or other benefits of proposed rule 206(4)–11.257 A second alternative to the proposed new rule 206(4)–11 would be a rule limited to requiring minimum consistent disclosures as to an adviser’s existing due diligence and monitoring processes for outsourced covered functions. For example, amendments to existing rule 204–3 could enhance what an adviser must include in its brochures, and such amendments could require advisers to describe their due diligence and monitoring processes in greater detail. Advisers could also be required to make quarterly or annual statements to their clients on the status of their service providers and the outsourced covered functions, including any anticipated operational risks for the subsequent reporting period uncovered as part of the adviser’s existing due diligence and monitoring processes. This alternative could potentially result in reduced costs relative to the proposal, but only insofar as it is less costly for an adviser to make appropriate disclosures than it is for an adviser to enhance its due diligence and monitoring processes. For example, for 256 See rule 38a–1, see also supra section III.B.3; see also infra section V.E. 257 See supra section III.C. E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules an adviser who already conducts substantial due diligence and monitoring and may already be in substantial compliance with the proposed rule but does not make regular disclosures regarding covered functions to clients or investors, an alternative disclosures-based framework would be more costly than the proposed rules. A disclosures-based framework would also have fewer direct risk-reduction benefits relative to a framework directly requiring minimum consistent due diligence and monitoring. Moreover, an adviser cannot waive its fiduciary duty and should be overseeing outsourced functions to ensure its obligations are met. It would be a breach of its fiduciary duty and deceptive for an adviser to outsource certain covered functions without conducting initial due diligence and ongoing oversight, particularly those related to its advisory services and compliance with the Federal securities laws. With respect to both of these alternatives, we believe proposed rule 206(4)–11 strikes the right balance in terms of mitigation of risk and the costs of complying with the proposed rule. khammond on DSKJM1Z7X2PROD with PROPOSALS2 3. Alternatives to the Proposed Amendments to the Books and Records Rule We propose to require advisers to make and retain certain books and records attendant to their obligations under the proposed oversight framework, such as lists or records of covered functions, records documenting due diligence and monitoring of a service provider, records of certain notifications, and copies of any written agreements that the adviser enters into with service providers.258 The proposed recordkeeping requirements would assist our examination staff in monitoring compliance with the proposed rule. Alternatively, the proposed rule could require the retention of more, fewer, or no additional records. Requiring advisers to retain more records would aid our examination staff in monitoring compliance with the proposed rule, but increase the cost of compliance for advisers. Requiring advisers to retain fewer, or no, additional records would hamper the ability of our staff to monitor compliance with the proposed rule, but decrease the cost of compliance for advisers. We believe that limiting the scope of the required recordkeeping to the current proposal strikes the appropriate balance between minimizing costs and making information available that is important to the examination process. The proposed rule contains provisions related to the adviser’s responsibilities concerning third-party creation, storage and retention of records. Specifically, every investment adviser that relies on a third party for any recordkeeping function required by the recordkeeping rule must obtain reasonable assurances that the third party will meet certain standards intended to maintain the integrity of and access to records in providing the outsourced function.259 For example, for electronic records, the third party must allow the investment adviser and staff of the Commission to access the records easily through computers or systems during the required retention period of the recordkeeping rule.260 As an alternative, the proposed rule could require investment advisers to direct service providers (other than cloud service and other records providers) to transfer required records periodically to the adviser, but not impose any other requirement for reasonable assurances of other recordkeeping standards. By removing the more detailed standards currently proposed, this alternative could potentially lower the cost to advisers and service providers when records are created indirectly as a result of a service provider’s contracted activity. For instance, a service provider that an adviser retains to calculate a fund’s performance or rates of return creates new records that need to be stored and retained, even though the service provider is not retained for a recordkeeping purpose.261 However, this approach could reduce the assurances to the adviser and its clients and investors of proper storage and retention of records. As such, we believe the current rule is better suited to ensure the adviser is able to comply with the Advisers Act recordkeeping and other relevant Federal securities laws. Additionally, the proposed rule could require a written agreement between the adviser and its service providers of covered functions. Under this alternative, the proposed rule could incorporate the currently proposed due diligence requirements as requirements to be included in a contract between the adviser and service provider. The alternative could be required for only certain covered functions and not others, for example by defining a list of critical covered functions and requiring a written agreement for those functions, 259 See supra section II.E. 258 See proposed rule 204–2(a)(24). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 Frm 00049 4. Alternatives to the Form ADV Requirements We are proposing to amend Form ADV to require advisers to identify their service providers that perform covered functions, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. One alternative to the proposed amendments to a public Form ADV disclosure would be a nonpublic report to the Commission in a format other supra section II.E. supra section II.A.3. 264 See supra section II.A.3. 263 See 261 Id. PO 00000 or could be required for all covered functions. Such a requirement could have the benefit of reducing the risk of ambiguity between advisers and service providers, as well as potentially increasing transparency to the Commission. As noted, the recordkeeping rule could be satisfied by such a written agreement.262 However, we believe that requiring a written agreement between advisers and service providers of all covered functions could be overly burdensome, in instances where certain large service providers may be unwilling to modify their standard contracts for advisers to comply with regulation if advisers are a fraction of their client base. While we do not know how frequently that would occur, we nevertheless do not currently believe that the benefits of explicitly requiring written agreements between advisers and service providers would justify the costs. We request comment on whether a written agreement should be explicitly required.263 Finally, the proposed rule could require disclosure in Form ADV Part 1A of whether an adviser has a written agreement for each covered function, or could require disclosure in cases where an adviser does not have a written agreement for a particular covered function. Such a requirement could have the benefit of alerting investors and the Commission to instances in which ambiguity between advisers and service providers could be heightened by the lack of a written agreement. However, these benefits would be limited to the instances in which clients and investors would access and make use of the additional Form ADV information generated by advisers. Therefore, we do not currently believe the benefits of requiring disclosures of written agreements would justify the costs of preparing additional Form ADV disclosures, but we request comment above on whether the rule should require these additional disclosures.264 262 See 260 Id. Fmt 4701 Sfmt 4702 68863 E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68864 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules than Form ADV. Absent the Form ADV disclosures, however, clients would no longer receive the direct benefit of less costly information gathering. Also, we believe that it is more efficient to compile information about advisers on Form ADV, which can enhance our staff’s ability to effectively carry out its risk-based examination program and risk monitoring activities, and could improve client and investor protection by evaluating and forming regulatory policies and focusing examination activities, thereby creating a greater indirect benefit to clients as well.265 Another alternative to the proposed Form ADV disclosures would be to add additional required disclosures on fund registration statements, such as comparable information about service provider arrangements. For instance, fund registration documents could be required to directly disclose all of the information that is currently proposed to be required on Form ADV, such as the legal names of their service providers, whether the service provider is a related person, and which covered functions the service provider is engaged to provide, so that investors do not need to analyze Form ADV to obtain this information. A similar approach could also require private fund advisers to provide comparable information to private fund investors. This alternative would potentially improve access to information for fund investors in addition to direct advisory clients, to the extent that registered fund investors (unlike private fund investors) are unlikely to analyze Form ADV data. However, we believe there are several downsides to this approach that are inconsistent with the intent of the proposed rule. First, funds are separate entities from advisers that are often capable of entering into agreements directly with a service provider. Therefore, this approach would capture data related to service providers to funds instead of service providers to advisers. Assuming the service provider’s relationship was with the adviser as opposed to the fund, this approach would still only capture data for advisers to funds. It would not capture data for advisers to advisers that did not have fund clients, such as advisers to solely retail clients. Another downside of this approach would be that it would involve the modification and collection of information from various registration documents depending on the type of fund under advisement of an RIA. For instance, open-end mutual funds register using Form N–1A, while closed265 See supra section II.D. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 end mutual funds register using Form N–2. For these reasons, we believe that it is more efficient and effective to compile information about advisers on Form ADV. The proposed rule can enhance our staff’s ability to effectively carry out its risk-based examination program and risk monitoring activities, and could improve client and investor protection by evaluating and forming regulatory policies and focusing examination activities, thereby creating a greater indirect benefit to clients as well. Further, clients and investors may find such information more readily accessible when it is consolidated onto a single form, which may lower the costs of their information gathering. We therefore believe that Form ADV is the most appropriate medium for advisers to report their use of service providers for covered functions. 5. Alternatives to the Transition and Compliance Period We are proposing that advisers registered or required to be registered with the Commission be required to comply with the rule applicable to it, if adopted, starting on the compliance date, which is proposed as ten months from the rule’s effective date.266 This would provide a transition period during which a registered investment adviser can prepare to comply with any final rule. The proposed rule, if adopted, would apply to any new engagement of service providers made on or after the compliance date of the proposed rules and amendments.267 The ongoing monitoring requirements, if adopted, also would apply to existing engagements beginning on the compliance date.268 As one alternative, the Commission could only require advisers to comply with any final rule with respect to new funds or client relationships. Arguably, under the rule as proposed, clients who have already invested in funds or have an existing advisory relationship have agreed to negotiated economic terms. To the extent that these negotiations granted any economic terms to the client to compensate for operational risks, requiring an adviser to come into compliance with any final new rule without renegotiating all terms of a client’s contract could represent a windfall to the client in the form of a reduction in its risk with no additional cost to the client.269 Clients with 266 See supra section II.G. established contractual terms may also face higher costs of coming into compliance with any final rule, to the extent that the parties do renegotiate the broader economic terms of the contract. These considerations potentially motivate the alternative that would only require advisers to comply with any final rule with respect to new funds or client relationships. However, many client contractual relationships may be evergreen, or allow for a multiple extensions to the life of the contractual relationship, and so allowing for advisers’ existing client relationships to forego compliance could substantially reduce the benefits of any final rule. We believe that providing no exemptions for existing clients strikes the right balance in terms of mitigation of risk and the cost of complying with any final rule. As another alternative, the Commission could provide for a longer transition and compliance period, which would increase the amount of time advisers have to comply with any final rule. This alternative would reduce the benefits of the proposed rule by foregoing the benefits of any rule during the extended compliance period. However, to the extent it is less costly for advisers to come into compliance over a longer time period, this alternative could reduce the costs of any final rule. We believe that the proposed transition and compliance period strikes the right balance in terms of the costs of coming into compliance with any final rule, but we request comment on whether proposed transition period following any final rule’s effective date is appropriate.270 G. Request for Comment The Commission requests comment on all aspects of this initial economic analysis, including whether the analysis has: (i) identified all benefits and costs, including all effects on efficiency, competition, and capital formation; (ii) given due consideration to each benefit and cost, including each effect on efficiency, competition, and capital formation; and (iii) identified and considered reasonable alternatives to the proposed rule. We request and encourage any interested person to submit comments regarding the proposed rule, our analysis of the potential effects of the proposed rule, and other matters that may have an effect on the proposed rule. We request that commenters identify sources of data 267 Id. 268 Id. 269 For a fund with a pass-through expense model, in which all expenses are passed through to the investors, there would be no such windfall. See, e.g., Eli Hoffmann, Welcome To Hedge Funds’ PO 00000 Frm 00050 Fmt 4701 Sfmt 4702 Stunning Pass-Through Fees, Seeking Alpha (Jan. 24, 2017), available at https://seekingalpha.com/ article/4038915-welcome-to-hedge-funds-stunningpass-through-fees. 270 See supra section II.G. E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules and information as well as provide data and information to assist us in analyzing the economic consequences of the proposed rule. We also are interested in comments on the qualitative benefits and costs we have identified and any benefits and costs we may not have discussed. In addition to our general request for comment on the economic analysis associated with the proposed rule, we request specific comment on certain aspects of the proposal: 87. We request comment on our characterization of the risks associated with outsourcing. Are there other risks or potential harms to clients that our analysis has not identified? 88. We request comment on our characterization of market failures associated with outsourcing to service providers that may hinder reform in the absence of the proposed rules. Do commenters agree with the relevance of the described principal-agent and moral hazard problems? 89. The proposed rule would require an adviser to identify the potential risks to clients, or to the adviser’s ability to perform its advisory services, resulting from outsourcing a covered function. To what extent do advisers currently have such, or similar, processes in place? 90. The proposed rule would require the adviser to determine that the service provider has the competence, capacity, and resources necessary to provide timely and effective services. To what extent do advisers currently have such, or similar, processes in place? 91. The proposed rule would require that the adviser determine whether the service provider has any subcontracting arrangements that would be material to the performance of the covered function, and would require the adviser to identify and determine how it will mitigate and manage potential risks to clients or its ability to perform advisory services in light of any such subcontracting arrangement. To what extent do advisers currently have such, or similar, processes in place? 92. The proposed rule would require an adviser to obtain reasonable assurance from a service provider that it is able to, and will, coordinate with the adviser for purposes of the adviser’s compliance with the Federal securities laws, as applicable to the covered function. To what extent do advisers currently have such, or similar, processes in place? 93. The proposed rule would require an investment adviser to obtain reasonable assurance from the Service Provider is able to, and will, provide a process for orderly termination of its performance of the covered function. To VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 what extent do advisers currently have such, or similar, processes in place? 94. The proposal would require advisers to monitor the service provider’s performance of the covered function and reassess the due diligence requirements of the proposed rule with such a frequency that the adviser can reasonably determine that it is appropriate to continue to outsource the covered function and that it remains appropriate to outsource it to the service provider. To what extent do advisers currently have such, or similar, processes in place? 95. The proposal would provide for certain new books and recordkeeping requirements. To what extent do advisers currently have such, or similar, processes in place? 96. We request comment on all aspects of the quantified estimates of costs of the rule. In particular: a. To what extent would the required minimum staffing from personnel and third parties differ from the estimates provided here, for each of the proposed rules? b. To what extent would the required minimum number of hours from those staff differ from the estimates provided here, for each of the proposed rules? c. What additional data should the Commission consider in its estimation of the minimum costs an adviser would face in conjunction with the proposed rules? d. Do commenters agree that only certain advisers would frequently transfer regulatory records from their service providers? Are there other voluntary actions that only certain advisers would undertake in pursuit of coming into compliance with the proposed rules? e. What additional sources of variation are there that would result in an adviser facing more than the minimum costs of coming into compliance with the proposed rules? What additional information should the Commission consider when quantifying those additional costs? f. To what extent would the upper bound of average costs faced by any particular adviser differ from the estimates provided here, for each of the proposed rules? g. What are the likely highest costs any single adviser would be likely to face in coming into compliance with the proposed rules? What information should the Commission consider when quantifying those highest costs? h. To what extent would the estimated costs be impacted by advisers electing, in response to the proposed rules, to provide covered functions PO 00000 Frm 00051 Fmt 4701 Sfmt 4702 68865 themselves that are currently outsourced? What would the costs of this transition be? To what extent would those costs differ from other expected costs of complying with the proposed rules? i. If possible, for commenters who already undertake similar processes to those described in the proposed rules, please provide estimates of the cost of undertaking those processes. What additional considerations can the Commission use to extrapolate such figures in order to estimate costs to other advisers? j. What additional considerations can the Commission use to estimate the costs and benefits of the proposed amendments? 97. We request comment on the anticipated costs to service providers as a result of the proposed regulations. Are there significant direct or indirect costs to service providers beyond those stated in section III.D? To what extent do commenters believe that the costs to service providers would be proportional to, and thus can be extrapolated from, the costs that would be imposed on advisers? We additionally request any data which could aid in the calculation of the costs of the proposed rule to service providers. 98. How do commenters anticipate that the costs of complying with the proposed rule will be shared between advisers’ and their clients? 99. How do commenters believe the proposed regulations will affect efficiency, competition, and capital formation in the industry? Please explain. 100. Do commenters believe that the alternatives the Commission considered are appropriate? Are there other reasonable alternatives that the Commission should consider? If so, please provide additional alternatives and how their benefits and costs would compare to the proposal. Specifically, we request comment on the following: a. Do commenters agree with our assertion that broadening the definitions of covered functions would enhance client and investors protections, but increase the costs of compliance? Do commenters agree with our belief that the proposed rule strikes the right balance in terms of the scope of its definitions of covered functions? Why or why not? b. Do commenters believe that limiting the scope of the required recordkeeping to that required by the proposed rule strikes the appropriate balance between minimizing costs and making information available for the examination process? Why or why not? Should the Commission increase or E:\FR\FM\16NOP2.SGM 16NOP2 68866 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules decrease the scope of the required recordkeeping? Why or why not? 101. Are there alternatives to required Form ADV disclosure in addition to targeted examinations that we should implement? IV. Paperwork Reduction Act Analysis A. Introduction khammond on DSKJM1Z7X2PROD with PROPOSALS2 Certain provisions of the proposed rule and proposed amendments contain ‘‘collection of information’’ requirements within the meaning of the Paperwork Reduction Act of 1995 (‘‘PRA’’).271 We are submitting the proposed collections of information to the Office of Management and Budget (‘‘OMB’’) for review in accordance with the PRA.272 The proposed amendments to rule 204–2 under the Advisers Act (other than new rule 204–2(l)) and Form ADV would have an effect on currently approved collection of information burdens. Proposed rule 206(4)–11 and proposed rule 204–2(l) would not require new collections of information. Proposed Rule 206(4)–11 would require an adviser to conduct due diligence and monitoring of covered functions performed by a service provider, and proposed rule 204–2(l) would affect the manner in which an adviser can rely on a third-party to store required books and records. Any documentation required by proposed rule 206(4)–11’s due diligence and monitoring requirements is captured in the collection of information burden for Rule 204–2. The titles for the existing collections of information are: (1) ‘‘Rule 204–2 under the Investment Advisers Act of 1940’’ (OMB control number 3235– 0278); and (2) ‘‘Form ADV’’ (OMB control number 3235–0049). An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Each requirement to disclose information, offer to provide information, or adopt policies and procedures constitutes a collection of information requirement under the PRA. These collections of information would help increase the likelihood that advisers have a reasonable basis for determining that it would be 271 44 272 44 U.S.C. 3501 through 3521. U.S.C. 3507(d); 5 CFR 1320.11. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 appropriate to outsource particular functions or services to a service provider, and collectively would serve the Commission’s interest in protecting clients and investors by reducing the risk that a service provider could significantly affect a firm’s operations and directly or indirectly harm clients. The Commission staff would also use the collection of information in its examination and oversight program to prepare better for, and more efficiently conduct, their on-site examinations. We discuss below the collection of information burdens associated with the proposed rule amendments. B. Rule 204–2 Under section 204 of the Advisers Act, investment advisers registered or required to register with the Commission under section 203 of the Advisers Act must make and keep for prescribed periods such records (as defined in section 3(a)(37) of the Exchange Act), furnish copies thereof, and make and disseminate such reports as the Commission, by rule, may prescribe as necessary or appropriate in the public interest or for the protection of clients and investors. Rule 204–2, the books and records rule, sets forth the requirements for maintaining and preserving specified books and records. This collection of information is found at 17 CFR 275.204–2 and is mandatory. The Commission staff uses the collection of information in its examination and oversight program. Responses provided to the Commission in the context of its examination and oversight program concerning the proposed amendments to rule 204–2 would be kept confidential subject to the provisions of applicable law. Concurrent with proposed rule 206(4)–11, we are proposing corresponding amendments to rule 204– 2. The proposed amendments would require advisers to make and retain: (1) a list or other record of covered functions that the adviser has outsourced to a service provider, along with a record of the factors that led the adviser to list each function; (2) records documenting the due diligence assessment conducted pursuant to proposed rule 206(4)–11, including any policies and procedures or other documentation as to how the adviser will mitigate and manage the risks of PO 00000 Frm 00052 Fmt 4701 Sfmt 4702 outsourcing a covered function; (3) a copy of any written agreement, including amendments, appendices, exhibits, and attachments, entered into pursuant to proposed rule 206(4)–11; and (4) records documenting the periodic monitoring of a service provider of a covered function. Each of these records would be maintained and preserved consistent with proposed Advisers Act Rule 204–2(e)(4) in an easily accessible place throughout the time period during which the adviser has outsourced a covered function to a service provider and for a period of five years thereafter. These proposed amendments would help facilitate the Commission’s inspection and enforcement capabilities. The respondents to this collection of information are investment advisers registered or required to be registered with the Commission. All such advisers will be subject to the proposed amendments to rule 204–2. As of December 31, 2021, there were 14,756 advisers registered with the Commission. We estimate that all of them would use a service provider for a covered function and be subject to these books and records requirements. In our most recent Paperwork Reduction Act submission for rule 204–2, we estimated for rule 204–2 a total annual aggregate hour burden of 2,764,563 hours, and a total annual aggregate external cost burden of $175,980,426.273 The table below summarizes the initial and ongoing annual burden estimates associated with the proposed amendments to rule 204–2. We have made certain estimates of the burdens associated with the proposed amendments solely for the purpose of this PRA analysis. Based on staff experience, most advisers already conduct some level of oversight of service providers so as to fulfill the adviser’s fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm. Our burden estimates therefore presume that advisers are already making some records of due diligence and monitoring. 273 Supporting Statement for the Paperwork Reduction Act Information Collection Submission for Revisions to Rule 204–2, OMB Report, OMB 3235–0278 (Aug. 2021). E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 68867 TABLE 1—RULE 204–2 PRA ESTIMATES Internal initial hour burden Internal annual hour burden Annual external cost burden Wage rate 2 Annual internal time costs $585.50 (Internal Annual Hour Burden of 2 hours × Wage rate of 292.75). $585.50 ....................... × 14,756 ...................... $8,639,638 .................. $0 $1,756.50 .................... 0 $1,756.50 .................... × 14,756 ...................... $25,918,914 ................ $72.50 ......................... 0 0 0 0 $72.50 ......................... × 14,756 ...................... $1,069,810 .................. $1,756.50 .................... 0 0 0 0 PROPOSED ESTIMATES hours 1 Make and Retain list of outsourced Covered Functions and factors 5. 6 ...................... 2 hours ........................ $292.75 (blended rate for compliance manager, attorney, and senior business analyst). Total burden per adviser .................. Total number of affected advisers ... Sub-total burden for aggregated advisers. Make and retain records documenting due diligence assessment 3. Total annual burden per adviser ...... Total number of affected advisers ... Sub-total burden ............................... Retention of written agreement with service provider 4. Total annual burden per adviser ...... Total number of affected advisers ... Sub-total burden ............................... Make and retain records documenting monitoring of service providers of covered functions 6. Total annual burden per adviser ...... Total number of affected advisers ... Sub-total burden ............................... Total annual aggregate burden of rule 204–2 amendments. Current annual estimated aggregate burden of rule 204–2. Total annual aggregate burden of rule 204–2. 6 hours ........................ × 14,756 advisers ....... 88,536 hours ............... 2 hours ........................ × 14,756 advisers ....... 29,512 hours ............... ........................................................ ........................................................ ........................................................ 0 .................................. 6 hours ........................ 0 0 0 0 .................................. .................................. .................................. .................................. 6 hours ........................ × 14,756 ...................... 88,536 hours ............... 1 .................................. 0 0 0 8 .................................. .................................. .................................. hours ........................ 1 .................................. × 14,756 ...................... 14,756 hours ............... 6 .................................. $292.75 (blended rate for compliance manager, attorney, and senior business analyst). ........................................................ ........................................................ ........................................................ $72.50 (blended rate for general clerk and compliance clerk). ........................................................ ........................................................ ........................................................ $292.75 (blended rate for general clerk and compliance clerk). 8 hours ........................ 14,756 ......................... 118,048 hours ............. 206,584 hours (initial burden hours). NA ............................... 6 .................................. × 14,756 ...................... 88,536 hours ............... 221,340 hours ............. ........................................................ ........................................................ ........................................................ ........................................................ $1,756.50 .................... × 14,756 ...................... $25,918,914 ................ $61,547,276 ................ 0 0 0 0 2,764,563 hours .......... ........................................................ $175,980,426 .............. 0 NA ............................... 2,985,903 hours .......... ........................................................ $237,527,702 .............. 0 0 0 0 1 We believe that the estimated internal hour burdens associated with the proposed amendment would include one-time initial burdens, and we then amortize these initial burdens over three years to determine the ongoing annual burden. Our estimate assumes that there would be required annual maintenance and review of the list of covered functions and factors. Taking into account the various sizes of SEC registered advisers with varying operational complexities, we estimate that each adviser would outsource an average of six covered functions. 2 The Commission’s estimates of the relevant wage rates are based on salary information for the securities industry compiled by the Securities Industry and Financial Markets Association’s Office Salaries in the Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. The rates used to create the blended rates are as follows: compliance manager—$339; attorney—$455; senior business analyst—$300; compliance clerk—$77; general clerk—$68. See Securities Industry and Financial Markets Association, Report on Management & Professional Earnings in the Securities Industry 2013 (‘‘SIFMA Report’’). 3 The proposed rule’s due diligence requirements would apply before a service provider is retained to perform a covered function (note that monitoring would apply to existing engagements). For new advisers, we believe that the time, effort, and financial resources would be incurred in the normal course of activities and therefore there is no additional burden. Based on staff experience, most advisers already conduct some level of oversight of service providers so as to fulfill the adviser’s fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm. Our burden estimates therefore presume that advisers are already making some records of due diligence and monitoring. Our burden estimate addresses the making and retention of the due diligence records only. It is not an estimate of the time needed to conduct due diligence. This estimate also presumes that an adviser initiates the outsourcing, or amends an existing outsourcing agreement, for an average of two covered functions per year. In reaching our estimate, we considered that larger advisers, or advisers with more complex operations and strategies, may exceed this average, while smaller advisers or advisers with comparatively streamlined operations may outsource fewer covered functions than this average. 4 Because the proposed rule would not apply until a new covered function is outsourced, or existing outsourced covered function is amended, there should be no initial burden that differs from the annual burden. The proposed amendments would require the retention of a written agreement only if such agreement is made. Based on staff experience, it is customary business practice for advisers to enter into written agreements with service providers that are performing a covered function. We therefore estimate that the additional burden of retaining written agreements, if applicable, will be minimal. 5 Based on staff experience, and considering the varying sizes and complexities of advisers, we estimate that advisers will outsource an average of six covered functions. We anticipate that larger advisers, or advisers with more complex operations and strategies, may exceed this average, while smaller advisers or advisers with comparatively streamlined operations may outsource fewer covered functions than this average. 6 Because the monitoring obligations would apply to existing agreements as of the compliance date, we believe there would be an initial monitoring burden that differs from the annual burden in the first year that the rule becomes effective. This is because advisers may need to alter their existing monitoring practices resulting in collections of information that they did not previously develop. Our burden estimate addresses the making and retention of the monitoring records only. It is not an estimate of the time needed to conduct monitoring. This estimate assumes advisers monitor an average of six outsourced covered functions each year (this is in addition to our estimate of two new or amended outsourced functions that would be subject to initial due diligence each year). In reaching our estimate, we considered that larger advisers, or advisers with more complex operations and strategies, may exceed this average, while smaller advisers or advisers with comparatively streamlined operations may outsource fewer covered functions than this average. khammond on DSKJM1Z7X2PROD with PROPOSALS2 C. Form ADV Form ADV is the investment adviser registration form under the Advisers Act. Part 1 of Form ADV contains information used primarily by Commission staff, and Part 2A is the client brochure. Part 2B requires advisers to create brochure supplements containing information about certain supervised persons. Part 3: Form CRS (relationship summary) requires certain registered investment advisers to VerDate Sep<11>2014 19:03 Nov 15, 2022 Jkt 259001 prepare and file a relationship summary for retail investors. We use the information on Form ADV to determine eligibility for registration with us and to manage our regulatory and examination programs. Clients and investors use certain of the information to determine whether to hire or retain an investment adviser, as well as what types of accounts and services are appropriate for their needs. The collection of information is necessary to provide advisory clients, prospective clients, PO 00000 Frm 00053 Fmt 4701 Sfmt 4702 other market participants and the Commission with information about the investment adviser and its business, conflicts of interest and personnel. Rule 203–1 under the Advisers Act requires every person applying for investment adviser registration with the Commission to file Form ADV. Rule 204–4 under the Advisers Act requires certain investment advisers exempt from registration with the Commission (‘‘exempt reporting advisers’’ or ‘‘ERAs’’) to file reports with the E:\FR\FM\16NOP2.SGM 16NOP2 68868 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 Commission by completing a limited number of items on Form ADV. Rule 204–1 under the Advisers Act requires each registered and exempt reporting adviser to file amendments to Form ADV at least annually, and requires advisers to submit electronic filings through IARD. The paperwork burdens associated with rules 203–1, 204–1, and 204–4 are included in the approved annual burden associated with Form ADV and thus do not entail separate collections of information. These collections of information are found at 17 CFR 275.203–1, 275.204–1, 275.204– 4 and 279.1 (Form ADV itself) and are mandatory. Responses are not kept confidential. We are proposing amendments to Form ADV Part 1 to enhance client and investor disclosure and our ability to oversee investment advisers. Specifically, the proposed amendments would amend Item 7 of Part 1A to require an adviser to disclose whether it outsources any covered function, and if so, to provide additional information on Schedule D. The proposed amendments would add Section 7.C. to Schedule D of Part 1A to require advisers to disclose the following for each service provider to which a covered function is outsourced: legal name, primary business name, legal entity identifier (if applicable), whether the service provider is a related person of the adviser, date the service provider was first engaged, location of the service provider’s office primarily responsible for the covered function, and the covered function(s) that the service provider is engaged to perform. The collection of this information is necessary to improve information available to us and to the general public about advisers’ use of service providers to perform covered functions. Our staff would also use this information to help prepare for examinations of investment advisers. We are not proposing amendments to Parts 2 or 3 of Form ADV. The amount of time that a registered adviser will incur to complete Item 7.C. and Section 7.C. of Schedule D will vary depending on the number of service providers the advisers engages. Nevertheless, we believe that the VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 proposed revisions to Part 1A would impose few additional burdens on advisers in collecting information as advisers should have ready access to all the information necessary to respond to the proposed items in their normal course of operations. We anticipate, moreover, that the responses to many of the questions are unlikely to change from year to year, minimizing the ongoing reporting burden associated with these questions. The respondents to current Form ADV are investment advisers registered with the Commission or applying for registration with the Commission and exempt reporting advisers.274 Based on the IARD system data as of December 31, 2021, approximately 14,756 investment advisers were registered with the Commission, and 4,813 exempt reporting advisers file reports with the Commission. The amendments we are proposing would increase the information requested in Part 1 of Form ADV for registered investment advisers that engage a service provider to perform a covered function.275 We estimate that all registered investment advisers will engage at least one service provider to perform a covered function. The burdens associated with completing Parts 2 and 3 also are included in the PRA for purposes of updating the overall Form ADV information collection.276 Based on the prior revision of Form ADV, we estimated the annual compliance burden to comply with the collection of information requirement of Form ADV is 433,004 274 An exempt reporting adviser is an investment adviser that relies on the exemption from investment adviser registration provided in either section 203(l) of the Advisers Act because it is an adviser solely to one or more venture capital funds or section 203(m) of the Advisers Act because it is an adviser solely to private funds and has assets under management in the United States of less than $150 million. 275 Exempt reporting advisers are required to complete a limited number of items in Part 1A of Form ADV (consisting of Items 1, 2.B., 3, 6, 7, 10, 11, and corresponding schedules). The proposal does not include any requirement for exempt reporting advisers to respond to proposed new Item 7.C. 276 See Updated Supporting Statement for PRA Submission for Amendments to Form ADV under the Investment Advisers Act of 1940 (‘‘Approved Form ADV PRA’’). PO 00000 Frm 00054 Fmt 4701 Sfmt 4702 burden hours and an external cost burden estimate of $14,125,083.277 We propose the following changes to our PRA methodology for Form ADV: • Form ADV Parts 1 and 2. Form ADV PRA has historically calculated an hourly burden per adviser per year for Form ADV Parts 1 and 2 for each of (1) the initial burden and (2) the ongoing burden, which reflects advisers’ filings of annual and other-than-annual updating amendments. We noted in previous PRA amendments that most of the paperwork burden for Form ADV Parts 1 and 2 would be incurred in the initial submissions of Form ADV. However, recent PRA amendments have continued to apply the total initial hourly burden for Parts 1 and 2 to all currently registered or reporting RIAs and ERAs, respectively, in addition to the estimated number of new advisers expected to be registering or reporting with the Commission annually. We believe that the total initial hourly burden for Form ADV Parts 1 and 2 going forward should be applied only to the estimated number of expected new advisers annually. This is because currently registered or reporting advisers have generally already incurred the total initial burden for filing Form ADV for the first time. On the other hand, the estimated expected new advisers will incur the full total burden of initial filing of Form ADV, and we believe it is appropriate to apply this total initial burden to these advisers. We propose to continue to apply any new initial burdens resulting from proposed amendments to Form ADV Part 1, as applicable, to all currently registered investment advisers. Table 2 below summarizes the burden estimates associated with the proposed amendments to Form ADV Part 1. The proposed new burdens also take into account changes in the numbers of advisers since the last approved PRA for Form ADV, and the increased wage rates due to inflation. 277 See Investment Adviser Marketing, Final Rule, Investment Advisers Act Release No. 5653 (Dec. 22, 2020) [81 FR 60418 (Mar. 5, 2021)] (‘‘IA Marketing Release’’) and corresponding submission to the Office of Information and Regulatory Affairs at reginfo.gov (‘‘2021 Form ADV PRA’’). E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 68869 TABLE 2—FORM ADV PRA ESTIMATES Internal annual amendment burden hours 1 Internal initial burden hours Wage rate 2 Annual external cost burden 3 Internal time costs PROPOSED AMENDMENTS TO FORM ADV RIAs (burden for Parts 1 and 2, not including private fund reporting) 4 Proposed addition (per adviser) to Part 1 (Item 7.C and Section 7.C of Schedule D). 1.5 hours (reflects estimate of 18 minutes per outsourced covered function x estimated average of 5 covered functions per adviser). 0.7 hours 1 ...................... $299.50 per hour (blended revised rate for senior compliance examiner and compliance manager) 5. 2.2 hours × $299.50 = $658.90. Current burden per adviser 7. 29.72 hours 8 .............. 11.8 hours 9 .................... (29.72 + 11.8) × $273 = $11,334.96. Revised burden per adviser. 29.72 hours + 1.5 0.7 hours + 11.8 hours = hours = 31.22 hours. 12.5 hours. Total revised aggregate burden estimate. 39,367.44 hours 12 ..... $273 per hour (blended current rate for senior compliance examiner and compliance manager). $299.50 (blended revised rate for senior compliance examiner and compliance manager). Same as above .............. 190,975 hours 13 ............ (31.22 + 12.5) × $299.50 = $13,094.14. 1 hour of external legal services ($531) for 1⁄4 of advisers that prepare Part 1; 1 hour of external compliance consulting services ($791) for 1⁄2 of advisers that prepare Part 1.6 $2,069,250 aggregated (previously presented only in the aggregate).10 $5,019.75.11 (39,367.44 + 190,975) × $10,565,759.14 $299.5 = $68,987,560.80. RIAs (burden for Part 3) 15 No proposed changes .... Current burden per RIA .................................... 20 hours, amortized over three years = 6.67 hours 16. ........................................ 1.58 hours17 ................... Total updated aggregate burden estimate. 66,149.59 hours 19 ..... 14,573.92 hours 20 ......... ........................................ $273 (blended current rate for senior compliance examiner and compliance manager). $299.50 (blended revised rate for senior compliance examiner and compliance manager). ............................................ $273 × (6.67 + 1.71) = $2,287.74. $24,176,691.20 (($299.50 × (66,149.59 hours + 14,573.92 hours)). $2,433.74 per adviser.18 $8,732,193.75.21 ERAs (burden for Part 1A, not including private fund reporting) 22 No proposed changes .... Current burden per ERA .................................... 3.60 hours 23 .............. ........................................ 1.5 hours + final filings 24 Total updated aggregate burden estimate. 1,245.6 25 ................... 7,775.6 hours 26 ............. ........................................ $273 (blended current rate for senior compliance examiner and compliance manager). $299.50 (blended revised rate for senior compliance examiner and compliance manager). ............................................ Wage rate × total hours (see below). $2,701,849.40 ($299.50 × (1,245.6 + 7,775.6 hours)). $0. $0. Private Fund Reporting 27 No proposed changes .... Current burden per adviser to private fund. .................................... 1 hour per private fund 28. Total updated aggregate burden estimate. 1,150 hours 30 ............ ........................................ N/A–included in the existing annual amendment reporting burden for ERAs. N/A ................................. ........................................ $273 (blended current rate for senior compliance examiner and compliance manager). $299.50 (blended revised rate for senior compliance examiner and compliance manager). ............................................ ............................................ $3,978,123.50 ($279.5 × 14,233 hours)). Cost of $46,865.74 per fund, applied to 6% of RIAs that report private funds.29 $15,090,768.30.31 khammond on DSKJM1Z7X2PROD with PROPOSALS2 TOTAL ESTIMATED BURDENS, INCLUDING AMENDMENTS 23.82 hours 32 Current per adviser burden/external cost per adviser. Revised per adviser burden/external cost per adviser. Current aggregate burden estimates. VerDate Sep<11>2014 19:03 Nov 15, 2022 15.70 hours 34 433,004 initial and amendment hours annually 36 Jkt 259001 PO 00000 Frm 00055 Fmt 4701 Sfmt 4702 23.82 hours × $273 = $6,502.86 per adviser cost of the burden hour. 15.70 hours × $299.50 = $4,702.15 per adviser cost of the burden hour. $777.33 433,004 × $273 = $118,210,092 aggregate cost of the burden hour. $14,125,083.37 E:\FR\FM\16NOP2.SGM 16NOP2 $1,678.59.35 68870 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules TABLE 2—FORM ADV PRA ESTIMATES—Continued Internal initial burden hours khammond on DSKJM1Z7X2PROD with PROPOSALS2 Revised aggregate burden estimates. I Internal annual amendment burden hours 1 Wage rate 2 Internal time costs I 321,237.15 38 Initial and amendment hours annually 321,237.15 × $299.50 = $96,210,526.40 aggregate cost of the burden hour. Annual external cost burden 3 $34,355,721.05.39 Notes: 1 This column estimates the hourly burden attributable to annual and other-than-annual updating amendments to Form ADV, plus RIAs’ ongoing obligations to deliver codes of ethics to clients. The internal annual amendment burden hours estimate for the proposed Part 1 Item 7.C. is the sum of the internal initial burden estimate annualized over a three-year period (1.5 initial hour/3 = 0.5 hours), plus 0.2 hours of ongoing annual burden hours, and it assumes annual reassessment and execution: ((1.5 initial hours/3 years) + 0.2 hours of additional ongoing burden hours) = 0.7 hour. 2 As with Form ADV generally, and pursuant to the currently approved PRA (see 2021 Form ADV PRA), we expect that for most RIAs, the performance of these functions would most likely be equally allocated between a senior compliance examiner and a compliance manager, or persons performing similar functions. The Commission’s estimates of the relevant wage rates are based on salary information for the securities industry compiled by the SIFMA Wage Report. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. For RIAs that do not already have a senior compliance or a compliance manager, we expect that a person performing a similar function would have similar hourly costs. The estimated wage rates in connection with the proposed PRA estimates are adjusted for inflation from the wage rates used in the currently approved PRA analysis. 3 External fees are in addition to the projected hour per adviser burden. Form ADV has a one-time initial cost for outside legal and compliance consulting fees in connection with the initial preparation of Parts 2 and 3 of the form. In addition to the estimated legal and compliance consulting fees, investment advisers of private funds incur one-time costs with respect to the requirement for investment advisers to report the fair value of private fund assets. 4 Based on Form ADV data as of December 31, 2021, we estimate that there are 14,756 RIAs (‘‘current RIAs’’) and 552 net new advisers that are expected to become RIAs annually (‘‘newly expected RIAs’’). We obtain the newly expected RIAs number by taking the average number of new RIAs over the past three years (1,287) and subtracting the average RIA deregistrations over the past three years (735), for a total of 552 net new advisers on average. 5 The $299.50 wage rate reflects current estimates from the SIFMA Wage Report of the blended hourly rate for a senior compliance examiner ($260) and a compliance manager ($339). ($260 + $339)/2 = $299.50. 6 We estimate that a quarter of RIAs would seek the help of outside legal services and half would seek the help of compliance consulting services in connection with the proposed amendments to Form ADV Part 1. This is based on previous estimates and ratios we have used for advisers we expect to use external services for initially preparing various parts of Form ADV. See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in the 2021 Form ADV PRA did not change that estimate). Because the SIFMA Wage Report does not include a specific rate for an outside compliance consultant, we are proposing to use the rates in the SIFMA Wage Report for an outside management consultant, as we have done in the past when estimating the rate of an outside compliance counsel. We are adjusting these external costs for inflation, using the currently estimated costs for outside legal counsel and outside management consultants in the SIFMA Wage Report: $531 per hour for outside counsel, and $791 per hour for outside management consultant (compliance consultants). 7 Per above, we are proposing to revise the PRA calculation methodology to apply the full initial burden only to expected RIAs, as we believe that current RIAs have generally already incurred the burden of initially preparing Form ADV. 8 See 2020 Form ADV PRA Renewal (stating that the estimate average collection of information burden per adviser for Parts 1 and 2 is 29.22 hours, prior to the most recent amendment to Form ADV). See also 2021 Form ADV PRA (adding 0.5 hours to the estimated initial burden for Part 1A in connection with the most recent amendment to Form ADV). Therefore, the current estimated average initial collection of information hourly burden per adviser for Parts 1 and 2 is 29.72 hours (29.22 + 0.5 = 29.72). 9 The currently approved average total annual burden for RIAs attributable to annual and other-than-annual updating amendments to Form ADV Parts 1 and 2 is 10.5 hours per RIA, plus 1.3 hours per year for each RIA to meet its obligation to deliver codes of ethics to clients (10.5 + 1.3 = 11.8 hours per adviser). See 2020 Form ADV PRA Renewal (these 2020 hourly estimates were not affected by the 2021 amendments to Form ADV). As we explained in previous PRAs, we estimate that each RIA filing Form ADV Part 1 will amend its form 2 times per year, which consists of one interim updating amendment (at an estimated 0.5 hours per amendment), and one annual updating amendment (at an estimated 8 hours per amendment), each year. We also explained that we estimate that each RIA will, on average, spend 1 hour per year making interim amendments to brochure supplements, and an additional 1 hour per year to prepare brochure supplements as required by Form ADV Part 2. See id. 10 See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in the 2021 Form ADV PRA did not affect that estimate). 11 External cost per RIA includes the external cost for initially preparing Part 2, which we have previously estimated to be approximately 10 hours of outside legal counsel for a quarter of RIAs, and 8 hours of outside management consulting services for half of RIAs. See 2020 Form ADV Renewal (these estimates were not affected by subsequent amendments to Form ADV). We add to this burden the estimated external cost associated with the proposed amendment (an additional hour of each, bringing the total to 11 hours and 9 hours, respectively, for 1⁄4 and 1⁄2 of RIAs, respectively). We therefore calculate the revised burden per adviser as follows: (((.25 × 14,756 RIAs) × ($531 × 11 hours)) + ((0.50 × 14,756 RIAs) × ($791 × 9 hours)))/14,756 RIAs = $5019.75 per adviser. 12 Per above, we are proposing to revise the PRA calculation methodology for current RIAs to not apply the full initial burden to current RIAs, as we believe that current RIAs have generally already incurred the initial burden of preparing Form ADV. Therefore, we calculate the initial burden associated with complying with the proposed amendment of 1.5 initial hour × 14,756 current RIAs = 22,134 initial hours in the first year aggregated for current RIAs. We are not amortizing this burden because we believe current advisers will incur it in the first year. For expected new RIAs, we estimate that they will incur the full revised initial burden, which is 31.22 hours per RIA. Therefore, 31.22hours × 552 expected RIAs = 17,233.44 aggregate hours for expected new RIAs. We do not amortize this burden for expected new RIAs because we expect a similar number of new RIAs to incur this initial burden each year. Therefore, the total revised aggregate initial burden for current and expected new RIAs is 22,134 hours + 17,233.44 hours = 39,367.44 aggregate initial hours. 13 12.5 amendment hours × (14,756 current RIAs + 552 expected new RIAs) = 190,975 aggregate amendment hours. 14 Per above, for current RIAs, we are proposing to not apply the currently approved external cost for initially preparing Part 2, because we believe that current RIAs have already incurred that initial external cost. For current RIAs, therefore, we are applying only the external cost we estimate they will incur in complying with the proposed amendment. Therefore, the revised total burden for current RIAs is (((.25 × 14,756 RIAs) × ($531 × 1 hour)) + ((0.50 × 14,756 RIAs) × ($791 × 1 hour))) = $7,794,857 aggregated for current RIAs. We do not amortize this cost for current RIAs because we expect current RIAs will incur this initial cost in the first year. For expected new RIAs, we apply the currently approved external cost for initially preparing Part 2 plus the estimated external cost for complying with the proposed amendment. Therefore, $5,019.75 per expected new RIA × 552 = $2,770,902 aggregated for expected new RIAs. We do not amortize this cost for expected new RIAs because we expect a similar number of new RIAs to incur this external cost each year. $7,794,857 aggregated for current RIAs + $2,770,902 aggregated for expected RIAs = $10,565,759 aggregated external cost for RIAs. 15 Even though we are not proposing amendments to Form ADV Part 3 (‘‘Form CRS’’), the burdens associated with completing Part 3 are included in the PRA for purposes of updating the overall Form ADV information collection. Based on Form ADV data as of October 31, 2021, we estimate that 8,877 current RIAs provide advice to retail investors and are therefore required to complete Form CRS, and we estimate an average of 347 expected new RIAs to be advising retail advisers and completing Form CRS for the first time annually. 16 See Form CRS Relationship Summary; Amendments to Form ADV, Investment Advisers Act Release No. 5247 (Jun. 5, 2019) [84 FR 33492 (Sep. 10, 2019)] (‘‘2019 Form ADV PRA’’). Subsequent PRA amendments for Form ADV have not adjusted the burdens or costs associated with Form CRS. Because advisers have been required to comply with the Form CRS requirements for less than three years, we have, and are continuing to, apply the total initial amendment burden to all current and expected new RIAs that are required to file Form CRS, and amortize that initial burden over three years for current RIAs. 17 As reflected in the currently approved PRA burden estimate, we stated that we expect advisers required to prepare and file the relationship summary on Form ADV Part 3 will spend an average 1 hour per year making amendments to those relationship summaries and will likely amend the disclosure an average of 1.71 times per year, for approximately 1.58 hours per adviser. See 2019 Form ADV PRA (these estimates were not amended by the 2021 amendments to Form ADV), 18 See 2020 Form ADV PRA Amendment (this cost was not affected by the subsequent amendment to Form ADV and was not updated in connection with that amendment; while this amendment did not break out a per adviser cost, we calculated this cost from the aggregate total and the number of advisers we estimated prepared Form CRS). Note, however, that in our 2020 Form ADV PRA Renewal, we applied the external cost only to expected new retail RIAs, whereas we had previously applied the external cost to current and expected retail RIAs. Because advisers have been required to comply with the Form CRS requirements for less than three years, we believe that we should continue to apply the cost to both current and expected new retail RIAs. See 2019 Form ADV PRA. 19 8,877 current RIAs × 6.67 hours each for initially preparing Form CRS = 59,209.59 aggregate hours for current RIAs initially filing Form CRS. For expected new RIAs initially filing Form CRS each year, we are not proposing to use the amortized initial burden estimate, because we expect a similar number of new RIAs to incur the burden of initially preparing Form CRS each year. Therefore, 347 expected new RIAs × 20 initial hours for preparing Form CRS = 6,940 aggregate initial hours for expected RIAs. 59,209.59 hours + 6,940 hours = 66,149.59 aggregate hours for current and expected RIAs to initially prepare Form CRS. 20 1.58 hours × (8,877 current RIAs updating Form CRS + 347 expected new RIAs updating Form CRS) = 14,573.92 aggregate amendment hours per year for RIAs updating Form CRS. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00056 Fmt 4701 Sfmt 4702 E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 68871 21 We have previously estimated the initial preparation of Form CRS would require 5 hours of external legal services for an estimated quarter of advisers that prepare Part 3, and 5 hours of external compliance consulting services for an estimated half of advisers that prepare Part 3. See 2020 PRA Renewal (these estimates were not amended by the most recent amendment to Form ADV). The hourly cost estimate of $531 and $791 for outside legal services and management consulting services, respectively, are based on an inflation-adjusted figure in the SIFMA Wage Report. Therefore, (((.25 × 8,877 current RIAs preparing Form CRS) × ($531 × 5 hours)) + ((0.50 × 8,877 current RIAs preparing Form CRS) × ($791 × 5 hours))) = $23,447,040. For current RIAs, since this is still a new requirement, we amortize this cost over three years for a per year initial external aggregated cost of $7,815,680. For expected RIAs that we expect would prepare Form CRS each year, we use the following formula: (((.25 × 347 expected RIAs preparing Form CRS) × ($531 × 5 hours)) + ((0.50 × 347 expected RIAs preparing Form CRS) × ($791 × 5 hours))) = $916,513.75 aggregated cost for expected RIAs. We are not amortizing this initial cost because we estimate a similar number of new RIAs would incur this initial cost in preparing Form CRS each year, $7,815,680 + $916,513.75 = $8,732,193.75 aggregate external cost for current and expected RIAs to initially prepare Form CRS. 22 Based on Form ADV data as of Dec. 31, 2021, we estimate that there are 4,813 currently reporting ERAs (‘‘current ERAs’’), and an average of 346 expected new ERAs annually (‘‘expected ERAs’’). 23 See 2021 Form ADV PRA. 24 The previously approved average per adviser annual burden for ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See 2021 Form ADV PRA. As we have done in the past, we add to this burden the burden for ERAs making final filings, which we have previously estimated to be 0.1 hour per applicable adviser, and we estimate that an expected 371 current ERAs will prepare final filings annually, based on Form ADV data as of Dec. 2020. 25 For current ERAs, we are proposing to not apply the currently approved burden for initially preparing Form ADV, because we believe that current ERAs have already incurred this burden. For expected ERAs, we are applying the initial burden of preparing Form ADV of 3.6 hours. Therefore, 3.6 hours × 346 expected new ERAs per year = 1,245.6 aggregate initial hours for expected ERAs. For these expected ERAs, we are not proposing to amortize this burden, because we expect a similar number of new ERAs to incur this burden each year. Therefore, we estimate 1,245.6 aggregate initial annual hours for expected ERAs. 26 The previously approved average total annual burden of ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See 2020 Form ADV Renewal (this estimate was not affected by the subsequent amendment to Form ADV). As we have done in the past, we added to this burden the currently approved burden for ERAs making final filings of 0.1 hour, and multiplied that by the number of final filings we are estimating ERAs would file per year (371 final filings based on Form ADV data as of Dec. 2020). (1.5 hours × 4,813 currently reporting ERAs) + (0.1 hour × 371 final filings) = 7,256.6 updated aggregated hours for currently reporting ERAs. For expected ERAs, the aggregate burden is 1.5 hours for each ERA attributable to annual and other-than-annual updating amendments to Form ADV x 346 expected new ERAs = 519 annual aggregated hours for expected new ERAs updating Form ADV (other than for private fund reporting). The total aggregate amendment burden for ERAs (other than for private fund reporting) is 7,265.6 + 519 = 7,775.6 hours. 27 Based on Form ADV data as of Oct. 31, 2021, we estimate that 5,232 current RIAs advise 43,501 private funds, and expect an estimated 136 new RIAs will advise 407 reported private funds per year. We estimate that 4,959 current ERAs advise 23,476 private funds, and estimate an expected 372 new ERAs will advise 743 reported private funds per year. Therefore, we estimate that there are 66,977 currently reported private funds reported by current private fund advisers (43,501 + 23,476), and there will be annually 1,150 new private funds reported by expected private fund advisers (407 + 743). The total number of current and expected new RIAs that report or are expected to report private funds is 5,368 (5,232 current RIAs that report private funds + 136 expected RIAs that would report private funds). 28 See 2020 Form ADV PRA Renewal (this per adviser burden was not affected by subsequent amendments to Form ADV). 29 We previously estimated that an adviser without the internal capacity to value specific illiquid assets would obtain pricing or valuation services at an estimated cost of $37,625 each on an annual basis. See Rules Implementing Release, supra footnote82. However, because we estimated that external cost in 2011, we are proposing to use an inflation-adjusted cost of $46,865.74, based on the CPI calculator published by the Bureau of Labor Statistics at https://www.bls.gov/data/inflation_calculator.htm. As with previously approved PRA methodologies, we continue to estimate that 6% of RIAs have at least one private fund client that may not be audited. See 2020 Form ADV PRA Renewal. 30 Per above, for currently reported private funds, we are proposing to not apply the currently approved burden for initially reporting private funds on Form ADV, because we believe that current private fund advisers have already incurred this burden. For the estimated 1,150 new private funds annually of expected private fund advisers, we calculate the initial burden of 1 hour per private fund. 1 hour per expected new private fund × 1,150 expected new private funds = 1,150 aggregate hours for expected new private funds. For these expected new private funds, we are not proposing to amortize this burden, because we expect new private fund advisers to incur this burden with respect to new private funds each year. Therefore, we estimate 1,150 aggregate initial hours for expected private fund advisers. 31 As with previously approved PRA methodologies, we continue to estimate that 6% of registered advisers have at least one private fund client that may not be audited, therefore we estimate that the total number of audits for current and expected RIAs is 6% × 5,368 current and expected RIAs reporting private funds or expected to report private funds = 322.08 audits. We therefore estimate that approximately 322 registered advisers incur costs of $46,865.74 each on an annual basis (see note 29 describing the cost per audit), for an aggregate annual total cost of $15,090,768.30. 32 433,004 currently approved burden hours/18,179 advisers (current and expected annually) = 23.82 hours per adviser. See 2021 Form ADV PRA. 33 $14,125,083 currently approved aggregate external cost/18,179 advisers (current and expected annually) = $777 blended average external cost per adviser. 34 321,237.15 aggregate annual hours for current and expected new advisers (see infra note 38)/(14,756 current RIAs + 552 expected RIAs + 4,813 current ERAs +346 expected ERAs) = 15.70 blended average hours per adviser. 35 $34,355,721.05 aggregate external cost for current and expected new advisers (see infra note 39)/(20,467 advisers current and expected annually (see supra footnote 34) = $1,678.59 blended average hours per adviser. 36 See 2021 Form ADV PRA. 37 See 2021 Form ADV PRA. 38 39,367.44. hours (internal initial burden for Parts 1 and 2) + 190,975 4 hours (internal annual amendment burden for Parts 1 and 2) + 66,149.59 hours (internal initial burden for Part 3) + 14,573.92 hours (internal annual amendment burden for Part 3) + 1,245.6 hours (internal initial burden for ERAs) + 7,775.6 hours (internal annual amendment burden for ERAs) + 1,150 hours (Internal initial burden for private funds) = 321,237.15 aggregate annual hours for current and expected new advisers. 39 $10,565,759 + $8,732,193.75 + $15,090,768.30 = $34,355,721.05. khammond on DSKJM1Z7X2PROD with PROPOSALS2 D. Request for Comment We request comment on whether these estimates are reasonable. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (1) evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) evaluate the accuracy of the Commission’s estimate of the burden of the proposed collection of information; (3) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; and (4) determine whether there are ways to minimize the burden of the collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology. VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 Persons wishing to submit comments on the collection of information requirements of the proposed amendments should direct them to the OMB Desk Officer for the Securities and Exchange Commission, MBX.OMB.OIRA.SEC_desk_officer@ omb.eop.gov, and should send a copy to Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090, with reference to File No. S7–25–22. OMB is required to make a decision concerning the collections of information between 30 and 60 days after publication of this release; therefore a comment to OMB is best assured of having its full effect if OMB receives it within 30 days after publication of this release. Requests for materials submitted to OMB by the Commission with regard to these collections of information should be in writing, refer to File No. S7–25–22, and PO 00000 Frm 00057 Fmt 4701 Sfmt 4702 be submitted to the Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549–2736. V. Initial Regulatory Flexibility Act Analysis The Commission has prepared the following Initial Regulatory Flexibility Analysis (‘‘IRFA’’) in accordance with section 3(a) of the Regulatory Flexibility Act (‘‘RFA’’).278 It relates to proposed rule 206(4)–11 under the Advisers Act and proposed amendments to Form ADV and rule 204–2 under the Advisers Act. A. Reason For and Objectives of the Proposed Action The reasons for, and objectives of, the proposed rule and amendments are discussed in more detail in sections I and II, above. The burdens of these 278 5 E:\FR\FM\16NOP2.SGM U.S.C. 603(a). 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 68872 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules requirements on small advisers are discussed below as well as above in sections III and IV, which discuss the burdens on all advisers. We are proposing rule 206(4)–11 under the Advisers Act to require all advisers registered with the Commission to conduct due diligence and monitoring of its service providers. We believe advisers are increasingly relying on service providers to outsource certain functions without appropriate oversight, and there may be heightened risks because of it such as compliance gaps, poor operational management or risk measurement, or loss of sensitive client information and data. The proposed rule would therefore require a minimum and consistent oversight framework for all investment advisers outsourcing functions or services that are necessary to provide their advisory services in compliance with the Federal securities laws, and that if not performed or performed negligently, would be reasonably likely to cause a material negative impact on an adviser’s clients or an adviser’s ability to perform its services.279 We are also proposing related amendments to rule 204–2, the Advisers Act books and records rule, which set forth requirements for making and keeping records related to the due diligence and monitoring requirements.280 We are proposing these amendments to: (1) conform the books and records rule to the proposed service provider oversight rule; (2) help ensure that an investment adviser retains records of all of its documents related to its service provider oversight; and (3) facilitate the Commission’s inspection and enforcement capabilities. In addition, we are proposing to add a new provision to rule 204–2 requiring advisers that rely on a third party for any recordkeeping function required by that rule to perform due diligence and monitoring of that third party consistent with the requirements under proposed rule 206(4)–11 as though the recordkeeping function were a ‘‘covered function’’ and the third party were a ‘‘service provider,’’ each as defined in proposed rule 206(4)–11(b), and obtain reasonable assurances that the third party will meet certain standards.281 The standards are intended to protect required records from loss, alteration or destruction and to require that such records be accessible to the investment 279 See proposed rule 206(4)–11(a). proposed rule 204–2 (recordkeeping); proposed rule 204–6, and amendments to rule 204– 3 and Form ADV (reporting); and amendments to Forms N–1A, N–2, N–3, N–4, N–6, N–8B–2, and S– 6 (disclosure). 281 See proposed rule 204–2(l). 280 See VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 adviser and the Commission staff while maintaining appropriate freedom for investments advisers to contract with service providers to assist with recordkeeping functions. Lastly, we are proposing amendments to Form ADV for advisers registered or required to be registered with the Commission to disclose information about certain service providers. We believe this requirement would help the Commission and its staff in their efforts to oversee registered investment advisers and enhance client and investor disclosures. More information about service providers that perform covered functions would provide the Commission with a better understanding of the material services and functions that advisers outsource and permit us to enhance our assessment of advisers’ reliance on service providers for purposes of targeting examinations. The information would also help us identify particular service providers that may pose a risk to clients and investors and provide us with the ability to conduct a more comprehensive assessment of advisers. We believe that the proposed rule and amendments discussed above would, together, improve the ability of advisers as well as their clients and prospective clients to evaluate and understand relevant risks and incidents related to the use of service providers that they face and the potential effect on the advisers’ services and operations. 1. Proposed Rule 206(4)–11 Proposed rule 206(4)–11 would require an adviser to conduct due diligence before engaging a service provider to perform a covered function.282 In conducting its due diligence, the adviser would be required to, among other things, identify the nature and scope of the covered function the service provider is to perform, identify and determine how it will mitigate and manage potential risks, determine that the service provider has the competence, capacity, and resources necessary to perform the covered function, determine whether the service provider has any material subcontracting arrangements, and obtain certain reasonable assurances from the service provider.283 The proposed rule would also require the adviser periodically to monitor the service provider’s performance of the covered function and reassess the due diligence required under the proposed rule.284 proposed rule 206(4)–11(a)(1). proposed rule 206(4)–11(a)(1). 284 See proposed rule 206(4)–11(a)(2). 2. Proposed Amendments to Rule 204– 2 We are proposing related amendments to rule 204–2, the books and records rule, under the Advisers Act, which sets forth requirements for maintaining, making, and retaining specified books and records. We are proposing to amend the current rule to require advisers to make and keep: (1) a list or other record of covered functions that the adviser has outsourced to a service provider, along with a record of the factors that led the adviser to list it as a covered function; (2) records documenting the due diligence assessment; (3) a copy of any written agreement; and (4) records documenting the periodic monitoring of a service provider.285 These records would be required to be maintained throughout the time period during which the adviser has outsourced a covered function to a service provider and for a period of five years thereafter.286 We are also proposing an amendment to the rule 204–2 to require every investment adviser registered or required to be registered that relies on a third party to make and/or keep required by rule 204–2, to perform due diligence and monitoring of that third party as prescribed in proposed rule 206(4)–11 as though the recordkeeping function were a ‘‘covered function’’ and the third party were a ‘‘service provider’’, each as defined in proposed rule 206(4)–11(b), and obtain reasonable assurances that the third party will meet four standards: (i) adopt and implement internal processes and/or systems for making and keeping records on behalf of the investment adviser that meet all of the requirements of the recordkeeping rule applicable to the adviser in providing services to the adviser; (ii) make and/or keep records that meet all of the requirements of the recordkeeping rule applicable to the adviser; (iii) for electronic records, allow the investment adviser and staff of the Commission to access the records easily through computers or systems; and (iv) have arrangements in place to ensure the continued availability of records in the event that the third party’s operations cease or the relationship with the investment adviser is terminated.287 3. Proposed Amendments to Form ADV We are proposing related amendments to Form ADV. The amendments would require advisers registered or required to be registered with the Commission to identify their service providers that 282 See 285 See 283 See 286 See PO 00000 Frm 00058 Fmt 4701 Sfmt 4702 proposed rule 204–2(a)(24). proposed rule 204–2(e)(4). 287 See proposed rule 204–2(l). E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules perform covered functions, provide their location, the date they were first engaged to provide covered functions, and state whether they are related persons of the adviser. For each of these service providers, the amendments would require specific information that would clarify the services or functions they provide. The new reporting item would appear in Item 7 of Form ADV, which currently requires advisers to disclose information about financial industry affiliations. More detailed information would be required to be filled in Schedule D of Part 1A under the revised Item 7. B. Legal Basis The Commission is proposing rule 206(4)–11 under the Advisers Act under the authority set forth in sections 203(d), 206(4), and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b– 3(d), 10b–6(4) and 80b–11(a) and (h)]. The Commission is proposing amendments to rule 204–2 under the Advisers Act under the authority set forth in sections 204 and 211 of the Advisers Act of 1940 [15 U.S.C. 80b–4 and 80b–11]. The Commission is proposing amendments to Form ADV under section 19(a) of the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of the Investment Company Act [15 U.S.C. 80a–37(a)], and sections 203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b–3(c)(1), 80b–4, and 80b–11(a) and (h)]. khammond on DSKJM1Z7X2PROD with PROPOSALS2 C. Small Entities Subject to the Rules and Rule Amendments In developing these proposals, we have considered their potential effect on small entities that would be subject to the proposed rule and amendments. The proposed rule and amendments would affect many, but not all, investment advisers registered with the Commission, including some small entities. 1. Small Entities Subject to Proposed Rule 206(4)–11 and Proposed Amendments to Rule 204–2 and Form ADV Under Commission rules, for the purposes of the Advisers Act and the RFA, an investment adviser generally is a small entity if it: (1) has assets under management having a total value of less than $25 million; (2) did not have total assets of $5 million or more on the last day of the most recent fiscal year; and (3) does not control, is not controlled by, and is not under common control VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 with another investment adviser that has assets under management of $25 million or more, or any person (other than a natural person) that had total assets of $5 million or more on the last day of its most recent fiscal year.288 Our proposed rule and amendments would not affect most investment advisers that are small entities (‘‘small advisers’’) because they are generally registered with one or more state securities authorities and not with the Commission. Under section 203A of the Advisers Act, most small advisers are prohibited from registering with the Commission and are regulated by state regulators. Based on IARD data, we estimate that as of December 31, 2021, approximately 471 SEC-registered advisers are small entities under the RFA.289 The Commission estimates that based on IARD data as of December 31, 2021, approximately 14,756 investment advisers would be subject to proposed rule 206(4)–11 and the related proposed amendments to rule 204–2 under the Advisers Act and Form ADV.290 All of the approximately 471 SECregistered advisers that are small entities under the RFA would be subject to proposed rule 206(4)–11 and the related proposed amendments to rule 204–2 under the Advisers Act and Form ADV. D. Projected Reporting, Recordkeeping and Other Compliance Requirements 1. Proposed Rule 206(4)–11 Proposed rule 206(4)–11 would impose certain compliance requirements on investment advisers, including those that are small entities. All registered investment advisers, including small entity advisers, would be required to comply with the proposed rule’s due diligence and monitoring requirements. The proposed requirements, including compliance and recordkeeping requirements, are summarized in this IRFA (section V.A. above). All of these proposed requirements are also discussed in detail, above, in sections I and II, and these requirements and the burdens on respondents, including those that are small entities, are discussed above in section III (the Economic Analysis) and below. The professional skills required to meet these specific burdens are also discussed in sections III and IV. There are different factors that would affect whether a smaller adviser incurs costs relating to these requirements that 288 Advisers Act rule 0–7(a) [17 CFR 275.0–7]. on SEC-registered investment adviser responses to Items 5.F. and 12 of Form ADV. 290 See supra section III.B.1. 289 Based PO 00000 Frm 00059 Fmt 4701 Sfmt 4702 68873 are higher or lower relative to other firms and likely to vary depending on the adviser’s current practices. The specifics of these burdens are discussed in the Economic Analysis, which also discusses the burdens on all registered investment advisers.291 For example, although a smaller adviser’s use of service providers should include sufficient oversight by the adviser so as to fulfill the adviser’s fiduciary duty, comply with the Federal securities laws, and protect clients from potential harm, those current practices may not meet the specific requirements of the proposal. In addition, smaller advisers who may not enjoy economies of scale or scope or may have less valuable brands than larger advisers, could be expected to be more prone to underinvestment in service provider oversight than larger advisers.292 Also, while we would expect larger advisers to incur higher costs related to this proposed rule in absolute terms relative to a smaller adviser, we would expect a smaller adviser to find it more costly, per dollar managed, to comply with the proposed requirements because it would not be able to benefit from a larger adviser’s economies of scale. For example, if there are fixed costs associated with the proposed regulations, then smaller advisers would generally tend to bear a greater cost, relative to adviser size, than larger advisers. To the extent there are material fixed costs associated with the proposed rule, then we would expect the possible negative effect on competition to be greater for smaller advisers who engage service providers because the proposed regulations would tend to increase their costs more (relative to adviser size) than for larger advisers that engage service providers.293 Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the proposed rule 206(4)–11. The proposed rule 206(4)–11 under the Advisers Act, which would require advisers to conduct due diligence and monitoring of their service providers, would create new annual costs for advisers.294 We estimate that the due diligence and monitoring requirements would create an ongoing annual burden of 291 See supra section III.D. supra section III.D at footnote 121 and accompanying text. 293 See also supra footnote 192 and accompanying text. The division of the service provider’s direct costs between the service provider and the adviser would depend primarily on the relative bargaining power of the two parties. 294 See supra sections III.D.1, III.D.2, and IV. 292 See E:\FR\FM\16NOP2.SGM 16NOP2 68874 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules approximately 195.56 hours per small adviser, or 92,108.76 hours in aggregate for small advisers.295 We therefore expect the annual monetized aggregate cost to small advisers associated with our proposed amendments would be approximately $27,698,987.296 khammond on DSKJM1Z7X2PROD with PROPOSALS2 2. Proposed Amendments to Rule 204– 2 The proposed amendments to rule 204–2 would impose certain requirements related to the creation and maintenance of records on investment advisers, including those that are small entities. All registered investment advisers, including small entity advisers, would be required to comply with the recordkeeping amendments, which are summarized in this IRFA (section V.C. above). The proposed amendments are also discussed in detail, above, in sections I and II, and the requirements and the burdens on respondents, including those that are small entities, are discussed above in sections III and IV (the Economic Analysis and Paperwork Reduction Act Analysis, respectively) and below. The professional skills required to meet these specific burdens are also discussed in sections III and IV. Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the proposed amendments to rule 204–2. The proposed amendments to rule 204– 2 under the Advisers Act, which would require advisers to make and keep certain documents required under proposed rule 206(4)–11 and 204–2(l), would create a new annual burden of approximately 15 hours per small adviser, or 7,065 hours in aggregate for small advisers.297 We therefore expect the annual monetized aggregate cost to small advisers associated with recordkeeping required by the proposed amendments would be $1,964,541.298 The proposed amendments to rule 204– 2 also would require advisers that rely on third parties to make and/or keep records required by rule 204–2 to perform certain due diligence and monitoring of such third parties.299 We 295 See supra sections III.D.1 and III.D.2. We estimate that the ongoing annual burden for the required due diligence and monitoring of service providers would be on the minimum-cost estimates as described in sections III.D.1 and III.D.2 because we expect smaller advisers to be represented in these lower bound estimates. 296 See supra sections III.D.1, III.D.2. $867,783,964 total cost × (471 small advisers/14,756 advisers) = $27,698,986.70. 297 See supra section IV.B. 298 $61,547,276 total cost × (471 small advisers/ 14,756 advisers) = $1,964,541. 299 See proposed rule 204–2(l). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 estimate that these due diligence and monitoring requirements would create an ongoing annual burden of approximately 29 hours per small adviser, or 13,659 hours in aggregate for small advisers.300 We therefore expect the annual monetized aggregate cost to small advisers associated with the due diligence and monitoring requirements required by the proposed amendments would be approximately $4,154,849.301 3. Proposed Amendments to Form ADV The proposed amendments to Form ADV would impose certain reporting and compliance requirements on investment advisers, including those that are small entities. Specifically, new Item 7.C. of Form ADV would require advisers to disclose whether they outsource any covered functions to a service provider and report more detailed information about such service providers in new Section 7.C. of Schedule D. All SEC-registered investment advisers, including small entity advisers, would be required to comply with the proposed rule’s reporting requirement by completing this portion of Form ADV.302 The proposed requirements, including reporting and compliance requirements, are summarized in this IRFA (section V.C. above). All of these proposed requirements are also discussed in detail, above, in sections I and II, and these requirements and the burdens on respondents, including those that are small entities, are discussed above in sections III and IV (the Economic Analysis and Paperwork Reduction Act Analysis, respectively) and below. The professional skills required to meet these specific burdens are also discussed in sections III through IV. Of the approximately 471 small advisers currently registered with us, we estimate that 100 percent of those advisers would be subject to the Form ADV amendments. New Item 7.C. of Form ADV, which would require advisers to report to the Commission information about certain of their service providers, would create a new annual burden of approximately 0.7 hours per adviser, or 329.7 hours in 300 See supra section III.D.3. We estimate that the ongoing annual burden for the required due diligence and monitoring of third-party recordkeepers would be on the minimum-cost estimates as described in section III.D.3 because we expect smaller advisers to be represented in this lower bound estimate. 301 $130,167,595 total cost × (471 small advisers/ 14,756 advisers) = $4,154,848.01. 302 The proposal would not require exempt reporting advisers to respond to Item 7.C. See proposed General Instruction 3 (not requiring exempt reporting advisers to complete Form ADV, Part IA, Item 7.C. PO 00000 Frm 00060 Fmt 4701 Sfmt 4702 aggregate for small advisers.303 We therefore expect the annual monetized aggregate internal cost to small advisers associated with our proposed amendments would be $98,745.15.304 E. Duplicative, Overlapping, or Conflicting Federal Rules 1. Proposed Rule 206(4)–11 In proposing this rule 206(4)–11, we recognize that investment advisers today are subject to a number of rules and regulations which indirectly address the oversight of an adviser’s service providers. However, investment advisers do not have explicit due diligence and monitoring obligations under the Advisers Act specifically for service providers. The proposed rule would provide a comprehensive oversight framework, consisting of specific due diligence and monitoring elements, which we believe would be complementary to existing obligations and practices rather than duplicative or conflicting. In addition, rule 206(4)–7 under the Advisers Act requires advisers to consider, among other things, their regulatory obligations and formalize policies and procedures reasonably designed to prevent violation of the Advisers Act. While rule 206(4)–7 does not enumerate specific elements that an adviser must include in its compliance program, advisers may already be assessing the various risks created by their particular circumstances in hiring service providers when developing their compliance policies and procedures to address such risks. To the extent there may be overlap between existing practices employed by firms in implementing their written policies and procedures under rule 206(4)–7 and the proposal, these practices may not meet all the specific requirements of the proposal as existing rules do not provide a comprehensive oversight framework when outsourcing covered functions. Therefore, these practices would be complementary to the requirements of the proposed rule, rather than duplicative or conflicting. Advisers may also consider the risks associated with the use of service providers when service providers are engaged on behalf of registered investment companies, which may be subject to other oversight rules under the Federal securities laws. For example, rule 38a–1 under the Investment Company Act requires certain compliance procedures and practices by registered investment 303 See supra section IV.C. total cost × (471 small advisers/ 14,756 advisers) = $98,745.15. 304 $3,093,595.40 E:\FR\FM\16NOP2.SGM 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules companies including board approval of the policies and procedures of each adviser, principal underwriter, administrator, and transfer agent of the fund.305 The board approval must be based on a finding by the board that the policies and procedures are reasonably designed to prevent violation of the Federal securities laws by the fund and the adviser.306 If these same service providers (i.e., principal underwriter, administrator, and transfer agent) are engaged by the adviser to service their mutual fund clients, then there may be potential for overlap between the proposed rule and rule 38a–1. However, we believe that the two rules are complementary, and that the adviser should separately conduct its own due diligence and monitoring to the extent that it engages a service provider for its fund clients because unlike 38a–1, the proposed rule is not limited to reviewing solely a service provider’s policies and procedures.307 Advisers to registered investment companies might also consider the risks of service providers when valuation agents or pricing services are engaged for purposes of complying with rule 2a– 5, also known as the valuation rule, under the Investment Company Act.308 The valuation rule requires that funds assess periodically any material risks associated with determining the fair value of the fund’s investments, including material conflicts of interest, and managing those identified valuation risks.309 As part of the rule, the fund’s board might designate a fund’s investment adviser as the ‘‘valuation designee,’’ which would be subject to the board’s oversight. As the valuation designee, the adviser may choose to outsource certain functions to a service provider such as a third-party pricing agent or valuation company. In the event that it does, there would have to be fund board oversight, which includes periodic reporting to the board of any reports or materials related to the fair value of investments or process for fair valuing fund investments as well as prompt board notification and reporting of any occurrence of matters that materially affect the fair value of the designated portfolio of investments.310 An adviser’s engagement of a valuation agent or pricing services might involve some oversight such as due diligence and monitoring, but it would be focused on the fair valuation of investments, and 305 See rule 38a–1(a)(1) and (2). id. 307 See id. 308 See rule 2a–5. 309 See id. 310 See rule 2a–5(b)(1). 306 See VerDate Sep<11>2014 17:47 Nov 15, 2022 not a comprehensive oversight of the service provider that engages in other covered functions, which our proposed rule is designed to strengthen. Some advisers may also consider the risks associated with the use of service providers when complying with certain obligations under the Advisers Act. For example, advisers registered or required to be registered with the Commission are subject to section 204A of the Advisers Act, which requires an adviser to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the adviser or any person associated with the adviser.311 In addition, rule 204A–1 under the Advisers Act requires, among other things, that an adviser’s code of ethics sets forth requirements that certain advisory personnel report personal securities trading to provide a mechanism for the adviser to identify improper trades or patterns of trading and its supervised persons comply with the Federal securities laws.312 As part of an adviser’s compliance with these obligations and implementation of its code of ethics, an adviser may conduct some oversight of third party arrangements which relate to certain obligations under its code of ethics, such as the use and protection of material non-public information. While such oversight may include some due diligence and monitoring, it would be focused on the requirements of the adviser’s code of ethics, and not a comprehensive oversight of the service provider that engages in other covered functions. Other rules also include requirements for protecting an investment adviser’s client information, including the provision of that information to third parties, which could include service providers covered by the proposed rule. Regulation S–P and Regulation S–ID require, among other things, investment advisers registered with the Commission to adopt policies and procedures to protect various records and information of customers. Regulation S–P provides requirements to adopt written policies and procedures reasonably designed to: (i) insure the security and confidentiality of records and information of an adviser’s client; (ii) protect against any anticipated threats or hazards to the security or integrity of such records and information; and (iii) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to an adviser’s client.313 Regulation S–ID provides requirements to develop and implement a written identity theft program that includes policies and procedures to identify relevant types of identity theft red flags, detect the occurrence of those red flags, and to respond appropriately to the detected red flags.314 If the adviser is a financial institution or creditor with covered accounts, Reg. S–ID, at 17 CFR 248.201(e)(4), requires it to ‘‘Exercise appropriate and effective oversight of service provider arrangements,’’ and section VI(c) of the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation in Appendix A to Reg. S–ID provides: 315 Whenever a financial institution or creditor engages a service provider to perform an activity in connection with one or more covered accounts the financial institution or creditor should take steps to ensure that the activity of the service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. Where an adviser outsources certain cybersecurity functions, the adviser may already conduct due diligence and monitoring of service providers pursuant to policies and procedures to address Regulation S–P or Regulation S– ID. For example, advisers may already have policies and procedures to address the handling of non-public trading information or PII when service providers have access to such information under Regulation S–P and S–ID. As another example, if a nonaffiliated trading services provider were to receive nonpublic personal information from the adviser under an exception from Reg. S–P’s notice and opt out requirements, its reuse and redisclosure of the information would be limited to performing trading services for the adviser’s clients by Reg. S–P, at 17 CFR 248.11(a), or the corresponding requirement of another Gramm-LeachBliley Act regulatory agency if the service provider is not regulated by the SEC. While some advisers may conduct proper due diligence and monitoring of their valuation agents or pricing services, third-party recordkeepers, and certain service providers such as those arrangements that raise privacy or cybersecurity risks under the existing regulatory framework, there are no Commission rules that explicitly require firms to conduct the comprehensive due diligence and monitoring of their service providers, as proposed under the 313 See 311 See 15 U.S.C. 80b–4a. 312 See 17 CFR 275.204A–1. Jkt 259001 PO 00000 Frm 00061 Fmt 4701 Sfmt 4702 68875 17 CFR 248.30. 17 CFR 248.201. 315 17 CFR 248 Appendix A to Subpart C. 314 See E:\FR\FM\16NOP2.SGM 16NOP2 68876 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 proposed rule. As stated above, we believe that the proposed rule would be complementary, rather than duplicative of, the current and other proposed rules. 2. Proposed Amendments to Rule 204–2 Together with proposed rule 206(4)– 11, we are proposing corresponding amendments to rule 204–2, the Advisers Act books and records rule. Rule 204– 2 prescribes the type, manner, location and duration of records to be maintained by registered investment advisers registered or required to be registered with the Commission, but does not currently prescribe requirements for when an adviser outsources one or more required recordkeeping functions to a third party. Under the proposed amendments to rule 204–2, when an adviser relies on a third party to make and keep records of the adviser required under the rule, an adviser would be required to comply with the requirements of proposed rule 204–2(l), including performing the same due diligence and monitoring prescribed by proposed rule 206(4)–11 as though the recordkeeping function were a ‘‘covered function’’ and the third party were a ‘‘service provider’’, each as defined in proposed rule 206(4)–11(b). An adviser may currently conduct certain due diligence and monitoring of these types of third-party recordkeepers as part of the adviser’s efforts to ensure its compliance with its existing recordkeeping obligations. However, these practices may not meet all the specific requirements of the proposal as rule 204–2 does not currently prescribe specific due diligence and monitoring requirements nor does the existing rule framework provide a comprehensive oversight of such service providers. Additionally, under rule 204–2(f), an investment adviser, before discontinuing its investment advisory business or otherwise terminating its advisory activities, is required to arrange and be responsible for the preservation of books and records required by the rule for the remainder of the required retention period. While an adviser may currently seek to coordinate with a third-party recordkeeper to ensure records required under the recordkeeping rule will be preserved for the required retention period, that adviser may not have obtained reasonable assurance that the third party will make arrangements to ensure the continued availability of records should the third party cease its business operations. Proposed rule 204– 2(l) is intended to complement existing rule 204–2(f) and ensure the continued availability of the records in the event VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 that a third-party recordkeeper ceases operations or the relationship with the adviser is terminated. The amendments to rule 204–2 are complementary to the existing recordkeeping framework because the changes would conform rule 204–2 to the proposed service provider oversight rule and provide express requirements for when an adviser outsources recordkeeping functions. There are no duplicative, overlapping, or conflicting Federal rules with respect to the proposed amendments to rule 204–2. 3. Proposed Amendments to Form ADV Our proposed new Item 7.C in Form ADV Part 1A would require SECregistered advisers to: (1) indicate whether they outsource any covered functions to a service provider; (2) disclose information of each such service provider including legal and primary business names of the service provider, legal entity identifier, and address of service provider; (3) indicate whether identified service provider is a related person of the adviser; (4) date the service provider was first engaged, and (5) the covered function(s) that the service provider is engaged to perform. Currently, Item 7 in Form ADV Part 1A requires an adviser to disclose information about financial industry affiliations and activities, and to state whether the adviser advises any private funds, and if so, provide certain information related to those private funds. The proposed requirements would not be duplicative of, overlap, or conflict with, other information advisers are required to provide on Form ADV. F. Significant Alternatives The Regulatory Flexibility Act (‘‘RFA’’) directs the Commission to consider significant alternatives that would accomplish our stated objective, while minimizing any significant economic effect on small entities.316 We considered the following alternatives for small entities in relation to our proposal: (1) exempting advisers that are small entities from the proposed due diligence and monitoring requirements under proposed rule 206(4)–11 and related provisions under the proposed amendments to rule 204–2, to account for resources available to small entities; (2) establishing different requirements or frequency, to account for resources available to small entities; (3) clarifying, consolidating, or simplifying the compliance requirements under the proposal for small entities; and (4) using 316 See PO 00000 5 U.S.C. 603(c). Frm 00062 Fmt 4701 design rather than performance standards. 1. Proposed Rules 206(4)–11 and 204–2 The RFA directs the Commission to consider significant alternatives that would accomplish our stated objectives, while minimizing any significant adverse effect on small entities. We considered the following alternatives for small entities in relation to the proposed rules 206(4)–11 and 204–2: (1) differing compliance or reporting requirements that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the proposed rule for such small entities; (3) the use of design rather than performance standards; and (4) an exemption from coverage of the proposed rule, or any part thereof, for such small entities. Regarding the first and fourth alternatives, the Commission believes that establishing different compliance or reporting requirements for small advisers, or exempting small advisers from the proposed rule, or any part thereof, would be inappropriate under these circumstances. Because the protections of the Advisers Act are intended to apply equally to clients of both large and small firms, it would be inconsistent with the purposes of the Advisers Act to specify differences for small entities under the proposed rule 206(4)–11 and corresponding changes to rule 204–2. We believe that the proposed rule would result in multiple benefits to clients.317 For example, having appropriate due diligence and monitoring measures in place would help address any potential risks and incidents that occur at the service provider and help protect advisers and their clients from greater risk of harm. We believe that these benefits should apply to clients of smaller firms as well as larger firms. Establishing different conditions for large and small advisers even though advisers of every type and size rely on various service providers for performing covered functions and thus face increasing compliance gap and other risks would negate these benefits. The corresponding changes to rule 204– 2 are tailored to address proposed rule 206(4)–11 and the requirements for outsourcing recordkeeping functions. Regarding the second alternative, we believe the current proposal is clear and that further clarification, consolidation, or simplification of the compliance requirements is not necessary. The proposed rule would require advisers to: 317 See Sfmt 4702 E:\FR\FM\16NOP2.SGM supra section III.D. 16NOP2 khammond on DSKJM1Z7X2PROD with PROPOSALS2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules (1) conduct certain due diligence before engaging a service provider to perform a covered function; and (2) periodically monitor the service provider’s performance of the covered function and reassess the retention of the service provider in accordance with the due diligence requirements.318 The proposed rule would provide a minimum, consistent oversight framework regarding an adviser outsourcing functions or services that are necessary to provide advisory services in compliance with the Federal securities laws, and that if not performed or if performed negligently would be reasonably likely to cause a material negative impact on an adviser’s clients or an adviser’s ability to perform its services. The proposed rule would serve as an explicit requirement for advisers to oversee service providers covered by the rule appropriately and is designed to address our concern that outsourcing covered functions in particular, without further action by the investment adviser, can undermine the adviser’s provision of services, and can otherwise harm clients. Regarding the third alternative, we determined to use performance standards rather than design standards. Although the proposed rule requires due diligence and monitoring that are reasonably designed to address a certain number of elements, we do not place certain conditions or restrictions on how to adopt and implement such requirements. The general elements are designed to enumerate core areas that firms must address when conducting due diligence and monitoring of a service provider. Given the number and varying characteristics of advisers, we believe firms need the ability to tailor their measure or method in conducting due diligence and monitoring based on their individual facts and circumstances.319 Similarly, rather than requiring a written agreement with specific language provisions, the proposed rule would afford advisers the flexibility to customize and tailor their processes to the proposed requirements.320 Proposed rule 206(4)– 11 therefore allows advisers to address the general elements based on the particular risks posed by each adviser’s operations and business practices as well as the types of covered functions that are outsourced and the types of service providers engaged. The proposed rule would also provide flexibility for the adviser to determine 318 See proposed rule 206(4)–11. See also supra section II.B and C. 319 See supra section II.B and C. 320 See proposed rule 206(4)–11(a). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 the personnel who would implement and oversee the effectiveness of its due diligence and monitoring. 2. Proposed Amendments to Form ADV The RFA directs the Commission to consider significant alternatives that would accomplish our stated objectives, while minimizing any significant adverse effect on small entities. We considered the following alternatives for small entities in relation to the proposed amendments to Form ADV: (1) differing compliance or reporting requirements that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the proposed amendments for such small entities; (3) the use of design rather than performance standards; and (4) an exemption from coverage of the proposed amendments, or any part thereof, for such small entities. Regarding the first and fourth alternatives, the Commission believes that establishing different compliance or reporting requirements for small advisers, or exempting small advisers from the proposed amendments, or any part thereof, would be inappropriate under these circumstances. Because the protections of the Advisers Act are intended to apply equally to clients of both large and small firms, it would be inconsistent with the purposes of the Advisers Act to specify differences for small entities under the proposed amendments to Form ADV. We believe that the proposed amendments would result in multiple benefits to clients.321 For example, the proposed amendments to Form ADV would improve the ability of clients and prospective clients to evaluate and conduct a more comprehensive due diligence of an adviser, addressing any potential concerns related to an adviser’s use of a particular service provider. We believe that these benefits should apply to clients of smaller firms as well as larger firms. Establishing different conditions for large and small advisers even though all advisers, regardless of type and size, engage service providers to outsource certain covered functions, would negate these benefits. Regarding the second alternative, we believe the current proposed amendments are clear and that further clarification, consolidation, or simplification of the compliance requirements is not necessary. The proposed amendments to Form ADV would require advisers to disclose information regarding the service 321 See PO 00000 supra section III.D. Frm 00063 Fmt 4701 Sfmt 4702 68877 providers that perform covered functions.322 The proposed amendments to Form ADV would provide for advisers to present clear and meaningful disclosure regarding such service providers to their clients and prospective clients. Regarding the third alternative, we determined that for the Commission and its staff to better identify and address risks related to outsourcing by advisers and oversee advisers’ use of service providers and to enable clients to make better informed decisions about the retention of an adviser, advisers must provide certain baseline information about their service providers. The proposed amendments to Form ADV do not contain any specific limitations or restrictions on the disclosure of service providers. Given the number and varying types of advisers, as well as the types of covered functions and service providers that may be engaged at a particular adviser, respectively, we believe firms need the ability to tailor their disclosures according to their own circumstances.323 G. Solicitation of Comments We encourage written comments on the matters discussed in this IRFA. We solicit comment on the number of small entities subject to the proposed rule 206(4)–11 and proposed amendments to rule 204–2 and Form ADV. We also solicit comment on the potential effects discussed in this analysis; and whether this proposal could have an effect on small entities that has not been considered. We request that commenters describe the nature of any effect on small entities and provide empirical data to support the extent of such effect. VI. Consideration of Impact on the Economy For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996, or ‘‘SBREFA,’’ 324 we must advise OMB whether a proposed regulation constitutes a ‘‘major’’ rule. Under SBREFA, a rule is considered ‘‘major’’ where, if adopted, it results in or is likely to result in (1) an annual effect on the economy of $100 million or more; (2) a major increase in costs or prices for consumers or individual industries; or (3) significant adverse effects on competition, investment or innovation. We request comment on whether the proposal would be a ‘‘major rule’’ for purposes of SBREFA. We request comment on the potential effect of the 322 See supra section II.D. supra section II.B. 324 Public Law 104–121, Title II, 110 Stat. 857 (1996) (codified in various sections of 5 U.S.C., 15 U.S.C., and as a note to 5 U.S.C. 601). 323 See E:\FR\FM\16NOP2.SGM 16NOP2 68878 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules proposed amendments on the U.S. economy on an annual basis; any potential increase in costs or prices for consumers or individual industries; and any potential effect on competition, investment or innovation. Commenters are requested to provide empirical data and other factual support for their views to the extent possible. VII. Statutory Authority The Commission is proposing rule 206(4)–11 under the Advisers Act under the authority set forth in sections 203(d), 206(4), and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b– 3(d), 10b–6(4) and 80b–11(a) and (h)]. The Commission is proposing amendments to rule 204–2 under the Advisers Act under the authority set forth in sections 204 and 211 of the Advisers Act of 1940 [15 U.S.C. 80b–4 and 80b–11]. The Commission is proposing amendments to Form ADV under section 19(a) of the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of the Investment Company Act [15 U.S.C. 80a–37(a)], and sections 203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 U.S.C. 80b–3(c)(1), 80b–4, and 80b–11(a) and (h)]. List of Subjects in 17 CFR Parts 275 and 279 Reporting and recordkeeping requirements, Securities. Text of Proposed Rule and Form Amendments For the reasons set out in the preamble, title 17, chapter II of the Code of Federal Regulations is proposed to be amended as follows: PART 275—RULES AND REGULATIONS, INVESTMENT ADVISERS ACT OF 1940 1. The authority citation for part 275 continues to read, in part, as follows: ■ Authority: 15 U.S.C. 80b–2(a)(11)(G), 80b– 2(a)(11)(H), 80b–2(a)(17), 80b–3, 80b–4, 80b– 4a, 80b–6(4), 80b–6a, and 80b–11, unless otherwise noted. khammond on DSKJM1Z7X2PROD with PROPOSALS2 * * * * * Section 275.204–2 is also issued under 15 U.S.C. 80b–6. * * * * * Amend § 275.204–2 by adding reserved paragraphs (a)(20) through (23) and paragraphs (a)(24), (e)(4), and (l) to read as follows: § 275.204–2 Books and records to be maintained by investment advisers. (a) * * * VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 (20)–(23) [Reserved] (24)(i) A list or other record of Covered Functions that the adviser has outsourced to a Service Provider, as defined in § 275.206(4)–11, including the name of each Service Provider, along with a record of the factors, corresponding to each listed function, that led the adviser to list it as a Covered Function; (ii) Records documenting the due diligence assessment conducted pursuant to § 275.206(4)–11, including any policies and procedures or other documentation as to how the adviser will comply with § 275.206(4)– 11(a)(1)(ii); (iii) A copy of any written agreement, including any amendments, appendices, exhibits, and attachments, entered into with a Service Provider regarding Covered Functions, each as defined in § 275.206(4)–11; and (iv) Records documenting the periodic monitoring of a Service Provider pursuant to § 275.206(4)–11. * * * * * (e) * * * (4) Books and records required to be made under paragraph (a)(24) of this rule shall be maintained in an easily accessible place throughout the time period during which the adviser has outsourced a Covered Function to a Service Provider and for a period of five years thereafter. * * * * * (l) Every investment adviser subject to paragraph (a) of this section that relies on a third party to make and/or keep any books and records required by this section (the recordkeeping function) must: (1) Due diligence and monitoring. Perform due diligence and monitoring as prescribed in § 275.206(4)–11(a)(1) and (a)(2) with respect to the recordkeeping function, and make and keep such records as prescribed in paragraph (a)(24) of this section, in each case as though the recordkeeping function were a Covered Function as defined in § 275.206(4)–11(b) and the third party were a Service Provider as defined in § 275.206(4)–11(b); and (2) Obtain reasonable assurances that the third party will: (i) Adopt and implement internal processes and/or systems for making and/or keeping records on behalf of the investment adviser that meet all of the requirements of this section as applicable to the investment adviser; (ii) Make and/or keep records of the investment adviser that meet all of the requirements of this section as applicable to the investment adviser; (iii) For electronic records of the investment adviser that are made and/ PO 00000 Frm 00064 Fmt 4701 Sfmt 4702 or kept by the third party under this subparagraph, allow the investment adviser and staff of the Commission to access the records easily through computers or systems during the required retention period pursuant to this section; and (iv) Make arrangements to ensure the continued availability of records of the investment adviser that are made and/ or kept under this subparagraph by the third party that will meet all of the requirements of this section as applicable to the investment adviser in the event that the third party ceases operations or the relationship with the investment adviser is terminated. ■ 3. Section 275.206(4)–11 is added to read as follows: § 275.206(4)–11 Service Providers. (a) As a means reasonably designed to prevent fraudulent, deceptive, or manipulative acts, practices, or courses of business within the meaning of section 206(4) of the Act (15 U.S.C. 80b– 6(4)), it shall be unlawful for an investment adviser registered or required to be registered under section 203 of the Act (15 U.S.C. 80b–3) to retain a Service Provider to perform a Covered Function unless: (1) Due diligence. Before engaging such Service Provider, the adviser reasonably identifies, and determines that it would be appropriate to outsource the Covered Function and that it would be appropriate to select that Service Provider, by: (i) Identifying the nature and scope of the Covered Function the Service Provider is to perform; (ii) Identifying, and determining how it will mitigate and manage, the potential risks to clients or to the adviser’s ability to perform its advisory services resulting from engaging a Service Provider to perform the Covered Function and engaging that Service Provider to perform the Covered Function; (iii) Determining that the Service Provider has the competence, capacity, and resources necessary to perform the Covered Function in a timely and effective manner; (iv) Determining whether the Service Provider has any subcontracting arrangements that would be material to the Service Provider’s performance of the Covered Function, and identifying and determining how the investment adviser will mitigate and manage potential risks to clients or to the investment adviser’s ability to perform its advisory services in light of any such subcontracting arrangement; (v) Obtaining reasonable assurance from the Service Provider that it is able E:\FR\FM\16NOP2.SGM 16NOP2 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS2 to, and will, coordinate with the investment adviser for purposes of the adviser’s compliance with the Federal securities laws, as applicable to the Covered Function; and (vi) Obtaining reasonable assurance from the Service Provider that it is able to, and will, provide a process for orderly termination of its performance of the Covered Function. (2) Monitoring. The adviser periodically monitors the Service Provider’s performance of the Covered Function and reassesses the retention of the Service Provider in accordance with the due diligence requirements of paragraph (a)(1) of this section and with a manner and frequency such that the investment adviser reasonably determines that it is appropriate to continue to outsource the Covered Function and that it remains appropriate to outsource it to the Service Provider. (b) Definitions. For the purposes of this section: Covered Function means a function or service that is necessary for the VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 investment adviser to provide its investment advisory services in compliance with the Federal securities laws, and that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the adviser’s clients or on the adviser’s ability to provide investment advisory services. A covered function does not include clerical, ministerial, utility, or general office functions or services. Service Provider means a person or entity that: (i) Performs one or more Covered Functions; and (ii) Is not a supervised person, as defined in 15 U.S.C. 80b–2(a)(25), of the investment adviser. PART 279—FORMS PRESCRIBED UNDER THE INVESTMENT ADVISERS ACT OF 1940 4. The authority citation for part 279 continues to read as follows: ■ Authority: The Investment Advisers Act of 1940, 15 U.S.C. 80b–1 et seq., Pub. L. 111– 203, 124 Stat. 1376. PO 00000 Frm 00065 Fmt 4701 Sfmt 4702 68879 5. Amend Form ADV (referenced in § 279.1) by: ■ a. In General Instructions, revising the second sub-bullet point paragraph to the first bullet point paragraph under Instruction 3; ■ b. In Instructions for Part 1A, revising the heading and introductory text of 6. Item 7;’’ ■ c. In Glossary of Terms, redesignating items 11 through 53 as 12 through 54, and items 55 through 65 as 57 through 67; ■ d. In Glossary of Terms, adding new items 11 and 57; ■ e. In Part 1A, revising Item 7 heading and introductory text, and adding C; and ■ ■ f. In Schedule D, adding Section 7.C. The additions and revisions read as follows: Note: The text of Form ADV does not, and this amendment will not, appear in the Code of Federal Regulations. BILLING CODE 8011–01–P E:\FR\FM\16NOP2.SGM 16NOP2 68880 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT BY EXEMPT REPORTING ADVISERS Form ADV General Instructions ***** 3. How is Form ADV organized? Form ADV contains five parts: • Part lA asks a number of questions about you, your business practices, the persons who own and control you, and the persons who provide investment advice on your behalf. o All advisers registering with the SEC or any of the state securities authorities must complete Part lA. o Exempt reporting advisers (that are not also registering with any state securities authority) must complete only the following Items of Part lA: 1, 2, 3, 6, 7A, 7B, 10, and 11, as well as corresponding schedules. Exempt reporting advisers that are registering with any state securities authority must complete all of Form ADV. ***** Form ADV: Instructions for Part lA 6. Item 7: Financial Industry Affiliations, Private Fund, and Service Provider Reporting VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00066 Fmt 4701 Sfmt 4725 E:\FR\FM\16NOP2.SGM 16NOP2 EP16NO22.000</GPH> khammond on DSKJM1Z7X2PROD with PROPOSALS2 ***** Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules 68881 Item 7.A. and Section 7.A. of Schedule D ask questions about you and your related persons' financial industry affiliations. If you are filing an umbrella registration, you should not check Item 7.A.(2) with respect to your relying advisers, and you do not have to complete Section 7.A. in Schedule D for your relying advisers. You should complete Schedule R for each relying adviser. Item 7.B. and Section 7.B. of Schedule D ask questions about the private funds that you advise. You are required to complete a Section 7.B.(l) of Schedule D for each private fund that you advise, except in certain circumstances described under Item 7.B. and below. Item 7.C and Section 7.C of Schedule D asks questions about the service providers you engage to perform covered functions. If either the function or the provider performing the function does not meet the definition of covered.function or service provider, respectively, you should not complete Item 7.C and Section 7.C of Schedule for that function or provider. You are required to complete Section 7.C of Schedule D for each service provider that performs a coveredfunction. ***** GLOSSARY OF TERMS ***** 11. Covered Function: A service or function that satisfies the definition of covered function in rule 206(4)-11 (b). 57. Service Provider: Means a person or entity that meets the definition of provider in rule 206(4)-1 l(b ). VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00067 Fmt 4701 Sfmt 4725 E:\FR\FM\16NOP2.SGM 16NOP2 EP16NO22.001</GPH> khammond on DSKJM1Z7X2PROD with PROPOSALS2 ***** 68882 Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules ***** PARTlA ***** Item 7. Financial Industry Affiliations, Private Fund, and Service Provider Reporting In this Item, we request information about your financial industry affiliations, activities, and service providers. This information identifies areas in which conflicts of interest may occur between you and your clients and provides information about the coveredfunctions you outsource to service providers. *** C. Do you outsource any coveredjunction(s) to a service provider? □ Yes □ No If "yes," then for each service provider, you must complete a Section 7.C of Schedule D. ***** Schedule D ***** Section 7.C □ Add □ □ Delete Amend (1) Legal name of service provider: _ _ _ _ _ _ _ __ (2) Primary Business Name of service provider: (3) Legal Entity Identifier (if applicable): _ _ _ _ _ _ __ (4) Is the service provider a related person: (5) Date service provider first engaged to provide a covered.function: _ _ _ __ (6) The location of the service provider's office principally responsible for the covered junction(s): □ Yes □ No (number and street) VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00068 Fmt 4701 Sfmt 4725 E:\FR\FM\16NOP2.SGM 16NOP2 EP16NO22.002</GPH> khammond on DSKJM1Z7X2PROD with PROPOSALS2 Check only one box: Federal Register / Vol. 87, No. 220 / Wednesday, November 16, 2022 / Proposed Rules (city) (7) (state/country) 68883 (zip +4/postal code) The service provider is engaged to provide the following coveredfunction(s) (check all that apply): □ □ □ □ □ □ □ □ □ □ □ □ □ □ Adviser/ Subadviser Client Servicing Cybersecurity Investment Guideline/ Restriction Compliance Investment Risk Portfolio Management (excluding Adviser/ Subadviser) Portfolio Accounting Pricing Reconciliation Regulatory Compliance Trading Desk Trade Communication and Allocation Valuation Other: - - - - - - - - - - - - - - - - - - ***** By the Commission. Dated: October 26, 2022. Vanessa A. Countryman, Secretary. [FR Doc. 2022–23694 Filed 11–15–22; 8:45 am] VerDate Sep<11>2014 17:47 Nov 15, 2022 Jkt 259001 PO 00000 Frm 00069 Fmt 4701 Sfmt 9990 E:\FR\FM\16NOP2.SGM 16NOP2 EP16NO22.003</GPH> khammond on DSKJM1Z7X2PROD with PROPOSALS2 BILLING CODE 8011–01–C

Agencies

SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 87, Number 220 (Wednesday, November 16, 2022)]
[Proposed Rules]
[Pages 68816-68883]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-23694]



[[Page 68815]]

Vol. 87

Wednesday,

No. 220

November 16, 2022

Part II





Securities and Exchange Commission





-----------------------------------------------------------------------





17 CFR Parts 275, and 279





Outsourcing by Investment Advisers; Proposed Rule

Federal Register / Vol. 87 , No. 220 / Wednesday, November 16, 2022 / 
Proposed Rules

[[Page 68816]]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Parts 275, and 279

[Release Nos. IA-6176; File No. S7-25-22]
RIN 3235-AN18


Outsourcing by Investment Advisers

AGENCY: Securities and Exchange Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (``Commission'' or 
``SEC'') is proposing a new rule under the Investment Advisers Act of 
1940 (``Advisers Act'') to prohibit registered investment advisers 
(``advisers'') from outsourcing certain services or functions without 
first meeting minimum requirements. The proposed rule would require 
advisers to conduct due diligence prior to engaging a service provider 
to perform certain services or functions. It would further require 
advisers to periodically monitor the performance and reassess the 
retention of the service provider in accordance with due diligence 
requirements to reasonably determine that it is appropriate to continue 
to outsource those services or functions to that service provider. We 
also are proposing corresponding amendments to the investment adviser 
registration form to collect census-type information about the service 
providers defined in the proposed rule. In addition, we are proposing 
related amendments to the Advisers Act books and records rule, 
including a new provision requiring advisers that rely on a third party 
to make and/or keep books and records to conduct due diligence and 
monitoring of that third party and obtain certain reasonable assurances 
that the third party will meet certain standards.

DATES: Comments should be received on or before December 27, 2022.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/submitcomments.htm); or
     Send an email to [email protected]. Please include 
File Number S7-25-22 on the subject line.

Paper Comments

     Send paper comments to Secretary, Securities and Exchange 
Commission, 100 F Street NE, Washington, DC 20549-1090.

    All submissions should refer to File Number S7-25-22. The file 
number should be included on the subject line if email is used. To help 
the Commission process and review your comments more efficiently, 
please use only one method of submission. The Commission will post all 
comments on the Commission's website (https://www.sec.gov/rules/proposed.shtml). Comments are also available for website viewing and 
printing in the Commission's Public Reference Room, 100 F Street NE, 
Washington, DC 20549, on official business days between the hours of 10 
a.m. and 3 p.m. Operating conditions may limit access to the 
Commission's Public Reference Room. All comments received will be 
posted without change. Persons submitting comments are cautioned that 
the Commission does not edit personal identifying information from 
submissions. You should submit only information that you wish to make 
available publicly.
    Studies, memoranda, or other substantive items may be added by the 
Commission or staff to the comment file during this rulemaking. A 
notification of the inclusion in the comment file of any such materials 
will be made available on the Commission's website. To ensure direct 
electronic receipt of such notifications, sign up through the ``Stay 
Connected'' option at www.sec.gov to receive notifications by email.

FOR FURTHER INFORMATION CONTACT: Christopher Chase, Senior Counsel; 
Christian Corkery, Senior Counsel; Juliet Han, Senior Counsel; Mark 
Stewart, Senior Counsel; Jennifer Porter, Senior Special Counsel; Holly 
Miller, Senior Financial Analyst; Melissa Roverts Harke, Assistant 
Director, Investment Adviser Regulation Office, Division of Investment 
Management, at (202) 551-6787, Securities and Exchange Commission, 100 
F Street NE, Washington, DC 20549-8549.

SUPPLEMENTARY INFORMATION: The Commission is proposing for public 
comment 17 CFR 275.206(4)-11 (``proposed rule 206(4)-11'') under the 
Advisers Act [15 U.S.C. 80b-1 et seq.]; and amendments to 17 CFR 
275.204-2 (rule 204-2) and Form ADV [17 CFR 279.1] under the Advisers 
Act.\1\
---------------------------------------------------------------------------

    \1\ Unless otherwise noted, when we refer to the Advisers Act, 
we are referring to 15 U.S.C. 80b, and when we refer to rules under 
the Advisers Act, we are referring to title 17, part 275 of the Code 
of Federal Regulations [17 CFR 275]. In addition, unless otherwise 
noted, when we refer to the Investment Company Act, we are referring 
to 15 U.S.C. 80a.
---------------------------------------------------------------------------

Table of Contents

I. Introduction
    A. Background
    B. Overview of Rule Proposal
II. Discussion
    A. Scope
    1. Covered Function
    2. Service Provider
    3. Recordkeeping of Covered Functions
    B. Due Diligence
    1. Nature and Scope of Covered Function
    2. Risk Analysis, Mitigation, and Management
    3. Competence, Capacity, Resources
    4. Subcontracting Arrangements
    5. Compliance Coordination
    6. Orderly Termination
    7. Recordkeeping Provisions Related to Due Diligence
    C. Monitoring
    1. Recordkeeping Provisions Related to Monitoring
    D. Form ADV
    E. Third-Party Recordkeeping
    F. Existing Staff No-Action Letters and Staff Statements
    G. Transition and Compliance
III. Economic Analysis
    A. Introduction
    B. Baseline
    1. Affected Parties
    2. Adviser Use of Service Providers
    3. Applicable Law Impacting Use of Service Providers
    C. Broad Economic Considerations
    D. Benefits and Costs
    1. Due Diligence
    2. Monitoring
    3. Recordkeeping
    4. Form ADV
    E. Effects on Efficiency, Competition, and Capital Formation
    1. Efficiency
    2. Competition
    3. Capital Formation
    F. Reasonable Alternatives
    1. Alternatives to the Proposed Scope
    2. Alternatives to the Proposed Due Diligence and Monitoring 
Requirements
    3. Alternatives to the Proposed Amendments to the Books and 
Records Rule
    4. Alternatives to the Form ADV Requirements
    5. Alternatives to the Transition and Compliance Period
    G. Request for Comment
IV. Paperwork Reduction Act Analysis
    A. Introduction
    B. Rule 204-2
    C. Form ADV
    D. Request for Comment
V. Initial Regulatory Flexibility Act Analysis
    A. Reason For and Objectives of the Proposed Action
    1. Proposed Rule 206(4)-11
    2. Proposed Amendments to Rule 204-2
    3. Proposed Amendments to Form ADV
    B. Legal Basis
    C. Small Entities Subject to the Rules and Rule Amendments
    1. Small Entities Subject to Proposed Rule 206(4)-11 and 
Proposed Amendments to Rule 204-2 and Form ADV
    D. Projected Reporting, Recordkeeping and Other Compliance 
Requirements
    1. Proposed Rule 206(4)-11
    2. Proposed Amendments to Rule 204-2

[[Page 68817]]

    3. Proposed Amendments to Form ADV
    E. Duplicative, Overlapping, or Conflicting Federal Rules
    1. Proposed Rule 206(4)-11
    2. Proposed Amendments to Rule 204-2
    3. Proposed Amendments to Form ADV
    F. Significant Alternatives
    1. Proposed Rules 206(4)-11 and 204-2
    2. Proposed Amendments to Form ADV
    G. Solicitation of Comments
VI. Consideration of Impact on the Economy
VII. Statutory Authority

I. Introduction

A. Background

    The asset management industry has evolved greatly since Congress 
adopted the Investment Advisers Act of 1940 (``Advisers Act'' or 
``Act''). For instance, many advisers now seek to provide full service 
wealth management and financial planning (e.g., tax, retirement, 
estate, education, and insurance), and they use electronic systems to 
provide those services and keep their records.\2\ Clients and investors 
also are seeking to invest in types of securities and other assets that 
were not commonly traded or did not exist at that time, including, for 
example, derivatives and exchange-traded funds.\3\ At the same time, 
fee pressures for advisers have increased.\4\ As a result, advisers are 
under pressure to meet evolving and increasingly complex client demands 
in a cost-effective way.\5\ The demand for advisory services has grown 
as well.\6\ For example, regulatory assets under management (``RAUM'') 
have increased from $47 trillion to $128 trillion over the past 10 
years; while RAUM managed for non-high net worth advisory clients have 
increased from approximately $3.7 trillion to approximately $7 
trillion.\7\
---------------------------------------------------------------------------

    \2\ See Financial Advisers Now Help with College Plans, Family 
Counseling, Cremains, The Wall Street Journal (Aug. 23, 2019), 
available at https://www.wsj.com/articles/financial-advisers-now-help-with-college-plans-family-counseling-cremains-11566558002; 
Beyond Finances: Holistic Life Planning Trends Among Advisors, 
Investment News (2020), available at https://www.investmentnews.com/beyond-finances-holistic-life-planning-trends-among-advisors.
    \3\ See Young, Confident, Digitally Connected--Meet America's 
New Day Traders, Reuters (Feb. 2, 2021), available at https://www.reuters.com/article/us-retail-trading-investors-age/young-confident-digitally-connected-meet-americas-new-day-traders-idUSKBN2A21GW; College Students Are Buying Stocks--But Do They Know 
What They're Doing?, CNBC (Aug. 4, 2020), available at https://www.cnbc.com/2020/08/04/college-students-are-buying-stocks-but-do-they-know-what-theyre-doing.html.
    \4\ See, e.g., Adviser Industry Fee Pressures in Focus, 
Planadviser (Feb. 4, 2022), available at https://www.planadviser.com/exclusives/adviser-industry-fee-pressures-focus/ 
(stating that fee compression has impacted adviser revenue models in 
recent years due to increasing automation, stiffer competition and 
ongoing industry consolidation); CaseyQuirk Remarks and Discussion, 
U.S. Securities and Exchange Commission Asset Management Advisory 
Committee (Jan. 14, 2020), available at https://www.sec.gov/files/BenPhillips-CaseyQuirk-Deloitte.pdf (stating that buyers are 
becoming more fee-sensitive and showing an annualized reduction in 
global effective fees between 2015 and 2018).
    \5\ A recent survey indicated that advisers are reducing their 
own expenses in response to fee compression, with 52% of surveyed 
respondents planning to reduce expense ratios on some products. C-
Suite Asset Management Survey, Brown Brothers Harriman & Co. (2020), 
at 6 (``C-Suite Asset Management Survey''), available at https://www.bbh.com/content/dam/bbh/external/www/investor-services/insights/c-suite-asset-manager-survey/C-Suite%20Asset%20Manager%20Survey%20PDF_data.pdf (finding more than 
half of respondent asset managers are planning to reduce expense 
ratios or fees in the following year). See also Fees Were Already 
Under Pressure. Then the Pandemic Hit, Institutional Investor (Dec. 
8, 2020), available at https://www.institutionalinvestor.com/article/b1plj6z9wsv5nf/Fees-Were-Already-Under-Pressure-Then-the-Pandemic-Hit.
    \6\ See AWM: From `A Brave New World' to a New Normal, PwC 
(2020), at 6, available at https://www.pwc.lu/en/asset-management/awm-from-a-brave-new-world-to-a-new-normal.html (calculating 
worldwide assets under management in 2019 as $110.9 trillion, 
including a 9% compound annual growth rate since 2015).
    \7\ Registered investment advisers report $7.096 trillion in 
RAUM for non-high net worth advisory clients, based on analysis of 
data reported on Form ADV through the Investment Adviser 
Registration Depository (IARD) system as of April 30, 2022. The data 
consists of assets that are reported by both advisers and sub-
advisers, including mutual fund and ETF assets. Prior to the October 
2017 changes to Form ADV, clients and client RAUM were estimated 
based on the midpoint of ranges reported.
---------------------------------------------------------------------------

    Many advisers are adapting to the changes discussed above by 
engaging service providers to perform certain functions 
(``outsourcing'').\8\ In some cases, service providers may support the 
investment adviser's advisory services and processes. Supporting 
functions may include, for example, investment research and data 
analytics, trading and risk management, and compliance. In other cases, 
advisers hire service providers to perform or assist with functions 
that support middle- and back-office functions essential to asset 
management (e.g., collateral management, settlement services, pricing 
or valuation services, and performance measurement). Additionally, 
investment advisers have engaged service providers to perform 
activities that form a central part of their advisory services.\9\ 
Advisers increasingly have engaged index providers to develop bespoke 
indexes that an adviser may replicate or track in portfolios for its 
clients, advisers engage subadvisers to manage some or all of a 
client's portfolio, and advisers use third parties to provide 
technology platforms for offering robo-advisory services.
---------------------------------------------------------------------------

    \8\ See, e.g., The Race to Scalability 2020: Current Insights 
from a Decade of Advisor Research on Investment Management Trends, 
Flexshares (2020), available at https://go.flexshares.com/outsourcing; Christopher Newman, Asset Managers Continue to 
Outsource Middle Office Functions, EisnerAmper (Oct. 21, 2020), 
available at https://www.eisneramper.com/asset-managers-outsource-ai-blog-1020/.
    \9\ See Smart Outsourcing Can Be a Game-Changer for RIAs, 
ThinkAdvisor (Mar. 18, 2021), available at https://www.thinkadvisor.com/2021/03/18/smart-outsourcing-can-be-a-game-changer-for-rias/ (describing benefits to registered investment 
advisers of using service providers, including outsourcing 
management of individual portfolios and possibility of ``keep[ing] 
some core functions in-house and outsourc[ing] others'').
---------------------------------------------------------------------------

    Service providers may give the adviser or the adviser's clients 
access to certain specializations or areas of expertise, reduce risks 
of keeping a function in-house that the adviser is not equipped to 
perform, or otherwise offer efficiencies that are unavailable to or 
unachievable by an adviser alone. Use of service providers can provide 
staffing flexibility by reducing the burdens on advisers' existing 
personnel and may mitigate the need to hire new personnel (which 
generally entails hiring and onboarding costs in addition to salaries 
and benefits). This flexibility may be particularly useful for services 
that the adviser uses on a periodic or ad hoc basis but may not need or 
wish to dedicate permanent staffing. Advisers with few personnel in 
particular may find benefits by allowing service providers to handle 
tasks that would otherwise be time-consuming or costly given the lack 
of economies of scale. Engaging a service provider also may prove 
efficient because it allows an adviser to allocate specific duties to a 
single service provider, rather than relying on multiple internal 
personnel to complete a function. Clients also can benefit from 
outsourcing, including through better quality of service, lower fees 
(if the adviser passes along any cost savings), or some combination.
    There is a risk that clients could be significantly harmed, 
however, when an adviser outsources to a service provider a function 
that is necessary for the provision of advisory services without 
appropriate adviser oversight. The risk is in addition to any risks 
that would exist from the adviser providing these functions and should 
be managed. For example, a significant disruption or interruption to an 
adviser's outsourced services could affect an adviser's ability to 
provide its services to its clients. Outsourcing a service also 
presents a conflict of interest between an adviser providing a 
sufficient amount of oversight versus the costs of providing that 
oversight or the cost of the adviser providing the function itself. 
Poor oversight could lead to financial losses for the adviser's 
clients, including through market losses and as a result of

[[Page 68818]]

increased transaction costs or the loss of investment opportunities. 
Excessive oversight can result in costs to the adviser, and potentially 
its clients, that outweigh the intended benefits. Outsourcing also has 
the potential to defraud, mislead or deceive clients. For example, 
outsourcing necessary advisory functions could have a material negative 
impact on clients, such as: inaccurate pricing and performance 
information that advisory clients rely on to make decisions about 
hiring and retaining the adviser and that advisers rely on to calculate 
advisory fees; \10\ compliance gaps that enable fraudulent, deceptive 
or manipulative activity by employees and agents of such service 
providers to occur or continue unaddressed; \11\ or poor operational 
management or risk measurement that leads to client losses. A service 
provider's major technical difficulties could prevent the adviser from 
executing an investment strategy or accessing an account. Additionally, 
sensitive client information and data could be lost \12\ and used to 
the client's detriment, or client holdings or trade order information 
could be negligently maintained by a service provider and misused by 
the service provider's employees or other market participants in 
trading ahead or front-running activities. Clients also may be harmed 
when a service provider has significant operations in a single 
geographic region because weather events, power outages, geopolitical 
events and public health events in that location raises concerns that 
the service provider can continue to perform its functions during these 
events.
---------------------------------------------------------------------------

    \10\ See Armental, Maria, BNY Mellon to Pay $3 Million to 
Resolve Massachusetts Probe Over Glitch, The Wall Street Journal 
(Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay-3-million-to-resolve-massachusetts-probe-over-glitch-1458581998.
    \11\ See In the Matter of Aegis Capital, LLC, Investment 
Advisers Release No. 4054 (Mar. 30, 2015) (settled order) (failures 
of an outsourced Chief Compliance Officer and the adviser's Chief 
Operating Officer resulted in Form ADV filings that grossly 
overstated the registrant's AUM and total number of clients).
    \12\ See Tokar, Dylan et. al., Fund Administrator of Fortress, 
Pimco and Others Suffers Data Breach Through Vendor, The Wall Street 
Journal (Jul. 27, 2020), available at https://www.wsj.com/articles/fund-administrator-for-fortress-pimco-and-others-suffers-data-breach-through-vendor-11595857765.
---------------------------------------------------------------------------

    Risks related to a service provider's conflicts of interests also 
may cause harm to an adviser's clients. There may be conflict of 
interest risks when a service provider recommends or otherwise 
highlights investments to advisory clients that the service provider 
also owns or manages for others. In that circumstance, the service 
provider has an incentive to influence investing behavior in a way that 
benefits the service provider to the detriment of the adviser's 
clients. For example, an index provider that holds an investment it 
subsequently adds to its widely followed index has a conflict of 
interest because it would directly benefit from creating or increasing 
demand for that investment and clients could be harmed if the 
investment does not perform as well as other investments the index 
provider could have added instead.
    The risks of harm may be particularly pronounced where services 
that are necessary for the provision of advisory services are highly 
technical or proprietary to the service provider, or where the services 
require expertise or data the adviser lacks. For example, if an adviser 
engages a service provider that uses proprietary technology to measure 
portfolio risk or performance of client investments, the adviser likely 
would not be able to replicate such measurements for its clients. If 
such technology fails to provide accurate measurements, it would be 
difficult for the adviser to detect such issues and manage the 
portfolios or report performance for its clients without the adviser 
having a plan in place for managing and mitigating the risks of such a 
failure. The risks of harm are also heightened where the service 
provider has further outsourced one or more necessary functions to 
another service provider (possibly without the adviser's awareness or 
influence), or where the service provider delivers some services from 
locations outside of the United States, which introduces potential 
oversight and regulatory gaps or oversight challenges. In each of these 
cases, the disruption, interruption, or failures in the service 
provider's services could affect the ability of every adviser using 
that service provider to deliver advisory services to its clients or 
otherwise meet its obligations, including under the Advisers Act or 
other Federal securities laws.
    The use of service providers could create broader market-wide 
effects or systemic risks as well, particularly where the failure of a 
single service provider would cause operational failures at multiple 
advisers.\13\ For example, there could be concentration risks to the 
extent that one service provider supplies several services to an 
adviser or multiple service providers merge to become a single market 
leader. Multiple regulated entities could use a common service 
provider,\14\ particularly because service providers have become more 
specialized in recent years,\15\ and for certain functions there may be 
only a few entities offering relevant (often information technology-
dependent) services. If a large number of investment advisers and their 
clients use a common service provider, operational risks could be 
correspondingly concentrated, which could, in turn, lead to an 
increased risk of broader market effects during times of market 
instability. One example where the failure of a service provider had a 
broad impact occurred when a corrupted software update to accounting 
systems at a widely used fund accounting provider caused industry-wide 
concern over the accuracy of fund values for several days.\16\ An 
estimated 66 advisers and 1,200 funds were unable to obtain system-
generated net asset values (``NAVs'') for several days, suggesting that 
an error in a system used by many advisers could disrupt entire 
markets.\17\
---------------------------------------------------------------------------

    \13\ See, e.g., The International Organization of Securities 
Commissions (``IOSCO'') FR07/2021, Principles on Outsourcing: Final 
Report (Oct. 2021), (``IOSCO Report''), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD687.pdf. The IOSCO Report 
cites examples of risks that could lead to systemic risk if multiple 
entities use a common service provider including: (1) if the service 
provider suddenly and unexpectedly becomes unable to perform 
services that are material or critical to the business of a 
significant number of regulated entities, each entity will be 
similarly disabled, (2) a latent flaw in the design of a product or 
service that multiple regulated entities rely upon may affect all 
these users, (3) a vulnerability in application software that 
multiple regulated entities rely upon may permit an intruder to 
disable or corrupt the systems or data of some or all users, and (4) 
if multiple regulated entities depend upon the same provider of 
business continuity services (e.g., a common disaster recovery 
site), a disruption that affects a large number of those entities 
may reduce the capacity of the business continuity service.
    \14\ Financial Stability Board, Regulatory and Supervisory 
Issues Relating to Outsourcing Third Party Relationships: Discussion 
Paper (Nov. 9, 2020), at 2 (``FSB Discussion Paper''), available at 
https://www.fsb.org/wp-content/uploads/P091120.pdf.
    \15\ The IOSCO Report, supra footnote 13.
    \16\ See Armental, Maria, BNY Mellon to Pay $3 Million to 
Resolve Massachusetts Probe Over Glitch, The Wall Street Journal 
(Mar. 21, 2016), available at https://www.wsj.com/articles/bny-mellon-to-pay-3-million-to-resolve-massachusetts-probe-over-glitch-1458581998.
    \17\ See id. See also, e.g., BlackRock: The monolith and the 
markets, The Economist (Dec. 7, 2013), available at https://www.economist.com/briefing/2013/12/07/the-monolith-and-the-markets 
(stating that 7% of the world's $225 trillion of financial assets 
were supported by the same system and stating, ``If that much money 
is being managed by people who all think with the same tools, it may 
be managed by people all predisposed to the same mistakes.''); IOSCO 
FR06/22, Operational resilience of trading venues and market 
intermediaries during the COVID-19 pandemic & lessons for future 
disruptions: Final Report, at 23 (July 2022), available at https://www.iosco.org/library/pubdocs/pdf/IOSCOPD706.pdf (stating that 
disruption of outsourced services could lead to losses, such as 
clients unable to access accounts or have orders executed during 
market volatility).

---------------------------------------------------------------------------

[[Page 68819]]

    Our observations underscore the risks associated with advisers 
outsourcing functions to service providers. We have observed an 
increase in such outsourcing and issues related to the outsourcing and 
advisers' oversight. One recent example is an enforcement action for 
alleged violations of section 206 of the Advisers Act against 
investment advisers that used models and volatility guidelines from a 
third-party subadviser without first confirming that they worked as 
intended.\18\ In another recent action, an adviser allegedly failed to 
oversee a third-party vendor that did not properly safeguard customers' 
personal identifying information.\19\ Additionally, we are troubled 
that the Commission staff have observed some advisers unable to provide 
timely responses to examination and enforcement requests because of 
outsourcing. In response to our staff's requests for documents, some 
advisers have not provided the information necessary to demonstrate 
compliance with the Advisers Act and its rules because of outsourcing. 
For example, some advisers that use client relationship management 
providers have asserted that they have complied with rule 204-3 because 
brochure delivery is programmed into the providers' software, though 
they cannot produce records to evidence that delivery took place.\20\
---------------------------------------------------------------------------

    \18\ See In the Matter of Aegon USA Investment Management, LLC, 
et al, Investment Advisers Act Release No. 4996 (Aug. 27, 2018) 
(settled order).
    \19\ See Morgan Stanley Smith Barney LLC, Investment Advisers 
Act Release No. 6138 (Sept. 20, 2022) (settled order).
    \20\ See 17 CFR 275.204-3
---------------------------------------------------------------------------

    These observations illustrate that despite the existing legal 
framework regarding the duties and obligations of investment advisers, 
more needs to be done to protect clients and enhance oversight of 
advisers' outsourced functions. An adviser has a fiduciary duty to its 
clients. The Advisers Act establishes a federal fiduciary duty for 
investment advisers that comprises a duty of loyalty and a duty of care 
and is made enforceable by the antifraud provisions of the Advisers 
Act.\21\ This combination of obligations has been characterized as 
requiring the investment adviser to act in the best interests of its 
client at all times.\22\
---------------------------------------------------------------------------

    \21\ See Transamerica Mortgage Advisors, Inc. v. Lewis, 444 U.S. 
11, 17 (1979) (``Sec.  206 establishes federal fiduciary standards 
to govern the conduct of investment advisers.'') (quotation marks 
omitted); SEC v. Capital Gains Research Bureau, Inc., 375 U.S. 180, 
191 (1963); Commission Interpretation Regarding Standard of Conduct 
for Investment Advisers, Investment Advisers Act Release No. 5248 
(June 5, 2019), at 6-8 [84 FR 33669 (July 12, 2019)] (``Standard of 
Conduct Release'').
    \22\ See SEC v. Tambone, 550 F.3d 106, 146 (1st Cir. 2008) 
(``Section 206 imposes a fiduciary duty on investment advisers to 
act at all times in the best interest of the fund . . .''); SEC v. 
Moran, 944 F. Supp. 286, 297 (S.D.N.Y 1996) (``Investment advisers 
are entrusted with the responsibility and duty to act in the best 
interest of their clients.''). See also Standard of Conduct Release, 
supra footnote 21, at 6-8 (discussing various interpretations of an 
adviser's fiduciary duty spanning several decades).
---------------------------------------------------------------------------

    When an investment adviser holds itself out to clients and 
potential clients as providing advisory services, the adviser implies 
that it remains responsible for the performance of those services and 
will act in the best interest of the client in doing so.\23\ 
Outsourcing a particular function or service does not change an 
adviser's obligations under the Advisers Act and the other Federal 
securities laws. In addition, the adviser is typically responsible for 
the advisory services through an agreement with the client that 
represents or implies the adviser is performing all the functions 
necessary to provide the advisory services. An adviser remains liable 
for its obligations, including under the Advisers Act, the other 
Federal securities laws and any contract entered into with the client, 
even if the adviser outsources functions. In addition, an adviser 
cannot waive its fiduciary duty. Accordingly, an adviser should be 
overseeing outsourced functions to ensure the adviser's legal 
obligations are continuing to be met despite the adviser not performing 
those functions itself.
---------------------------------------------------------------------------

    \23\ See Standard of Conduct Release, supra footnote 21 
(discussing various interpretations of an adviser's fiduciary duty 
spanning several decades). See also section 205(a)(2) of the 
Advisers Act makes it unlawful for an SEC-registered adviser to 
enter into or perform any investment advisory contract unless the 
contract provides that no assignment of the contract shall be made 
by the adviser without client consent.
---------------------------------------------------------------------------

    As a fiduciary, an investment adviser cannot just ``set it and 
forget it'' when outsourcing. In this regard, we are concerned that 
outsourcing these necessary functions (defined as ``Covered Functions'' 
in proposed rule 206(4)-11) in particular, without further oversight by 
the investment adviser, can undermine the adviser's provision of 
services and compliance with the Federal securities laws, and can 
directly harm clients. We also believe it is a deceptive sales practice 
and contrary to the public interest and investor protection for an 
investment adviser to hold itself out as an investment adviser, but 
then outsource its functions that are necessary to its provision of 
advisory services to its clients without taking appropriate steps to 
ensure that the clients will be provided with the same protections that 
the adviser must provide under its fiduciary duty and other obligations 
under the Federal securities laws. We believe a reasonable investor 
hiring an adviser to provide investment advisory services would expect 
the adviser to provide those services and, if significant aspects of 
those services are outsourced to a provider, to oversee those 
outsourced functions effectively. To do otherwise would be misleading, 
deceptive, and contrary to the public interest. Moreover, disclosure 
cannot address this deception. We do not believe any reasonable 
investor would agree to engage an investment adviser that will not 
perform functions necessary to provide the advisory services for which 
it is hired, and instead will outsource those functions to a service 
provider without effective oversight over the service provider. An 
adviser's use of service providers should include sufficient oversight 
by an adviser so as to fulfill the adviser's fiduciary duty, comply 
with the Federal securities laws, and protect clients from potential 
harm.
    Accordingly, in light of the increase in the use of service 
providers, the services provided, and the risks of client harm 
described above, we believe that a consistent oversight framework 
across investment advisers is needed for outsourcing functions or 
services that are necessary for the investment adviser to provide its 
advisory services in compliance with the Federal securities laws. 
Proposed new rule 206(4)-11 under the Advisers Act is designed to 
address these issues by requiring investment advisers to comply with 
specific elements as part of a due diligence and monitoring process to 
oversee the provision of covered functions.
    Given the increasing use of service providers by investment 
advisers, we are also concerned that the Commission has limited 
visibility into advisers' outsourcing and thus the potential extent to 
which advisory clients face outsourcing-related risks. The Commission 
currently collects only limited information about an adviser's use of 
certain service providers through forms filed with the Commission, such 
as third-party keepers of advisers' books and records and certain 
service providers for private funds reported on Form ADV, or during 
examinations conducted by Commission staff.\24\ If the Commission had 
additional information about which service providers all registered 
advisers are using that are necessary to perform their advisory 
services, for example, it could quickly

[[Page 68820]]

analyze the potential breadth of the impact from a market event. In the 
event of a critical failure at an asset management service provider, 
the Commission would be able to identify quickly all advisers reporting 
that firm on Form ADV as a service provider of one or more covered 
functions, which can help inform the Commission's course of action.
---------------------------------------------------------------------------

    \24\ See Form ADV Part 1A, Schedule D, Sections 1.L. and 7.B.1.
---------------------------------------------------------------------------

    Finally, we are concerned that when an investment adviser 
outsources its books and records obligations to a third party, the 
adviser may not be properly ensuring that it can comply with the 
Commission's recordkeeping requirements. Currently, rule 204-2 requires 
advisers to make and keep specified records, including standards for 
keeping those records electronically, but does not expressly impose 
specific requirements when an adviser outsources recordkeeping 
functions to a third party.\25\ We believe that specific conditions 
should apply to all advisers using third parties to make and keep 
records required by rule 204-2.
---------------------------------------------------------------------------

    \25\ Commission staff addressed third party recordkeeping in two 
staff letters. See OMGEO, LLC, SEC Staff No-Action Letter (Aug. 14, 
2009), at n.3 (``OMGEO NAL''), available at https://www.sec.gov/divisions/investment/noaction/2009/omgeo081409.htm (citing First 
Call and National Regulatory Services, SEC Staff No-Action Letter 
(Dec. 2, 1992)); First Call Corporation, SEC Staff No-Action Letter 
(Sept. 6, 1995) (``First Call NAL''), available at https://www.sec.gov/divisions/investment/noaction/1995/firstcall090695.pdf. 
The staff no-action letters represent the views of the staff of the 
Division of Investment Management. They are not a rule, regulation, 
or statement of the Commission. The Commission has neither approved 
nor disapproved their content. The staff no-action letters, like all 
staff statements, have no legal force or effect: they do not alter 
or amend applicable law, and they create no new or additional 
obligations for any person. See also infra section II.F.
---------------------------------------------------------------------------

B. Overview of Rule Proposal

    The proposed rule would establish a set of minimum and consistent 
due diligence and monitoring obligations for an investment adviser 
outsourcing certain functions to a service provider. Proposed rule 
206(4)-11 under the Advisers Act would apply to advisers that are 
registered or required to be registered with us and that outsource a 
covered function.\26\ The definition of a covered function has two 
parts: (1) a function or service that is necessary for the adviser to 
provide its investment advisory services in compliance with the Federal 
securities laws, and (2) that, if not performed or performed 
negligently, would be reasonably likely to cause a material negative 
impact on the adviser's clients or on the adviser's ability to provide 
investment advisory services.\27\ Clerical, ministerial, utility, or 
general office functions or services are excluded from the 
definition.\28\ Before engaging a service provider to perform a covered 
function, the adviser would have to reasonably identify and determine 
through due diligence that it would be appropriate to outsource the 
covered function, and that it would be appropriate to select that 
service provider, by complying with six specific elements. These 
elements address:
---------------------------------------------------------------------------

    \26\ Proposed rule 206(4)-11(a). The rule number assigned to the 
proposed rule 206(4)-11 is based on the numbering for other rule 
amendments the Commission previously proposed. See, e.g., 
Cybersecurity Risk Management for Investment Advisers, Registered 
Investment Companies, and Business Development Companies, available 
at https://www.sec.gov/rules/proposed/2022/33-11028.pdf (proposing 
rule 206(4)-9 related to cybersecurity policies and procedures of 
investment advisers); Private Fund Advisers: Documentation of 
Registered Investment Adviser Compliance Reviews, available at 
https://www.sec.gov/rules/proposed/2022/ia-5955.pdf (proposing rule 
206(4)-10 related to private fund adviser audits). This number could 
change based on future Commission actions.
    \27\ Proposed rule 206(4)-11(b).
    \28\ Proposed rule 206(4)-11(b).
---------------------------------------------------------------------------

     The nature and scope of the services;
     Potential risks resulting from the service provider 
performing the covered function, including how to mitigate and manage 
such risks;
     The service provider's competence, capacity, and resources 
necessary to perform the covered function;
     The service provider's subcontracting arrangements related 
to the covered function;
     Coordination with the service provider for Federal 
securities law compliance; and
     The orderly termination of the provision of the covered 
function by the service provider.\29\
---------------------------------------------------------------------------

    \29\ Proposed rule 206(4)-11(a)(1).
---------------------------------------------------------------------------

    The proposed rule also would require the adviser periodically to 
monitor the service provider's performance and reassess the selection 
of such a service provider under the due diligence requirements of the 
rule.\30\ Each of these elements is included in the rule to address 
specific areas of risks and concerns that we have observed, as 
described above. Although the proposed rule does not require additional 
explicit written policies and procedures related to service provider 
oversight, if the proposed rule were adopted, advisers would be 
required under existing rule 206(4)-7 to have policies and procedures 
reasonably designed to prevent violations of the Advisers Act and rules 
under the Act, and this requirement would apply to the proposed rule.
---------------------------------------------------------------------------

    \30\ Proposed rule 206(4)-11(a)(2).
---------------------------------------------------------------------------

    In addition, we are proposing to require advisers to make and keep 
certain books and records attendant to their obligations under the 
proposed oversight framework, such as lists or records of covered 
functions and records documenting their due diligence and monitoring of 
each service provider.\31\ The requirement to make and keep such books 
and records would help advisers monitor, and determine whether to 
modify, their approach to outsourcing a particular function. These 
records would also assist the Commission and its staff in evaluating 
adviser representations about their services and the extent to which an 
adviser complies with the rule.
---------------------------------------------------------------------------

    \31\ See proposed rule 204-2(a)(24).
---------------------------------------------------------------------------

    We are also proposing to add a new provision in the recordkeeping 
rule requiring every investment adviser that relies on a third party to 
make and/or keep books and records required by the recordkeeping rule 
to conduct due diligence and monitoring of that third party consistent 
with the requirements under proposed rule 206(4)-11 and obtain 
reasonable assurances that the third party will meet four standards. 
These standards address the third party's ability to: (i) adopt and 
implement internal processes and/or systems for making and/or keeping 
records that meet the requirements of the recordkeeping rule applicable 
to the adviser in providing services to the adviser; (ii) make and/or 
keep records that meet all of the requirements of the recordkeeping 
rule applicable to the adviser; (iii) provide access to electronic 
records; and (iv) ensure the continued availability of records if the 
third party's operations or relationship with the adviser cease. The 
requirements are intended to protect required records from loss, 
alteration, or destruction and to help ensure that such records are 
accessible to the investment adviser and the Commission staff while 
allowing investment advisers to continue to contract with a wide 
variety of service providers to assist with recordkeeping functions.
    Finally, we are proposing amendments to Form ADV that are designed 
to improve visibility for the Commission and advisory clients relating 
to service providers that perform covered functions. New item 7.C. in 
Part 1A and Section 7.C. in Schedule D would require advisers to 
provide census-type information about these providers.\32\ These 
disclosures would provide more information about outsourced functions, 
enabling clients

[[Page 68821]]

to make better informed decisions about the retention of an adviser and 
enabling the Commission and its staff to identify and address risks 
related to outsourcing by advisers and oversee advisers' use of service 
providers better.
---------------------------------------------------------------------------

    \32\ Because Form ADV Part 1A is submitted in a structured, XML-
based data language specific to that Form, the information in 
proposed new Item 7.C would be structured (i.e., machine-readable) 
as well.
---------------------------------------------------------------------------

II. Discussion

A. Scope

    Under proposed rule 206(4)-11, as a means reasonably designed to 
prevent fraudulent, deceptive, or manipulative acts, practices, or 
courses of business within the meaning of section 206(4) of the Act, it 
would be unlawful for an investment adviser registered or required to 
be registered with the Commission to retain a service provider to 
perform a covered function unless the investment adviser conducts 
certain due diligence and monitoring of the service provider.\33\ A 
covered function is defined in the proposed rule as a function or 
service that is necessary for the adviser to provide its investment 
advisory services in compliance with the Federal securities laws, and 
that, if not performed or performed negligently, would be reasonably 
likely to cause a material negative impact on the adviser's clients or 
on the adviser's ability to provide investment advisory services.\34\ 
The proposed rule defines a service provider as a person or entity that 
performs one or more covered functions and is not an adviser's 
supervised person as defined in the Advisers Act.\35\ A covered 
function would not include clerical, ministerial, utility, or general 
office functions or services.\36\
---------------------------------------------------------------------------

    \33\ See proposed rule 206(4)-11(a).
    \34\ Proposed rule 206(4)-11(b).
    \35\ Proposed rule 206(4)-11(b).
    \36\ Proposed rule 206(4)-11(b).
---------------------------------------------------------------------------

1. Covered Function
    We are proposing to define ``covered function'' more narrowly than 
all of the functions an investment adviser might outsource to a service 
provider. Advisers outsource many services beyond their core advisory 
functions, and the failure of many of those functions could have little 
to no effect on an adviser's clients. Accordingly, we are targeting 
those outsourced functions that meet two elements: (1) those necessary 
for the adviser to provide its investment advisory services in 
compliance with the Federal securities laws; and (2) those that, if not 
performed or performed negligently, would be reasonably likely to cause 
a material negative impact on the adviser's clients or on the adviser's 
ability to provide investment advisory services.\37\
---------------------------------------------------------------------------

    \37\ See proposed rule 206(4)-11.
---------------------------------------------------------------------------

    The proposed rule applies if an adviser retains a service provider 
to perform a covered function, whether by a written agreement or by 
some other means. The Commission is not specifying how an adviser might 
retain a service provider to perform a covered function, but an adviser 
should consider using a written agreement as a best practice. The 
determination of whether an adviser has retained a service provider to 
perform such a covered function would depend on the facts and 
circumstances. For example, an adviser that enters into a written 
agreement with a valuation provider to value all of its clients' fixed 
income securities or with a subadviser to manage fixed income 
portfolios for several of its clients would be considered to retain a 
service provider under the proposed rule to perform a function that is 
necessary for the adviser to provide its advisory services. In 
contrast, custodians that are independently selected and retained 
through a written agreement directly with the client would not be 
covered by the proposed rule because the adviser is not retaining the 
service provider to perform a function that is necessary for the 
adviser to provide its advisory services.
    The determination of what is a covered function also would depend 
on the facts and circumstances, as the proposed rule is meant to 
encompass functions or services that are necessary for a particular 
adviser to provide its investment advisory services. In addition, 
certain functions may be covered functions for one adviser but not for 
another adviser, and so certain persons or entities that perform 
functions on behalf of advisers may be a service provider in the scope 
of the rule with respect to one adviser but not for another adviser. We 
are providing examples of potential covered function categories an 
adviser may wish to consider in the amendments we are proposing to Form 
ADV, Section 7.C of Schedule D, which would include: Adviser/
Subadviser; Client Services; Cybersecurity; Investment Guideline/
Restriction Compliance; Investment Risk; Portfolio Management 
(excluding Adviser/Subadviser); Portfolio Accounting; Pricing; 
Reconciliation; Regulatory Compliance; Trading Desk; Trade 
Communication and Allocation; and Valuation.
    Advisers outsource functions that are essential to asset management 
or directly support the adviser's advisory services and processes. 
Depending on the specific facts and circumstances, when problems arise 
with these types of functions, clients could experience a material 
negative impact, such as interruptions in advisory services or the 
adviser's inability or failure to comply with its legal 
responsibilities. We believe an adviser should take specific oversight 
steps required by the proposed rule to reduce the likelihood that these 
types of problems will occur and to reduce their impact when they do 
occur. In addition when an investment adviser holds itself out to 
clients and potential clients as providing advisory services, the 
adviser implies that it remains responsible for the performance of 
those services and will act in the best interest of the client in doing 
so. We believe it is contrary to the public interest and investor 
protection if the adviser then outsources covered functions without 
effectively overseeing those outsourced functions. Accordingly, an 
adviser should be overseeing outsourced functions to ensure the 
adviser's legal obligations are continuing to be met despite the 
adviser not performing those functions itself.
    Generally, we would consider functions or services that are related 
to an adviser's investment decision-making process and portfolio 
management to meet the first element of the definition. For example, 
some functions and services covered under the first element would be 
those related to providing investment guidelines (including maintaining 
restricted trading lists), creating and providing models related to 
investment advice, creating and providing custom indexes, providing 
investment risk software or services, providing portfolio management or 
trading services or software, providing portfolio accounting services, 
and providing investment advisory services to an adviser or the 
adviser's clients (subadvisory services).\38\ Covered functions can

[[Page 68822]]

include technology integral to an adviser's investment decision-making 
process and portfolio management or other functions necessary for the 
adviser to provide its investment advisory services. For example, if an 
adviser's investment decision-making process relies on artificial 
intelligence or software as a service, those services may form part of 
the covered function even though they are provided through technology. 
As discussed above, certain of these functions may be covered functions 
for one adviser but not for another adviser, depending on the facts and 
circumstances. For example, an adviser may choose to engage an index 
provider for the purposes of developing an investment strategy for its 
clients, which would be a covered function under the proposed rule, 
while another may license a widely available index from an index 
provider to use as a performance hurdle, in which case the proposed 
rule would not apply. We believe that the services of an index 
provider, if retained by an adviser for purposes of formulating the 
adviser's investment advice, would meet the first element of the 
definition of a covered function because such services would be 
necessary for the adviser to provide investment advice to its client. 
Implementing an investment decision also may meet this element, 
including identifying which portfolios to include or exclude, 
determining how to allocate a position among portfolios, and submitting 
the final orders to the broker. In order to provide investment advisory 
services in compliance with the Federal securities laws, an adviser 
might also seek to outsource its compliance functions, including 
outsourced chief compliance officers and other outsourced compliance 
functions such as making regulatory filings on behalf of the adviser, 
and valuation and pricing services.\39\ Ensuring the adviser complies 
with the regulatory requirements applicable to its advisory services is 
a necessary part of providing those services and would be covered under 
the rule. We would not consider functions performed by marketers and 
solicitors to be covered functions, however, because such services are 
not used by an adviser to provide investment advice to its clients.\40\
---------------------------------------------------------------------------

    \38\ These providers' activities, in whole or in part, may cause 
them to meet the definition of ``investment adviser'' under the 
Advisers Act. In a separate action, the Commission issued a request 
for public comment related to the status and registration of certain 
information providers, including index providers, model portfolio 
providers, and pricing services, under the Advisers Act. See Request 
for Comment on Certain Information Providers Acting as Investment 
Advisers, Investment Advisers Release No. 6050 (Jun. 15, 2022) [87 
FR 37254 (Jun. 22, 2022)] (``Information Providers Request for 
Comment''), available at https://www.sec.gov/rules/other/2022/ia-6050.pdf. The comment letters on the Information Providers Request 
for Comment (File No. S7-18-22) are available at https://www.sec.gov/comments/s7-18-22/s71822.htm and we are continuing to 
consider all of the comments received. Several commenters noted that 
many advisers and fund boards oversee information providers and that 
advisers are fiduciaries bearing the ultimate responsibility for 
information providers' services. See, e.g., Comment Letter of ETF 
BILD (Aug. 16, 2022); Comment Letter of Investment Advises 
Association (Aug. 16, 2022); Comment Letter of Index Industry 
Association (Aug. 16, 2022); Comment Letter of Invesco Ltd. (Aug. 
16, 2022); Comment Letter of Investment Company Institute (Aug. 16, 
2022) (``Comment Letter of ICI''); Comment Letter of Independent 
Directors Council (Aug. 16, 2022); Comment Letter of NASDAQ (Aug. 
16, 2022) (``Comment Letter of NASDAQ''); Comment Letter of S&P Dow 
Jones Indices (Aug. 16, 2022); Comment Letter of S&P Global Market 
Intelligence (Aug. 15, 2022); Comment Letter of the Securities 
Industry and Financial Markets Association (Aug. 16, 2022) 
(``Comment Letter of SIFMA''). Some commenters also suggested as an 
alternative to regulating these information providers as investment 
advisers, that the Commission consider regulating adviser oversight 
of information providers. See, e.g., Comment Letter of Healthy 
Markets Association and CFA Institute (Aug. 16, 2022); Comment 
Letter of ICI; Comment Letter NASDAQ; Comment Letter of SIFMA.
    \39\ For example, an adviser may use valuation service providers 
to assist in fair value determinations. Such services would be 
included under the proposed rule as covered functions, as opposed 
to, for example, common market data providers providing publicly 
available information.
    \40\ Marketers and solicitors must determine whether they are 
subject to statutory or regulatory requirements under Federal law, 
including the requirement to register as a broker-dealer pursuant to 
section 15(b) of the Securities Exchange Act of 1934. See 15 U.S.C. 
78o(b).
---------------------------------------------------------------------------

    The second element of the proposed definition of ``covered 
function'' limits the definition to those functions or services that, 
if not performed or performed negligently, would be reasonably likely 
to cause a material negative impact on the adviser's clients or on the 
adviser's ability to provide investment advisory services.\41\ 
Determining what is a material negative impact would depend on the 
facts and circumstances, but it could include a material financial loss 
to a client or a material disruption in the adviser's operations 
resulting in the inability to effect investment decisions or to do so 
accurately. An adviser should consider a variety of factors when 
determining what would be reasonably likely to have a material negative 
impact, such as the day-to-day operational reliance on the service 
provider, the existence of a robust internal backup process at the 
adviser, and whether the service provider is making or maintaining 
critical records, among other things. For example, if an adviser used a 
service provider for portfolio management functions that experienced a 
cyber-incident that caused an inability for the adviser to monitor 
risks in client portfolios properly, it would be reasonably likely to 
cause a material negative impact on the adviser's clients and its 
ability to provide investment advisory services.\42\
---------------------------------------------------------------------------

    \41\ See proposed rule 206(4)-11(b).
    \42\ See infra section II.B.4.
---------------------------------------------------------------------------

    A covered function would not include clerical, ministerial, 
utility, or general office functions or services.\43\ These types of 
functions or services are not functions that an adviser would perform 
on its own or they are not likely to qualify as a covered function 
under the proposed rule because they are not necessary for an adviser 
to provide investment advisory services in compliance with the Federal 
securities laws or they are not likely to cause a material harm to 
clients if not performed properly. For example, covered functions would 
not include the adviser's lease of commercial office space or 
equipment, use of public utility companies, utility or facility 
maintenance services, or licensing of general software providers of 
widely commercially available operating systems, word processing 
systems, spreadsheets, or other similar off-the-shelf software.
---------------------------------------------------------------------------

    \43\ Proposed rule 206(4)-11(b).
---------------------------------------------------------------------------

    To illustrate how to apply the definition of a covered function, if 
an adviser engaged an index provider to create or lease an index for 
the adviser to follow as a strategy for its advisory clients, it would 
likely fall under both elements of the definition. First, using a 
bespoke index created specifically for the adviser to follow would 
serve as a material service that is necessary for the adviser to 
provide investment advisory services to the extent the index is used by 
the adviser to provide investment advice and make investments on behalf 
of the advisory client. Second, if the function is not performed or 
performed negligently, it would have a material negative impact on the 
adviser's ability to provide investment advisory services because if, 
for instance, the service provider failed to provide the index, the 
adviser would not be able to make investments for the client as needed. 
Similarly, if an adviser licenses a commonly available index and its 
stated investment strategy involves management against that index, 
failure to receive the index or an inaccurate delivery of the index 
could have a material negative impact on the adviser's ability to 
manage that portfolio. In contrast, if an adviser purchases a license 
to utilize a commonly available index solely as a comparison benchmark 
for performance and not to inform the adviser's investment decisions as 
part of its advisory services, that index provider would most likely 
not be providing a covered function because, in that context, the 
adviser is not using the index to provide investment advice.
2. Service Provider
    An investment adviser would be required to comply with the proposed 
rule if the adviser retains a service provider. The term ``service 
provider'' is defined as a person or entity that: (1) performs one or 
more covered functions; and (2) is not a supervised person of the

[[Page 68823]]

adviser.\44\ The proposed rule excludes supervised persons of an 
adviser from the definition of a service provider since such persons 
are already being directly overseen by the adviser.\45\ The proposed 
rule does not, however, make a distinction between third-party 
providers and affiliated service providers because the risks that the 
proposed rule are designed to address exist whether the service 
provider is affiliated or unaffiliated, and the service provider is not 
necessarily already being overseen by the adviser. For example, the 
ability to have direct control or full transparency may be limited when 
an adviser outsources, even to an affiliated service provider, which 
may increase the risk for failed regulatory compliance. As such, even 
though the affiliate may be in a control relationship with the adviser, 
it remains important for the adviser to determine if it is appropriate 
to retain the affiliate's services and to oversee the affiliate's 
performance of a covered function.
---------------------------------------------------------------------------

    \44\ See proposed rule 206(4)-11(b).
    \45\ See proposed rule 206(4)-11(b). A supervised person is 
defined in section 2(a)(25) of the Advisers Act as any partner, 
officer, director, (or other person occupying a similar status or 
performing similar functions), or employee of an adviser, or other 
person who provides investment advice on behalf of the adviser and 
is subject to the supervision and control of the adviser.
---------------------------------------------------------------------------

    The proposed rule would not include an exception for service 
providers that are subject to other provisions of the Advisers Act, 
including SEC-registered advisers, or other Federal securities laws. An 
adviser remains liable for its legal and contractual obligations and 
should be overseeing outsourced functions to ensure the adviser meets 
its legal and contractual obligations, regardless of whether the 
service provider has its own legal obligations under the Federal 
securities laws. For example, if an adviser engages a broker-dealer to 
provide an electronic trading platform to submit orders from the 
adviser and allocate trades among the adviser's client accounts after 
the trades have been executed, then the adviser's engagement of the 
broker-dealer for those services would not be excepted from the 
proposed rule. We believe providing orders to a broker-dealer and 
allocating securities to client accounts after the trade are part of an 
investment adviser's services and responsibilities that cannot be 
outsourced without further oversight because, particularly in a 
discretionary account, instructing a broker-dealer about the trades the 
adviser is recommending and then allocating trades among client 
accounts is a critical component of an adviser's provision of 
investment advisory services. Additionally, we believe it would be 
reasonable for a client to expect initial and continued adviser 
oversight of that function, and the broker-dealer's failure to perform 
or negligent performance of its covered function could be reasonably 
likely to cause a material harm to the adviser's clients and its 
ability to provide its advisory services. For example, without proper 
oversight of this function, failing to perform the function could 
result in an adviser being unable to submit orders or allocate trades. 
A service provider performing asset allocations on behalf of the 
adviser also might allocate shares in a manner that favors certain 
clients over others or might fail to consider whether allocating 
additional shares would violate a client' investment guidelines.
    If an adviser engages an SEC-registered adviser as a subadviser to 
manage and evaluate investments within a portfolio, then the adviser 
would not be excepted from the proposed rule. Even if the subadviser 
would be subject to its own compliance with the Federal securities 
laws, the adviser remains responsible for its advisory services and 
should perform its own due diligence and monitoring of the subadviser 
to ensure its obligations continue to be met. Moreover, the adviser's 
compliance with the proposed rule would not alleviate the subadviser's 
own compliance with the Federal securities laws, including the proposed 
rule. In the event that an SEC-registered subadviser were to hire a 
service provider itself, for example to help manage and evaluate the 
investments within a managed portfolio, the subadviser would be 
required to comply with the proposed rule with respect to that service 
provider. The subadviser would have the same obligations and duties to 
its client as any other SEC-registered adviser, whether the 
subadviser's client is another adviser or a client of another adviser, 
and the subadviser should engage in the same oversight requirements as 
any other adviser. All advisers registered or required to be registered 
are subject to the proposed rule if they engage a service provider to 
perform a covered function, regardless of the identities of their 
clients or their relationships to other advisers.
3. Recordkeeping of Covered Functions
    An adviser would first need to determine which functions are 
covered functions in order to comply with the requirements of the 
proposed rule. Accordingly, we are proposing to revise the Advisers Act 
books and records rule to require an adviser to make and keep a list or 
other record of covered functions that the adviser has outsourced to a 
service provider and the name of each service provider, along with a 
record of the factors, corresponding to each listed function, that led 
the adviser to list it as a covered function.\46\
---------------------------------------------------------------------------

    \46\ See proposed rule 204-2(a)(24)(i). The rule number assigned 
to subparagraph (24) of the proposed amendments to rule 204-2(a) is 
based on the numbering for other rule amendments the Commission 
previously proposed. See e.g., Private Fund Advisers: Documentation 
of Registered Investment Adviser Compliance Reviews, available at 
https://www.sec.gov/rules/proposed/2022/ia-5955.pdf (proposing rule 
204-2(a)(20) to (23)). The proposed rule's subsection number could 
change based on future Commission actions.
---------------------------------------------------------------------------

    The recordkeeping requirement might be satisfied by a written 
agreement between the adviser and service provider, explicitly stating 
that the function or service provided is a covered function under the 
proposed rule and the name of each service provider. The written 
agreement could include the factors that led the function to be deemed 
a covered function, or that information could be memorialized in a 
separate record. Alternatively, there might be a written memorandum or 
other document prepared by the adviser that lists the names of the 
service providers; that explains how a particular function or service 
is one that is deemed to be necessary to provide investment advisory 
services in compliance with the Federal securities laws and that would 
be reasonably likely to cause a material negative impact on the 
adviser's clients or on the adviser's ability to provide investment 
advisory services if not performed or performed negligently; and that 
provides the factors that led the function to be deemed a covered 
function. The adviser's written compliance policies also could identify 
the covered functions and the factors considered for each, such as the 
type of function or service provided or whether the adviser could 
provide investment advisory services without the covered function.
    The method by which the adviser meets this proposed requirement 
(e.g., written agreement, memorandum to file, etc.) and the factors 
relevant to the adviser's determination would likely vary depending on 
each function or service for which an adviser engages a service 
provider. Accordingly, we are not specifying any particular method for 
making the list or record of factors to consider.\47\
---------------------------------------------------------------------------

    \47\ See proposed rule 204-2(e)(1).
---------------------------------------------------------------------------

    Due to the unique nature of an adviser's relationship with a 
service provider, we are also proposing to revise the Advisers Act 
books and records rule

[[Page 68824]]

to require that the records be maintained in an easily accessible place 
throughout the time period that the adviser has outsourced a covered 
function to a service provider, and for a period of five years 
thereafter.\48\ This amendment would help facilitate the Commission's 
inspection and enforcement capabilities.
---------------------------------------------------------------------------

    \48\ See rule 204-2.
---------------------------------------------------------------------------

    We request comment on the proposed scope of the rule:
    1. Is the proposed scope of the rule appropriate? Why or why not? 
In what ways, if any, could the proposed scope of the rule or the 
proposed definition of covered function better match our policy goals? 
Does it need to be made clearer?
    2. Instead of oversight requirements when an adviser outsources a 
covered function, should we only require Form ADV disclosure to clients 
and potential clients of any outsourcing of certain functions? Would it 
be sufficient for an adviser to disclose that it would outsource these 
services and not oversee them and would any reasonable investor agree 
to this approach? Or would a more limited approach to the oversight of 
service providers be appropriate instead of the proposed requirements? 
If so, what should that limited approach be?
    3. In addition to the proposed oversight requirements when an 
adviser outsources a covered function, should the rule include an 
express provision that prohibits an adviser from disclaiming liability 
when it is not performing a covered function itself?
    4. Is the proposed definition of ``covered function'' clear? Why or 
why not? In what ways, if any, could the proposed definition be made 
clearer?
    5. The proposed rule is designed to apply in the context of 
outsourcing core advisory functions. The proposed rule does so by 
qualitatively describing what we believe is a core advisory function--
namely, a function or service that is necessary for the investment 
adviser to provide its investment advisory services in compliance with 
the Federal securities laws. Does the proposed definition of covered 
function capture this intended core advisory function scope? Should the 
rule explicitly state that its application is limited to core 
investment advisory services? If yes, how would we identify and define 
what would be considered ``core investment advisory services''?
    6. Instead of our proposed definition, should we define ``covered 
functions'' as a specified list of core investment advisory activities, 
such as ``services that are central to the selection, trading, 
valuation, management, monitoring, indexing, and modeling of 
investments''? Are there other specific functions or services that 
should be included or excluded from this list? Please explain. Are the 
services in this list clear? For example, would we need to define 
trading in this alternative definition to include allocation and 
communications related to trades? Would it be clear that subadvisers 
and portfolio management would be included as ``management'' in this 
alternative definition or that risk management is part of management 
and monitoring? Would it be confusing to list management and selection 
as well as indexing and modeling in this alternative definition? Is 
there overlap among the categories? If there is overlap, should the 
rule list only certain of these categories, such as selection and 
management, or would certain core services or functions be 
inadvertently excluded?
    7. Should the Commission include or exclude in the definition of 
covered function any particular functions or services discussed within 
the release? Should services related to investment risk identification 
or monitoring be specifically identified, or would they be assumed to 
be included as part of the selection or management of investments? 
Instead should the specified list of covered functions/services be the 
same as those provided by service provider types listed in the proposed 
amendments to Form ADV?
    8. Are there particular types of service providers to which the 
rule should apply? For example, should the rule explicitly include the 
service providers advisers would be required to identify in proposed 
amendments to Form ADV (portfolio management, trade communication and 
allocation, pricing services, valuation services, investment risk 
services, portfolio accounting services, client servicing, subadvisory 
services, and/or regulatory compliance)? Should we explicitly require 
the rule to apply to index providers, model providers, valuation 
agents, or other service providers that may be central to an adviser's 
investment decision-making process?
    9. What would be the advantages and disadvantages of explicitly 
identifying the types of functions or providers that would trigger the 
rule? For instance, is there a risk of being over-inclusive and under-
inclusive if we take such an approach? Are there certain services or 
functions that should be considered ``core'' for all advisers, or does 
what constitutes a ``core'' advisory function vary from one adviser to 
the next? Should what is considered ``core'' correlate to a certain 
percentage of clients who receive (and presumably can therefore be 
affected by) the service provider's services? That is, would a service 
provider's functions be considered ``core'' to an adviser if they could 
have an impact on a certain minimum percentage of the adviser's 
clients? Should it correlate to a certain percentage of regulatory 
assets under management that receive (and, again, presumably can be 
affected by) the service provider's services? That is, would a service 
provider's functions be considered ``core'' to an adviser if they could 
have an impact on a certain minimum percentage of the adviser's 
regulatory assets under management? What would be a percentage of 
either such measurement that should trigger application of the rule? 
5%? 10%? 15%? 20%? Please explain your answer.
    10. Should data providers be explicitly included within the scope 
of the rule? Are there specific types of data providers that might be 
considered ``covered functions,'' such as providers of security master 
data, corporate action data, or index data?
    11. Instead of considering certain compliance functions to be a 
``covered function'' under the rule, should we amend rule 206(4)-7 to 
require advisers to comply with the due diligence and monitoring 
requirements of proposed rule 206(4)-11 and 204-2(a)(24) for all 
outsourced compliance functions, as we are proposing for records made 
and kept by third parties, as described below?
    12. Should we revise the proposed exclusion for clerical or 
ministerial services? Should we provide different or additional 
specific exclusions from the definition of covered function under the 
rule? Which ones, if any? For example, should we use the same 
definition of supervised person as in the Advisers Act? Should we 
explicitly exclude broad-based and widely published indices or specific 
clerical or ministerial services such as basic utilities and widely 
commercially available operating systems, word processing systems, or 
spreadsheets, utilities, or general office functions or services? 
Should we exclude functions or categories of services or should we list 
specific service providers that should be excluded? How should we view 
these services or functions when they are integral to the provision of 
a covered function (e.g., when investment performance is calculated in 
a spreadsheet or an order management system is hosted in the cloud)?
    13. Should we define ``covered function'' more broadly or more 
narrowly, and if so, how? For example, should we only use the first 
prong of the proposed definition and broaden the

[[Page 68825]]

definition to any function or service that is necessary for the 
investment adviser to provide its advisory services in compliance with 
the Federal securities laws, regardless of the likely impact on clients 
of non- or negligent performance? Or should we only use the second 
prong of the definition to apply the rule to any services or functions 
that, if not performed or performed negligently, could potentially have 
a material negative impact, regardless of whether they are necessary 
for the adviser to provide its advisory services in compliance with the 
Federal securities laws? Should we change the second prong of the 
definition, for example, by applying the rule to any services or 
functions that if not performed or performed in a manner materially 
different from the adviser's representations or undertakings could 
potentially have a material negative impact?
    14. Should the definition of ``covered function'' be expanded to 
include functions or services necessary for the adviser to comply with 
the Federal securities laws or with the Advisers Act instead of 
limiting the definition to functions or services necessary to provide 
investment advisory services in compliance with the Federal securities 
laws? Should the definition include other third-party providers of 
services to the adviser's clients, such as broker-dealers and 
custodians? Should the definition include any third-party providers 
that the adviser recommends to clients even if those providers enter 
into an agreement directly with the client and not with the investment 
adviser?
    15. Is ``necessary for the adviser to provide its advisory services 
in compliance with the Federal securities laws'' sufficiently clear? Is 
the term ``necessary'' too restrictive and, if so, should alternate 
language be used, such as ``supports the adviser in making investment 
selections and otherwise providing its advisory services in compliance 
with the Federal securities laws''? Should the proposed rule be limited 
to providing its advisory services in compliance with obligations only 
under the Advisers Act?
    16. Is the proposed definition of ``service provider'' clear? Why 
or why not? In what ways, if any, could the proposed definition be made 
clearer?
    17. Are the meanings of ``material negative impact'' and 
``reasonably likely'' clear? Why or why not? Should we define these 
phrases or provide additional guidance? If so, how? Is there a 
different phrase we should use that conveys the same idea?
    18. Should the rule define what it means to retain a service 
provider to perform a covered function? If so, how? Should we 
explicitly state that outsourcing would include affiliated entities of 
an adviser, including parent organizations?
    19. Should we define when an adviser would retain a service 
provider for purposes of the proposed rule? Are there specific factors 
that should be relevant in determining whether a service provider 
arrangement should be subject to the rule? For example, should the rule 
apply where the adviser recommends the service provider to some or all 
of its clients? Would a relevant factor be the extent to which the 
adviser makes arrangements for the client to engage the service 
provider? Should the approach differ depending on whether the client is 
a fund (registered or not) or a separately managed account and the 
extent to which the adviser is a control person of the fund or has some 
control over the fund's contracting arrangements? Or should the 
proposed rule only include service providers that contract directly 
with the adviser? If so, why? Should we provide an explicit exclusion 
for all advisers that engage service providers to perform covered 
functions as part of a larger program or arrangement, such as the 
sponsor of a wrap fee program or other separately managed account 
program in which the sponsor is subject to the proposed rule with 
respect to the participation of the service providers in the program?
    20. The proposed rule does not specify how an adviser would 
``retain'' a service provider in compliance with the proposed rule. 
Should we require a written agreement or some other written 
documentation between the adviser and service provider to perform a 
covered function under the proposed rule? If so, what provisions should 
we require? For example, should certain elements of the proposed rule's 
due diligence requirements instead be required in a contract between 
the adviser and service provider? Should there be a written agreement 
requirement for certain covered functions and not others? For example, 
should the rule identify a sub-set of the proposed definition of 
covered function as critical covered functions and require a written 
agreement in those circumstances only? If the final rule were to, 
instead, define covered function by listing certain specific functions, 
such as described in request for comments 5, 6, 7, and 8 above, should 
we require a written contract between the adviser and these service 
providers? Are there any contexts in which a written agreement may be 
more feasible than others? Alternatively, should we not require a 
written agreement but instead require disclosure in Form ADV Part 1A of 
whether an adviser has a written agreement for each covered function or 
require disclosure only if the adviser does not have a written 
agreement for a particular covered function?
    21. Is the scope of the proposed rule sufficiently clear in its 
application to various advisory arrangements such as, among others, 
separately managed accounts, wrap-fee programs, robo-advisory services, 
and model portfolio providers? Is it clear how it applies when 
technology is used as part of advisory services, such as artificial 
intelligence, foundation models, or software as a service? Why or why 
not?
    22. With respect to an adviser's clients, should the rule apply to 
any service providers an adviser retains on behalf of all of the 
adviser's clients, as proposed, including clients that are registered 
investment companies or private funds? Why or why not? Should services 
provided to a fund, such as fund administration, transfer agent, 
principal underwriter or custody services, be deemed to be ``investment 
advisory services'' or otherwise covered under the proposed rule and 
related recordkeeping requirements? Should we provide an explicit 
exception for advisers when a registered investment company retains the 
listed service providers in rule 38a-1 under the Investment Company Act 
of 1940 (``Investment Company Act'') instead (i.e., principal 
underwriter, fund administrator, and transfer agent)? What about with 
respect to private funds, which are not subject to rule 38a-1? Should 
we provide an explicit exception from the proposed rule if any such 
engagement is approved, in the case of a registered fund, by the board, 
including a majority of the independent directors, or in the case of a 
private fund, by a majority of the Limited Partner Advisory Committee 
or equivalent body?
    23. Should we include subadvisers within the scope of the rule, as 
proposed? Why or why not? Should this differ based on whether the 
subadviser for a fund is engaged by the adviser or the fund itself?
    24. The proposed rule excludes a supervised person of an investment 
adviser from the definition of provider. Do commenters agree that it 
would be duplicative to apply the rule in this context? Should the 
proposed rule also exclude an adviser's affiliated or related persons? 
Should such an exclusion depend on whether the affiliate or related 
person is separated from the

[[Page 68826]]

adviser by information barriers? Why or why not?
    25. Would it be duplicative or otherwise unnecessary to apply the 
rule in the context of an adviser's affiliates, as proposed? If so, 
please explain.
    26. Should the proposed rule provide an exception for firms that 
are dually registered broker-dealers? For example, should we provide an 
exception for firms that comply with existing broker-dealer provisions 
such as FINRA Rule 3110 (Supervision) to meet a dual registrant's 
obligation under these rules? Should there be an exception for 
outsourcing to SEC-registered advisers or other service providers that 
are themselves subject to regulation under the Federal securities laws? 
Should such an exception be limited to outsourcing to another adviser 
or manager (including banks and trust companies) when the other adviser 
or manager treats the client as its own client (as may be evidenced, 
for example, by the client's entry into documentation appointing the 
adviser or manager, the inclusion of the client as a client on the 
books and records of the adviser or manager, or the delivery of 
disclosure documents of the adviser or manager to the client)?
    27. To what extent do advisers already take the steps that would be 
required by the proposed rule? Do commenters believe that the proposed 
rule is necessary? Why or why not? To the extent that commenters 
believe that the proposed rule is already covered by the general 
fiduciary duty enforceable under Section 206 of the Advisers Act, do 
commenters believe there is sufficient clarity in the industry as to 
the obligations for an adviser in the context of retaining service 
providers? And if so, how do those obligations differ from what is 
outlined in this proposed rule?
    28. Are the proposed changes to the books and records rule 
appropriate? Are there alternative or additional recordkeeping 
requirements we should impose? For example, should we require that the 
record include specific information or be memorialized in a written 
memo or report? Should we require advisers to update the list of 
covered functions within prescribed time periods such as monthly, 
quarterly or annually?
    29. Should we require advisers to make and keep true, accurate, and 
current a list of covered functions? Why or why not? Should we specify 
any particular method for making the list or record of factors to 
consider? Should we require a specific method of maintaining the list 
of covered functions such as in its policies and procedures?
    30. Do commenters believe it would be overly burdensome to require 
a record of factors that led the adviser to list each covered function, 
as proposed? Why or why not? Should we instead only require the list of 
covered functions without requiring the record of factors for each 
covered function?

B. Due Diligence

    The proposed rule would require advisers to conduct reasonable due 
diligence before engaging a service provider to perform a covered 
function.\49\ We believe it is essential for an investment adviser to 
evaluate whether and how it will continue to meet its obligations to 
its clients, and the requirements of the Federal securities laws, 
including its obligations as a fiduciary, when it chooses to 
outsource.\50\ The due diligence requirement would provide guidelines 
to help ensure that the nature and scope of the covered function, as 
well as the risks associated with the adviser's use of service 
providers are identified and appropriately mitigated and managed. This 
also could reduce the risk that the adviser's outsourced services are 
not performed or are performed negligently. Specifically, the proposed 
rule would require an adviser to reasonably identify and determine that 
it would be appropriate to outsource the covered function, that it 
would be appropriate to select the service provider, and once selected, 
that it is appropriate to continue to outsource the covered function, 
by complying with six specific elements:
---------------------------------------------------------------------------

    \49\ See proposed rule 206(4)-11(a)(1).
    \50\ See In the Matter of AssetMark, Inc. (f/k/a Genworth 
Financial Wealth Management, Inc.), Investment Advisers Act Release 
No. 4508 (Aug. 25, 2016) (settled order) (AssetMark's due diligence 
was insufficient to confirm the accuracy of performance data from a 
third-party and therefore AssetMark failed to have a reasonable 
basis for the accuracy of the performance and performance-related 
claims made in its advertisements); see also In the Matter of 
Pennant Management, Inc., Investment Advisers Act Release No. 5061 
(Nov. 6, 2018) (settled order) (Pennant negligently failed to 
perform adequate due diligence of a third party which ultimately 
contributed to substantial client losses).
---------------------------------------------------------------------------

    (i) Identify the nature and scope of the covered function the 
service provider is to perform;
    (ii) Identify and determine how it would mitigate and manage the 
potential risks to clients or to the investment adviser's ability to 
perform its advisory services, resulting from engaging a service 
provider to perform a covered function and engaging that service 
provider to perform the covered function;
    (iii) Determine that the service provider has the competence, 
capacity, and resources necessary to perform the covered function in a 
timely and effective manner;
    (iv) Determine whether the service provider has any subcontracting 
arrangements that would be material to the service provider's 
performance of the covered function, and identifying and determining 
how the investment adviser will mitigate and manage potential risks to 
clients or to the adviser's ability to perform its advisory services in 
light of any such subcontracting arrangement;
    (v) Obtain reasonable assurance from the service provider that it 
is able to, and will, coordinate with the adviser for purposes of the 
adviser's compliance with the Federal securities laws; and
    (vi) Obtain reasonable assurance from the service provider that it 
is able to, and will, provide a process for orderly termination of its 
performance of the covered function.
    The proposed rule requires that the due diligence be conducted 
``before engaging'' a service provider, which would be before the 
adviser and service provider agree to the engagement, or agree to add 
new covered functions or services to an existing engagement.\51\ It 
would not be appropriate for the adviser to assess the risks of 
outsourcing a covered function to a particular service provider, for 
the first time, after it engaged the service provider.\52\ Conducting 
initial due diligence after engagement would unnecessarily subject the 
adviser's clients to potentially unknown and unmitigated risks 
associated with outsourcing the covered function to the service 
provider. Those risks could result in harm to the client that could 
have been avoided had due diligence been conducted beforehand.
---------------------------------------------------------------------------

    \51\ For written agreements, this would be the date it is 
executed by both parties, or if different days, the later of the 
dates each party executes it.
    \52\ See infra section II.G (Transition and Compliance and 
related discussion).
---------------------------------------------------------------------------

    The proposed rule also requires that service provider due diligence 
be conducted ``reasonably.'' This would mean an adviser's due diligence 
must reasonably be tailored to the function or services that would be 
outsourced and to the identified service provider. An adviser's 
analysis of a specific service provider's competence, capacity, and 
resources generally would not require boundless analysis or the 
identification of every conceivable risk of outsourcing, but must be 
reasonable under the facts and circumstances. The proposed rule is 
intended to allow registrants to tailor their due diligence practices 
to fit the nature, scope, and risk profile of a

[[Page 68827]]

covered function and potential service provider.
    For example, in determining whether to engage a third-party digital 
investment advisory platform, a registrant may not need to conduct a 
detailed analysis and review of the underlying computer code. However, 
the registrant generally should obtain a reasonable understanding of 
how the platform is intended to operate, determine that the platform 
operates as intended, and confirm the platform generates advice that is 
suitable for the registrant's clients. The registrant could consider 
also the risks of the digital platform that could result in material 
harm to a client and conclude that it can mitigate and manage those 
risks. In conducting this analysis, the adviser could review factors 
such as:
     Comparative digital platform methodologies, including 
their respective parameters, benefits, and risks;
     The digital platform's compliance and operational policies 
and procedures for the protection of client accounts and key systems, 
and its policies and procedures addressing the maintenance and 
oversight of the digital platform;
     The sufficiency of the digital platform's client 
questionnaire for enrolling clients in the advisory service;
     The digital platform's general process for developing, 
revising, and updating the advice or recommendations that it generates;
     The general process for and results of the service 
provider's testing and backtesting of the digital platform and the 
post-implementation monitoring of its performance; and
     The digital platform's prevention and detection of, and 
response to, cybersecurity threats.\53\
---------------------------------------------------------------------------

    \53\ Commission staff addressed similar issues in a guidance 
update. See Robo-Advisers, IM Guidance Update, No. 2017-02 (Feb. 
2017) (discussing robo-adviser specific factors that an adviser may 
consider in adopting written policies and procedures).
---------------------------------------------------------------------------

    Ultimately, conducting due diligence is not a one-size-fits-all 
process. Whether an adviser tailors its due diligence such that it is 
reasonable under the proposed rule would depend on the facts and 
circumstances applicable to the services to be performed and the 
identified service provider.
1. Nature and Scope of Covered Function
    The first element in the proposed due diligence requirements would 
require an adviser to identify the nature and scope of the covered 
function the service provider is to perform.\54\ This might include 
documenting a description of the nature and scope of the covered 
function in a written agreement, memo to file, database, or other form 
the adviser deems appropriate.\55\ As part of its identification, an 
investment adviser generally should understand what services will be 
provided and how the service provider will perform those services. We 
believe such identification is important to reduce the risks of 
performance shortfalls by the service provider due to the adviser's or 
its service provider's insufficient understanding of the nature and 
scope of the covered function. A clear understanding between the 
adviser and service provider of the nature and scope of the applicable 
covered function should help ensure that the service provider is 
performing the function that the adviser believes is being performed 
and reduce the risk of harm to clients and investors as a result of 
inadequate, negligent, or otherwise insufficient performance of the 
covered function.
---------------------------------------------------------------------------

    \54\ Proposed rule 206(4)-11(a)(1)(ii). As further discussed 
below, we are also proposing a new books and records provision, rule 
204-2(a)(24) that would require advisers to make and retain a list 
or other record of covered functions that the adviser has outsourced 
to a service provider.
    \55\ We are also proposing amendments to Form ADV Part 1A under 
which an adviser would be required to disclose information about its 
service providers of covered functions. See supra section II.D.
---------------------------------------------------------------------------

    What is included in ``nature and scope'' under the proposed rule 
would vary depending on the facts and circumstances, and the level of 
detail should reasonably reflect relevant factors such as the nature, 
size, and complexity of the covered functions involved. For example, if 
the service provider performing a covered function is an index 
provider, then the identification of the nature and scope of the 
covered function might relate to such things as index license terms, 
rebalancing frequency, and frequency of data delivery from the provider 
to the adviser. If an adviser outsources its trading desk functions, 
then the adviser might wish to identify descriptions of the trading 
desk services, as well as any ancillary activities related to those 
services, such as software or other technological support and 
maintenance, business continuity and disaster recovery, employee 
training, and customer service, including the extent to which the 
provider would perform the services itself or hire others to perform 
them.
    As part of this analysis, an adviser also might wish to identify 
the frequency, content, and format of the service provider's covered 
function. The analysis also might vary depending on the types of risks 
identified during the adviser's due diligence process. If an adviser 
identifies certain risks related to outsourcing a particular task or 
related to using a particular service provider, then the adviser 
generally should take those risks into account when identifying the 
nature and scope of the covered function. For example, the adviser 
might wish to determine how the adviser's information, facilities, and 
systems (including access to and use of the adviser's or the adviser's 
clients' information) would be used and any protections that would be 
put in place for use of such items. If an adviser were to engage a 
service provider to perform portfolio management services for its 
clients, and the adviser would be sharing non-public trading 
information and/or its advisory clients' personally identifiable 
information, the adviser generally should negotiate and identify how 
such information would be managed in order to mitigate the risk that 
such information may be mishandled.\56\
---------------------------------------------------------------------------

    \56\ Rules related to maintaining the privacy of client 
information also would apply. See, e.g., 17 CFR 248.11(a) (reuse and 
redisclosure of nonpublic personal information that nonaffiliated 
trading services provider receives from adviser limited to 
performing trading services for the adviser's clients). See also 17 
CFR 248.201(e)(4) (applicable to advisers that are a financial 
institution or creditor with covered accounts); Reg. S-ID, Appendix 
A, at Section VI(c).
---------------------------------------------------------------------------

2. Risk Analysis, Mitigation, and Management
    The proposed rule would require an adviser to identify the 
potential risks to clients, or to the adviser's ability to perform its 
advisory services, resulting from outsourcing a covered function. In 
doing so, we believe an adviser generally should assess and consider 
prioritizing the risks created by outsourcing the function in light of 
the adviser's particular business processes.\57\ As discussed above,

[[Page 68828]]

outsourcing an investment adviser's function without a minimum and 
consistent framework for identifying, mitigating, and managing risks, 
can undermine the adviser's provision of services and mislead or 
otherwise harm clients. A lack of such a framework could indicate that 
it is unreasonable for an adviser to outsource the function. Potential 
client harm caused by a service provider's failure to perform or 
negligent performance of the outsourced function could be significantly 
mitigated, or even avoided, if the adviser first identifies the risk, 
and then determines, before outsourcing a function, how to mitigate and 
manage the risk.
---------------------------------------------------------------------------

    \57\ We believe a risk prioritization approach is a commonly 
used and effective practice in the industry. Also, the Commission 
proposed a risk prioritization approach for cybersecurity risk 
assessment. We encourage commenters to review that proposal to 
determine whether it might affect their comments on this proposing 
release. See Cybersecurity Risk Management for Investment Advisers, 
Registered Investment Companies, and Business Development Companies, 
Investment Advisers Act Release No. 5956 (Feb. 9, 2022) [87 FR 13524 
(Mar. 9, 2022)] (``Proposed Cybersecurity Release'') (stating that 
``[a]s an element of an adviser's or fund's reasonable policies and 
procedures, the proposed cybersecurity risk management rules would 
require advisers and funds periodically to assess, categorize, 
prioritize, and draft written documentation of, the cybersecurity 
risks associated with their information systems and the information 
residing therein.'').
---------------------------------------------------------------------------

    There are a variety of potential risks that an adviser should 
generally consider, such as the sensitivity of information and data 
that would be subject to the service or to which the service provider 
may have access, the complexity of the function being outsourced, the 
reliability and accuracy of the service or function delivered by the 
service provider, extensive use of particular service providers by the 
adviser or several advisers, available alternatives in the event a 
service provider fails or is unable to perform the service, the speed 
with which a function could be moved to a new service provider, 
existing and potential conflicts of interest of the service 
provider,\58\ geographic location of the service provider, 
unwillingness to provide transparency, known supply-chain challenges, 
and the availability of market resources skilled in the service. Key to 
this process might include determining the likely potential impact--
particularly to the adviser's clients, to investors in the adviser's 
fund clients, or to the adviser's ability to perform its advisory 
services--of the failure, or improper performance, of the function to 
be outsourced.
---------------------------------------------------------------------------

    \58\ Advisers may have disclosure obligations related to 
conflicts of interest that arise from other provisions of the 
Federal securities laws. See, e.g., Form ADV Part 2, General 
Instruction 3 (stating that advisers ``must seek to avoid conflicts 
of interests with [their] clients, and, at a minimum, make full 
disclosure of all material conflicts of interest . . . that could 
affect the advisory relationship.'').
---------------------------------------------------------------------------

    For example, outsourcing records administration, personal 
securities trading clearance and compliance, or client trading services 
may result in the service provider gaining access to the adviser's non-
public trading information (e.g., client account positions, active 
trade orders, restricted securities trading list), or personally 
identifiable information (``PII'') about an adviser's clients. In these 
circumstances, it would be important for the adviser to consider 
whether use of a service provider would increase the likelihood that 
the non-public trading information or PII could be mishandled, misused, 
subject to unauthorized access, or otherwise subject to a heightened 
risk.\59\ This risk may be amplified when outsourcing to an offshore 
service provider that is unfamiliar with applicable U.S. laws and 
regulations, is potentially subject to laws that apply a different 
standard, and may cause delays in production of records. In the case of 
an offshore service provider, the adviser should consider whether the 
service provider's policies, procedures, and operations comply with 
applicable United States laws and regulations, and whether the service 
provider is able to demonstrate experience servicing clients that are 
subject to Federal securities laws. Further, the adviser should 
consider the potential impact to its advisory business and its clients 
if the non-public trading information or PII were subject to a breach 
via the service provider.
---------------------------------------------------------------------------

    \59\ Advisers should also note that outsourcing that transfers 
PII to third parties could implicate legal restrictions on sharing 
by the adviser of such information.
---------------------------------------------------------------------------

    When an adviser outsources any covered function it introduces new 
relationships and the potential for new conflicts of interest, such as 
the service provider's incentives to meet its obligations to some 
clients ahead of others, to devote more resources to a different line 
of business than the one for which the provider was hired, or to favor 
affiliates.\60\ The adviser should identify these risks and determine 
how it will mitigate and manage them. For example, outsourcing some 
client portfolio management functions to a model provider may introduce 
new conflicts of interest issues for the service provider that the 
adviser may want to consider. In such a circumstance, an adviser 
generally should consider potential issues such as whether the service 
provider also provides services to the service provider's affiliates 
and how the service provider prioritizes providing models among clients 
that pay different fees to the service provider. This is because the 
service provider could have a financial incentive to provide favorable 
prioritization or terms to its affiliates or clients paying the service 
provider a higher fee. If so, the adviser generally should consider how 
to mitigate this conflict of interest through approaches such as 
obtaining contractual representations and warranties about the service 
provider's procedures, reviewing the service provider's applicable 
written policies and procedures, or obtaining a contractual right to 
audit the service provider.
---------------------------------------------------------------------------

    \60\ As fiduciaries, advisers must seek to avoid conflicts of 
interest with clients, and, at a minimum, make full disclosure of 
all material conflicts of interest between the adviser and clients 
that could affect the advisory relationship. See Form ADV Part 2 
General Instructions. Advisers may disclose this information in 
their Part 2 of Form ADV or by some other means.
---------------------------------------------------------------------------

    Another common example that illustrates the importance of an 
adviser's risk analysis occurs when an adviser seeks to outsource all 
or portions of its compliance function. There can be benefits to 
relying on a third party with potentially greater compliance experience 
and expertise, but an adviser also generally should consider the nature 
of its business and whether a potential provider can sufficiently 
understand, ingest, and address the unique compliance needs of the 
adviser's business. The adviser can seek to mitigate and manage this 
risk by generally considering certain steps such as seeking references 
from other clients of the service provider, conducting interviews of 
key service provider personnel, ensuring the compliance service 
provider will customize its services to meet the needs and unique 
aspects of the adviser's particular business, obtaining written 
assurances about the experience and skills of the service provider 
personnel that will be assigned to the adviser's account, and obtaining 
the right to audit the functions being performed by the service 
provider periodically.
    The proposed rule also would require advisers to identify the risks 
of outsourcing to a particular service provider. We understand that 
many advisers currently take a variety of steps to understand the risks 
of their service providers and those of certain service providers. 
These steps may include reviewing a summary of a service provider's 
business continuity plan, due diligence questionnaires, an assurance 
report on controls by an independent party, certifications or other 
information regarding a provider's operational resiliency or 
implementation of compliance policies, procedures, and controls 
relating to its systems, results of any testing, and conducting 
periodic onsite visits. The nature, depth, and complexity of this 
analysis would be dependent, in part, on the adviser's assessment of 
risks associated with the function being outsourced. If an adviser 
determines that the risk of outsourcing a particular function is 
relatively high, then the adviser generally should consider adjusting 
its due diligence of the particular provider commensurate with that 
risk assessment. An adviser

[[Page 68829]]

also generally should consider that a provider may pose unique or novel 
risks such as international operations, limited financial or 
operational history, lack of financial or operational transparency, 
lack of sufficient operating capital to support long-term operations, 
inability or unwillingness to provide client references, insufficient 
availability of qualified personnel, infrastructure susceptibility to 
extreme weather, lack of adequate data security, and prior service 
failures.
    For example, if the outsourced function involves valuation of 
illiquid or private securities, the adviser generally should consider 
whether the particular service provider has the capability and 
experience to provide accurate and timely information. Inaccurate or 
untimely valuation information could affect the adviser's strategy, 
resulting in negative financial consequences for the adviser's clients. 
A lack of necessary sophistication or inability to perform timely are 
examples of service provider issues that generally should be identified 
and addressed before the service provider is engaged.
    The proposed rule would also require an adviser to determine how it 
will mitigate and manage the identified risks. This could be 
accomplished through a variety of means, including actions taken by the 
adviser, or actions taken by the service provider at the adviser's 
request or direction. If an adviser determines that risks cannot be 
mitigated or managed adequately, the adviser generally should consider 
factors such as whether it is consistent with an adviser's fiduciary 
responsibility to its clients to move forward with outsourcing the 
function, whether outsourcing the function may increase the risk of 
fraud against the adviser's clients, or whether there is a viable 
alternative to outsourcing.
    There are a multitude of ways that an adviser may mitigate or 
manage risks, subject to the applicable facts and circumstances 
surrounding the function. To mitigate the identified risks, an adviser 
generally may consider the potential impacts of the risks occurring, 
the frequency with which the risks may occur, and how to avoid or 
lessen those impacts. This could include considering whether the 
service provider allows sufficient transparency such that the adviser 
reasonably can monitor the outsourced functions to confirm they are 
performed correctly and developing and implementing written policies 
and procedures to oversee the service provider. For example, if an 
adviser incorporates a service provider's software to manage its 
portfolio risk, a flaw in the software could adversely affect client 
portfolios. It would therefore be important that the service provider 
sufficiently explains and demonstrates how the software operates so 
that the adviser can understand, identify, and determine whether it can 
mitigate any risks that the use of the software may pose. The adviser 
also generally should consider whether and how the service provider 
would provide notice of software failure, and how the service provider 
will respond in the event of a failure. Similarly, in the event the 
adviser is U.S.-based and outsourcing to a non-U.S.-based service 
provider, the adviser generally should consider whether and how it can 
effectively monitor the performance of the covered function, and 
whether there are any unique limitations or risks posed by the location 
where the services will be provided, such as geopolitical instability, 
heightened exposure to extreme weather, lack of U.S. legal jurisdiction 
and ability to enforce legal rights, infrastructure challenges such as 
instability in the power grid or internet services, or lack of access 
to an experienced workforce. If the adviser determines it cannot 
effectively monitor the performance of a covered function, it generally 
should consider whether outsourcing is consistent with the adviser's 
fiduciary responsibility to its clients, whether outsourcing may 
increase the risks for the adviser's clients, and whether there is a 
viable alternative to outsourcing.
    An adviser may also mitigate and manage the risks of failing to 
perform a function by implementing contractual safeguards or pursuing 
alternative options. For example, if a service provider placing trades 
for the adviser's clients experienced a trading delay or stopped 
trading altogether, there may be material negative impacts on the 
adviser's clients. To mitigate the risk of this scenario, the adviser 
could enter into a contractual agreement with the service provider that 
identified, in advance of such an event, a substitute trading 
arrangement to be implemented within a timeframe that would cause as 
little disruption to clients as possible. An adviser also could 
establish a redundancy in the outsourced service or function. For 
example, an adviser could engage a primary pricing provider for 
illiquid securities, and also have an arrangement with a secondary 
pricing provider. The secondary provider could provide prices in the 
instance that the first pricing service fails, and otherwise be used, 
for example, to validate accuracy and identify potential anomalies in 
the data provided by the primary pricing provider. Such contractual 
provisions may be particularly important in preventing harm to the 
adviser's clients. Regardless of who a contract indicates should remedy 
such a situation or who is liable for a particular breach, a service 
provider's failure to perform does not excuse the adviser from its 
fiduciary duty and other legal obligations and liabilities.
3. Competence, Capacity, Resources
    Once an adviser has identified the risks related to outsourcing the 
function and the risks of the service provider, the proposed rule would 
require the adviser to determine that the service provider has the 
competence, capacity, and resources necessary to perform the covered 
function in a timely and effective manner. Outsourcing an investment 
adviser's function to a service provider without making this 
determination can undermine the adviser's provision of services and 
mislead or otherwise harm clients. When an investment adviser holds 
itself out as providing advisory services or agrees with a client to 
provide such services, the adviser implies that it remains responsible 
for the performance of those services and will act in the best interest 
of the client in doing so. If an adviser retains a service provider 
without ensuring the service provider is able to perform the function 
in a timely and effective manner, the adviser would not be ensuring its 
obligations will be met and clients could be harmed if the service 
provider fails to perform or negligently performs the covered function. 
Therefore, in order to comply with its legal obligations when 
outsourcing a function, the adviser should confirm that the service 
provider is able to perform the applicable function timely and 
effectively to the same standards directly applicable to the adviser.
    The determination of competence, capacity, resources, and 
performing the function timely and effectively should be based on the 
facts and circumstances of the functions being outsourced. For example, 
if outsourcing a function is high risk due to the complexity of the 
function, the adviser may want to assess competence by focusing on the 
experience and expertise of the service provider's personnel and the 
comprehensiveness of their processes and methodologies. If the function 
is labor intensive, the adviser may wish to consider factors such as 
whether the service provider has the necessary staffing capacity to 
provide the function and the service provider's historical staff 
retention rates. If the function requires specialized equipment or

[[Page 68830]]

technology, the adviser may wish to seek evidence that the service 
provider possesses those resources. If the function is novel or is 
unique to the adviser, the adviser may wish to consider whether it is 
even appropriate to outsource due to a lack of service providers with 
the necessary competence, capacity, or resources to perform the 
function. In all of these instances, the adviser may consider whether 
and how the service provider can perform the covered function such that 
it effectively addresses the adviser's and its client's needs.
    In addition to considering the facts and circumstances of the 
function being outsourced, we believe an adviser's analysis of 
competence generally should include an understanding of how the service 
provider will perform the function. For this, the adviser generally 
should verify that the service provider is able to explain and 
demonstrate clearly how the function will be performed. This enables 
the adviser to confirm it is outsourcing to a competent service 
provider, mitigates the risk of potential harm to the adviser's clients 
of a failure to perform, and educates the adviser in order to better 
monitor the service provider once engaged. For example, if an adviser 
is outsourcing its robo-advisory product to a third-party digital 
investment platform the adviser generally should understand the client 
factors considered by the platform, the methodology used by the 
platform to generate any recommendations, the factors that may alter 
that methodology, any highly technical or complex aspects of the 
methodology such as incorporation of artificial intelligence, and the 
service provider's procedures for testing and oversight of the 
methodology.
4. Subcontracting Arrangements
    The proposed rule would require that the adviser determine whether 
the service provider has any subcontracting arrangements that would be 
material to the performance of the covered function. In the event of 
such a subcontracting arrangement, the proposed rule would also require 
that the adviser identify and determine how it will mitigate and manage 
potential risks to clients or its ability to perform advisory services 
in light of any such subcontracting arrangement.\61\
---------------------------------------------------------------------------

    \61\ Proposed rule 206(4)-11(a)(1)(iv).
---------------------------------------------------------------------------

    In making these determinations, an adviser generally could rely on 
representations provided by the service provider or could develop 
policies and procedures with certain limitations or conditions when 
engaging a service provider that uses subcontractors. For example, an 
adviser may implement a policy that prevents the adviser from retaining 
a service provider that primarily relies on subcontractors to perform 
the covered function, or implement a procedure to audit the service 
provider's oversight of its subcontractors. An adviser also may enter 
into a written agreement with the service provider that requires the 
service provider to notify the adviser of any material incidents that 
take place at the subcontractor that may cause a failure to perform a 
covered function by the service provider. When determining how to 
mitigate and manage potential risks of outsourcing in light of any 
subcontracting arrangement, the adviser could consider relying on 
written representations the service provider makes about steps it is 
taking to mitigate and manage such risks.
    Service providers may utilize subcontracting arrangements for any 
advisory services and functions, which creates a chain of service 
providers to an adviser. The absence of a direct relationship with a 
subcontractor may affect the adviser's ability to assess and manage 
risks that develop as a result of outsourcing. Outsourcing risks are 
heightened when an adviser uses service providers for ``covered 
functions'' that, by definition under the proposed rule, if not 
performed or performed negligently would be reasonably likely to cause 
a material negative impact on an adviser's clients or its ability to 
provide advisory services. Because the adviser ultimately has the 
responsibility for providing advisory services and complying with the 
Federal securities laws, we believe it is important that the adviser 
know about material subcontracting arrangements so that it can oversee 
the covered function properly.
    Requiring the adviser to determine whether the service provider has 
any subcontracting arrangements might provide more visibility into the 
outsourcing chain by the adviser. However, we also recognize that a 
service provider may use a large number of subcontractors for a variety 
of functions or services at various points in time. As a way to balance 
the burden of having to determine how the adviser will mitigate and 
manage potential risks with respect to every subcontractor with the 
benefit of the adviser having some visibility into the use of 
subcontractors, we believe that the determination should be limited to 
subcontracting arrangements that would be material to the service 
provider's performance of the covered function. To determine whether a 
subcontracting arrangement is material, we believe it is appropriate 
generally to follow the standard used in the proposed definition of 
covered function. Thus, a subcontracting arrangement would be material 
if nonperformance or negligent performance would be reasonably likely 
to cause a significant negative impact on the service provider's 
ability to perform the covered function. A subcontracting arrangement 
that is subject to this standard would depend on the type of 
subcontractor being used and the nature and scope of the subcontracting 
arrangement. For example, if an adviser engaged a subadviser to manage 
certain of its clients' portfolios, and the subadviser outsourced some 
or all of its portfolio management to a subcontractor, we generally 
would consider this to be material because the subadviser would be 
outsourcing the function that the adviser had engaged the subadviser to 
perform. In such an instance, we believe the subcontractor's failure to 
perform or negligent performance of portfolio management would be 
reasonably likely to cause a significant negative impact on the 
subadviser's performance of the covered function, which would be 
reasonably likely to cause a material negative impact on the adviser's 
ability to provide its investment advisory services.
    We believe that requiring this determination and risk assessment of 
any subcontracting arrangements that would be material to performance 
of a covered function is important because having a chain of providers 
increases the risk of lack of transparency and control by the adviser 
if there were an issue within the chain. We believe that to the extent 
a service provider uses any subcontractors that are material to the 
performance of its covered function, the adviser generally should 
conduct further monitoring and put in place risk management processes 
to mitigate potential harm to the adviser, and its advisory clients.
5. Compliance Coordination
    The proposed due diligence provision would require an adviser to 
obtain reasonable assurance from a service provider that it is able to, 
and will, coordinate with the adviser for purposes of the adviser's 
compliance with the Federal securities laws, as applicable to the 
covered function. An adviser remains liable for its obligations, 
including under the Advisers Act, other Federal securities laws and any 
contract entered into with the client, even if the adviser outsources 
functions. The proposed requirement would alert the service provider to 
those responsibilities

[[Page 68831]]

and obtaining reasonable assurances would help the adviser ensure that 
it can continue to meet its compliance obligations despite outsourcing 
those functions.
    For example, an adviser may rely on a service provider for part of 
its portfolio management function. While not required under the 
proposed rule, that adviser may wish to consider obtaining written 
assurances or written representations from the service provider that it 
is aware of the adviser's obligations under the Advisers Act, and that 
it will assist the adviser, as applicable, in complying with its 
obligations as a fiduciary. For additional clarity, the adviser may 
wish to consider articulating specific responsibilities of the service 
provider in relation to assisting the adviser to comply with its legal 
obligations. As another example, an adviser may rely on an outsourced 
chief compliance officer or compliance consultant for updating and 
filing the adviser's Form ADV, including Form CRS. Such an adviser may 
want to obtain assurances or representations from the service provider 
that it has sufficient knowledge of the adviser's business such that 
the adviser's Form ADV will be accurate and contain all required 
disclosure. In discussions with our staff regarding Form ADV 
compliance, some advisers have claimed ignorance of a filing not having 
been made, or of missing, inadequate or inaccurate disclosure, due to 
the adviser's reliance on an outsourced chief compliance officer or 
compliance consultant. Similarly, in response to our staff's requests 
for documents, advisers often indicate that they lack access to 
information necessary to demonstrate compliance with a provision of the 
Advisers Act and its rules or other Federal securities laws because of 
outsourcing. In instances where our staff has requested records 
demonstrating compliance with the brochure delivery rule,\62\ some 
advisers that use client relationship management providers have 
asserted that they have complied with the rule because brochure 
delivery is programmed into the providers' software, though they cannot 
produce records to evidence that delivery took place.
---------------------------------------------------------------------------

    \62\ See rule 204-3.
---------------------------------------------------------------------------

6. Orderly Termination
    The proposed rule would require an investment adviser to obtain 
reasonable assurance from the Service Provider that it is able to, and 
will, provide a process for orderly termination of its performance of 
the covered function.\63\ This provision is designed to mitigate risks 
of an interruption in advisory services or the adviser's compliance 
with the Federal securities laws in the event that the outsourced 
relationship is discontinued. An abrupt termination of a covered 
function without a process to continue services in another way, 
transfer records, and otherwise provide a smooth transition could have 
a material negative impact on an adviser's clients or an adviser's 
ability to provide investment advisory services to clients. For 
example, if an adviser relied on a software provider to provide an 
order management and trading application for the purposes of placing 
orders on behalf of the adviser's clients, and the software provider 
abruptly terminated its services without the adviser being able to 
replace the provider or move the services in-house, then the 
termination would be reasonably likely to cause a material negative 
impact on the adviser's ability to provide investment advisory 
services. This is because the adviser may not be able to place orders 
at or near normal volumes or as efficiently. Such harm could be 
mitigated by the proposed due diligence requirement to obtain 
reasonable assurance from a service provider that it is able to, and 
will, provide a process for orderly termination of its performance of 
the covered function.
---------------------------------------------------------------------------

    \63\ Proposed rule 206(4)-11(a)(2)(vi).
---------------------------------------------------------------------------

    Orderly termination of a service provider's performance of a 
covered function might include the adviser ensuring that no ongoing 
operational and technological dependency on the service provider 
remains after the termination of the relationship with the service 
provider. For example, an adviser might consider obtaining reasonable 
assurance, whether through a written agreement or some other means, 
from the service provider that it will provide a notice of intent to 
terminate in a specified amount of time or other similar process so 
that the service provider does not abruptly terminate its services to 
the detriment of the adviser and its clients.
    Given the variety of advisers and providers and different levels of 
complexity with respect to outsourced functions, the proposed rule is 
designed to afford advisers and service providers the flexibility to 
establish what would constitute ``orderly'' termination in light of the 
risks involved. The adviser must be able to stay in compliance with its 
obligations under the Advisers Act and its rules during and after 
termination. Accordingly, the process that allows for ``orderly'' 
termination generally should reflect consideration of certain factors 
such as the type of covered function and applicable regulatory 
requirements. For example, if the covered function were recordkeeping 
services, then the adviser should account for how to continue to stay 
in compliance with the regulatory requirements with respect to 
recordkeeping after termination of the agreement. If the covered 
function were valuation services, then the adviser should consider how 
to transition different client accounts prior to complete termination 
and how to stay in compliance with any valuation requirements. In 
addition to ensuring proper transfer or retention of records, advisers 
generally should consider how they would maintain operational, 
regulatory, or other capabilities as a result of terminating the 
service provider engagement.
    An ``orderly'' termination process also should be designed to 
handle confidential and other sensitive information securely. The 
adviser and service provider generally should consider ways to ensure 
that no confidential data or information remains with the service 
provider other than that required to meet the service provider's 
contractual obligations or the service provider's own legal 
obligations, if any. For example, a service provider that performs 
valuation services may have been granted access to certain adviser 
back-office or middle-office systems and internal reports, and the 
adviser and service provider might wish to agree to allow for 
verification that the provider's access is terminated either 
immediately upon notification of termination or after a reasonable 
amount of time once all accounts have been closed by the service 
provider. The adviser and service provider might also agree to the 
return or destruction of any copies of reports or confidential 
information after the terms of termination are satisfied, depending on 
the length of time it would take.
    Relatedly, an ``orderly'' termination process also generally should 
contemplate reasonable time frames to allow for timely transfer or 
destruction of any data, as appropriate or necessary. Such provisions 
would facilitate the continuity and quality of the outsourced functions 
in the event of termination. For example, if an adviser wants to 
protect its ability to change its subadviser when appropriate without 
undue restrictions, limitations, or cost, then the adviser generally 
should consider termination and transfer arrangements with reasonable 
time frames to allow for timely transfer of confidential adviser and 
client information from the original service provider to the new 
service provider.
    In addition to ensuring the adviser stays in compliance with its 
regulatory

[[Page 68832]]

obligations during and post-termination of a relationship with a 
service provider, the adviser might consider provisions in a written 
agreement or some other form to protect itself against certain failures 
or breaches by the service provider such as termination rights, clear 
delineation of ownership of intellectual property, and the obligation 
of the service provider to assist and provide support for a successful 
and complete transition or termination.
7. Recordkeeping Provisions Related to Due Diligence
    Finally, the proposal would amend the Advisers Act books and 
records rule to require advisers to make and retain specific records 
related to their due diligence assessment.\64\ These records include a 
list or other record of covered functions the adviser outsourced to a 
service provider including the name of each service provider, the 
factors that led to listing it as a covered function on Form ADV, and 
documentation of the adviser's due diligence assessment. The due 
diligence records would include any policies or procedures or other 
documentation showing how the adviser would mitigate and manage the 
risks it identifies, both at a covered function and a service provider 
level. The proposed amendments would also revise the books and records 
rule to require a copy of any written agreement, including any 
amendments, appendices, exhibits, and attachments, entered into with a 
service provider regarding covered functions. The records would have to 
be maintained in an easily accessible place while the adviser 
outsources the covered function and for a period of five years 
thereafter.\65\ This aspect of the proposal is designed to facilitate 
our staff's ability to assess an adviser's compliance with the proposed 
rule. We believe it would similarly enhance an adviser's compliance 
efforts as well.
---------------------------------------------------------------------------

    \64\ See proposed rule 204-2(a)(24).
    \65\ See proposed rule 204-2(e)(4).
---------------------------------------------------------------------------

    We request comment on all aspects of the proposed due diligence 
requirement and corresponding proposed amendments to the Advisers Act 
books and records rule, including the following items:
    31. Should we adopt the due diligence requirements as proposed? Are 
there other aspects of due diligence that should be required 
additionally or instead? Conversely, should we exclude any of the 
proposed due diligence requirements?
    32. Should we require advisers to obtain third-party experts, 
audits, and/or other assistance to oversee a service provider when the 
adviser is outsourcing a function that is highly technical, or the 
oversight requires expertise or data the adviser lacks? For example, if 
an adviser is outsourcing to a service provider that provides valuation 
or pricing of complex or private securities, or a service provider that 
incorporates artificial intelligence into its services, should that 
adviser be required to confirm it has sufficient internal expertise to 
effectively oversee the service provider, and if not, obtain a third-
party expert to provide such oversight?
    33. Advisers are currently required under rule 206(4)-7 to have 
policies and procedures reasonably designed to prevent violations of 
the Advisers Act and rules under the Act, and this requirement would 
apply to the proposed rule. The proposed rule does not require 
additional explicit written policies and procedures related to service 
provider oversight. Should the rule require specific policies and 
procedures in addition to or instead of the requirements in the 
proposed rule? And if so, what specific provisions should be required? 
Should we also include changes to rule 38a-1 under the Investment 
Company Act?
    34. Should we exempt certain service providers or covered functions 
from some or all of the due diligence requirements? If so, which 
service providers should we exempt, which due diligence requirements 
should we exempt, and why?
    35. Should we exempt certain categories of advisers or service 
providers from the due diligence requirements, such as smaller (e.g., a 
small business or small organization as defined in 17 CFR 275.0-7 or a 
small business as defined by the U.S. Small Business Administration) 
advisers or service providers or newly registered advisers? If so, 
which ones and why? Alternatively, should we provide scaled due 
diligence requirements, and if so, how? Would the proposed due 
diligence requirements raise any particular challenges for smaller or 
different types of advisers? If so, what could we do to help mitigate 
these challenges?
    36. The proposed rule requires that the due diligence be conducted 
before the service provider is engaged. Are there reasons that due 
diligence cannot be completed prior to engaging a service provider? If 
so, please explain and provide examples. For example, should there be 
an exception for emergencies? How would we define emergency? Should an 
exception for emergencies be time-limited (e.g., one month) or 
permitted for the duration of the emergency?
    37. Are there other core factors that advisers should be required 
to consider in conducting due diligence? If so, what are those factors? 
For example, should advisers be required to confirm the financial 
stability of a service provider through the review of audited 
financials, or should certain service providers be required to provide 
certain third-party certifications or reports such as a Systems and 
Organizational Controls report \66\ (``SOC 1'') or other internal 
control report? Should service providers be required to have third-
party financial support, such as fidelity bonds, errors and omissions 
insurance, or other support? If so, what type and level of support 
should be required?
---------------------------------------------------------------------------

    \66\ See System and Organizational Controls: SOC Suite of 
Services, AICPA, available at https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html.
---------------------------------------------------------------------------

    38. Is it clear what we mean by identifying the ``nature and 
scope'' of the services? If not, how can it be made clearer?
    39. The proposed rule is intended to provide flexibility to 
investment advisers in the methods they use to identify outsourcing 
risks. Should we dictate a specific method by which risks are 
identified? For example, should we require that investment advisers 
prioritize the identified risks and create a record of that 
prioritization?
    40. For purposes of identifying the risks of engaging a service 
provider in the due diligence process, should the rule include a 
materiality threshold?
    41. Should the rule require advisers to adopt and implement service 
provider risk management strategies, as proposed? Should the Commission 
take a different approach to address these risks instead, such as 
requiring disclosure of the risks to clients, or limiting the services 
that can be outsourced?
    42. Should the proposed rule require advisers to make 
determinations about the service providers' competence, capacity, and 
resources as proposed? Should the Commission take a different approach 
instead? For example, should we require advisers to make reasonable 
assessments instead? How much independent research would advisers be 
able to accomplish to comply with this requirement?
    43. Should the proposed due diligence books and records amendments 
be expanded or limited in any way? Are there alternative, explicit, or 
additional recordkeeping requirements we should impose?
    44. The proposed due diligence provision requires that the adviser 
determine whether the service provider

[[Page 68833]]

has any subcontracting arrangements that are material to the service 
provider's performance of the covered function (emphasis added). Should 
we provide more guidance on the term ``material''? Should we broaden 
the requirement to any subcontracting arrangements? Should we exempt or 
alter this requirement for service providers that are also investment 
advisers? Finally, should we omit the requirement that the adviser 
determine whether the service provider has any subcontracting 
arrangements?
    45. The proposed due diligence provision requires an adviser to 
determine how it will mitigate and manage potential risks to clients or 
the adviser's ability to perform its services in light of 
subcontracting arrangements that would be material to a service 
provider's performance of a covered function. Should we exempt certain 
advisers from, alter, or delete this requirement, and if so why?
    46. Is the provision requiring the adviser to obtain reasonable 
assurance from the service provider that it is able to, and will, 
coordinate with the adviser for purposes of compliance with the Federal 
securities laws, as applicable to the covered function, appropriate? 
Maintaining records required by the Federal securities laws is one 
component of an adviser's regulatory compliance. Is there any overlap 
between this provision requiring coordination for legal compliance more 
broadly and the proposed requirement discussed below for an adviser to 
obtain reasonable assurance from third-party recordkeepers to provide 
required records to the adviser and Commission? If so, should we 
address any potentially duplicative requirements?
    47. Is the proposed requirement to obtain reasonable assurance that 
the service provider is able, and will, provide a process for orderly 
termination appropriate? Is it clear what we mean by ``orderly?'' 
Should we define what ``orderly'' means instead? If so, how should we 
define it?
    48. Are there circumstances in which an adviser might determine 
that abrupt termination was reasonably necessary to protect clients? If 
so, should the provision requiring obtaining reasonable assurance for 
orderly termination of the performance of a covered function be revised 
to permit advisers to exercise their judgment in such cases? For 
advisers to registered investment companies, should abrupt termination 
by the adviser require notification to the investment company board?
    49. Should the Commission adopt the related recordkeeping 
provisions as proposed or should they be changed? For example, should 
the time period of retention be changed to five years after the entry 
was made or three years after the relationship between the adviser and 
service provider has been terminated?

C. Monitoring

    Once a service provider is engaged, the proposed rule would require 
the adviser to periodically monitor the service provider's performance 
of the covered function and reassess the retention of the service 
provider in accordance with the due diligence requirements of the 
proposed rule with a manner and frequency such that the adviser can 
reasonably determine that it is appropriate to continue to outsource 
the covered function and that it remains appropriate to outsource it to 
the service provider.\67\ Monitoring is critical to an adviser's 
ability to discover and address problems in a timely manner, continue 
providing its advisory services to clients, and comply with the Federal 
securities laws.\68\ For example, if an adviser is relying on a service 
provider's robo advice platform, the adviser generally should monitor 
to ensure that the platform continues to operate and adjust to client 
inputs as the adviser understands it should perform. The proposed 
monitoring obligation also helps to support an adviser's duty to 
monitor a client's account over the course of the relationship.\69\ 
Therefore, it would be inappropriate for an adviser to take a ``set-it-
and-forget-it'' mentality when outsourcing a function or service that 
the adviser has agreed to perform or would otherwise be performing 
itself in order to provide its advisory services or to satisfy 
compliance obligations.
---------------------------------------------------------------------------

    \67\ See proposed rule 206(4)-11(a)(2).
    \68\ See In the Matter of Virtus Investment Advisers, Inc., 
Investment Advisers Act Release No. 4266, at 7 (Nov. 16, 2015) 
(settled order) (``Virtus had no written policies and procedures for 
evaluating and monitoring the accuracy of third-party-produced 
performance information or third-party marketing materials that 
Virtus directly or indirectly circulated or distributed to other 
persons.'').
    \69\ See Standard of Conduct Release, supra footnote 21, at 72 
(stating that the duty of care includes, among other things, the 
duty to provide advice and monitoring over the course of the 
advisory relationship).
---------------------------------------------------------------------------

    When considering the manner and frequency of monitoring, an adviser 
should be mindful that it remains liable for its obligations, including 
under the Advisers Act, other Federal securities laws and any contract 
entered into with the client, even if the adviser outsources functions. 
If an adviser cannot sufficiently monitor a service provider, or is 
concerned that the service provider's actions or inactions may harm the 
adviser's clients or result in a regulatory violation, then the adviser 
may need to terminate the service provider relationship if possible. In 
such an instance, an adviser generally should be cognizant of any 
contractual limitations with a service provider that may impose 
additional risks on the adviser's clients or otherwise affect the 
adviser's analysis of whether to terminate the relationship.
    The proposed monitoring requirement leverages processes similar to 
due diligence, which we have stated above is not a one-size-fits-all 
analysis. Thus, all monitoring generally should continue to take into 
account all of the required elements for due diligence, including the 
nature and scope of the service provider's services as well as the 
risks of engaging the particular service provider performing that 
function. The adviser generally should periodically evaluate the 
validity of its conclusions drawn during the initial due diligence 
process, and should adjust its monitoring to reflect changes in the 
functions or services the service provider is engaged to perform, 
industry or market changes that may affect the covered function, and 
also adjust to reflect the findings of any preceding monitoring. In 
order to continue outsourcing the service or function to the service 
provider, the adviser should be able to determine reasonably that the 
outsourcing remains appropriate.
    The proposed rule would require an adviser to monitor its service 
providers with a manner and frequency such that the adviser reasonably 
determines that it is appropriate to continue (i) to outsource the 
covered function and (ii) to outsource to the service provider. The 
manner and frequency of an adviser's monitoring would depend on the 
facts and circumstances applicable to the covered function, such as the 
materiality and criticality of the outsourced function to the ongoing 
business of the adviser and its clients.\70\ For example, certain 
functions may require periodic onsite visits where other services may 
be monitored remotely. Methods of monitoring could include, for 
example, automated scans or reviews of service provider data feeds, 
periodic meetings with the provider to review service metrics, or 
contractual obligations to test and approve new systems prior to 
implementation. The frequency of an

[[Page 68834]]

adviser's periodic monitoring also would be subject to factors such as 
the frequency with which the covered function is conducted, the 
complexity of the function, or the risk to clients of a failure to 
perform or of negligently performing the function.
---------------------------------------------------------------------------

    \70\ The Commission similarly concluded that different 
frequencies of the required periodic re-assessment of valuation 
risks may be appropriate for different funds or risks. See Good 
Faith Determinations of Fair Value, Investment Company Act Release 
No. 34128 at 14 (Dec. 3, 2020) [86 FR 748 (Jan. 6, 2021)].
---------------------------------------------------------------------------

    In determining an appropriate frequency of monitoring, advisers 
should consider whether there has been any change in the risk profile 
of the covered function or the service provider. For example, if a 
service provider announced significant layoffs of personnel, then it 
may be necessary for the adviser to increase temporarily or permanently 
the frequency and alter the manner of its monitoring to determine 
whether the service provider continues to have the competence, 
capacity, and resources necessary to perform the covered function in a 
timely and effective manner. Alternatively, if new laws or regulations 
were implemented that affected a specific function, then it similarly 
may be necessary to alter temporarily or permanently the frequency and 
manner of monitoring to determine that the service provider continues 
to perform its services properly.
1. Recordkeeping Provisions Related to Monitoring
    Finally, the proposal would amend the Advisers Act books and 
records rule to require advisers to make and keep records documenting 
the periodic monitoring of a service provider of a covered 
function.\71\ Advisers generally should consider including information 
such as performance reports received from the service provider, the 
time, location, and summary of findings of any financial, operational, 
or third-party assessments of the service provider, identification of 
any new or increased service provider risks and a summary of how the 
adviser will mitigate or manage those risks, any amendments to written 
agreements with a service provider, the adviser's written policies and 
procedures applicable to monitoring, a record of any changes to the 
nature and scope of the covered function the service provider is to 
perform, and a record of any inadequate or failed performance by a 
service provider of a covered function and responses from the adviser. 
The records would have to be maintained in an easily accessible place 
while the adviser outsources the covered function and for a period of 
five years after the adviser ceases outsourcing the covered 
function.\72\ Like other proposed amendments to the books and records 
rule, this aspect of the proposal is designed to facilitate our staff's 
ability to assess an adviser's compliance with the proposed rule. We 
believe it would similarly enhance an adviser's compliance efforts as 
well.
---------------------------------------------------------------------------

    \71\ See proposed rule 204-2(a)(24)(iv).
    \72\ See proposed rule 204-2(e)(4).
---------------------------------------------------------------------------

    We request comment on all aspects of the proposed monitoring 
requirement, including the following items:
    50. Should we adopt the monitoring requirements as proposed? Are 
there other aspects of monitoring that should be required under the 
rule? Conversely, should we exclude any of the proposed monitoring 
requirements from the rule?
    51. Should we prescribe the frequency of monitoring instead of 
requiring an adviser to monitor its service providers with a manner and 
frequency such that the adviser reasonably determines that it is 
appropriate to continue to outsource the covered function and to 
outsource to the service provider, as proposed? Or should we prescribe 
a minimum frequency of monitoring? For example should we require that 
monitoring of service providers be conducted monthly? Quarterly? No 
less than annually? Why or why not?
    52. As proposed, the rule requires that advisers make and maintain 
records documenting the periodic monitoring of a service provider, but 
it does not specify the specific records that must be maintained. 
Should the rule identify specific records to be maintained? If so, what 
records should be made and maintained and why? For example, should the 
rule require retention of due diligence questionnaires, third party 
audits, memos to file, or service provider reports?
    53. Should we exempt certain categories of advisers or service 
providers from the proposed monitoring requirements, such as smaller or 
newer advisers or service providers? If so, which ones and why? 
Alternatively, should we provide for scaled monitoring requirements by 
any of these categories of advisers, and if so, how?
    54. Should we prescribe the manner in which monitoring is 
conducted? For example, should we require that advisers conduct onsite 
visits of service providers on a periodic basis, or that advisers 
require periodic written certifications of compliance on a periodic 
basis, or engage third-party experts to conduct formal reviews? Why or 
why not? Are there any other monitoring actions that we should require?
    55. Should the proposed monitoring books and records amendments be 
expanded or limited in any way? If so, how?

D. Form ADV

    Data collected from Form ADV is of critical importance to our 
regulatory program and our ability to protect clients and 
investors.\73\ We use information reported to us on Form ADV Part 1A 
for a number of purposes, one of which is to allocate our examination 
resources efficiently based on the risks we discern or the 
identification of common business activities from information provided 
by advisers. The data disclosed in Form ADV Part 1A is structured such 
that it is readily used to create risk profiles of investment advisers 
and permits our examiners to prepare better for, and more efficiently 
conduct, their examinations. Moreover, the information in Form ADV Part 
1A allows us to understand better the investment advisory industry as 
well as evaluate and form regulatory policies and improve the 
efficiency and effectiveness of the Commission's oversight of markets 
for investor protection.
---------------------------------------------------------------------------

    \73\ Advisers use Form ADV to apply for registration with us 
(Part 1A) or with state securities authorities (Part 1B), and must 
keep it current by filing periodic amendments as long as they are 
registered. See Advisers Act rules 203-1 and 204-1. Form ADV has 
three parts. Part 1(A and B) of Form ADV provides regulators with 
information to process registrations and to manage their regulatory 
and examination programs. Part 2 is a uniform form used by 
investment advisers registered with both the Commission and the 
state securities authorities. See Instruction 2 of General 
Instructions to Form ADV. Part 3: Form CRS describes the 
requirements for a relationship summary. See General Instructions to 
Form ADV. This release discusses proposed changes to Form ADV Part 
1A. To the extent that state securities authorities consider making 
similar changes that affect advisers registered with the states, we 
would forward comments to the North American Securities 
Administrators Association for consideration by the state securities 
authorities.
---------------------------------------------------------------------------

    To enhance our ability to oversee investment advisers and provide 
additional public information about the use of service providers as 
defined in proposed rule 206(4)-11, we are proposing to amend Form ADV 
Part 1A to require registered advisers to identify their service 
providers that perform covered functions, provide the location of the 
office principally responsible for the covered functions, provide the 
date they were first engaged to provide covered functions, and state 
whether they are related persons of the adviser. For each of these 
service providers, we would also require specific information that 
would clarify the services or functions they provide.\74\ This 
information would provide us with a better understanding of the 
material services and functions that advisers

[[Page 68835]]

outsource to service providers, would help us better understand 
potential broader market effects of outsourcing to service providers, 
and would permit us to enhance our assessment of advisers' reliance on 
service providers for purposes of targeting our examinations. The 
information also would help us identify advisers' use of particular 
service providers that may pose a risk to clients and investors, such 
as in situations where we learn that a service provider experiences a 
significant and ongoing disruption to its operations. Finally, the 
information would provide public information about advisers' use of 
third party service providers.
---------------------------------------------------------------------------

    \74\ See proposed Form ADV, Part 1A, Item 7.C., and Section 7.C. 
of Schedule D.
---------------------------------------------------------------------------

    This new reporting item would appear in Item 7 of Form ADV and 
consistent with the scope of proposed rule 206(4)-11, would only 
require reporting by investment advisers registered or required to be 
registered with the Commission.\75\ Currently, Item 7 requires advisers 
to disclose information about financial industry affiliations and 
activities, and to state whether they advise any private funds, and if 
so, provide certain information related to those private funds.\76\ New 
Item 7.C. would require SEC-registered advisers to check a box to 
indicate whether they outsourced any covered functions to a service 
provider. The required reporting will be limited to covered functions 
that are outsourced to service providers, as defined in proposed rule 
206(4)-11(b).\77\ The determination of what is a covered function would 
vary depending on the facts and circumstances and, as a result, some 
advisers may report a service on Form ADV as a covered function while 
other firms may not. For those services determined to be covered 
functions and outsourced to one or more service providers, advisers 
would report more detailed information about each such service provider 
in new Section 7.C. of Schedule D. This would include the legal and 
primary business names of the service provider, the legal entity 
identifier (if applicable), and the address of the service provider. 
Having this identifying information for each listed service provider 
would give us a more complete picture of the extent to which the 
adviser's operations depend on one or more service providers, and help 
us consider the potential effects in the event of an industry wide 
failure by a particular service provider.
---------------------------------------------------------------------------

    \75\ See proposed rule 206(4)-11(a). We are also proposing 
conforming amendments to Form ADV Part 1A, General Instructions and 
Glossary of Terms. Because Form ADV Part 1A is submitted in a 
structured, XML-based data language specific to that Form, the 
information in proposed new Item 7.C would be structured (i.e., 
machine-readable) as well. Advisers submitting an other-than-annual 
amendment to Form ADV Part 1 would not be required to update their 
responses to Item 7.C, even if the responses to those items have 
become inaccurate, which is consistent with the updating 
requirements for the rest of Item 7. See Instruction 4 to General 
Instructions to Form ADV.
    \76\ These new Form ADV reporting requirements are being 
proposed in conjunction with proposed Rule 206(4)-11. Proposed rule 
206(4)-11 would not apply to exempt reporting advisers, and 
therefore proposed Item 7.C. would not apply to exempt reporting 
advisers. We believe that requiring only investment advisers 
registered or required to be registered to complete the items we 
propose appropriately enhances our ability to oversee investment 
advisers that are subject to the proposed rule and enhances client 
and investor disclosure as it relates to the proposed rule.
    \77\ See also proposed rule 204-2(a)(24)(i) (requiring a record 
of covered functions that the adviser has outsourced to a service 
provider).
---------------------------------------------------------------------------

    Section 7.C. also would require noting whether the identified 
service provider is a related person \78\ of the adviser, and noting 
the date the service provider was first engaged. Both of these data 
points would be helpful to us in conducting our risk assessments for 
developing and targeting examinations. Knowing whether a service 
provider is a related person would assist us and clients or investors 
in understanding the conflicts of interest that may be present, and 
would also assist in understanding better the potential impacts of a 
service provider's non-performance or negligent performance. Finally, 
Section 7.C. would require an adviser to report those covered functions 
or services the service provider is actively engaged in providing from 
predetermined categories of covered functions or services set forth in 
the item. The non-exhaustive list of categories is intended to 
encompass those services or functions that may be commonly outsourced 
and could fall within the definition of a covered function. If the 
service or function performed by the service provider was not 
represented in a predetermined category, the adviser would be permitted 
to select ``other'' with a free form field to identify the unlisted 
category. The covered function categories that we are proposing to 
include in Item 7.C of Schedule D are: Adviser/Subadviser; Client 
Services; Cybersecurity; Investment Guideline/Restriction Compliance; 
Investment Risk; Portfolio Management (excluding Adviser/Subadviser); 
Portfolio Accounting; Pricing ; Reconciliation; Regulatory Compliance; 
Trading Desk; Trade Communication and Allocation; Valuation; and Other. 
For example, we believe regulatory compliance would generally include 
outsourced chief compliance officer and other compliance consultant 
functions.
---------------------------------------------------------------------------

    \78\ See Glossary of Terms to Form ADV. A related person 
includes ``[a]ny advisory affiliate and any person that is under 
common control with your firm.''
---------------------------------------------------------------------------

    This proposed disclosure would improve our ability to assess 
service provider conflicts for those service providers that perform a 
covered function as defined by the proposed rule, and could serve as an 
input to the risk metrics by which our staff identifies potential risk 
and allocates examination resources. The staff conducts similar 
analyses today, but have limited inputs, which constrains their 
effectiveness. For instance, it would be relevant to us to identify 
easily advisers using a service provider that we are separately 
investigating for involvement in alleged misconduct. The ability to 
identify readily other advisers using such a service provider would 
allow us to assess quickly and take appropriate actions. The proposed 
disclosure would also improve our ability to evaluate the adequacy and 
completeness of advisers' conflicts of interest disclosures by 
identifying additional potential sources of conflict.
    The information would be publicly available as is other information 
on Form ADV, and we believe it may benefit the public in supplementing 
the information available about the adviser and may provide investors 
with additional context in which to consider an investment adviser's 
provision of advisory services. The public would be able to identify 
quickly and consider any implications of an adviser's use of one or 
more service providers or the outsourcing of any service or function. 
For example, if a client learns of a significant disruption at a major 
service provider, that client could easily and quickly determine 
whether its adviser uses that service provider for a service or 
function the client considers material and whether to take remedial 
action.
    We request comment on the proposed Form ADV requirements:
    56. Are the proposed requirements to disclose service providers 
that perform a covered function as defined in rule 206(4)-11 
appropriate? Should we instead require all registered advisers that 
outsource any services to provide the specified information and then 
mark each service to indicate whether it is a covered function within 
rule 206(4)-11 or not? Or should we include a broader Form ADV 
reporting requirement, such as requiring all advisers (e.g., exempt 
reporting advisers and advisers registering with state securities 
authorities) to provide the specified information regarding any 
outsourced service or function or only those that are subject to rule 
206(4)-11 or any substantially similar regulation?

[[Page 68836]]

    57. Do commenters agree with the proposed list of covered functions 
categories under Section 7.C of Schedule D? Do the proposed categories 
adequately capture the range of covered functions? Are the categories 
understandable? If not, which categories require additional 
explanation? Should we add or remove any categories? If so, please 
identify the category and explain why the change is appropriate. For 
example, should we include additional categories relating to investment 
data/analytics, information technology (e.g., IT infrastructure or 
application software and support), or middle and back office functions 
(e.g., client reporting and/or billing, performance measurement, 
collateral management, post-trade processing, etc.)? Alternatively, 
should the categories be consolidated (e.g., pricing and valuation), 
retitled or otherwise revised? For example, do commenters agree that 
regulatory compliance would generally include such services as 
outsourced chief compliance officer and other compliance consultant 
functions? If not, how should the category be revised to encompass 
these types of outsourced functions?
    58. Should we require additional or different reporting with 
respect to service providers that perform functions related to books 
and records required under rule 204-2? If so, how should reporting 
requirements be changed for these service providers and/or what 
additional information should be reported?
    59. Do advisers have concerns with the public disclosure of service 
providers that perform covered functions? If so, what are those 
concerns? For example, are there categories of service providers that 
should not be disclosed publicly due to competitive, trade secret, 
compliance, or other risks? Should we require such disclosure to be 
reported non-publicly to the Commission in a format other than the Form 
ADV? If so, how?
    60. Should the proposed ADV disclosure include the ability to 
incorporate by reference to other parts of the form? For example, 
should we allow advisers to cross reference private fund service 
providers that are currently required to be disclosed in Section 7.B. 
of Schedule D?
    61. Are the proposed definitions of ``covered function'' and 
``service provider'' in the Glossary of Terms to Form ADV appropriate? 
Do commenters agree that these defined terms should cross-reference 
proposed rule 206(4)-11(b)? Alternatively, should we provide the full 
text of each term, as defined in proposed rule 206(4)-11(b), in the 
Glossary of Terms to Form ADV without cross-reference to the proposed 
rule?
    62. Would any additional or other information be material to an 
adviser's clients or prospective clients regarding outsourcing that is 
not included in the proposal and is not currently disclosed to 
investors through Form ADV or elsewhere (e.g., whether the service 
provider arrangement is subject to a written agreement or information 
about passed-through fees)? Should we add any other service provider 
information to the Form ADV disclosure? If so, what information and 
why? For example, should Form ADV, Part 2 require information in the 
adviser's brochure about the use of service providers and related 
conflicts and other risks? Or is information about outsourced services 
already adequately being disclosed in connection with disclosures 
related to conflicts of interest or other risks? For example, should we 
require disclosure of potential conflicts of interest of the service 
provider? Should we require that, in addition or in place of the 
service provider's principal office, advisers report the principal 
office where the service provider's services are performed? 
Alternatively, should we delete any of the service provider information 
proposed to be disclosed? If so, what information and why?
    63. Do advisers have concerns it will be difficult to compile, 
maintain and disclose this information on service providers? Could this 
place an undue burden on smaller advisers? If so, which information may 
be difficult to compile, maintain and disclose? Please explain.
    64. Should private fund advisers be required under rule 206(4)-11 
to provide information about their service providers to private fund 
investors through additional or different disclosure requirements in 
Form ADV? If so, what information should be required?
    65. Should we require advisers to add narrative disclosures about 
their service providers in their Form ADV Part 2 brochures or wrap fee 
program brochures? If so, what information should be included?

E. Third-Party Recordkeeping

    Many investment advisers seek to outsource various recordkeeping 
functions. Some of these functions may involve record creation, others 
may focus solely on record storage and retention, and many will include 
creation as well as storage and retention functions. Investment 
advisers may contract with data- and record-management companies, 
offsite storage companies, or information technology companies (e.g., 
cloud service providers) to store or retain records. An adviser may 
also rely on a third party to perform a function that creates records, 
such as a firm that calculates performance or rates of return for one 
or more portfolios that the adviser may use to manage the investments 
in the portfolios, include in statements to clients or marketing 
materials provided to prospective clients, or show on its website. 
While the performance calculation provider's primary function is to 
calculate performance, this provider relies on records and data that 
substantiate the performance calculations and, in turn, those 
calculations create new records that need to be stored and retained. As 
another example, if a service provider were providing accounting, 
investment operations, or middle office services for the adviser, many 
of the records generated by the service provider would likely 
correspond to records that the existing Federal securities laws require 
registered investment advisers to make and keep.\79\ An adviser 
therefore may not directly possess all of the documentation and records 
that are required to be created or maintained by an investment adviser 
under the existing Federal securities law requirements.
---------------------------------------------------------------------------

    \79\ See, e.g., rule 204-2(a), which requires registered 
advisers to maintain, among other things, journals, ledgers, check 
books, memorandums of each order given for the purchase or sale of a 
security, and bills or statements relating to the business of the 
adviser.
---------------------------------------------------------------------------

    The continuing accessibility and integrity of adviser records are 
critical to the fulfillment of our oversight responsibilities, where 
such records may represent a primary means in which to demonstrate an 
investment adviser's compliance with various Federal securities laws. 
If advisers are not required to protect their records from inadvertent 
or intentional alteration or destruction and provide examiners with 
meaningful access to all required records, then the records become 
unreliable, and the examination process may be impaired. Recordkeeping 
requirements ensure that the Commission staff will have access to 
appropriate and helpful information in order to carry out its 
examination program. The ability to conduct timely and comprehensive 
examinations plays a significant role in proactively promoting 
compliance with the Federal securities laws and aids in preventing 
problems before they occur as well as promoting improvements in 
relevant areas.
    Accessing records also can be critical for an investment adviser to 
provide advisory services and fulfill its fiduciary

[[Page 68837]]

duty to clients. For example, accessing account information from prior 
periods can help an investment adviser substantiate portfolio 
performance that has been presented to prospective clients.\80\ Issues 
arising with an investment adviser's books and records can disrupt the 
adviser's ability to provide its services and may result in material 
harm to its clients. For example, if an adviser engages a cloud 
services provider to maintain critical client information, such as 
their account and personal information, and the cloud services provider 
inadvertently experiences a loss of client records, this would be 
reasonably likely to cause a material negative impact on the adviser's 
ability to provide its services and on its advisory clients. The 
adviser would either have no records or inaccurate records to verify, 
for example, the client's account information. The adviser might not 
have all the records it needs to execute certain investments or make 
other decisions on behalf of its client. In addition, if the adviser 
does not have accurate and timely information on client holdings and 
transactions, this could result in misinformed purchase or sales 
decisions as well as trade errors. The adviser may also lack the 
trading information to be able to report to its clients or track its 
trading activity in the portfolio, and, in turn, that could deprive 
clients and the adviser an opportunity to respond to market changes or 
timely remedy potential issues with the broker-dealer or custodian 
involving the trades. An investment adviser's compliance monitoring and 
internal audit functions also require timely access to records in order 
to function efficiently, such as when monitoring portfolio 
diversification and other client investment guidelines. As another 
example, accessing communication records regarding trade order 
execution may assist with monitoring whether an investment adviser is 
adhering to its own written policies and procedures concerning best 
execution.
---------------------------------------------------------------------------

    \80\ Advisers generally should consider the specific retention 
periods for each type of record, such as records to substantiate a 
performance track record pursuant to rule 204-2(a)(16), and require 
all records to be available for the necessary retention periods. 
Advisers or their third parties relying on custodian statements, for 
example, to document data used in performance calculations may wish 
to consider retaining copies of such statements in the event the 
adviser no longer has access to the custodian's systems for a 
specific client's account.
---------------------------------------------------------------------------

    When an adviser outsources recordkeeping functions without 
sufficient oversight, the risk that an issue with an adviser's books 
and records may arise can increase. Regardless of whether records are 
made or kept by a third party or by the investment adviser directly, 
the investment adviser remains responsible to comply with the Advisers 
Act recordkeeping requirements and other Federal securities laws. Rule 
204-2, the Advisers Act recordkeeping rule, details the types of 
records required to be made and kept ``true, accurate and current'' as 
well as the manner, location, and duration of records to be maintained 
by investment advisers registered or required to be registered with the 
Commission. It does not, however, prescribe requirements for when an 
adviser outsources one or more of the required recordkeeping functions 
to a third party.
    Accordingly, the proposed amendments to the Advisers Act 
recordkeeping rule include a new provision requiring every investment 
adviser that relies on a third party to make and/or keep any books and 
records required by the recordkeeping rule (``recordkeeping function'') 
to comply with a comprehensive oversight framework, consisting of due 
diligence, monitoring, and recordkeeping elements.\81\ Specifically, an 
investment adviser would be required to perform due diligence and 
monitoring as prescribed by proposed rule 206(4)-11(a)(1) and (a)(2) 
with respect to the recordkeeping function and make and keep such 
records as prescribed in proposed rule 204-2(a)(24) as though the 
recordkeeping function were a ``covered function'' and the third party 
were a ``service provider,'' each as defined in proposed rule 206(4)-
11(b). In addition, an investment adviser relying on a third party for 
such recordkeeping functions would also be required to obtain 
reasonable assurances that the third party will meet four specific 
standards related to the recordkeeping rule's requirements.
---------------------------------------------------------------------------

    \81\ See supra sections II.B and II.C; proposed rule 204-
2(l)(1); proposed rule 206(4)-11(a).
---------------------------------------------------------------------------

    The proposed amendments would provide a comprehensive oversight 
framework for third-party recordkeepers to protect against loss, 
alteration, or destruction of an adviser's records, and to help ensure 
that those records are accessible to the investment adviser as well as 
Commission staff. The proposed amendments would require advisers to 
conduct reasonable due diligence before engaging a third party to 
perform a recordkeeping function required by the recordkeeping 
rule.\82\ Specifically, an investment adviser would be required to 
reasonably identify and determine through due diligence that it would 
be appropriate to outsource the recordkeeping, and that it would be 
appropriate to select a particular third-party recordkeeper, by 
complying with each of the six due diligence elements specified in 
proposed rule 206(4)-11(a)(1). These elements address: the nature and 
scope of the services; potential risks resulting from the third-party 
recordkeeper performing the recordkeeping function, including how to 
mitigate and manage such risks; the recordkeeper's competence, 
capacity, and resources necessary to perform the function; the 
recordkeeper's subcontracting arrangements related to the function; 
coordination with the recordkeeper for Federal securities law 
compliance; and the orderly termination of the provision of the 
function by the recordkeeper.
---------------------------------------------------------------------------

    \82\ See proposed rule 204-2(l)(1).
---------------------------------------------------------------------------

    Consistent with these requirements, an adviser's due diligence of a 
third-party recordkeeper generally should be tailored reasonably to the 
nature, scope, and risk profile of the recordkeeping function or 
service that would be provided as well as to the identified third 
party. For example, the adviser generally should consider whether the 
particular third-party recordkeeper has the capability and experience 
to both make and maintain the required records in a format that is 
consistent with an adviser's books and records requirements. Therefore, 
the required due diligence of an adviser seeking to engage a third-
party cloud provider to make and keep records on behalf of the adviser 
should take into account the third party's competence, capacity, and 
resources generally, but the adviser may not need to understand the 
intricacies of the cloud service's operations. The adviser generally 
should have a reasonable understanding of the cloud service and the 
risks of the service, and be able to conclude that it can mitigate and 
manage those risks. In conducting this due diligence, the adviser could 
review factors such as:
     Comparative cloud-based recordkeeping services, including 
their respective parameters, benefits, and risks,
     The cloud service provider's capability and experience 
with making and/or keeping records required under the recordkeeping 
rule,
     The cloud service's compliance and operational policies 
and procedures for the protection of data, and its policies and 
procedures addressing the maintenance and oversight of the data,
     The cloud service's prevention and detection of, and 
response to, cybersecurity threats, and
     The experience or lack thereof of other similarly situated 
advisers that

[[Page 68838]]

have previously engaged the cloud service and any risks identified in 
those experiences or lack thereof.
    Once a third party is engaged to provide recordkeeping functions 
required by the recordkeeping rule, proposed rule 204-2(l) would 
require the adviser to monitor the third party's performance of the 
recordkeeping function periodically and reassess the retention of the 
third party in accordance with the monitoring requirements prescribed 
by proposed rule 206(4)-11(a)(2). Monitoring third-party recordkeepers 
is critical to an adviser's ability to discover and address issues 
relating to the adviser's records in a timely fashion before such 
records may be inadvertently altered, lost or destroyed or otherwise 
rendered inaccessible. As discussed in section II.C above, the manner 
and frequency of an adviser's monitoring would depend on the facts and 
circumstances applicable to the recordkeeping function. For example, 
sufficient monitoring of an off-site physical record storage company 
may reasonably differ from that of an electronic media storage company 
due to the inherent differences in the nature and scope of their 
respective functions.
    Further, an investment adviser would be required to comply with the 
attendant recordkeeping requirements prescribed in proposed rule 204-
2(a)(24) with respect to such functions. Thus, in addition to 
performing the required due diligence and monitoring for a third party 
recordkeeping, an adviser would also be required to make and keep 
records documenting its due diligence and periodic monitoring of that 
third party as though the recordkeeping function were a ``covered 
function'' and the third party were a ``service provider'', each as 
defined in proposed rule 206(4)-11(b).\83\ Requiring an adviser to make 
and keep records of its oversight of third-party recordkeepers is 
intended to enhance an adviser's compliance efforts and facilitate the 
Commission's inspection and enforcement capabilities.
---------------------------------------------------------------------------

    \83\ See proposed rule 204-2(a)(24)(ii).
---------------------------------------------------------------------------

    In addition to due diligence and monitoring obligations, an 
investment adviser that relies on a third party to perform any 
recordkeeping function under rule 204-2 would be required to obtain 
reasonable assurances that the third party will meet four standards 
specific to recordkeeping.\84\ First, the adviser must have reasonable 
assurance that the third party will adopt and implement internal 
processes and/or systems for making and/or keeping records on behalf of 
the investment adviser that meet all of the requirements of the 
recordkeeping rule. Second, the adviser must have reasonable assurance 
that, when making and/or keeping records on behalf of the adviser, the 
third party will, in practice, actually make and/or keep records in a 
manner that will meet all of the requirements of the recordkeeping rule 
as applicable to the investment adviser. Third, for electronic records, 
the adviser must have reasonable assurance that the third party will 
allow the investment adviser and Commission staff to access the records 
easily through computers or systems during the required retention 
period of the recordkeeping rule. Whether computers or systems satisfy 
this provision of the rule would be determined based on the facts and 
circumstances, and could include, for example, computers and 
proprietary systems owned and operated by an adviser as well as 
computers and systems rented, licensed or otherwise made available to 
an adviser (e.g., web portals, cloud computing, storage area networks, 
and electronic recordkeeping systems) which may be used to access such 
electronic records. Fourth, the adviser must have reasonable assurance 
that arrangements will be made to ensure the continued availability of 
records that will meet all of the requirements of the recordkeeping 
rule as applicable to the investment adviser in the event that the 
third party ceases operations or the relationship with the investment 
adviser is terminated.\85\
---------------------------------------------------------------------------

    \84\ See proposed rule 204-2(l)(2).
    \85\ The Commission staff has previously addressed third-party 
recordkeeping subject to certain conditions in staff letters. See, 
e.g., First Call NAL, supra footnote 25; OMGEO NAL, supra footnote 
25.
---------------------------------------------------------------------------

    These standards, coupled with the prescribed due diligence and 
monitoring requirements, are intended to assist with making and keeping 
true, accurate, and current records of the adviser, protect those 
records from loss, alteration, or destruction, and ensure that those 
records are accessible to the investment adviser and the Commission 
staff, while maintaining appropriate freedom for investment advisers to 
contract with service providers to assist with recordkeeping functions. 
We expect that the arrangements between investment advisers and service 
providers for recordkeeping services may vary significantly among firms 
due to differences in the structure, operation, or scope of services 
amongst investment advisers and service providers.
    Whether an investment adviser's arrangement with a third-party 
service provider satisfies the requirements under proposed rule 204-
2(l)(2) would depend on the particular facts and circumstances of the 
arrangement including, among other things, the type of record, where 
the records are located, the medium and method of storage, and how 
promptly records or copies of records can be provided. When a third 
party is retained to assist with recordkeeping, the making and keeping 
of records still must satisfy the applicable requirements prescribed by 
rule 204-2. Thus, the adviser must obtain reasonable assurance that the 
third party will adopt and implement internal processes and/or systems 
for both making and keeping records on behalf of the investment adviser 
that meet the applicable requirements of rule 204-2.\86\ For example, 
rule 204-2(g) permits an investment adviser to maintain records 
electronically as long as certain requirements are met, including that 
the adviser shall, upon request, promptly provide the Commission 
legible, true, and complete copies of records in the medium and format 
in which they are stored, printouts of such records, and a means to 
access, view, and print the records. Therefore, under proposed rule 
204-2(l)(2), where a service provider will keep email archives (e.g., 
in cloud storage or an external storage database) on behalf of an 
investment adviser, the adviser should have reasonable assurance that 
the service provider will, among other things, adopt and implement 
internal processes and/or systems for making and/or keeping the records 
in such a manner to enable a prompt response to Commission requests for 
such records in the format required.\87\ We are aware of instances 
where advisers engage a third party to learn only later that the third 
party cannot produce required records in a reviewable format. These are 
issues that should be identified and addressed before a third-party 
recordkeeper is engaged.
---------------------------------------------------------------------------

    \86\ See proposed rule 204-2(l)(2)(i).
    \87\ See proposed rule 204-2(l); 17 CRF 275.204-2(g)(2)(ii).
---------------------------------------------------------------------------

    The recordkeeping rule also addresses the location and length of 
time that required records under the rule must be maintained. Rule 204-
2 generally requires that, among other things, such records be 
maintained and preserved in an easily accessible place and, for a 
period of time, in an appropriate office of the investment adviser.\88\ 
Consistent with these requirements, if an adviser outsources the 
storage of records under the recordkeeping rule, the adviser should 
seek to ensure that those records

[[Page 68839]]

will be easily accessible for the duration of the required retention 
period. For example, if an investment adviser retains an off-site 
physical storage company to assist with maintaining physical records of 
records such as trade confirmations, those records should be maintained 
in an appropriate office of the adviser for the applicable period 
first, and then when the records are moved to the off-site location, 
they must be maintained in an easily accessible place.\89\ For 
electronic records, the proposed amendments would require an investment 
adviser to have the ability to access electronic records easily through 
computers/systems because such required records may be stored on 
servers or other storage devices that are owned or operated by a third 
party (e.g., a cloud service provider).\90\ However, pursuant to rule 
204-2, the records still must be available in the adviser's office for 
a period of time.\91\ The computers and/or systems that provide access 
to the required records could include computers and proprietary systems 
owned and operated by an adviser as well as computers and systems 
rented, licensed or otherwise made available to an adviser (e.g., web 
portals, cloud computing, storage area networks, and electronic 
recordkeeping systems). This element of the proposed amendments is 
intended to safeguard an investment adviser's access to its required 
records while providing firms with the ability to use electronic 
platforms to make and keep their records. If an adviser has essentially 
immediate access to a record through a computer or system located at an 
appropriate office of the adviser, then that record could be considered 
to be maintained at an appropriate office of the adviser.\92\ For 
example, if an investment adviser relies on a service provider to store 
trade confirmations in the service provider's electronic database, one 
way the adviser could seek to ensure that the records will be easily 
accessible would be to require access to the records at any time 
through computers and/or systems for the record's required retention 
period under rule 204-2.\93\ In addition, in such an arrangement, the 
adviser should also seek to ensure such records are maintained in such 
a manner to permit them to be promptly provided to the Commission upon 
request.
---------------------------------------------------------------------------

    \88\ See 17 CFR 275.204-2(e).
    \89\ See rule 204-2(e).
    \90\ See proposed rule 204-2(l)(2)(iii).
    \91\ See rule 204-2(e).
    \92\ See, e.g., First Call NAL, supra footnote 25.
    \93\ See proposed rule 204-2(l)(2)(iii); see also, e.g., OMGEO 
NAL, supra footnote 25.
---------------------------------------------------------------------------

    When engaging a third party to provide recordkeeping services under 
rule 204-2, the investment adviser should account for how to continue 
to stay in compliance with the rule's requirements after termination of 
the arrangement either by the adviser or the third party.\94\ Rule 204-
2(f) addresses circumstances where an investment adviser may 
discontinue its business and requires, among other things, that the 
adviser arrange for and be responsible for the preservation of required 
records under the rule. Similarly, a service provider may also 
discontinue its business or arrangement with an investment adviser. To 
seek to protect records required by the recordkeeping rule against loss 
and destruction when outsourced recordkeeping arrangements change or 
terminate, we are proposing to require an investment adviser to obtain 
reasonable assurance that a third party will make arrangements to 
ensure the continued availability of the required records under the 
recordkeeping rule as applicable to the adviser should the third party 
cease operations or its relationship with the investment adviser be 
terminated.\95\ For example, if an adviser were retaining records with 
a cloud storage service provider, the adviser may consider requiring 
that the cloud service provider agree to retain and grant the adviser 
access to such records for the legally required amount of time. 
Alternatively, the adviser may want to require that the service 
provider agree to assist in the transfer of such records to the adviser 
or another agreed-upon third party at the termination of the 
contractual relationship. This would allow the adviser to continue to 
retain such records in compliance with its legal obligations and 
provide them to the Commission staff upon request.\96\
---------------------------------------------------------------------------

    \94\ See 17 CFR 275.204-2(f); proposed rule 204-2(l)(2)(iv)).
    \95\ See proposed rule 204-2(l)(2)(iv).
    \96\ See proposed rule 204-2(l)(2)(iv).
---------------------------------------------------------------------------

    While many investment advisers may already have service provider 
agreements or other arrangements that contain these proposed standards 
as part of their policies and procedures or best practices to mitigate 
or manage risks the investment advisers identified when performing due 
diligence and monitoring, we believe that all investment advisers 
should obtain reasonable assurances that service providers will meet 
these four standards in an outsourced recordkeeping arrangement. We 
understand that the manner in which an investment adviser obtains 
reasonable assurances that the service provider will adhere to these 
standards may vary depending on the arrangement. One way an investment 
adviser could consider accomplishing this is by having a written 
agreement that expressly includes the four standards. Alternatively, an 
investment manager may seek to ensure these requirements are satisfied 
through one or more letters of understanding, statements of work, or 
other means. In some cases, the adviser might elect to receive and 
retain duplicate records from the service provider that the adviser 
stores and retains directly.
    Finally, we are not proposing new Form ADV reporting requirements 
specific to third-party recordkeepers because current Item 1.L of Form 
ADV Part 1A already requires disclosure regarding the location of an 
adviser's books and records required under Section 204 of the Advisers 
Act when such books and records are maintained somewhere other than the 
principal office and place of business of the Adviser.\97\ An adviser 
is required to provide, among other things, the name of the entity and 
location where the books and records are maintained as well as a 
description of the books and records maintained at such location.\98\ 
An adviser should include third-party recordkeepers that maintain such 
books and records for the investment adviser in their responses to this 
item, which may include, among other things, arrangements such as 
electronic data- and record-management, offsite storage, and 
information technology (e.g., cloud services) providers. Therefore, 
current reporting requirements already provide the Commission with 
information regarding advisers' use of third-party recordkeepers.
---------------------------------------------------------------------------

    \97\ See 15 U.S.C. 80b-4; Form ADV Item 1.L & Schedule D, 
Section 1.L.
    \98\ See Form ADV Schedule D, Section 1.L.
---------------------------------------------------------------------------

    We request comment on the proposed third-party recordkeeping 
requirements:
    66. Do commenters agree that the proposed requirements for 
investment advisers that rely on third parties for recordkeeping 
functions under rule 204-2 are appropriate? Do the proposed amendments 
provide appropriate flexibility for investment advisers to engage 
third-party service providers in various capabilities? Are the proposed 
standards appropriately flexible in light of changing technology and 
digital infrastructure trends? If not, how should they be changed?
    67. Should we broaden the proposed requirements to encompass all 
outsourced recordkeeping functions related to an adviser's obligations 
under the Federal securities laws, which would include rule 204-2? For 
example, should rule 204-2(l) apply to any records that are made and/or 
kept by a

[[Page 68840]]

third party on behalf of an investment adviser in accordance with 
fulfilling the adviser's obligations under the Federal securities laws?
    68. Should analogous requirements be added to rules under the 
Investment Company Act of 1940 (e.g., rules 31a-1 and 31a-2) for 
registered investment companies? If so, should the requirements be 
different for registered investment companies than for advisers when 
outsourcing recordkeeping functions? Why or why not?
    69. Do commenters agree that it is appropriate to require similar 
due diligence and monitoring requirements as prescribed in proposed 
rule 206(4)-11 for outsourced recordkeeping functions? Why or why not?
    70. Should we adopt the due diligence requirements for third-party 
recordkeepers as proposed? Are there other aspects of due diligence 
that should be required additionally or instead? Conversely, should we 
exclude any of the proposed due diligence requirements?
    71. Should we adopt the monitoring requirements for third-party 
recordkeepers as proposed? Are there other aspects of monitoring that 
should be required additionally or instead? Conversely, should we 
exclude any of the proposed monitoring requirements?
    72. Do commenters agree that the proposed recordkeeping 
requirements related to an adviser's due diligence and monitoring of 
service providers of covered functions, as defined in proposed rule 
206(4)-11(b), should also be required for third-party recordkeepers? 
Why or why not?
    73. Are the types of service provider arrangements that would be 
encompassed under proposed rule 204-2(l) sufficiently clear? Is this 
scope sufficiently defined? Should the scope be clarified in any other 
way?
    74. Are there certain types of third-party recordkeeping 
arrangements that should be included or excluded (e.g., cloud service 
providers or service providers which are subject to existing government 
or self-regulatory organization oversight, such as broker-dealers or 
banks)? If so, explain why. Are there types of third-party 
recordkeeping arrangements that should be subject to different or 
alternative oversight requirements? If so, explain why and, if 
applicable, suggest alternative requirements to the proposed rule text.
    75. Do investment advisers currently have service provider 
agreements that meet the recordkeeping standards in proposed rule 204-
2(l)? If not, what types of service provider arrangements do not these 
standards? Do investment advisers currently obtain reasonable 
assurances that service providers will meet the recordkeeping standards 
in proposed rule 204-2(l) through their policies and procedures and/or 
due diligence practices? If so, do commenters believe the proposed rule 
is necessary?
    76. Should proposed rule 204-2(l) require a written agreement 
between an investment adviser and a third party where the investment 
adviser relies on the third party for recordkeeping functions under 
rule 204-2? Should proposed rule 204-2(l)(2) require that the four 
standards under the proposal be expressly covered by a written 
agreement or, alternatively, a written undertaking? Should the 
standards be clarified in any manner? Should additional standards be 
included as part of the proposal?
    77. Are the four standards enumerated in proposed rule 204-2(l)(2) 
sufficiently understandable? If not, which standards require additional 
clarity and detail? Do commenters believe certain terms should be 
defined within rule 204-2? If so, what terms?
    78. Do commenters agree that it is appropriate to require advisers 
to obtain reasonable assurances that service providers will adopt and 
implement internal processes and/or systems for making and/or keeping 
records on behalf of the investment adviser that meet all of the 
applicable requirements of rule 204-2? Why or why not?
    79. Do commenters agree that it is appropriate to require advisers 
to obtain reasonable assurances that service providers will make and/or 
keep records on behalf of the investment adviser that meet all of the 
applicable requirements of rule 204-2? Why or why not?
    80. Do commenters agree that it is appropriate to require advisers 
to obtain reasonable assurances that service providers will allow the 
investment adviser and staff of the Commission to access the adviser's 
electronic records easily through computers or systems? Why or why not? 
If not, what level of access should be required for records required by 
rule 204-2 when such records are maintained by a third party? Should 
certain types of electronic records be excluded from this requirement 
or otherwise subject to different or alternative requirements? If so, 
please explain.
    81. Do commenters agree that it is appropriate for investment 
advisers to make arrangements with service providers to ensure the 
continued availability of records in the event that the third party 
ceases operations or the relationship with the investment adviser is 
terminated? Why or why not? Should we prescribe more specific 
requirements for the retention of records under the recordkeeping rule 
when a third party recordkeeping arrangement with an investment adviser 
is terminated?
    82. We are not proposing to require additional Form ADV reporting 
for third-party recordkeepers. Are all third-party recordkeepers 
already reported in Section 1.L. of Schedule D, and if not, should we 
explicitly require that they be reported on Form ADV? Should we require 
advisers to report all third-party recordkeepers in Section 7.C of 
Schedule D or cross reference to their disclosure in Section 1.L. of 
Schedule D? Should we allow advisers to report more than one principal 
office for a service provider in Section 1.L. of Schedule D?

F. Existing Staff No-Action Letters and Staff Statements

    Consistent with the proposed amendments, staff in the Division of 
Investment Management is reviewing certain of our staff's no-action 
letters addressing the application of the recordkeeping rules to 
determine whether any such letters should be withdrawn in connection 
with any adoption of this proposal. If the rule is adopted, some of 
these letters would be moot, superseded, or otherwise inconsistent with 
the amended rules and, therefore, would be withdrawn. We list below the 
letters that are being reviewed for withdrawal as of the dates the 
proposed amendments, if adopted, would be effective after a transition 
period. If interested parties believe that additional staff letters or 
other staff statements should be potentially withdrawn, they should 
identify the letter or statement, state why it is relevant to the 
proposed amendments, and how it should be treated and the reason 
therefor. To the extent that a letter listed below relates both to a 
topic identified in the list below and another topic, the portion 
unrelated to the topic listed is not being reviewed in connection with 
the adoption of this proposal.

[[Page 68841]]



              Letters To Be Reviewed Concerning Rule 204-2
------------------------------------------------------------------------
                                                    Topic subject to
               Letter and date                         withdrawal
------------------------------------------------------------------------
First Call Corporation (pub. avail. Sept. 6,   Investment adviser
 1995).                                         electronic
                                                recordkeeping.
Omgeo LLC (pub. avail. Aug. 14, 2009)........  Investment adviser
                                                electronic
                                                recordkeeping.
------------------------------------------------------------------------

G. Transition and Compliance

    We are proposing to require advisers registered or required to be 
registered with the Commission to comply with the proposed rule, if 
adopted, starting ten months from the rule's effective date (the 
``compliance date''). This would provide a transition period during 
which a registered investment adviser can prepare to develop and adopt 
appropriate procedures to comply with the proposed rule, if adopted. 
Pursuant to our proposal, the proposed rule, if adopted, would apply to 
any engagement of new service providers made on or after the compliance 
date of the proposed rules and amendments. The ongoing monitoring 
requirements, if adopted, also would apply to existing engagements 
beginning on the compliance date. The adviser would be required to 
monitor periodically the service provider's performance of the existing 
covered function and reassess the retention of the service provider in 
accordance with the due diligence requirements. If adopted, the rule 
would require such monitoring and reassessment to occur with a manner 
and frequency such that the investment adviser reasonably determines 
that it is appropriate to continue to outsource the covered function 
and that it remains appropriate to outsource it to the service 
provider.
    We request comment on the following:
    83. Do commenters agree that a ten-month transition period 
following the effective date of any final rule is appropriate? If not, 
how long of a transition period would be appropriate? For example, 
would 90 days be an appropriate amount of time? Would longer be 
necessary, e.g., eighteen months, and if so, why? Should we have 
different compliance dates for larger or smaller entities? For example, 
should we require compliance for larger advisers within ten months and 
require eighteen months for smaller advisers? Why or why not?
    84. Under our current proposal, all current applicable adviser 
engagements with service providers would fall within the purview of the 
proposed rule and would be subject to the due diligence and monitoring 
requirements as outlined within the proposal as of the compliance date. 
We understand that this requirement may result in advisers having to 
revisit existing arrangements with service providers to review for 
compliance and perhaps even requiring advisers to amend current 
contracts to satisfy the requirements of the proposed rule. We request 
comment on whether the rule should include a provision that excludes an 
adviser's existing engagement with a service provider that occurred 
prior to any compliance date of the proposed rule. Alternatively, 
should the proposed rule exempt advisers with existing service provider 
engagements from complying with certain proposed actions within the 
proposal? What requirement(s) should receive this treatment and why is 
it necessary? Are there certain types of service provider relationships 
that should be covered by such a provision in order to prevent the 
imposition of an unfair or unreasonable burden on the adviser or to 
prevent the imposition of excessive costs? If so, please explain the 
unfair burden or excessive costs that could result.
    85. Would it be preferable to provide a different transition period 
for advisers that have existing relationships with service providers to 
come into compliance with any final rule than the transition period for 
new relationships? Do advisers need a different time period to review 
current service provider engagements and determine what further actions 
may be needed to bring the adviser into compliance with any final rule?
    86. Should we provide an exception for service provider engagements 
that are short-term in nature (e.g., less than three months)? Should we 
provide advisers with a safe harbor during periods where an adviser has 
determined to transition a covered function from one service provider 
to another? For example, should we provide a ten-day safe harbor to 
allow for advisers to transition a covered function from a service 
provider if the adviser makes a determination that it no longer remains 
appropriate to outsource the covered function to that service provider?

III. Economic Analysis

A. Introduction

    We are mindful of the costs imposed by, and the benefits obtained 
from, our rules. Section 202(c) of the Advisers Act provides that when 
the Commission is engaging in rulemaking under the Act and is required 
to consider or determine whether an action is necessary or appropriate 
in the public interest, the Commission shall also consider whether the 
action will promote efficiency, competition, and capital formation, in 
addition to the protection of investors. The following analysis 
considers, in detail, the likely significant economic effects that may 
result from the proposed rule and proposed amendments to rules and 
forms, including the benefits and costs to clients and investors and 
other market participants as well as the broader implications of the 
proposed rule and amendments for efficiency, competition, and capital 
formation.

[[Page 68842]]

    Where possible, the Commission quantifies the likely economic 
effects of its proposed amendments and rules. However, the Commission 
is unable to quantify certain economic effects because it lacks the 
information necessary to provide estimates or ranges of costs. Further, 
in some cases, quantification would require numerous assumptions to 
forecast how investment advisers, service providers, and other affected 
parties would respond to the proposed rule and amendments, and how 
those responses would in turn affect the broader markets in which they 
operate. In addition, many factors determining the economic effects of 
the proposed rule and amendments would be investment adviser-specific 
or service provider-specific. Investment advisers vary in size and 
sophistication, as well as in the products and services they offer. As 
a result, the extent to which investment advisers outsource covered 
functions as well as the kinds of covered functions they outsource 
differ, making it inherently difficult to quantify economic effects on 
advisers. Similarly, service providers vary in size and sophistication, 
as well as in the services they offer or could potentially offer, 
making it inherently difficult to quantify economic effects on service 
providers. Even if it were possible to calculate a range of potential 
quantitative estimates, that range would be so wide as to not be 
informative about the magnitude of the benefits or costs associated 
with the proposed rule. Many parts of the discussion below are, 
therefore, qualitative in nature. As described more fully below, the 
Commission is providing a qualitative assessment and, where 
practicable, a quantified estimate of the economic effects.

B. Baseline

    The economic baseline against which we evaluate and measure the 
economic effects of the proposed rules and amendments, including its 
potential effects on efficiency, competition, and capital formation, is 
the state of the world in the absence of the proposed rules.
1. Affected Parties
    Registered Investment Advisers. The proposed rule would generally 
apply to a registered investment adviser (``RIA'') that outsources a 
covered function to a service provider.\99\ As of June 2022 there were 
15,169 investment advisers registered with the Commission. RIAs 
reported $128.2 trillion in regulatory assets under management 
(``RAUM'') with $116.87 trillion in discretionary RAUM attributable to 
47 million accounts and $11.36 trillion in non-discretionary RAUM 
attributable to 14 million accounts. The average RAUM among RIAs was 
$8.45 billion and the median was $396.8 million.
---------------------------------------------------------------------------

    \99\ See proposed rule 206(4)-11(a).

                   Table 1--Registered Investment Advisers Statistics by Majority Client Type
----------------------------------------------------------------------------------------------------------------
                                                                     Number of
                                                                    registered     Average RAUM     Median RAUM
                      Majority client type                          investment      (millions)      (millions)
                                                                     advisers
----------------------------------------------------------------------------------------------------------------
High net worth individuals......................................           6,389        $2,059.1          $300.2
Pooled investment vehicles......................................           4,174         8,897.0         1,025.1
Non-high net worth individuals..................................           2,191         3,130.6           127.6
Investment Companies............................................             767        65,849.5         1,250.2
Pension and profit sharing plans................................             474        11,269.7           897.5
Corporations....................................................             238         4,224.2           490.9
State/municipal entities........................................             198        16,534.5         1,840.3
Other investment advisers.......................................             190         7,072.5           631.5
Other client type...............................................             173         2,701.5           646.8
Insurance companies.............................................             123        55,691.3         4,474.4
Charities.......................................................             109         5,470.1           631.1
Banking or thrift institutions..................................              67         9,634.3         2,717.1
Business development companies..................................              47         3,353.5           998.5
Foreign institutions............................................              29        30,971.1         2,538.8
                                                                 -----------------------------------------------
    Total.......................................................          15,169         8,453.9           396.8
----------------------------------------------------------------------------------------------------------------
Source: Form ADV, Part 1A, Item 5D. The majority client type represents the client type to which the RIA
  attributes the majority of their RAUM. All data reflect updated records as of July 2022.

    Average and median RAUM vary by the type of client to which the RIA 
attributes the majority of its RAUM.\100\ For example, for RIAs with a 
majority of investment company clients, the average and median RAUMs 
were $65.849 billion and $1,250.2 million, respectively. For RIAs with 
a majority of non-high net worth individual clients, the average and 
median RAUMs are much smaller--$3.130 billion and $127.6 million, 
respectively.
---------------------------------------------------------------------------

    \100\ Form ADV, Part 1A, Item 5.D.
---------------------------------------------------------------------------

    Service Providers. Service providers would also be affected by the 
proposed rule. Covered functions are potentially performed by: (1) an 
adviser's supervised person, (2) a related-party service provider, or 
(3) a third-party service provider. Under the proposed rule a service 
provider would be a person or entity that performs one or more covered 
functions and is not an adviser's supervised person as defined in the 
Act, where covered functions are those that are (1) necessary for the 
adviser to provide investment advisory services in compliance with the 
Federal securities laws and (2) if not performed or performed 
negligently, would be reasonably likely to cause a material negative 
impact on the adviser's clients or on the adviser's ability to provide 
investment advisory services.\101\ The determination of what is a 
covered function would depend on the facts and circumstances and 
encompass functions or services that are necessary for an adviser to 
provide its investment advisory services in compliance with the Federal 
securities laws.\102\ Certain functions may be covered functions for 
one adviser but not for another adviser, depending on strategy and 
business model, and so certain persons or entities that perform 
functions on behalf of

[[Page 68843]]

advisers may be a service provider in the scope of the rule with 
respect to one adviser but not for another adviser. In this section, we 
discuss a variety of persons or entities that perform functions on 
behalf of advisers under the term ``service provider,'' though these 
persons or entities may only be service providers in the scope of the 
rule for certain advisers.
---------------------------------------------------------------------------

    \101\ See supra section II.A.2.
    \102\ Id.
---------------------------------------------------------------------------

    Few current disclosures require advisers to identify if a service 
provider is a related-party or third-party service provider. One item 
on Form ADV identifies the use of administrators and whether the 
administrator is a related party or a third party, but only for clients 
that are private funds.\103\ Of the 5,378 advisers to private funds 
reported on Form ADV, 4,213 (78%) report at least one third-party 
administrator and 140 (3%) report at least one related-party 
administrator. \104\
---------------------------------------------------------------------------

    \103\ Form ADV, Part 1A, Schedule D, Section 7.B.(1), Item 26. 
Items 25 and 28 identify custodians and marketers. As discussed 
above, custodians and marketers are not within the scope of the rule 
and so our analysis is limited to administrators. See supra section 
II.A.
    \104\ See Form ADV, Part 1A, Item 7B(1). The data reflects 
updated records as of July 2022. An adviser must file a separate 
Section 7.B of Schedule D for each private fund that it manages. 
Because these items are only provided by private fund advisers, this 
analysis is not representative of the broader investment adviser 
industry. There may also be other categories of service providers 
not captured by Form ADV.
---------------------------------------------------------------------------

    Certain items in Form ADV data provide information on RIAs' 
outsourcing of services, but do not distinguish between third-party and 
related-party service providers. In particular, Form ADV data include 
information on RIAs' use of certain service providers of potentially 
covered functions: (1) chief compliance officers,\105\ and (2) record-
keepers.\106\ Table 2 provides information on the use of these service 
providers by advisers.
---------------------------------------------------------------------------

    \105\ Form ADV, Part 1A, Item 1.J.(2).
    \106\ Form ADV, Part 1A, Item 1.L & Schedule D, Section 1.L. 
Items 1.I and 5.B.(6) identify entities that provide website or 
social media services and individuals who solicit clients on an 
adviser's behalf. Because these entities are unlikely to be within 
the scope of the rule, they are excluded from this analysis. See 
supra section II.A.

          Table 2--Adviser Use of Additional Service Providers
------------------------------------------------------------------------
                                                   Chief
                                                 compliance     Record
                                                  officer      keeping
------------------------------------------------------------------------
Count.........................................          789        7,178
Percent.......................................            5           47
------------------------------------------------------------------------
Source: Form ADV, Part 1A, Items 1.J.(2) and 1.L & Schedule D, Section
  1.L. All data reflect updated records as of July 2022.

    Although we believe that if an RIA has a related party that 
provides a particular function, the adviser may make use of that 
related-party service provider, Form ADV currently does not require 
RIAs to specifically provide that information. We can, however, 
identify whether an RIA has a related party that is a service provider 
on Form ADV, which is illustrated in Table 3.\107\ For example, 
approximately a third of RIAs report a related party that is another 
investment adviser such as a financial planner, and many RIAs report a 
related party that is a broker-dealer, municipal securities dealer, 
government securities broker or dealer, or insurance company or agency. 
However, the actual proportion of RIAs with related party service 
providers may be lower, to the extent that these related parties are 
not functioning as service providers to an adviser's clients.
---------------------------------------------------------------------------

    \107\ Form ADV, Part 1A, Item 7.A. requires advisers to provide 
information about their related persons, including foreign 
affiliates. Advisers' related persons are all advisory affiliates 
and any persons that are under common control with the adviser. In 
particular, Item 7.A. requires an adviser to disclose if the adviser 
has a related person that is: (1) broker-dealer, municipal 
securities dealer, or government securities broker or dealer 
(registered or unregistered), (2) other investment adviser 
(including financial planners), (3) registered municipal advisor, 
(4) registered security-based swap dealer, (5) major security-based 
swap participant, (6) commodity pool operator or commodity trading 
advisor (whether registered or exempt from registration), (7) 
futures commission merchant, (8) banking or thrift institution, (9) 
trust company, (10) accountant or accounting firm, (11) lawyer or 
law firm, (12) insurance company or agency, (13) pension consultant, 
(14) real estate broker or dealer, (15) sponsor or syndicator of 
limited partnerships (or equivalent), excluding pooled investment 
vehicles, and (16) sponsor, general partner, managing member (or 
equivalent), excluding pooled investment vehicles.

    Table 3--Percentage of RIAs Reporting Each Type of Related Party
------------------------------------------------------------------------
                                                             % of RIAs
                                                          reporting type
                   Related-party type                       of related-
                                                               party
------------------------------------------------------------------------
Sponsor, general partner, managing member (or                         36
 equivalent), excluding pooled investment vehicles......
Other investment adviser (including financial planners).              29
Broker-dealer, municipal securities dealer, or                        16
 government securities broker or dealer (registered or
 unregistered)..........................................
Commodity pool operator or commodity trading advisor                  16
 (whether registered or exempt from registration).......
Insurance company or agency.............................              16
Accountant or accounting firm...........................               7
Banking or thrift institution...........................               5
Trust company...........................................               5
Sponsor or syndicator of limited partnerships (or                      5
 equivalent), excluding pooled investment vehicles......
Pension consultant......................................               4
Lawyer or law firm......................................               3
Real estate broker or dealer............................               3
Registered municipal advisor............................               2
Registered security-based swap dealer...................               1
Futures commission merchant.............................               1
Major security-based swap participant...................               0
------------------------------------------------------------------------
Source: Form ADV, Part 1A, Item 7.A. All data reflect updated records as
  of July 2022.

    Clients. Clients of RIAs may also be affected by the proposed rule, 
to the extent they either benefit from increased oversight and/or face 
additional costs that are passed on to them from advisers, including 
those that service providers pass on to advisers. Form ADV requires 
RIAs to indicate the approximate number of advisory clients and the 
amount of total RAUM attributable to various client types.\108\ Table 4 
provides information on the

[[Page 68844]]

number of client accounts, total RAUM, and the number of RIAs 
attributable to each client type. For instance, non-high net worth 
individuals account for over 43 million clients, or approximately 
83.14% of all advisory clients, while investment companies make up 
about 25 thousand clients, less than one percent of all advisory 
clients. Investment companies account for $43,838 billion in RAUM, or 
approximately 35.5% percent of reported RAUM. Business development 
companies, on the other hand, account for around $211 billion in RAUM, 
under 1% of total RAUM.
---------------------------------------------------------------------------

    \108\ If a client fits into more than one category, Form ADV 
requires an adviser to select one category that most accurately 
represents the client (to avoid double-counting clients and assets).

                                     Table 4--RIA Market Size by Client Type
----------------------------------------------------------------------------------------------------------------
                                                                      Clients       Total RAUM
                           Client type                              (millions)      (billions)         RIAs
----------------------------------------------------------------------------------------------------------------
Non-high net worth individuals..................................          43.824           7,093           8,286
High net worth individuals......................................           6.917          11,832           8,989
Other investment advisers.......................................           0.908           1,427             814
Pension and profit-sharing plans................................           0.431           8,106           5,271
Other client types..............................................           0.377           1,156           1,374
Corporations....................................................           0.340           3,267           4,934
Charities.......................................................           0.121           1,613           5,134
Pooled investment vehicles......................................           0.095          34,584           5,763
State/municipal entities........................................           0.027           4,285           1,299
Investment companies............................................           0.025          43,838           1,603
Insurance companies.............................................           0.013           7,630           1,028
Banking or thrift institutions..................................           0.011             966             432
Foreign institutions............................................           0.002           2,209             363
Business development companies..................................           0.000             211              98
----------------------------------------------------------------------------------------------------------------
Source: Form ADV, Part 1A, Item 5D. All data reflects updated records as of July 2022.

2. Adviser Use of Service Providers
    Reasons for use of Service Providers. Advisers use service 
providers for a variety of reasons. First, advisers may rely on service 
providers for a covered function because the adviser faces difficulties 
performing the function themselves as a matter of operations. Advisers 
may also choose to use a service provider for a function that could be 
performed internally, because advisers believe they may give the 
adviser or its clients access to certain specializations or areas of 
expertise, or otherwise offer efficiencies that are unavailable to or 
unachievable by an adviser alone.\109\ For instance, in some 
circumstances, service providers may be able to provide the same or 
similar levels of service as an adviser in a manner that is more cost-
effective to clients. Outsourcing can also provide staffing flexibility 
by reducing the burdens on advisers' existing personnel. These burdens 
generally entail hiring and onboarding costs in addition to salaries 
and benefits, and the flexibility may be particularly useful for 
services that are periodic or otherwise infrequent and may not require 
permanent staffing by the adviser. Advisers with few personnel in 
particular may find benefits in allowing service providers to handle 
tasks that would otherwise be time-consuming or costly given the lack 
of economies of scale. Engaging a service provider also may prove 
efficient because it allows an adviser to allocate specific duties to a 
single service provider, rather than relying on multiple internal 
personnel to complete a function. Clients also can benefit from 
outsourcing, including through lower fees (if the adviser passes along 
any cost savings) and better quality of service.\110\
---------------------------------------------------------------------------

    \109\ See supra section I.A.
    \110\ See supra footnote 5.
---------------------------------------------------------------------------

    There are a wide variety of functions that an adviser might 
outsource. For example, advisers might outsource functions that 
operationally support an adviser's business functions (e.g., investment 
research and data analytics, trading and risk management, compliance). 
Advisers might also hire service providers to perform or assist with 
functions that support middle- and back-office functions essential to 
asset management (e.g., collateral management, settlement services, 
pricing or valuation services, and performance measurement).\111\ 
Lastly, advisers might hire service providers to support the investment 
advisers' core advisory services and processes (e.g., provision of 
bespoke indexes, sub-advisory services, and platforms for robo-advisory 
services).
---------------------------------------------------------------------------

    \111\ See supra section I.A.
---------------------------------------------------------------------------

    Risks Associated with use of Service Providers. While the use of 
service providers might offer investment advisers significant 
advantages, the use of service providers may also present elevated 
risks of potential material harm to clients, and on the adviser's 
ability to perform its advisory services, resulting from outsourcing a 
covered function. Elevated risks can manifest in several ways: (1) 
increased operational risks from individual service providers to 
individual advisers, (2) increased risks associated with expanded or 
additional conflicts of interest resulting from principal-agent and 
moral hazard problems, (3) increased operational risk resulting from an 
adviser relying on a single service provider to provide multiple 
functions, (4) increased broader or systemic operational risk from a 
service being provided by a small number of service providers, (5) 
increased risks from reduced regulatory transparency, (6) increased 
risk of harm when clients and investors are misled as to the adequacy 
of the adviser's due diligence in engaging service providers and 
oversight of outsourced functions, and (7) increased risk of harm from 
rare but catastrophic operational failures that may be difficult for 
advisers and clients to predict, and thus price into their negotiated 
agreement. We discuss each of these in turn.
    Use of a service provider could reduce an adviser's direct control 
over, or visibility into, a function. Reduced control over or 
visibility into a function could increase existing operational risks or 
introduce new operational risks. For example, without proper oversight 
of trade allocation, an adviser could be left unable to submit orders 
or allocate trades, or could have a service provider allocating shares 
in a manner that favors certain clients over others or failing to 
consider whether allocating additional shares would violate a client' 
investment guidelines.\112\ As another

[[Page 68845]]

example, where a service provider manages data for an adviser, an 
operational failure could result in advisers making investment 
decisions based on incorrect data about their client's assets.\113\ For 
example, if an adviser has incorrect data on a client's holdings of a 
particular security, the adviser may mistakenly not sell as much of 
their client's holdings in the event of a market downturn as they would 
otherwise. This may also include advisers outsourcing critical 
functions to service providers in geographical areas with unique 
heightened risks, such as risks from weather events, power outages, 
geopolitical events and public health concerns in their location.\114\
---------------------------------------------------------------------------

    \112\ See supra section II.A.2.
    \113\ See supra section II.A.1.
    \114\ See supra section I.A.
---------------------------------------------------------------------------

    An investment adviser's loss of control over, or visibility into, 
an outsourced function could also create potential or actual conflicts 
of interest between investment advisers and service providers. This is 
because the relationship between client and an adviser is generally one 
where the principal (the client) relies on an agent (the adviser) to 
work on the principal's behalf.\115\ To the extent that principals and 
their agents do not have aligned preferences and goals, agents 
(advisers) may take actions that increase their well-being at the 
expense of principals (clients).
---------------------------------------------------------------------------

    \115\ See Michael C. Jensen & William H. Meckling, Theory of the 
Firm: Managerial Behavior, Agency Costs and Ownership Structure, 3 
J. Fin. Econ. 305 (1976).
---------------------------------------------------------------------------

    These conflicts of interest are particularly relevant for oversight 
of outsourced functions because of the client's limited visibility and 
limited ability to observe and independently monitor the adviser's 
oversight of the service provider. This scenario is defined as a moral 
hazard problem: When an agent's actions cannot be observed or directly 
contracted for by the principal, it is difficult to induce agents to 
supply the proper amounts of productive inputs or appropriately share 
risk with the principal.\116\ While an oversight failure can result in 
costs to an adviser vis-[agrave]-vis reputational costs, fiduciary 
liabilities, or other costs, an adviser's oversight activities are at 
least partially unobservable to the client. This results in a moral 
hazard problem that exacerbates the risk of the adviser taking actions 
that increase their well-being at the expense of their clients, such as 
pursuing cost savings on decisions to outsource, due diligence, 
monitoring, and recordkeeping, where the cost savings accrue to the 
adviser but increase operational risks for clients and investors.\117\
---------------------------------------------------------------------------

    \116\ See, e.g., Bengt Holmstrom, Moral Hazard and 
Observability, 10 Bell J. of Econ. 1 (1979). (``It has long been 
recognized that a problem of moral hazard may arise when individuals 
engage in risk sharing under conditions such that their privately 
taken actions affect the probability distribution of the outcome . . 
. . The source of this moral hazard or incentive problem is an 
asymmetry of information among individuals that results because 
individual actions cannot be observed and hence contracted upon.''); 
Bengt Holmstrom, Moral Hazard in Teams, 13 Bell J. of Econ. 2 
(1982). (``Moral hazard refers to the problem of inducing agents to 
supply proper amounts of productive inputs when their actions cannot 
be observed and contracted for directly.''). In other contexts, 
moral hazard refers to a party taking on excessive risk when knowing 
another party will be responsible for negative outcomes. This 
alternative definition may be viewed as a special case of the 
broader economic definition associated with the difficulty of 
contracting for privately taken actions. See, e.g., Adam Carpenter, 
Moral Hazard Definition, U.S. News (Aug. 11, 2022), available at 
https://money.usnews.com/investing/term/moral-hazard.
    \117\ Conversely, an adviser's reputation motives--the fear of 
market-imposed loss of future profits--should generally work against 
the tendency to underinvest in oversight of service providers. 
However, for smaller advisers--who do not enjoy economies of scale 
or scope, and generally have less valuable brands--the cost of 
implementing robust service provider oversight would be relatively 
high, while their reputation motives would be more limited, because 
there is less reputational capital to lose. Thus, smaller advisers 
can be expected to be especially prone to moral hazard problems and 
resulting underinvestment in service provider oversight.
---------------------------------------------------------------------------

    Further potential or actual conflicts of interest can emerge 
between advisers, service providers, and the adviser's clients, because 
either the adviser or the service provider can act as an agent to the 
adviser's clients, benefitting at the client's expense. These conflicts 
of interest may therefore be exacerbated by the client's limited 
visibility into the service provider's practices. For example, without 
oversight, the service provider may pursue cost savings on its 
operations that increase risk to the adviser's clients, because the 
service provider benefits from cost savings but operational risks are 
costly to the adviser's client. As another example, as discussed above, 
there may be conflict of interest risks when a service provider 
recommends or otherwise highlights investments to advisory clients that 
the service provider also owns or manages for others.\118\
---------------------------------------------------------------------------

    \118\ See supra section I.A.
---------------------------------------------------------------------------

    An adviser's use of service providers to provide multiple functions 
could also increase operational risk.\119\ If an adviser is dependent 
on a service provider for a large number of services, any disruption or 
interruption to those services could affect an adviser's services to 
its clients. If the service provider becomes unable to perform those 
functions, clients of the investment adviser may be harmed to the 
extent the investment adviser is unable to find a suitable replacement 
for the service provider or provide the services itself. The more 
services provided by a given service provider, the greater the 
potential effect on investment advisory clients, through any of the 
previously discussed risks or channels of harm.
---------------------------------------------------------------------------

    \119\ See supra section I.A. However, it is not always the case 
that an adviser that only outsources a single function is less at 
risk than an adviser that outsources multiple, if the single 
outsourced function is more critical to the adviser's provision of 
advisory services.
---------------------------------------------------------------------------

    In certain circumstances, the use of service providers could create 
broader or systemic risks as well. In particular, to the extent that 
the failure of a single service provider would cause operational 
failures at multiple advisers, that service provider may represent a 
source of systemic risk. For example, because service providers have 
become more specialized in recent years,\120\ for certain functions 
there may be only a few entities offering relevant (often information 
technology-dependent) services, and so multiple regulated entities 
could use a common service provider.\121\ In other cases, multiple 
service providers may merge to become a single market leader.\122\ 
These or related circumstances could, in turn, concentrate operational 
risk.\123\ If a large number of investment advisers were to use a 
common service provider, operational risks could be correspondingly 
concentrated. Increased concentration of operational risk could, in 
turn, lead to an increased risk of broader market effects during times 
of market instability, compounding any of the previously discussed 
risks and channels of harm.\124\ For example, in one instance a 
corrupted software update to accounting systems at a

[[Page 68846]]

widely-used fund accounting provider caused industry-wide concern over 
the accuracy of fund values for several days, in which an estimated 66 
advisers and 1,200 funds were unable to obtain system-generated NAVs 
for several days.\125\ This could also include cases where advisers 
discount the risks of a service provider failing because they view the 
service provider as ``too big to fail,'' and assume that regulators 
will deploy public funds to rescue the service provider in the event of 
its failure.\126\
---------------------------------------------------------------------------

    \120\ IOSCO Report, supra footnote 13.
    \121\ FSB Discussion Paper, at 2, supra footnote 14
    \122\ See supra section I.A.
    \123\ IOSCO Report, supra footnote13. The IOSCO Report cites 
examples of risks that could lead to systemic risk if multiple 
entities use a common service provider including: (1) if the service 
provider suddenly and unexpectedly becomes unable to perform 
services that are material or critical to the business of a 
significant number of regulated entities, each entity will be 
similarly disabled, (2) a latent flaw in the design of a product or 
service that multiple regulated entities rely upon may affect all 
these users, (3) a vulnerability in application software that 
multiple regulated entities rely upon may permit an intruder to 
disable or corrupt the systems or data of some or all users, and (4) 
if multiple regulated entities depend upon the same provider of 
business continuity services (e.g., a common disaster recovery 
site), a disruption that affects a large number of those entities 
may reduce the capacity of the business continuity service.
    \124\ Investment advisers and their clients may not currently be 
aware of, or currently have enough information or otherwise be able 
to assess, concentration risks where multiple investment advisers 
use a common service provider.
    \125\ See supra footnotes 16, 17, and accompanying text.
    \126\ The Financial Conduct Authority observed UK asset managers 
in 2012 and expressed concern that some firms appear to rely on the 
fact that an outsourced service provider is a large financial 
institution, which regulators might look to rescue using public 
funds, in order to justify minimal oversight, among other potential 
gaps in service provider oversight practices. See FSA, To the CEOs 
of Asset Managers (Dec. 2012), available at https://webarchive.nationalarchives.gov.uk/ukgwa/20140305053157mp_/https://www.fsa.gov.uk/static/pubs/ceo/review_outsourcing_asset_management.pdf.
---------------------------------------------------------------------------

    When a function is performed internally, advisers have access to 
information necessary to demonstrate compliance with the Advisers Act 
or rules. Such information is helpful for the Commission's use in its 
regulatory programs, including examinations, investigations, and client 
and investor protection efforts. Transparency in outsourced functions, 
likewise, is helpful for assessing regulatory compliance and 
remediating problems as they occur. For example, if several advisers 
follow an investing strategy based on a particular third-party 
investment model, an error by the model provider may cause widespread 
errors in the client accounts invested relying on the model, and with 
greater transparency the Commission could quickly analyze the potential 
breadth of the impact and take appropriate actions.\127\ Further, 
advisers that outsource a certain function sometimes indicate that 
because they outsource the function, they lack access to the 
information necessary to demonstrate compliance with a provision of the 
Advisers Act or rules.\128\ In addition, investment advisers have 
limited disclosure or books and records obligations with respect to 
their use of service providers.\129\ In other cases, a service provider 
may deliver some services from locations outside of the United States, 
which introduces potential oversight and regulatory gaps or oversight 
challenges.\130\ The resulting reduced transparency into the use of 
service providers, then, creates the potential that the Commission does 
not have information that could enhance its ability to evaluate and 
form regulatory policies and to assess markets for client and investor 
protection.\131\
---------------------------------------------------------------------------

    \127\ See supra section I.A.
    \128\ See supra section I.A for more detailed discussion.
    \129\ See supra section III.B.1; see also infra section III.B.3.
    \130\ See supra section I.A.
    \131\ See supra section I.A. For example, the Commission staff 
have observed some advisers unable to provide timely responses to 
examination and enforcement requests because of outsourcing.
---------------------------------------------------------------------------

    Clients or investors may also face heightened risk of harm from 
each of these risks to the extent that they are misled about the 
adequacy of the adviser's due diligence in engaging service providers 
and the adviser's oversight of outsourced functions. If clients or 
investors understood clearly the extent of an adviser's oversight and 
management of risks associated with outsourcing a covered function, the 
price of advisory services could account for expected operational risks 
to the extent that clients have bargaining power. But when an adviser 
holds itself out to clients and potential clients or investors as an 
investment adviser that can provide certain advisory functions or 
services, the adviser implies that it remains responsible for the 
performance of those services and it will act in the best interest of 
the client in doing so. An adviser remains liable for its obligations, 
including those under the Advisers Act, the other Federal securities 
laws, and any contract entered into with the client, even if the 
adviser outsources the function.\132\
---------------------------------------------------------------------------

    \132\ See supra section I.A; see also infra section III.B.3.
---------------------------------------------------------------------------

    Finally, clients or investors may face increased risk of harm from 
rare but catastrophic operational failures that may be difficult for 
advisers and clients or investors to predict, and thus price into their 
negotiated agreements. These types of events, because they are rare and 
difficult to predict, may go unaccounted for in the pricing of 
instruments, investments, or contracts.\133\ Similar to the previous 
discussion, rare but catastrophic operational risks may result from the 
compounding of different categories of operational risks. For example, 
such risks may result from an adviser who has outsourced multiple 
critical functions to service providers in a single geographic region, 
all of whom the adviser may assume are typically reliable and thus not 
proactively monitored by the adviser, but who may all simultaneously 
face disruption in the face of extreme weather, a geopolitical event or 
public health crisis. To the extent that advisers have outsourced 
critical functions to third-party service providers who are often 
reliable but are not subject to the adviser's oversight, these service 
providers represent potential risks that investors and advisers may not 
be able to price into their contracts.
---------------------------------------------------------------------------

    \133\ See, e.g., Howard Kunreuther & Mark Pauly, Insuring 
Against Catastrophes in The Known, the Unknown, and the Unknowable 
in Financial Risk Management (Francis X. Diebold, Neil A. Doherty 
and Richard J. Herring eds., 2010), at 210-238.
---------------------------------------------------------------------------

    Patterns in Adviser Use of Service Providers. One motivation for an 
adviser to outsource a function is that outsourcing might offer 
efficiencies that are unavailable to or unachievable by the 
adviser.\134\ Potential gains in efficiency may not be the same for all 
advisers. For example, gains may be related to factors such as adviser 
size (as measured by RAUM), or the types of clients advisers serve.
---------------------------------------------------------------------------

    \134\ See supra section I.A.
---------------------------------------------------------------------------

    As discussed above, Form ADV identifies the use of certain service 
providers and whether these service providers are related parties or 
third parties, but only for private funds.\135\ For administrators, a 
higher proportion (80%) of the largest 10% of advisers rely on third-
party service providers than is the case for the smallest 10% advisers 
(75%).\136\ Additionally, the use of related-party administrators is 
rare, ranging from 1%-6% across adviser size deciles, in comparison to 
the use of third-party administrators, which ranges from 74%-80%.\137\
---------------------------------------------------------------------------

    \135\ See supra section III.B.1.
    \136\ Adviser size is measured by RAUM.
    \137\ Source: Form ADV, Schedule D, Section 7B(1), Item 26. All 
data reflect updated records as of July 2022. Also as discussed 
above, because these items are only reported by private fund 
advisers, this analysis is not representative of the broader 
investment adviser industry. There may also be other categories of 
service providers not captured by Form ADV. See supra footnote 104.
---------------------------------------------------------------------------

    Additionally, as discussed above, certain additional items on Form 
ADV provide information on all RIAs' outsourcing of services, but also 
do not distinguish between third-party and related-party service 
providers.\138\ Table 5 below provides information on the extent to 
which the use of these service providers varies across advisers as a 
function of RAUM.\139\ As is the case with advisers' use of 
administrators above, Table 5 shows that larger advisers are more 
likely than smaller

[[Page 68847]]

advisers to report using these categories of service providers.
---------------------------------------------------------------------------

    \138\ See supra section III.B.1.
    \139\ As discussed above, Form ADV provides information on 
certain types of related-party service providers, but does not 
include whether an adviser outsources to the related-party service 
provider. Because Form ADV does not include information indicating 
whether an adviser outsources to a related-party service provider, 
we focus the information provided in Table 6 on advisers' use of 
third-party service providers.

          Table 5--Adviser Use of Additional Service Providers
------------------------------------------------------------------------
                                                   Chief
                  Size decile                    compliance     Record
                                                officer (%)  keeping (%)
------------------------------------------------------------------------
Smallest......................................            8           33
2.............................................            4           28
3.............................................            5           29
4.............................................            6           33
5.............................................            5           37
6.............................................            6           40
7.............................................            6           51
8.............................................            6           61
9.............................................            5           73
Largest.......................................            2           88
------------------------------------------------------------------------
Source: Form ADV, Part 1A, Item 1J(2) and 1L. The table shows the within-
  size-decile percentage off all RIAs. Item 1J(2) may undercount the
  Chief Compliance Officer figure since it excludes those employed by a
  registered investment company. Item 1L may overcount the Record
  Keeping estimate since it does not exclude branch offices. All data
  reflects updated records as of July 2022.

    Table 6 below provides further information on the extent to which 
adviser use of service providers varies across advisers as a function 
of the type of client to which the registered investment adviser 
attributes a majority of their RAUM.

 Table 6--Adviser Use of Additional Service Providers by Majority Client
                                  Type
------------------------------------------------------------------------
                                               Chief
               Client type                  compliance    Record keeping
                                            officer (%)         (%)
------------------------------------------------------------------------
High net worth individuals..............               4              30
Pension and profit-sharing plans........               5              44
Banking or thrift institutions..........               7              42
Charities...............................               4              54
Other investment advisers...............               9              45
Investment companies....................              13              68
State/municipal entities................               5              62
Pooled investment vehicles..............               5              76
Non-high net worth individuals..........               6              32
Foreign institutions....................               0              76
Business development companies..........              19              79
Insurance companies.....................               8              67
Corporations............................               6              48
Other client types......................              15              55
------------------------------------------------------------------------
Source: Form ADV, Part 1A, Item 1J(2) and 1L. Item 1J(2) may undercount
  the Chief Compliance Officer figure since it excludes those employed
  by a registered investment company. Item 1L may overcount the Record
  Keeping estimate since it does not exclude branch offices. All data
  reflects updated records as of July 2022.

3. Applicable Law Impacting Use of Service Providers
    Advisers who use service providers, whether a related-person or 
third-party service provider, may currently conduct activities related 
to each of the proposed obligations, such that varying degrees of due 
diligence, risk mitigation and management, monitoring, recordkeeping, 
and other oversight-related activities may already occur in the 
marketplace. Certain advisers may currently conduct some or all of the 
proposed activities to satisfy a variety of legal requirements.\140\
---------------------------------------------------------------------------

    \140\ In addition to regulatory requirements, advisers may 
already currently conduct some or all of the proposed activities 
solely as a matter of good business practice.
---------------------------------------------------------------------------

    First, an adviser who has outsourced a function to a service 
provider remains liable for its obligations, including under the 
Advisers Act or other Federal securities laws.\141\ Advisers' fiduciary 
duty comprises a duty of loyalty and a duty of care, the latter of 
which includes providing investment advice in the best interest of the 
client, based on the client's objectives.\142\ For example, where an 
investment adviser has the responsibility to select broker-dealers to 
execute client transactions, the adviser is obligated to seek to obtain 
``best execution'' of client transactions given the circumstances 
pertaining to the transactions.\143\
---------------------------------------------------------------------------

    \141\ See supra section I.A.
    \142\ Id.
    \143\ See Standard of Conduct Release, supra footnote 21, at 
section I.A. (``When seeking best execution, an adviser should 
consider `the full range and quality of a broker's services in 
placing brokerage including, among other things, the value of 
research provided as well as execution capability, commission rate, 
financial responsibility, and responsiveness' to the adviser.'') 
(quoting Interpretive Release Concerning the Scope of Section 28(e) 
of the Securities Exchange Act of 1934 and Related Matters, Exchange 
Act Release No. 23170 (Apr. 28, 1986)); Commission Guidance 
Regarding Client Commission Practices under Section 28(e) of the 
Securities Exchange Act of 1934, Exchange Act Release No. 54165 
(July 18, 2006), available at https://www.sec.gov/rules/interp/2006/34-54165.pdf.
---------------------------------------------------------------------------

    Where an investment adviser fails to satisfy its obligations, 
including fulfilling its fiduciary duty to clients or complying with 
the Advisers Act and other Federal securities laws, its conduct may 
result in potential liability under the antifraud provisions of the 
Federal securities laws. Investment advisers are subject to Section 206 
of the Advisers Act, which prohibits engaging ``in any act, practice, 
or course of business which is fraudulent, deceptive, or 
manipulative.'' \144\ Section 206(4) specifically empowers the 
Commission to adopt rules defining fraudulent acts and practices and to 
prescribe means reasonably designed to prevent their occurrence. In 
addition to the antifraud provision of the Advisers Act, investment 
advisers are also subject to other antifraud provisions under the 
Federal securities laws and misconduct

[[Page 68848]]

by an adviser may result in liability under such other provisions, 
including Section 17 of the Securities Act of 1933 and Section 10(b) of 
the Securities Exchange Act of 1934 and rule 10b-5 thereunder.\145\
---------------------------------------------------------------------------

    \144\ 15 U.S.C. 80b-6(4).
    \145\ See 15 U.S.C. 77q; 15 U.S.C. 78l; and 17 CFR 240.10b-5.
---------------------------------------------------------------------------

    Second, investment advisers registered with the Commission are 
required to adopt and implement written policies and procedures 
reasonably designed to prevent violation of the Federal securities 
laws. The Commission has said that Rule 206(4)-7 requires advisers to 
consider their fiduciary and regulatory obligations under the Advisers 
Act and to formalize policies and procedures to address them.\146\ The 
rule does not enumerate specific elements that advisers must include in 
their policies and procedures and each adviser should adopt policies 
and procedures that take into consideration the nature of that firm's 
operations.\147\ Registered investment companies are subject to similar 
compliance procedures and practices pursuant to rule 38a-1 under the 
Investment Company Act of 1940 and to the extent certain advisers have 
clients that are registered investment companies, the adviser and 
certain specified service providers may be subject to relevant 
provisions of the rule.\148\
---------------------------------------------------------------------------

    \146\ See Compliance Programs of Investment Companies and 
Investment Advisers, Investment Advisers Act Release No. 2204 (Dec. 
17, 2003), at section II.A.1 (adopting rule 206(4)-7), available at 
https://www.sec.gov/rules/final/ia-2204.htm.
    \147\ See id.
    \148\ Rule 38a-1 requires policies and procedures to provide for 
oversight of certain service providers to the registered investment 
company, including its investment advisers, principal underwriters, 
administrators, and transfer agents. The rule also requires the 
registered investment company's board of directors, including a 
majority of its independent directors, to approve its investment 
adviser's policies and procedures based on a finding that the 
policies and procedures are reasonably designed to prevent violation 
of the Federal securities laws by the registered investment company 
and the adviser. In addition, the registered investment company is 
required to review its policies and procedures, as well as those of 
its investment adviser, annually. See 17 CFR 270.38a-1.
---------------------------------------------------------------------------

    As discussed, many investment advisers outsource various functions 
supporting the adviser's services and processes. Investment advisers 
who presently outsource covered functions may already conduct any or 
all of the proposed required due diligence and monitoring obligations 
with respect to outsourced covered functions. Further, such advisers 
may already incorporate these practices into their written policies and 
procedures. However, while there is an existing framework under which 
advisers may oversee certain service providers, there is no existing 
provision under the Advisers Act expressly requiring due diligence and 
monitoring for those service providers.\149\
---------------------------------------------------------------------------

    \149\ Certain entities may be subject to particularized 
requirements under other regulatory regimes. For example, firms that 
are dually registered broker-dealers are subject to FINRA Rule 3110 
which requires members to, among other provisions, establish and 
maintain a system to supervise the activities of each associated 
person that is reasonably designed to achieve compliance with 
applicable securities laws and regulations. This supervisory system 
must, among other requirements, designate an appropriately 
registered principal with authority to carry out the supervisory 
responsibilities of the member for each type of business in which it 
engages for which registration as a broker-dealer is required. See, 
e.g., Rule 3110 Supervision, available at https://www.finra.org/rules-guidance/rulebooks/finra-rules/3110.
---------------------------------------------------------------------------

    For example, advisers may already conduct some due diligence and 
monitoring with respect to service providers relating to the handling 
of sensitive client information in complying with their obligations 
under applicable laws. Section 204A of the Advisers Act requires 
advisers to maintain and enforce written policies and procedures with 
the aim of preventing the firm or any person associated with the firm 
from misusing material non-public information, with rule 204A-1 
thereunder requiring, among other things, that an adviser's code of 
ethics set forth requirements that certain advisory personnel report 
personal securities trading and that the adviser's supervised persons 
must comply with Federal securities laws.\150\ Thus, some investment 
advisers may currently conduct due diligence and monitoring in 
enforcing their code of ethics, which encompasses certain aspects of 
the adviser's relationship with service providers.
---------------------------------------------------------------------------

    \150\ See 15 U.S.C. 80b-4a and 17 CFR 275.204A-1. However, rule 
204A-1 is intended to apply only to ``access persons'' of an 
investment adviser and does not apply to unrelated third parties.
---------------------------------------------------------------------------

    Third, investment advisers use Form ADV to register with the SEC, 
register with one or more state securities regulators, and amend those 
registrations.\151\ Form ADV elicits detailed information concerning 
the adviser and its owners, business practices, employees, and 
disciplinary history. While Form ADV requires reporting on certain 
parties, such as the adviser's industry affiliations and certain 
clients, it does not currently require reporting on all service 
providers that perform what would be covered functions under the 
proposal.
---------------------------------------------------------------------------

    \151\ Form ADV also serves as a reporting form for exempt 
reporting advisers.
---------------------------------------------------------------------------

    Fourth, the Federal securities laws require investment advisers, 
registered investment companies, and others to make and keep books and 
records. The recordkeeping requirements are a key part of the 
Commission's regulatory program for advisers and funds, as they allow 
us to monitor adviser and fund operations, and to evaluate their 
compliance with the Federal securities laws. Existing Rule 204-2, which 
would be amended by the proposal, currently provides certain 
requirements for books and records to be maintained by investment 
advisers while various rules under the Investment Company Act of 1940, 
as amended, provide similar requirements for specified records to be 
maintained by registered investment companies.\152\ To the extent 
certain advisers have clients that are registered investment companies, 
those advisers may be subject to relevant recordkeeping obligations 
under the 1940 Act. For example, if the board of directors of a 
registered investment company has designated performance of fair value 
determinations to the adviser under rule 2a-5 of the 1940 Act, the 
adviser is obligated to maintain the records required by the related 
recordkeeping provision.\153\ Rule 204-2 details the types of required 
records as well as the manner, location and duration of records to be 
maintained by registered investment advisers. For example, rule 204-
2(g) permits investment advisers to use electronic storage media for 
records required to be maintained under Rule 204-2. However, the rule 
does not prescribe specific requirements for when an adviser outsources 
one or more of the required recordkeeping functions to a third party. 
Commission staff has addressed third-party recordkeeping in two staff 
letters, which include certain similar components to the proposed 
amendments to rule 204-2.\154\ Although it is not required by rule, 
advisers who presently outsource covered functions may already make and 
keep relevant books and records with respect to their oversight of 
service providers.\155\
---------------------------------------------------------------------------

    \152\ See infra section V.E.; see, e.g., 17 CFR 270.31a-1, 17 
CFR 270.31a-2, 17 CFR 270.31a-3, 17 CFR 270.31a-4.
    \153\ See 17 CFR 270.2a-5; 17 CFR 270.31a-4.
    \154\ See OMGEO NAL, supra footnote 25, at n.3 (citing First 
Call and National Regulatory Services, SEC Staff No-Action Letter 
(Dec. 2, 1992)); First Call NAL, supra footnote 25.
    \155\ See infra section V.A.2.
---------------------------------------------------------------------------

    Fifth, Regulation S-P: Privacy of Consumer Financial Information 
(``Regulation S-P'' or ``Reg S-P'') provides requirements to adopt 
written policies and procedures reasonably designed to: (i) insure the 
security and confidentiality of customer records and information; (ii) 
protect against any

[[Page 68849]]

anticipated threats or hazards to the security or integrity of customer 
records and information; and (iii) protect against unauthorized access 
to or use of customer records or information that could result in 
substantial harm or inconvenience to any customer.\156\ All registered 
investment advisers who are financial institutions or creditors with 
covered accounts are also subject to Regulation S-ID: Identity Theft 
Red Flags (``Regulation S-ID'' or ``Reg. S-ID''), under which they are 
required to develop and implement a written identity theft program that 
includes policies and procedures to identify relevant types of identity 
theft red flags, detect the occurrence of those red flags, and to 
respond appropriately to the detected red flags.\157\
---------------------------------------------------------------------------

    \156\ See 17 CFR 248.30.
    \157\ 17 CFR 248.201(d)(2); 17 CFR pt. 248, subpt. C, app. A. 
See also infra section V.E.
---------------------------------------------------------------------------

    Sixth, some advisers may be subject to additional regulatory 
regimes that implicate customer information safeguards. For example, 
advisers to private funds may be subject to the Federal Trade 
Commission's Standards for Safeguarding Customer Information (``FTC 
Safeguards Rule'') that contains a number of modifications to the 
existing rule with respect to data security requirements to protect 
customer financial information.\158\ Additionally, advisers that are 
affiliated with banks may be indirectly subject to safeguarding 
standards that include a requirement for a data breach response plan or 
program.\159\ Advisers who anticipate needing to comply with these 
privacy regulations may already conduct any or all of the proposed 
required obligations with respect to service providers who are 
responsible for customer information.
---------------------------------------------------------------------------

    \158\ 16 CFR pt. 314; see also 86 FR 70308 (Dec. 9, 2021) (Jan. 
10, 2022, effective date; Dec. 9, 2022, applicability date for 
certain provisions).
    \159\ See 70 FR at 15752, available at https://www.federalregister.gov/d/05-5980. Specifically, The Banking 
Agencies' Incident Response Guidance provides, among other things, 
that when an institution becomes aware of an incident of 
unauthorized access to sensitive customer information, the 
institution should conduct a reasonable investigation to determine 
promptly the likelihood that the information has been or will be 
misused. If the institution determines that misuse of the 
information has occurred or is reasonably possible, it should notify 
affected customers as soon as possible.
---------------------------------------------------------------------------

    Lastly, registered investment advisers are subject to a variety of 
disclosure requirements that they must make to their investors, 
including certain disclosures vis-[agrave]-vis the registration forms 
of the funds they advise. For instance, open end funds register using 
Form N-1A, and closed end funds register using Form N-2.\160\ A fund's 
registration form includes information related to its basic operating 
structure, including its advisers and some of its service providers. 
However, there are no particularized requirements for these fund 
registration documents to discuss fund outsourcing, due diligence, or 
monitoring practices.
---------------------------------------------------------------------------

    \160\ See Form N-1A, available at https://www.sec.gov/about/forms/formn-1a.pdf; see Form N-2, available at https://www.sec.gov/files/formn-2.pdf.
---------------------------------------------------------------------------

C. Broad Economic Considerations

    As discussed above, investment adviser clients and investors rely 
on the delegated asset management industry, which includes investment 
advisers registered or required to be registered with the Commission, 
for a wide variety of wealth management and financial planning 
functions to their advisers, including tax, retirement, estate, 
education, and insurance services.\161\ These services are critical for 
investors to plan for the future and diversify their investment risks. 
Investment advisers are responsible, under existing regulatory 
regimes,\162\ for a wide variety of functions in order to provide these 
advisory services. Over time, investment advisers have in turn 
outsourced certain functions that are necessary for the adviser to 
provide its investment advisory services in compliance with the Federal 
securities laws as a response to competitive pressures, growing demand 
for advisory services, and increasingly complex client demands.\163\
---------------------------------------------------------------------------

    \161\ See supra section I.A.
    \162\ See supra section I.A, III.B.3.
    \163\ See supra section I.A, III.B.2.
---------------------------------------------------------------------------

    Without a minimum and consistent framework for identifying, 
mitigating, and managing risks to clients, outsourcing can lead to 
client harm through the channels described above, such as clients being 
misled, their adviser making investment decisions based on incorrect 
data, having sensitive information misappropriated, potential or actual 
conflicts of interest, or failures to provide records for regulatory 
oversight.\164\ While many advisers may be aware of the risks and 
account for them appropriately when deciding whether and how to engage 
or continue to use service providers, our staff has observed that not 
all advisers provide a sufficient level of oversight with respect to 
their service providers, despite the existing fiduciary duty and other 
legal obligations applicable to advisers.\165\ This is because, while 
advisers and funds face relevant competitive market forces and 
therefore have private reputational incentives to maintain some level 
of oversight of service providers,\166\ market failures can lead their 
chosen levels of oversight to be sub-optimally low, both from the 
perspective of what each individual adviser's clients and investors 
would prefer, and from the perspective of optimal levels of oversight 
for broader or systemic operational risks.
---------------------------------------------------------------------------

    \164\ See supra section III.B.2.
    \165\ See supra section I.A, III.B.3.
    \166\ See supra section III.B.2.
---------------------------------------------------------------------------

    These market failures provide the economic rationale for the 
proposed rule because they indicate that, without Commission action, 
clients and advisers have limited abilities and incentives to implement 
effective reforms, such as those in the proposed rules, for several 
reasons. First, there are a number of practical issues investment 
advisers and their clients and investors may face in coming to 
agreement on, measuring, and accounting for risks due to outsourcing. 
Second, the client's inability to observe an adviser's effort in 
oversight of service providers gives rise to principal-agent and moral 
hazard problems that can contribute to an adviser exerting too little 
effort on oversight of its service providers. These problems are 
exacerbated by instances in which the adviser has limited visibility 
into a service provider's operations. Lastly, in addition to the 
effects from moral hazard and principal-agent problems, advisers' 
individual incentives to exert effort into oversight are likely to be 
lower than optimal where operational failures at service providers can 
carry broader or systemic risks. This is because individual advisers do 
not have incentives to consider the benefits that their oversight may 
provide to the investment advisory industry as a whole, including (and 
in particular) competing advisers. These difficulties are consistent 
with the outcomes discussed above, in which the Commission has observed 
operational failures by service providers affecting advisers' abilities 
to deliver services to their clients, despite existing fiduciary duty 
and other regulations,\167\ and we next discuss each of these 
difficulties in turn.
---------------------------------------------------------------------------

    \167\ See supra section I.A.
---------------------------------------------------------------------------

    With respect to the practical issues that currently may limit the 
ability or incentive of clients and advisers to adequately address the 
risks of outsourcing: First, because of the substantial variety and 
complexity of functions offered by service providers (such as client 
servicing, investment risk management, pricing, and reconciliation, 
among others), advisers and their clients may face difficulty in

[[Page 68850]]

coming to agreement on and developing a common, consistent set of 
expected practices. These difficulties may be particularly pronounced 
in the case of covered functions that are of significance to investment 
performance but are new or experimental functions for which the adviser 
has limited expertise or experience.\168\ Second, even if clients and 
advisers agree on the adviser's obligations, clients may face risks 
from rare but catastrophic operational events that are inherently 
difficult to predict, and thus difficult to account for when 
negotiating the terms of advisory services.\169\ While some degree of 
operational risk is inevitable, we believe that the proposed rule may 
help lower these risks through its due diligence and monitoring 
requirements.
---------------------------------------------------------------------------

    \168\ For example, for an adviser who lacks experience in 
algorithmic-based trading but has retained an algorithmic trading 
firm and outsourced certain trading activity to that firm, clients 
and investors may benefit substantially from new requirements for 
risk analysis and due diligence on the part of the adviser. While 
the adviser would not need to fully understand the technical 
intricacies of the algorithmic trading service, it generally would 
need to have a reasonable understanding of the service and its 
associated risks, and be able to conclude that it can mitigate and 
manage those risks. See supra section II.B for more discussion.
    \169\ See supra section III.B.2. While clients and advisers 
could price these risks into their contracts for advisory services 
through premiums for insurance coverage for operational failures, 
this would require clients and advisers to agree on the scope of 
coverage required.
---------------------------------------------------------------------------

    Additionally, principal-agent problems, moral hazard problems, and 
related conflicts of interest in the relationships between clients, 
advisers, and service providers may limit incentives for private reform 
and the ability of these market participants to implement reform. The 
investment adviser relationship is subject to agency problems, 
including those resulting from conflicts, to the extent clients (the 
principals) and investment advisers (the agents) have different 
preferences and goals. Investment advisers may take actions that 
increase their well-being at the expense of clients, thereby imposing 
agency costs on their clients.\170\ Moreover, because an adviser's 
oversight of a service provider cannot be observed (and thus cannot be 
contracted for by the clients or investors), there is a moral hazard 
problem that may make it difficult for clients and investors to induce 
advisers to supply the proper amounts of oversight.\171\ Advisers may 
therefore be able to avoid implementing reforms of service provider 
oversight practices. It may also be likely for service providers to 
avoid reforms, because minimal oversight on the part of the adviser may 
open opportunities for service providers to pursue cost savings that 
increase operational risks, or opportunities for other conflicts of 
interest that could benefit the service provider or adviser at the 
client's expense.\172\ These principal-agent problems, moral hazard 
problems, and conflicts of interest may therefore be particularly 
strong in the context of conducting due diligence and monitoring of 
service providers, because clients have even less visibility into 
service provider functions than they do adviser functions.\173\
---------------------------------------------------------------------------

    \170\ See Standard of Conduct Release, at 31-32, supra footnote 
21. An adviser's fiduciary duty can mitigate these agency problems 
and reduce agency costs by deterring investment advisers from taking 
actions that expose them to legal liability.
    \171\ See supra section III.B.2, see also, e.g., Bengt 
Holmstrom, Moral Hazard and Observability, 10 Bell J. of Econ. 1 
(1979). (``It has long been recognized that a problem of moral 
hazard may arise when individuals engage in risk sharing under 
conditions such that their privately taken actions affect the 
probability distribution of the outcome . . . . The source of this 
moral hazard or incentive problem is an asymmetry of information 
among individuals that results because individual actions cannot be 
observed and hence contracted upon.''); Bengt Holmstrom, Moral 
Hazard in Teams, 13 Bell J. of Econ. 2 (1982). (``Moral hazard 
refers to the problem of inducing agents to supply proper amounts of 
productive inputs when their actions cannot be observed and 
contracted for directly.'').
    \172\ See supra section I.A.
    \173\ See supra section III.B.2.
---------------------------------------------------------------------------

    Lastly, because operational failures at service providers can carry 
broader or systemic risks, advisers' individual incentives to exert 
effort into oversight are likely to be lower than optimal from a 
societal standpoint. For instance, when a function is provided to many 
advisers by a small number of service providers,\174\ each adviser may 
not take into account the broader, systemic operational risk associated 
with that service provider's failure when determining the level of 
oversight that they individually, or privately, find optimal.\175\ For 
example, an investment adviser may not take into account the benefits 
that its own oversight of a service provider creates for its 
competitors. Moreover, to the extent that broader or systemic 
operational failures reduce client confidence in markets, there may be 
even greater differences in each adviser's privately optimal level of 
oversight and the optimal level of oversight from a societal 
standpoint. This is because an operational failure at a service 
provider for one adviser may reduce client confidence in other 
advisers, and advisers may not account for the additional impact of 
their service provider's operational failures on client trust in the 
investment advisory industry as a whole, including (and in particular) 
competing advisers.
---------------------------------------------------------------------------

    \174\ See supra section III.B.2.
    \175\ See Andreu Mas-Colell, et. al., Microeconomic Theory 
(Oxford University Press)(1995), at Chapter 11, for a general 
discussion of externalities. Through the lens of the theory of 
externalities and public goods, we believe that due diligence is 
equivalent to a public good supplied at a suboptimal quantity, which 
may be improved by the current proposed rule.
---------------------------------------------------------------------------

    The proposed rules would therefore impose a set of minimum and 
consistent obligations on investment advisers registered or required to 
be registered with the Commission in the course of their outsourcing 
processes. These obligations are designed to address the risks and 
market failures described above in the context of outsourcing core 
advisory functions. These reforms are designed to promote a more 
comprehensive framework to address--and thereby reduce--risks to 
advisers and their clients that result from an adviser's use of service 
providers. These reforms also are designed to give the Commission and 
advisers' clients better information for oversight of advisers' use of 
service providers.
    The scope of the proposed rule would be limited to investment 
advisers registered or required to be registered who have retained a 
service provider to perform a covered function. The proposed rule would 
restrict its scope to a covered function to provide sufficient 
oversight in those specific circumstances where the function or service 
is one that is necessary for the adviser to provide advisory services 
in compliance with the Federal securities laws, and that, if not 
performed or performed negligently, would be reasonably likely to cause 
a material negative impact on the adviser's clients or on the adviser's 
ability to provide investment advisory services. A service provider 
would be a person or entity that performs one or more covered functions 
and is not a supervised person as defined in the Act. Excluding 
supervised persons from the definition of a service provider allows 
advisers to avoid the costs of complying with the proposed rule in 
those circumstances where the service provider is subject to the 
supervision and control of the adviser and the requirements of the rule 
would be duplicative.
    Clients and investors would benefit from this minimum and 
consistent regulatory framework for identifying, mitigating, and 
managing risks associated with outsourced functions. They would benefit 
through reduced risks of operational failures including broad or 
systemic operational failures, reduced risk of fraud associated with 
outsourced functions, reduced risks from potential or actual conflicts 
of interest, improved confidence for clients and investors that 
advisers will be able to carry out their regulatory obligations,

[[Page 68851]]

and greater regulatory transparency and resulting effectiveness of the 
Commission's client and investor protection efforts.\176\ Clients and 
investors may additionally benefit from a reduction in operational risk 
as a result of service providers electing to update or reform their 
operations in response to adviser oversight. These benefits may vary 
across advisers and across covered functions. For example, benefits may 
be minimal for advisers who outsource very few covered functions. By 
contrast, and as mentioned above, benefits may be substantial for 
advisers who outsource functions that are of significance to investment 
performance but are new or experimental functions for which the adviser 
has limited expertise or experience, such as algorithmic-based trading 
or use of predictive data analytics.
---------------------------------------------------------------------------

    \176\ See supra section I.A, III.B.2; see also infra section 
III.D.4. For example, the Commission staff have observed some 
advisers unable to provide timely responses to examination and 
enforcement requests because of outsourcing.
---------------------------------------------------------------------------

    The costs of the proposed rules would include the costs of meeting 
the minimum regulatory requirements of the rules, including the costs 
to advisers of updating, as appropriate, their compliance programs in 
response to the due diligence, monitoring, and record keeping 
requirements. For SEC-registered investment advisers, the costs would 
also include the costs of updating their Form ADV filings to include 
the new required reporting. To the extent advisers currently outsource 
covered functions, the cost of outsourcing covered functions is 
typically borne by advisers--some or all of which, may be passed on to 
clients. Under the proposed rule, compliance costs would be borne by 
advisers that currently outsource covered functions or that may 
outsource covered functions in the future. For example, and as an 
initial matter, advisers would incur costs associated with determining 
if outsourced functions are subject to the requirements of the proposed 
rule. Those advisers, in turn, may attempt to pass costs on to their 
clients. The ability of advisers to pass compliance costs to their 
clients may depend on the willingness of clients to incur those 
additional costs. Further, service providers of covered functions would 
incur costs outside of their normal course of business as a result of 
adviser requests for information to comply with their due diligence and 
monitoring requirements of the proposed rule. These costs would likely 
lead to some service providers charging additional fees to advisers, 
some or all of which may be passed on to advisers' clients.
    We believe the costs of the proposed rules would be limited by 
several factors. First, some advisers may already meet certain portions 
of the obligations that would be required under the proposed rules in 
the course of complying with existing legal obligations,\177\ and their 
costs would only include the costs associated with obligations they do 
not already meet. Second, certain advisers may determine that the costs 
of completing a function themselves with equal efficiency and quality 
as their service provider are less than the costs of the service 
provider plus the regulatory oversight costs. For these advisers, the 
costs of the proposal would be no greater than the costs associated 
with transitioning to completing the function themselves, as this 
choice would place the covered function in the purview of a supervised 
person of the adviser, and therefore outside of the scope of the 
proposed rule. However, this mitigating factor may be less relevant for 
smaller advisers, who may be less able to perform their outsourced 
functions themselves with equal efficiency and quality as their service 
provider.
---------------------------------------------------------------------------

    \177\ See supra section III.B.3.
---------------------------------------------------------------------------

    Our discussion in section III.D below describes in more detail how 
each of the benefits and costs would result from each of the elements 
of the proposed rules.

D. Benefits and Costs

1. Due Diligence
    The proposed rule would require advisers to conduct reasonable due 
diligence before engaging a provider.\178\ Through this due diligence, 
advisers would be required to: (i) identify the nature and scope of the 
covered function the service provider is to perform; (ii) identify and 
determine how it would mitigate and manage the potential risks to 
clients or to the investment adviser's ability to perform its advisory 
services, resulting from engaging a service provider to perform a 
covered function and engaging that service provider to perform the 
covered function; (iii) determine that the service provider has the 
competence, capacity, and resources necessary to perform the covered 
function in a timely and effective manner; (iv) determine whether the 
service provider has any subcontracting arrangements that would be 
material to the service provider's performance of the covered function, 
and identifying and determining how the investment adviser will 
mitigate and manage potential risks to clients or to the investment 
adviser's ability to perform its advisory services in light of any such 
subcontracting arrangement; (v) obtain reasonable assurance from the 
service provider that it is able to, and will, coordinate with the 
adviser for purposes of the adviser's compliance with the Federal 
securities laws; and (vi) obtain reasonable assurance from the service 
provider that it is able to, and will, provide a process for orderly 
termination of its performance of the covered function.\179\
---------------------------------------------------------------------------

    \178\ See proposed rule 206(4)-11(a)(1).
    \179\ See supra section II.B. The benefits and costs of the 
required recordkeeping provisions associated with due diligence are 
discussed in section III.D.3.
---------------------------------------------------------------------------

a. Benefits
    A minimum and consistent due diligence framework would benefit 
clients and investors through reduced risks of operational failures 
including broad or systemic operational failures, reduced risk of fraud 
associated with outsourced functions, and greater regulatory 
transparency and resulting effectiveness of the Commission's client and 
investor protection efforts.\180\ Clients and investors may 
additionally benefit from a reduction in operational risk as a result 
of service providers electing to update or reform their operations in 
response to adviser oversight. These benefits may vary across advisers 
and across covered functions. For example, benefits may be minimal for 
advisers who outsource very few covered functions. By contrast, and as 
mentioned above, benefits may be substantial for advisers who outsource 
functions that are of significance to investment performance but are 
new or experimental functions for which the adviser has limited 
expertise or experience. Certain prongs of the proposed due diligence 
requirement of the rule would provide further individualized 
contributions to these benefits, to the extent that advisers do not 
already complete each of the proposed requirements in response to the 
competitive market forces they face, their reputational considerations, 
or their fiduciary duties.\181\
---------------------------------------------------------------------------

    \180\ See supra section III.C.
    \181\ See supra sections III.B.2, III.C.
---------------------------------------------------------------------------

    First, because advisers must determine the nature and scope of any 
covered function that a service provider is to perform,\182\ advisers 
would be required to have a basic understanding of what the service 
provider will do and how they will do it. This preliminary step would 
enhance the effectiveness of any other component of an adviser's due 
diligence process, including the

[[Page 68852]]

proposed required framework, by ensuring that the adviser has taken 
basic steps to prepare to actively engage with the service provider to 
address issues as they arise. These benefits may be particularly 
pronounced in the case of new or experimental functions for which the 
adviser has limited expertise or experience. Additionally, analyzing 
the nature and scope of a covered function could allow for early 
implementation of safeguards in response to identified vulnerabilities, 
which could benefit clients by reducing the risk of harm arising from 
preventable performance shortfalls by service providers. For example, 
if an adviser seeks to outsource portfolio management activity, it may 
discover through its nature and scope analysis that its clients' 
personally identifiable information may be exposed, or that the service 
provider would be subject to a conflict of interest with another 
adviser. The adviser could then either take steps to mitigate and 
manage these risks or choose to retain directly supervised persons to 
manage its advisers' portfolios.
---------------------------------------------------------------------------

    \182\ See supra section II.B.1.
---------------------------------------------------------------------------

    Second, the proposed rule would require an adviser with an 
outsourced covered function to identify and determine how it would 
mitigate and manage the potential risks of outsourcing. This would 
include an analysis of the general risks of outsourcing a covered 
function, as well as the particular risks of the specific service 
provider selected by the adviser.\183\ Potential client harm caused by 
a service provider's failure to perform (or a service provider 
performing negligently) the outsourced function could be significantly 
mitigated, or even avoided, if the adviser conducts appropriate risk 
analysis, mitigation, and management prior to outsourcing a function.
---------------------------------------------------------------------------

    \183\ See supra section II.B.2.
---------------------------------------------------------------------------

    Third, by requiring advisers to determine service providers have 
the competence, capacity, and resources necessary to provide the 
services they offer in a timely and effective manner, the proposed rule 
could benefit advisers' clients through early identification of a 
variety of risks associated with the service provider's business. 
Clients and investors would benefit, because outsourcing an investment 
adviser's function to a service provider without the necessary 
competence, capacity, and resources to perform that function can 
undermine the adviser's provision of services and mislead or otherwise 
harm clients.
    We believe that the lack of any of these elements in a service 
provider can hinder the ability of an adviser to outsource to that 
service provider and also remain consistent with the adviser's 
fiduciary duty to its clients. For instance, an adviser may discover a 
service provider of a labor-intensive service has insufficient staff, 
or that a service provider lacks sufficient specialized systems or 
equipment to carry out a particular technical function. These 
conditions may be contrary to the client's understanding of their 
agreement with the adviser, because the adviser is responsible for 
these operations even though the service is outsourced. In these cases, 
both the adviser and its clients would benefit from the opportunity to 
identify a more appropriate provider of the covered function in 
question, though these benefits may be mitigated to the extent that 
identifying such a provider is costly.\184\
---------------------------------------------------------------------------

    \184\ These circumstances may particularly arise in the context 
of affiliated service providers where a parent entity determines 
that an adviser must purchase services or otherwise consume services 
from the parent or from another affiliate. The adviser that is 
outsourcing, if permitted to do its own analysis, might have opted 
to use a different provider or not to outsource at all.
---------------------------------------------------------------------------

    Fourth, operational risks may be heightened in instances where a 
service provider uses many subcontractors or when a service provider 
switches subcontractors for arrangements that are material to the 
performance of the covered function. The proposed rule is designed to 
mitigate this heightened risk by including subcontracting arrangements 
in the scope of an adviser's required due diligence and requiring the 
adviser to mitigate and manage potential risks in light of the 
subcontracting arrangements, provided the subcontracting arrangement is 
material to the service provider's performance of the covered function. 
This additional layer of required due diligence can provide more 
oversight and visibility into the full set of functions managed by 
service providers. For example, this component of the proposed due 
diligence would provide greater oversight and visibility into an 
arrangement in which a service provider that provides trading platform 
services engages a subcontractor to write software code, test the 
software, or retrieve data for use on the trading platform.\185\ In 
turn, clients and investors may benefit from the opportunity to 
evaluate the risks presented by a service provider that might otherwise 
be hidden in the service provider's set of subcontractors.
---------------------------------------------------------------------------

    \185\ See supra section II.B.4.
---------------------------------------------------------------------------

    Fifth, by requiring advisers to obtain reasonable assurance from 
their service providers of coordination for purposes of the advisers' 
compliance with the Federal securities laws, the proposed rule would 
likely improve confidence for clients and improve communications 
between advisers and service providers. When advisers set clear 
processes and ground rules with their service providers in order to 
remain compliant with the Federal securities laws, clients may have 
additional confidence that their advisers will be able to carry out 
their regulatory obligations. Additionally, obtaining such reasonable 
advance assurance from service providers may lead to more efficient and 
effective lines of communication between advisers and their service 
providers. This improved communication between advisers and service 
providers may be especially helpful to advisers to mitigate client harm 
in times of market stress and where a service provider is not be 
directly subject to the Federal securities laws and therefore is 
unaware of the potential impact of their services on the adviser's 
compliance with those obligations.
    Sixth, the orderly termination requirement may have the benefit of 
mitigating the risk to clients that advisory services are abruptly 
disrupted due to an agreement between the client's adviser and a 
service provider being terminated. It also may decrease the risk that 
an adviser will find itself unable to comply with the Federal 
securities laws in the event of such a disruption. By compelling 
advisers to prepare for an orderly termination, the rule may prevent 
heightened costs of staying compliant with the Federal securities laws 
or maintaining good business practices in a disorderly termination. 
Further, by potentially increasing the protection of confidential or 
sensitive information during or after termination, such as the return 
or destruction of documents or revocation of service provider access or 
privileges, the rule may give clients and investors more confidence in 
procuring advisory services from registered investment advisers. 
Finally, to the extent that the rule requires reasonable assurance of 
termination rights and processes, the rule may reduce costly legal 
disputes between these parties. For example, these risks may be 
heightened in the case where an adviser terminates a service provider 
covering valuation services, where the process of transitioning client 
accounts may result in those accounts falling out of compliance with 
valuation requirements. By compelling advisers to prepare for an 
orderly termination, the

[[Page 68853]]

rule would help to protect clients from inaccurate valuations of their 
assets, it would help to protect clients from misappropriation of 
confidential or sensitive information regarding their portfolio 
holdings, and it would help to ensure proper transfer and retention of 
records, among other protections.\186\
---------------------------------------------------------------------------

    \186\ See supra section II.B.6.
---------------------------------------------------------------------------

    The magnitude of the benefits would depend on the extent of 
advisers' current due diligence functions that they complete in 
response to the competitive market forces they face, their reputational 
considerations, or their fiduciary duties.\187\ Advisers that currently 
engage service providers may already have the proposed processes or 
similar processes in place.\188\ To the extent advisers currently have 
processes in place that would be in compliance with the proposed rule, 
the client and investor protection benefit of the proposed due 
diligence processes would be diminished.\189\
---------------------------------------------------------------------------

    \187\ See supra sections III.B.2, III.C.
    \188\ See supra section III.B.3.
    \189\ With respect to the proposed compliance coordination 
requirements in particular, advisers that engage service providers 
today may already be taking steps to mitigate the risk that these 
arrangements do not impede an adviser's ability to remain compliant 
with the Federal securities laws. The benefits of the proposed 
compliance coordination requirement would therefore be lessened the 
more advisers currently satisfy the proposed requirement.
---------------------------------------------------------------------------

b. Costs
    Similar to the benefits, the magnitude of the costs would depend on 
the extent of advisers' current due diligence on their covered 
functions.\190\ However, most advisers would likely face certain 
minimum costs, as even an adviser who conducts little outsourcing or 
who already conducts substantial due diligence in accordance with their 
fiduciary duty would likely still undertake a careful review in order 
to confirm that they are in compliance with the rule.\191\
---------------------------------------------------------------------------

    \190\ See supra section III.B.3, III.C.
    \191\ For example, an adviser who already conducts substantial 
due diligence would still need to review their due diligence 
processes to confirm that their processes constitute appropriate 
risk analysis, mitigation, and management. See supra section II.B.2.
---------------------------------------------------------------------------

    Service providers would also face increased costs as a result of 
these due diligence requirements, which may be partially or fully 
passed on to advisers. These would include costs to service providers 
who respond to requests from advisers for information or otherwise 
participate in the adviser's due diligence, costs to service providers 
to update or reform their operations, as well as costs to negotiate or 
re-negotiate service arrangements. These requirements would involve 
senior business, legal and compliance personnel, external costs for 
counsel, and potential costs for hiring of additional personnel to help 
with these burdens. Any portion of the resulting costs that is not 
borne by service providers would ultimately be passed on to 
advisers,\192\ and may in turn be passed on to clients and investors.
---------------------------------------------------------------------------

    \192\ The division of the service provider's direct costs 
between the service provider and the adviser would depend primarily 
on the relative bargaining power of the two parties. In certain 
cases, the service provider may accommodate adviser requests without 
charging additional fees or raising prices. This may particularly be 
the case for smaller service providers, who may have less bargaining 
power relative to their adviser customers. In other cases, the 
service provider may charge the full amount of their increased costs 
as a fee to the adviser. This may particularly be the case for 
smaller advisers, who may have less bargaining power relative to 
their service providers.
---------------------------------------------------------------------------

    These costs are likely to be high initially, and decline over time 
as advisers develop their due diligence systems.\193\ However, ongoing 
costs of the proposed due diligence requirements would not decline to 
zero over time. Advisers would face ongoing annual due diligence costs, 
separate from their monitoring costs, when they change service 
providers, renegotiate contractual relationship with service providers, 
change which of their functions they outsource, or implement other such 
changes that require new due diligence. Advisers would also face 
certain costs anytime they consider implementing such changes to their 
business, even if they do not proceed with the change, because part of 
their necessary evaluation of the business decision would include 
evaluating the due diligence they would need to undertake.
---------------------------------------------------------------------------

    \193\ The costs estimated in this section are associated with 
actually conducting the proposed due diligence requirements, and are 
thus in addition to the PRA costs discussed below, which are limited 
to the collection of information costs of the proposed recordkeeping 
requirements associated with the proposed due diligence 
requirements. See infra section IV.
---------------------------------------------------------------------------

    In addition, some advisers may choose to update their systems and 
internal processes and procedures for due diligence in order to better 
respond to this requirement. These updates may require the time and 
attention of business and operational personnel, which may detract from 
their regular functioning. Additionally, business and operational 
personnel may incur costs that arise from negotiating contractual 
safeguards with service providers in order to comply with due diligence 
requirements. The costs of those improvements would be an indirect cost 
of the rule, to the extent they would not occur otherwise, and they are 
likely to be higher initially than they would be on an ongoing basis. 
Finally, as noted in section III.C above, the collective costs of this 
proposal are unlikely to exceed the cost to the adviser of providing 
the covered function in-house, as this choice would place the covered 
function in the purview of a supervised person of the adviser, and 
therefore outside of the scope of the proposed rule.\194\ However, to 
the extent that an adviser responds to the proposed due diligence rules 
by providing a covered function in-house and does so less efficiently 
or at a lower quality than a service provider would, this loss of 
efficiency or quality would represent an additional burden of the 
proposed rule. Similarly, there may be cases where advisers currently 
have multiple service providers, but the due diligence costs would 
cause an adviser to reduce its reliance to only a single provider, even 
if it would result in less reliable or lower quality service to the 
adviser's clients, because of the costs to properly diligence a 
provider. Any portion of these costs that is not borne by advisers 
would ultimately be passed on to clients and investors.
---------------------------------------------------------------------------

    \194\ See supra section III.C. However, this mitigating factor 
may be less relevant for smaller advisers, who may be less able to 
perform their outsourced functions themselves with equal efficiency 
and quality as their service provider.
---------------------------------------------------------------------------

    Similar to the benefits, there would be individualized costs 
associated with certain prongs of the proposed due diligence 
requirements.
    First, because determining whether a function is a covered function 
at all requires an analysis of the facts and circumstances of the 
function,\195\ advisers generally may have to undertake legal and other 
expenses to evaluate which of their functions are covered functions and 
thus in the scope of the rule. This analysis may be particularly costly 
for certain functions for which it may require thorough investigation 
to evaluate whether the function is necessary for the adviser to 
provide investment advisory services, or for which it may require 
thorough investigation to evaluate whether there would be a material 
negative impact on the adviser's clients or on the adviser's ability to 
provide investment advisory services if the function was not performed, 
or if performed negligently. Advisers may also face additional costs to 
the extent they conservatively evaluate their outsourced functions, and 
ultimately conduct the proposed required due diligence activities on 
functions that may not be covered

[[Page 68854]]

functions.\196\ As such, any costs of the proposed rule to service 
providers may additionally be faced by certain service providers who 
would be outside the scope of the rule, to the extent that advisers 
retaining their services conservatively determine they should exercise 
additional due diligence on them.
---------------------------------------------------------------------------

    \195\ See supra section II.A.1.
    \196\ The Commission requests comment on whether the proposed 
rule should explicitly list certain service providers or covered 
functions that the rule would apply to. See supra section II.A.
---------------------------------------------------------------------------

    Second, for the purposes of the due diligence on nature and scope 
of covered functions, time and personnel costs may be necessary to 
obtain a sufficient understanding of the covered function to be 
outsourced. Fundamentally, an adviser may outsource a covered function 
if it is more efficient than devoting internal resources, or if the 
service provider can provide higher quality operations.\197\ To a 
lesser degree, the required nature and scope analysis may be costly, 
particularly when more complex or technical functions must be 
understood. This cost may present a necessary change in personnel 
duties whenever covered functions are considered for outsourcing, or as 
additional hiring of third-party experts to evaluate the processes of 
potential service providers if the adviser lacks the requisite 
experience to make an informed evaluation with available personnel. 
Similarly, service providers may incur costs associated with responding 
to requests for information from advisers, whether in the form of 
internal staff time, or costs of third parties providing independent 
assessments, and service providers may pass some or all these costs on 
to advisers, who may in turn pass on these costs to their clients and 
investors.
---------------------------------------------------------------------------

    \197\ See supra section III.B.2.
---------------------------------------------------------------------------

    Third, to the extent advisers' current processes for service 
provider risk analysis, mitigation, and management differ from the 
proposal, there would be direct costs necessary to comply with the 
specific proposed requirements. Also, to the extent that they are not 
already doing so in a manner that would meet the proposed rule's 
standards, advisers would incur costs to mitigate and manage any 
additional conflicts of interest created by outsourcing covered 
functions. The above costs would include demands on personnel time to 
verify that the depth and complexity of the analysis is consistent with 
the adviser's assessment of risks associated with the function being 
outsourced. There are a variety of paths that advisers could take to 
complete these requirements and meet these demands, and the costs would 
depend on the adviser's chosen route. For example, an adviser also 
could establish a redundancy in the outsourced service or function, 
such as by arranging a secondary pricing provider to provide pricing 
services in the event a primary pricing service provider fails, and 
could be used to validate accuracy and identify potential anomalies in 
the data provided by the primary pricing provider.\198\ Such redundancy 
would increase costs to clients and investors, or could deter some 
advisers from engaging such third parties (even when it might be 
beneficial to offer clients and investors access to those services).
---------------------------------------------------------------------------

    \198\ See supra section III.B.2.
---------------------------------------------------------------------------

    Fourth, to the extent advisers' processes for lessening the risks 
associated with service providers' competence, capacity, and resources 
differ from the proposal, there would be direct costs necessary to 
comply with the proposed requirements. The cost of complying with this 
new requirement would be limited to the additional costs necessary to 
bring current practice into compliance with the proposed rule. Because 
this analysis should be based on the facts and circumstances of the 
functions being outsourced, costs will likely vary across functions 
that are being outsourced, but there will also be specific costs 
required to analyze the facts and circumstances of each function being 
outsourced. For example, if outsourcing a function is determined to be 
high risk due to the complexity of the function, the adviser may want 
to focus on the experience and expertise of the service provider's 
personnel. If the function is labor intensive, the adviser may consider 
whether the service provider has the necessary staffing to provide the 
function. The costs associated with these two circumstances are likely 
to be different. These requirements may also result in additional costs 
to service providers, to the extent they revise their practices in 
order to satisfy an adviser's requests to ensure that the service 
provider has the competence, capacity, and resources necessary to 
perform the covered function in a timely and effective manner.
    Fifth, for large service providers, there may be many 
subcontractors that materially contribute to the service provider's 
covered function. In such cases, it may be more burdensome for advisers 
to assess the potential risks each of these subcontracting arrangements 
may pose to the service provider's provision of the covered function. 
Similar to the costs associated with evaluating the nature and scope of 
covered functions, there may be extra costs to advisers in the case 
where it is ambiguous which subcontractors are material to the service 
provider's ability to perform the covered function. Further, advisers 
may face difficulty in getting providers or subcontractors to cooperate 
with risk assessment efforts. Lastly, depending on the amount of non-
advisory business a service provider has, there may be a risk that a 
service provider would discontinue business with advisers rather than 
cooperate with the adviser's risk-assessment efforts to conduct due 
diligence on sub-contractors.
    As a closely related matter, and in addition, cooperating with 
advisers' assessment of subcontracting arrangements may impose 
additional time and effort costs on service providers. In particular, 
service providers may face costs associated with determining which of 
their own subcontractors' services are material, meaning that 
nonperformance or negligent performance would be reasonably likely to 
cause a significant negative impact on the service provider's ability 
to perform the covered function.\199\ These would include similar costs 
that advisers would face in determining which outsourced operations are 
covered functions, including extra costs to service providers where it 
is ambiguous which subcontractors' services would be material to their 
ability to perform the covered function.
---------------------------------------------------------------------------

    \199\ See supra section II.B.4.
---------------------------------------------------------------------------

    Sixth, in the case of the compliance coordination requirement, 
direct involvement by business or operational personnel may be required 
to ensure that reasonable assurance of coordination for purposes of the 
adviser's compliance with the Federal securities laws has been obtained 
from service providers. Similarly, service providers may face costs in 
providing this reasonable assurance to advisers, requiring time of 
senior business, legal, and compliance personnel, as well as external 
costs for counsel. We expect such costs to be potentially high 
initially, but decrease over time as advisers adopt more streamlined 
systems to obtain this reasonable compliance. However, there may be 
instances in which advisers encounter reluctance from service providers 
to commit to cooperating. For instance, large service providers with 
many non-adviser customers, such as general cloud computing service 
providers, may be unwilling to accommodate as-needed unscheduled due 
diligence or

[[Page 68855]]

monitoring requests by individual customers. In such cases, these 
service providers may either not do business with advisers or assess 
additional fees (which may be passed on to clients) to help advisers 
comply with the Federal securities laws. Finally, it is possible that 
some service providers, who are not themselves regulated by the 
Commission, may provide certain assurances to the adviser of compliance 
with the Federal securities laws and then simply fail to deliver on 
those assurances, resulting in an adviser needing to implement an 
unexpected and sudden termination of the service provider or transfer 
of operations to a different service provider, which we expect would be 
costly to the adviser and its clients.\200\
---------------------------------------------------------------------------

    \200\ However, these costs would potentially be mitigated by the 
proposed rule's requirement that advisers obtain reasonable 
assurance from the Service Provider is able to, and will, provide a 
process for orderly termination of its performance of the covered 
function. See supra section II.B.6.
---------------------------------------------------------------------------

    Lastly, if service providers perceive the requirement to provide 
reasonable assurance that they can terminate their services in an 
orderly fashion to be too burdensome, or if they believe such assurance 
would not be reasonable, they may choose not to enter into agreements 
with registered advisers. In this case, advisers may be left with a 
limited selection of service providers, which may increase the costs or 
lower the overall quality of services. To the extent that additional 
costs outside of their normal course of business are required to 
provide such reasonable assurance to advisers, service providers would 
likely charge additional fees, some or all of which may be passed on to 
adviser's clients. Finally, the costs imposed by the orderly 
termination requirement may provide an incentive for certain advisers 
to avoid discontinuing business relationships with inefficient or low-
quality service providers.\201\ However, this outcome may be unlikely, 
as the continued monitoring requirements described above would require 
advisers to reasonably determine that it remains appropriate to 
outsource to the service provider.\202\
---------------------------------------------------------------------------

    \201\ Advisers may particularly avoid discontinuing business 
relationships with inefficient or low-quality service providers to 
the extent that the proposed rule would reduce the population of 
viable service providers, either by preventing service provider 
entry, causing certain service providers to exit because of their 
increased costs, or causing service provider fees to increase. See 
infra section III.E.2.
    \202\ See supra section II.B.6.
---------------------------------------------------------------------------

    We estimate the direct costs to advisers associated with the 
proposed due diligence requirements, including legal expenses for an 
adviser to identify its covered functions and service providers, legal 
expenses for review of contracts to determine the nature and scope of 
the services provided for those covered functions, time and personnel 
costs to obtain a sufficient understanding of the covered function to 
be outsourced, securing of various reasonable assurances from service 
providers (which could be provided through written agreements, 
correspondence, or other written documentation, or through oral 
negotiations), and additional legal costs to review subcontracting 
arrangements, among others.
    Because the nature and magnitude of these expenses are likely to 
vary across advisers and across covered functions, in particular 
because many advisers likely already satisfy many of the proposed 
requirements for due diligence processes as a result of competitive 
market forces and resulting reputational effects on individual advisers 
and in accordance with their fiduciary duty or other applicable 
law,\203\ we anticipate a range of possible costs of the rule. At 
minimum, we estimate that the proposed due diligence requirements would 
be completed by compliance managers ($339/hour), a chief compliance 
officer ($580/hour), attorneys ($455/hour), assistant general counsel 
($510/hour), junior business analysts ($191/hour), senior business 
analysts ($300/hour), paralegals ($199/hour), senior operations 
managers ($400/hour), operations specialists ($150/hour), compliance 
clerks ($77/hour), and general clerks ($68/hour).\204\ Certain advisers 
may need to hire additional personnel to meet these requirements.
---------------------------------------------------------------------------

    \203\ See supra section III.B.3.
    \204\ The Commission's estimates of the relevant wage rates are 
based on salary information for the securities industry compiled by 
the Securities Industry and Financial Markets Association's Office 
Salaries in the Securities Industry 2013. The estimated figures are 
modified by firm size, employee benefits, overhead, and adjusted to 
account for the effects of inflation. See infra section IV.
---------------------------------------------------------------------------

    Advisers would face initial, one-time direct costs associated with 
coming into compliance with the proposed due diligence requirements, as 
well as ongoing annual direct costs associated with the due diligence 
requirements. As discussed throughout this section, the initial, one-
time direct costs associated with coming into compliance with the 
proposed due diligence requirements are likely to be higher than the 
ongoing annual costs. For example, to the extent that advisers analyze 
the facts and circumstances analysis of each outsourced function, 
advisers may face substantial initial costs in determining their full 
set of covered functions.\205\
---------------------------------------------------------------------------

    \205\ See supra section II.A.
---------------------------------------------------------------------------

    To estimate monetized costs to advisers, we multiply the hourly 
rates above by estimated hours per professional. We estimate that on 
average, advisers would require at a minimum 40 hours of time from each 
of the personnel identified above as an initial burden in coming into 
compliance with the proposed rule, assuming an average of 8 hours per 
covered function and five covered functions per adviser.\206\ As noted 
above, we believe it is likely that these minimum costs would be 
required even for an adviser who conducts little outsourcing or who 
already conducts substantial due diligence in accordance with their 
fiduciary duty, because such an adviser would likely still undertake a 
careful review in order to confirm that they are in compliance with the 
rule.\207\ For example, we believe the substantial majority of, if not 
all, advisers would elect to prepare some form of written agreement 
with their service providers as part of their means of complying with 
the proposed due diligence requirements.
---------------------------------------------------------------------------

    \206\ For certain of these categories of professionals, these 
hours may be imposed on two professionals of each, who would face 
one-time costs of 20 hours each. Other categories may require four 
professionals who would face one-time costs of ten hours each. For 
some, such as the Chief Compliance Officer, these hours would come/
originate from one staff member. While there are no publicly 
available granular data on adviser outsourcing of operations that 
would be covered functions, this assumption is consistent with 
frequent outsourcing of custodial, administrative, prime brokerage, 
auditing, and recordkeeping services among RIAs. See supra section 
III.B.1; see also infra section IV. Service providers may also face 
direct costs, such as personnel costs for providing reasonable 
assurances to advisers, but for the purposes of estimating minimum 
costs to advisers, we assume that service provider costs are not 
passed on to advisers. Individual estimates correspond to the 
aggregated average cost per adviser, where the average is taken 
across all advisers. Some advisers, particularly the smallest 
advisers or those who do no outsourcing, are likely to face costs 
that are below this lower bound for the average cost across all 
advisers.
    \207\ Also as noted above, an adviser who conducts substantial 
due diligence would still need to review its due diligence processes 
to confirm its processes constitute appropriate risk analysis, 
mitigation, and management. See supra section II.B.2.
---------------------------------------------------------------------------

    These minimum-cost assumptions indicate a one-time initial burden 
of 440 total labor hours and $132,320 per adviser, or a total one-time 
initial burden of 6,492,640 labor hours and $1.953 billion across all 
advisers.
    As noted above, certain due diligence costs would be ongoing, 
separate from monitoring costs. These include costs associated with the 
adviser changing service providers, renegotiating contractual 
relationship with service providers, changing which of their

[[Page 68856]]

functions they outsource, implementing other such changes that require 
new due diligence, or evaluating a need to implement any of these 
changes. We estimate that the ongoing annual burden of the due 
diligence requirement would be one-third the initial burden,\208\ 
resulting in minimum-cost ongoing annual burden of 146.67 labor hours 
and $44,106.67 per adviser and 2,164,213 labor hours and $650,837,973 
across all advisers.
---------------------------------------------------------------------------

    \208\ See infra section IV.
---------------------------------------------------------------------------

    However, many due diligence costs would be likely to be higher for 
certain advisers. Larger advisers, with more outsourcing of covered 
functions, may have greater costs. An adviser needing to revise its 
existing practices, needing to hire new personnel, choosing to switch 
service providers in response to the rule, and multiple other factors 
may cause costs to increase as well. The factors that may increase due 
diligence costs are difficult to quantify. For example, an adviser may 
implement a policy that prevents the adviser from retaining a service 
provider that primarily relies on subcontractors to perform the covered 
function, or implement a procedure to audit the service provider's 
oversight of its subcontractors. These internal adviser policy 
limitations or audits may represent additional costs, such as increased 
prices for using service providers. Similarly, any audit procedure 
would entail audit fees or costs for new personnel. As another example, 
as noted above, certain advisers may elect to retain a secondary 
pricing provider to provide pricing services in the event a primary 
pricing service provider fails, and could be used to validate accuracy 
and identify potential anomalies in the data provided by the primary 
pricing provider, even though no such secondary pricing provider would 
be required by the proposed rules.\209\
---------------------------------------------------------------------------

    \209\ See supra section II.B.2.
---------------------------------------------------------------------------

    While the potential sources of increased costs are difficult to 
quantify, we anticipate that very few advisers would face a burden that 
exceeds three times the above-described minimum burden. To the extent 
that the average adviser faces this upper bound of three times the 
minimum burden, this would indicate that a potential upper bound for 
due diligence costs would be initial costs of 1,320 hours and $396,960 
per adviser and 19,477,920 hours and $5.858 billion across all 
advisers, and ongoing annual costs of 440 hours and $132,320 per 
adviser and 6,492,640 hours and $1.953 billion across all 
advisers.\210\ We request comment on all aspects of this 
quantification, including the minimum estimated burden represented here 
and any range of costs that could hold for different advisers.\211\
---------------------------------------------------------------------------

    \210\ Individual estimates correspond to the aggregated average 
cost per adviser, where the average is taken across all advisers. 
Some advisers, particularly the largest advisers, are likely to face 
costs that substantially exceed this upper bound for the average 
cost across all advisers.
    \211\ See infra section III.G.
---------------------------------------------------------------------------

    Additional direct costs would be generated by the impact of the 
proposed rules on service providers, distinct from those costs directly 
faced by advisers as a result of the proposed due diligence 
requirements. Some of these costs would result from responding to 
adviser requests for information, as noted in this section. These costs 
may include the time of service provider personnel required in 
communicating directly with the adviser, understanding the nature of 
the requests, and compiling the information to be provided. Larger 
service providers serving many advisers may benefit from economies of 
scale in responding to these informational requests, as similar 
information may be requested by multiple advisers. Additionally, there 
would be costs to service providers who elect to update or reform their 
operations due to increased adviser due diligence resulting from this 
rule.\212\ Similar to costs for information requests, larger service 
providers may be able to update or reform their operations with greater 
economies of scale than smaller service providers.
---------------------------------------------------------------------------

    \212\ See supra section III.D.1.a.
---------------------------------------------------------------------------

    We are unable to quantify these direct costs that would be incurred 
by service providers as a result of this rule, as the cost range would 
be too wide to be informative. In particular, the direct costs that 
would be incurred by service providers are subject to substantially 
greater uncertainty than the direct costs that would be incurred by 
advisers. This uncertainty is due to a number of factors, including 
variation in complexity of covered functions outsourced to service 
providers, the degree of market concentration across service provider 
markets (and hence the number of advisers a service provider may need 
to work with to comply with the rule), and variation in current service 
provider practices. The costs to any single service provider of meeting 
the burden for any single covered function for any single adviser may 
therefore have substantial variance. For example, if few service 
providers perform a particular covered function, those service 
providers may perform the same covered function for many advisers and 
hence benefit from economies of scale. By contrast, for service 
providers in less concentrated industries, the rule would potentially 
impose higher costs per service provider. The costs to service 
providers would also depend on the degree to which service providers 
are able to increase their prices and pass those costs on to advisers. 
We request comment on any data that could enable us to calculate the 
effect of the proposed rule on service providers.\213\
---------------------------------------------------------------------------

    \213\ See infra section III.G.
---------------------------------------------------------------------------

2. Monitoring
    The proposed rule would require the adviser, once a service 
provider has been engaged, to periodically monitor the service 
provider's performance of the covered function and reassess the 
retention of the service provider in accordance with the due diligence 
requirements of the proposed rule with such a frequency that the 
adviser can reasonably determine that it is appropriate to continue to 
outsource the covered function and that it remains appropriate to 
outsource the covered function to the service provider.\214\ The manner 
and frequency of an adviser's monitoring would depend on the facts and 
circumstances applicable to the covered function, such as the 
materiality and criticality of the outsourced function to the ongoing 
business of the adviser and its clients. We discuss the benefits and 
costs of the proposed monitoring requirement of the rule below.
---------------------------------------------------------------------------

    \214\ See supra section II.C. The benefits and costs of the 
required recordkeeping provisions associated with monitoring are 
discussed in section III.D.3.
---------------------------------------------------------------------------

a. Benefits
    Advisers' clients rely on adviser monitoring of service providers 
for prevention and timely detection of potential harms resulting from 
operational risk and conflicts of interest, including ensuring their 
clients are continuing to receive advisory services. The enhanced 
client and investor protections resulting from the proposed periodic 
monitoring requirement would benefit clients to the extent that 
requiring such periodic monitoring mitigates operational risks and 
risks posed by conflicts of interest, or reduces the effect of negative 
outcomes, should they occur. For example, periodic monitoring of 
service providers' performance would allow advisers to evaluate service 
providers' performance over time, comparing current to past performance 
and more easily identifying any changes or trends in that performance, 
and taking remedial action where appropriate. As with the other

[[Page 68857]]

components of the proposed rules, the proposed monitoring rule would 
thereby benefit clients and investors through reduced risks of 
operational failures including broad or systemic operational failures, 
reduced risk of fraud associated with outsourced functions, reduced 
risks from potential or actual conflicts of interest, and greater 
regulatory transparency and resulting effectiveness of the Commission's 
client and investor protection efforts. Clients and investors may 
additionally benefit from a reduction in operational risk as a result 
of service providers electing to update or reform their operations in 
response to adviser oversight. These benefits may vary across advisers 
and across covered functions. For example, benefits may be minimal for 
advisers who outsource very few covered functions. By contrast, and as 
mentioned above, benefits may be substantial for advisers who outsource 
functions that are of significance to investment performance but are 
new or experimental functions for which the adviser has limited 
expertise or experience.
    The magnitude of the benefit would depend on the extent to which 
advisers currently periodically monitor the service provider's 
performance and reassess their due diligence in response to the 
competitive market forces they face, their reputational considerations, 
or their fiduciary duties.\215\ While advisers are not required to have 
specific processes in place today, as fiduciaries, and as a matter of 
business practice, advisers that engage service providers today should 
be monitoring those providers.\216\ To the extent advisers currently 
have such, or similar, processes in place, and to the extent those 
processes include all of the elements required by the rule, the client 
and investor protection benefit of the requirement would be lessened. 
However, this factor would not mitigate the broader benefits of clients 
and investors being able to consistently rely on the existence of a 
minimum and consistent framework for identifying, mitigating, and 
managing risks associated with outsourced functions.
---------------------------------------------------------------------------

    \215\ See supra sections III.B.2, III.C.
    \216\ See supra section III.B.3.
---------------------------------------------------------------------------

b. Costs
    Advisers' current processes for monitoring service providers may 
differ from those specified by the proposed rule. The cost of complying 
with this new requirement would be limited to the additional costs 
necessary to comply with the more specific requirements of the proposed 
rule.\217\ These costs would include demands on personnel time to 
verify that an adviser's monitoring of service providers is in 
compliance with the proposed rule. As with due diligence requirements, 
periodic monitoring would also impose distinct costs on service 
providers associated with service provider time and cooperation with 
adviser requests for information, costs to update or reform their 
operations in response to adviser oversight, and costs to negotiate or 
re-negotiate service arrangements. Any portion of the resulting costs 
that is not borne by service providers would ultimately be passed on to 
advisers.\218\ Likewise, any portion of adviser costs that is not borne 
by advisers would ultimately be passed on to clients and investors.
---------------------------------------------------------------------------

    \217\ The costs estimated in this section are associated with 
actually conducting the proposed monitoring requirements, and are 
thus in addition to the PRA costs discussed below, which are limited 
to the collection of information costs of the proposed recordkeeping 
requirements associated with the proposed monitoring requirements. 
See infra section IV.
    \218\ The division of the service provider's direct costs 
between the service provider and the adviser would depend primarily 
on the relative bargaining power of the two parties. See supra 
section III.D.1.b.
---------------------------------------------------------------------------

    Similar to the benefits, the costs associated with implementing 
this requirement are likely to vary depending on advisers' and service 
providers' current practices, as advisers may already engage in 
monitoring in response to relevant competitive market forces and 
resulting reputational effects on individual advisers. In addition, 
some advisers may choose to update their systems and internal processes 
and procedures for tracking their monitoring of service providers in 
order to better respond to this requirement, and some service providers 
may choose to update their systems and internal processes and 
procedures for responding to advisers' monitoring requests. These 
updates may require the time and attention of business and operational 
personnel, which may detract from their regular functioning. However, 
they are also likely to vary their monitoring based on the particular 
service provided. For instance, for information technology services, 
the implementation of automated scans or reviews of service provider 
data feeds, could require more significant costs upfront to the adviser 
with minimal maintenance costs. Additionally, business and operational 
personnel may incur costs that arise from negotiating contractual 
safeguards with service providers in order to comply with this due 
diligence requirement. The costs of those improvements would be an 
indirect cost of the rule, to the extent they would not occur 
otherwise, and they may be higher initially than they would be on an 
ongoing basis.
    Other costs such as those associated with periodic meetings and 
ongoing monitoring are more likely to persist, instead of consisting of 
upfront costs that decline over time. For instance, some functions may 
require periodic onsite visits, and advisers may specify contractual 
obligations to approve new systems prior to implementation.\219\ 
Similar to due diligence requirements, to the extent that an adviser 
responds to the proposed monitoring rules by providing a covered 
function in-house and does so less efficiently or at a lower quality 
than a service provider would, this loss of efficiency or quality would 
represent an additional cost of the proposed rule.\220\ Similarly, 
there may be cases where advisers currently have multiple service 
providers, but the monitoring costs would cause an adviser to reduce 
its reliance to only a single provider, even if it would result in less 
reliable or lower quality service to the adviser's clients, because of 
the costs to properly monitor a provider. Advisers may also face 
additional costs to the extent they spend money and staff time on 
evaluating as well as enhancing their due diligence and monitoring for 
a broader range of their outsourced functions than they ultimately 
determine to be covered functions.\221\
---------------------------------------------------------------------------

    \219\ See supra section II.C.
    \220\ As noted above, smaller advisers may be less able than 
larger advisers to provide a covered function in-house as 
efficiently and with equal quality as a service provider. See supra 
section III.C.
    \221\ The Commission requests comment on whether the proposed 
rule should explicitly list certain service providers or covered 
functions that the rule applied to. See supra section II.A.
---------------------------------------------------------------------------

    Because the direct costs associated with the proposed monitoring 
requirements primarily constitute periodically monitoring the service 
provider's performance of the covered function and reassessing the due 
diligence requirements of the proposed rule, we anticipate that the 
costs of the monitoring requirements would be closely related to the 
costs of the due diligence requirements. In particular, we anticipate 
that the proposed monitoring requirements would require the same staff 
as the due diligence requirements: compliance managers ($339/hour), a 
chief compliance officer ($580/hour), attorneys ($455/hour), assistant 
general counsel ($510/hour), junior business analysts ($191/hour), 
senior business analysts ($300/hour), paralegals ($199/hour), senior 
operations managers ($400/hour),

[[Page 68858]]

operations specialists ($150/hour), compliance clerks ($77/hour), and 
general clerks ($68/hour).\222\ As for the number of hours required for 
these personnel, we estimate that a typical adviser would face one 
third of its due diligence costs as additional monitoring costs. This 
indicates a lower bound for initial costs of 146.67 hours and 
$44,106.67 per adviser and 2,164,213 hours and $650,837,973 across all 
advisers, and a lower bound for ongoing annual costs of 48.89 hours and 
$14,702.22 per adviser and 721,404 hours and $216,945,991 across all 
advisers. This also indicates an upper bound for initial costs of 440 
hours and $132,320 per adviser and 6,492,640 hours and $1.953 billion 
across all advisers, and an upper bound for ongoing annual costs of 
146.67 hours and $44,106.67 per adviser and 2,164,213 hours and 
$650,837,973 across all advisers. We request comment on all aspects of 
this quantification, including the minimum estimated burden represented 
here and any range of costs that could hold for different 
advisers.\223\
---------------------------------------------------------------------------

    \222\ The Commission's estimates of the relevant wage rates are 
based on salary information for the securities industry compiled by 
the Securities Industry and Financial Markets Association's Office 
Salaries in the Securities Industry 2013. The estimated figures are 
modified by firm size, employee benefits, overhead, and adjusted to 
account for the effects of inflation. See infra section IV. Certain 
advisers may need to hire additional personnel to meet these 
requirements.
    \223\ See infra section III.G.
---------------------------------------------------------------------------

    As with the proposed due diligence requirements, we are unable to 
quantify the costs that would be incurred by service providers as a 
result of this rule, as the cost range would be too wide to be 
informative.\224\
---------------------------------------------------------------------------

    \224\ See supra section III.D.1.b.
---------------------------------------------------------------------------

3. Recordkeeping
    We are proposing to revise the Advisers Act books and records rule 
in connection with the scope, due diligence, and monitoring provisions 
of the proposed rule, as well as provide four more general new 
requirements for outsourced recordkeeping.\225\
---------------------------------------------------------------------------

    \225\ See supra sections II.A.3, II.B.7, I.A.1, and II.E.
---------------------------------------------------------------------------

a. Benefits
    The proposed recordkeeping requirements would benefit clients and 
investors by enabling an examiner to verify more easily that an adviser 
is in compliance with the proposed rule and to facilitate the more 
timely detection and remediation of non-compliance.\226\ More 
generally, the recordkeeping requirements would enhance the 
transparency of outsourced services and enhance the Commission's 
oversight capabilities. Enhancing the Commission's oversight 
capabilities could benefit clients and investors through reduced risks 
of operational failures including broad or systemic operational 
failures, reduced risk of fraud associated with outsourced functions, 
reduced risks from potential or actual conflicts of interest, and 
greater regulatory transparency and resulting effectiveness of the 
Commission's client and investor protection efforts. For example, the 
required recordkeeping would assist with outreach, examination, or 
investigation into cases where a service provider who is providing 
trade execution is not adhering to policies and procedures concerning 
best execution.\227\
---------------------------------------------------------------------------

    \226\ Rule 206(4)-7 would already require advisers to adopt and 
implement written policies and procedures reasonably designed to 
prevent and detect violations of the proposed due diligence and 
monitoring requirements if adopted. However, rule 206(4)-7 does not 
enumerate specific elements that advisers would need to include in 
their written policies and procedures, as the proposed recordkeeping 
requirements would. See supra section I.A, III.B.3; see also infra 
section V.D. The Commission staff have observed some advisers 
currently unable to provide timely responses to examination and 
enforcement requests because of outsourcing. See supra section I.A.
    \227\ See supra section II.E.
---------------------------------------------------------------------------

    The proposed requirements for outsourced recordkeeping would 
further benefit clients and investors by mitigating the risk of loss, 
alteration or destruction of all records maintained by a third-party 
service provider, as well as ensuring access to these records for 
investment advisers and their clients and investors. While many 
investment advisers may already have service provider agreements or 
other arrangements that contain these standards as part of their 
policies and procedures or best practices to mitigate or manage risks 
the investment advisers identified when performing due diligence, we 
believe that clients and investors would benefit from a minimum and 
consistent framework for third-party recordkeeping that applies to all 
service providers to mitigate the risk of loss, alteration or 
destruction of records.
b. Costs
    The proposed recordkeeping requirements would impose costs on 
advisers related to creating and maintaining the required records. The 
quantifiable costs include those that can be attributed to senior 
business analysts, attorneys, and compliance professionals who would 
review and familiarize themselves with requirements as specified in the 
proposed rules. In particular, advisers would be required to make and 
retain a list of covered functions and contributing factors, document 
their due diligence efforts, retain any written agreements with service 
providers, and document periodic monitoring of retained service 
providers. Pursuant to the Paperwork Reduction Act analysis, we 
anticipate across all 14,756 RIAs an initial cumulative burden of 
206,584 hours with an initial cumulative cost of $60,477,466 associated 
with this recordkeeping requirement.\228\ We anticipate on an ongoing 
annual basis across all 14,756 RIAs a cumulative burden of 2,985,903 
internal annual hours with a cumulative annual cost of 
$237,527,702.\229\ These quantified estimates are solely for the time, 
effort, and financial resources expended to generate, maintain, retain, 
or disclose or provide information to or for the adviser or Commission. 
These estimates are in addition to the direct costs, discussed above, 
that would be imposed by the proposed requirements for actually 
conducting additional due diligence and monitoring.\230\
---------------------------------------------------------------------------

    \228\ This burden corresponds to 88,536 hours with an initial 
cumulative cost of $25,918,914 for collection of information costs 
associated with making and retaining a list of outsourced covered 
functions and factors, plus 118,048 hours with an initial cumulative 
cost of $34,558,552 for collection of information costs associated 
with making and retaining records documenting the monitoring 
assessment. See infra section IV.B.
    \229\ See infra section IV.B.
    \230\ See supra section III.D.1.b, III.D.2.b.
---------------------------------------------------------------------------

    Additionally, the proposed rules include third-party recordkeeping 
requirements, which would impose further costs on advisers. An adviser 
that outsources either the storage, retention, or creation of records 
to a third party would need to obtain reasonable assurances that the 
third party would be able to meet the standards discussed above.\231\ 
These required standards would impose direct costs on advisers to the 
extent that they choose to outsource some or all recordkeeping to 
third-party providers. In particular, advisers may require time and 
effort of operational personnel to negotiate arrangements with third-
party recordkeeping service providers to seek to ensure the standards 
enacted by this rule are met. Additionally, third-party providers of 
recordkeeping services would face costs associated with bringing their 
systems into compliance to the extent that they differ from the 
proposed third-party recordkeeping requirements.
---------------------------------------------------------------------------

    \231\ See supra section II.E.
---------------------------------------------------------------------------

    Because the direct costs associated with the proposed third-party 
recordkeeping requirements primarily constitute activities with similar

[[Page 68859]]

principles as the proposed due diligence requirements, we anticipate 
that the costs of the third party recordkeeping requirements would be 
closely related to the costs of the due diligence requirements.\232\ In 
particular, we anticipate that the proposed monitoring requirements 
would require the same staff as the due diligence requirements: 
compliance managers ($339/hour), a chief compliance officer ($580/
hour), attorneys ($455/hour), assistant general counsel ($510/hour), 
junior business analysts ($191/hour), senior business analysts ($300/
hour), paralegals ($199/hour), senior operations managers ($400/hour), 
operations specialists ($150/hour), compliance clerks ($77/hour), and 
general clerks ($68/hour).\233\ As for the number of hours required for 
these personnel, we estimate that a typical adviser would face one 
fifth of its due diligence costs as additional third-party 
recordkeeping costs, as the estimated due diligence costs rely on an 
estimate of an adviser outsourcing five covered functions, and the 
burden of the third party recordkeeping requirements are approximately 
consistent with the due diligence burden on any other individual 
covered function.\234\ This indicates a lower bound for initial costs 
of 88 hours and $26,464 per adviser and 1,298,528 hours and 
$390,502,784 across all advisers, and a lower bound for ongoing annual 
costs of 29 hours and $8,821 per adviser and 432,843 hours and 
$130,167,595 across all advisers. This also indicates an upper bound 
for initial costs of 264 hours and $79,392 per adviser and 3,895,584 
hours and $1.172 billion across all advisers, and an upper bound for 
ongoing annual costs of 88 hours and $26,464 per adviser and 1,298,528 
hours and $390,502,784 across all advisers. We request comment on all 
aspects of this quantification, including the minimum estimated burden 
represented here and any range of costs that could hold for different 
advisers.\235\
---------------------------------------------------------------------------

    \232\ There may be differences in the costs of recordkeeping as 
compared to due diligence, which would cause costs of recordkeeping 
to be higher than those estimated here. For example, the costs of 
implementing the proposed requirements as separate from the costs of 
obtaining reasonable assurances from recordkeeping requirements 
could require additional processes and personnel than those 
discussed here, and would result in greater costs.
    \233\ The Commission's estimates of the relevant wage rates are 
based on salary information for the securities industry compiled by 
the Securities Industry and Financial Markets Association's Office 
Salaries in the Securities Industry 2013. The estimated figures are 
modified by firm size, employee benefits, overhead, and adjusted to 
account for the effects of inflation. See infra section IV. Certain 
advisers may need to hire additional personnel to meet these 
requirements.
    \234\ See infra section IV.B.
    \235\ See infra section III.G.
---------------------------------------------------------------------------

    As with the proposed due diligence requirements, we are unable to 
quantify the costs that would be incurred by service providers as a 
result of this proposed rule, as the cost range would be too wide to be 
informative.\236\ Any portion of the proposed required recordkeeping 
costs that is not borne by advisers would ultimately be passed on to 
clients and investors.
---------------------------------------------------------------------------

    \236\ See supra section III.D.1.b.
---------------------------------------------------------------------------

4. Form ADV
    We are proposing to amend Form ADV to require advisers to identify 
their service providers that perform covered functions as defined in 
proposed rule 206(4)-11, provide their location, the date they were 
first engaged to provide covered functions, and state whether they are 
related persons of the adviser. For each of these service providers, we 
would also require specific information that would clarify the services 
or functions they provide.\237\ Because Form ADV Part 1A is submitted 
in a structured, XML-based data language specific to that Form, the 
proposed information in proposed new Item 7.C would be structured 
(i.e., machine-readable). We discuss the benefits and costs of the 
proposed Form ADV requirements of the rule below.
---------------------------------------------------------------------------

    \237\ See proposed Form ADV, Part 1A, Item 7.C., and Section 
7.C. of Schedule D.
---------------------------------------------------------------------------

a. Benefits
    The proposed Form ADV requirements would provide direct and 
indirect benefits to clients. Form ADV disclosure would benefit clients 
of advisers directly by making it less costly to gather information 
necessary for investors and other clients to conduct more comprehensive 
due diligence when deciding to hire or retain advisers, to the extent 
that their choice of adviser is impacted by outsourcing of covered 
functions to service providers as defined in proposed rule 206(4)-11. 
Investors in fund clients (such as private funds) would similarly 
benefit, to the extent they obtain Form ADV information.
    Form ADV Part 1A is submitted using a structured data language 
(specifically, an XML-based data language specific to Form ADV), so the 
information in the new Item 7.C of Part 1A would be structured (i.e., 
machine readable). Also, clients of advisers would be able to identify 
quickly and consider any implications of an adviser's use of a service 
provider or the outsourcing of any service or function. For example, 
clients that use multiple advisers for purposes of total return risk 
diversification could identify whether that diversification was 
lessened by all or many of their advisers relying on a single service 
provider, to the extent that their returns would be harmed by multiple 
advisers facing operational failures.\238\ We also expect the use of 
this information may help clients of advisers protect themselves 
against losses resulting from a service provider failure or service 
provider fraud. For example, if a client experienced a system failure 
relating to a service provider, and the adviser has identified that 
provider as a service provider defined in rule 206(4)-11 and reported 
that provider in Form ADV, the client could determine more easily and 
quickly whether its adviser uses that service provider for a covered 
function and take remedial action such as contacting the adviser to 
understand how the adviser is managing the issue or choosing to move to 
a new adviser.
---------------------------------------------------------------------------

    \238\ As discussed in section III.C, when multiple regulated 
entities use a common service provider, operational risk could 
become concentrated. The proposed Form ADV requirements would make 
it less costly for clients to gather information necessary to 
mitigate concentrated operational risk.
---------------------------------------------------------------------------

    The proposed Form ADV requirements would also provide a benefit by 
facilitating the Commission in its oversight role. The disclosures 
would allow the Commission to understand better the investment advisory 
industry as well as enhance the ability of the Commission to evaluate 
and form regulatory policies and improve the efficiency and 
effectiveness of the Commission's oversight of markets for client and 
investor protection. For example, for service providers that advisers 
identify as service providers defined in rule 206(4)-11 on Form ADV, 
the information in the required Form ADV disclosures would provide the 
Commission with a better understanding of the material services and 
functions that advisers outsource to service providers, and would 
enhance our assessment of advisers' reliance on service providers for 
purposes of targeting our examinations. Also, the information would 
help the Commission identify advisers' use of particular service 
providers that advisers have identified that may pose a risk to clients 
and investors. Additionally, the disclosures would improve our ability 
to assess service provider conflicts and potential risks when 
identifying firms for examination. Finally, the ability to identify 
readily other advisers using such a service provider would allow the 
Commission to assess quickly and react to the

[[Page 68860]]

potential harm to advisory clients.\239\ The proposed rules would 
thereby benefit clients and investors through the Commission's 
increased visibility into operational failures, greater regulatory 
transparency, and resulting effectiveness of the Commission's client 
and investor protection efforts.
---------------------------------------------------------------------------

    \239\ As discussed in section III.B.2, if a large number of 
investment advisers used a common service provider, operational 
risks could be correspondingly concentrated. Increased concentration 
of operational risk could, lead to an increased risk of broader 
market effects during times of market instability. The ability to 
identify readily the advisers using such a service provider might 
allow the Commission to respond more quickly to such broader market 
effects.
---------------------------------------------------------------------------

b. Costs
    The Form ADV requirements would require the disclosure of certain 
information that is not currently required in the Form. Costs would 
likely vary across advisers, depending on the nature of an adviser's 
business and its business model. For example, advisers that do not 
outsource functions or that outsource fewer functions would have fewer 
reporting requirements than advisers that outsource a large number of 
functions, to the extent that these functions would qualify as covered 
functions under the proposed rule. We believe, however, that much of 
the information we propose requiring would be readily available because 
we understand that it is information used by advisers in conducting 
their business.\240\ Lastly, the requirement that information in Item 
7.C of Part 1A of Form ADV be provided in a custom XML-based data 
language is unlikely, by itself, to impose costs on advisers because 
the XML-based data language is not new and applies to existing Form ADV 
Part 1A disclosures.
---------------------------------------------------------------------------

    \240\ To the extent that the proposed rule would require 
information not currently contained in adviser accounting or 
financial reporting systems to be reported, advisers may bear one-
time costs to update systems to adhere to the new filing 
requirements.
---------------------------------------------------------------------------

    The additional burden on advisers due to proposed modifications to 
Form ADV would take the form of initial internal costs, annual internal 
costs, and external costs. We estimate that the proposed modifications 
would impose 1.5 additional hours of initial internal costs and 0.7 
additional hours of annual internal costs per adviser. The total 
internal burden is anticipated to be $9,706,497 across all RIAs.\241\ 
Additionally, initial external costs are anticipated for a subset of 
RIAs. We anticipate this additional external cost would be $7,794,857 
across all RIAs.\242\ In total, the proposed modifications are expected 
to impose an additional burden of $17,517,585 across all RIAs. We 
anticipate that these information collection costs are likely to be the 
same initially as they are on an ongoing basis. Any portion of these 
costs that is not borne by advisers would ultimately be passed on to 
clients and investors.
---------------------------------------------------------------------------

    \241\ See infra section IV. Calculated as 2.2 internal hours per 
adviser x 14,756 advisers at a blended hourly rate of $299.50. The 
total revised internal cost per adviser of $13,094.14 incorporates 
the increase in required hours and an inflation adjustment to the 
blended hourly rate, and the calculation here captures only the 
increase in required hours. Additionally, this aggregate cost 
reflects only the current investment advisory industry size, and 
does not incorporate the expected net addition of 552 RIAs per year.
    \242\ See infra section IV. Calculated as 1 hour of external 
legal services x 0.25 x 14,756 advisers x $531 per hour + 1 hour of 
external compliance consulting services x 0.5 x 14,756 advisers x 
$791 per hour = $7,794,857. The additional burden resulting from 
this rule is calculated using estimated additional hours and 
inflation-adjusted hourly costs of corresponding personnel. See 
supra footnote 241.
---------------------------------------------------------------------------

E. Effects on Efficiency, Competition, and Capital Formation

1. Efficiency
    The proposed rules may affect the efficiency with which clients' 
and investors' capital is allocated in two ways.
    First, the proposed rule would result in an increase in information 
about advisers outsourcing that clients would be able to access on Form 
ADV. To the extent that clients access this information and rely on it, 
that increased information could permit clients to make better informed 
decisions about allocating their capital. For example, clients may 
choose to diversify investments across multiple advisers who engage 
different service providers to perform certain covered functions, such 
as advisers who rely on different index providers or model providers, 
or advisers who rely on service providers offering different predictive 
data analytics methods. Therefore, to the extent that clients and 
investors access and make use of the additional Form ADV information 
generated by advisers as a result of this proposed rule, we would 
expect a more efficient allocation of client and investor capital among 
advisers.
    Second, and alternatively, if some advisers were to elect to 
perform certain covered functions in-house to avoid the compliance 
costs associated with outsourcing the covered functions, or if the 
service provider terminates the relationship as a result of its own 
increased costs and the adviser cannot identify a suitable replacement, 
the function may be performed less efficiently as compared to the 
service provider. For example, such a loss of efficiency could occur 
for any functions that experience economies of scale, and which may be 
currently provided by a single service provider for a large number of 
advisers, to the extent those advisers would perform the function in-
house in response to the proposed rules. As noted above, smaller 
advisers may be less able than larger advisers to provide a covered 
function in-house as efficiently and with equal quality as a service 
provider.\243\
---------------------------------------------------------------------------

    \243\ See supra section III.C.
---------------------------------------------------------------------------

2. Competition
    The proposed rules may lead clients to make better-informed 
decisions when selecting an adviser by increasing information about 
advisers outsourcing that clients would be able to access on Form 
ADV.\244\ As a result, competition among advisers could increase. An 
increase in competition could, presumably, manifest itself in terms of 
better service, better pricing, or some combination of the two, for 
clients, to the extent that clients and investors access and use the 
additional Form ADV information generated by advisers as a result of 
this proposed rule.
---------------------------------------------------------------------------

    \244\ See supra section III.E.1.
---------------------------------------------------------------------------

    Alternatively, the proposed rule could have the opposite effect on 
competition. As an initial matter, the proposed rule would create new 
costs of providing advisory services, which could disproportionately 
impact small or newly emerging advisers who may be less able to absorb 
or pass on these new costs. New costs, especially fixed costs, could 
also disproportionately impact small or newly emerging advisers. To the 
extent these costs discourage entry of new advisers or cause certain 
advisers to exit the market, competition would be harmed.
    It is also possible that the costs borne by advisers may be large 
enough to cause some advisers to stop outsourcing some or all of their 
covered functions.\245\ If advisers were to stop outsourcing some or 
all of their covered functions, clients could experience a decrease in 
the quality of advisers' services. Alternatively, if advisers were to 
try to pass on the costs, or some component thereof, to clients, these

[[Page 68861]]

costs may cause some clients to seek other advisers or alternatives to 
registered advisers. The decreased demand for advisory services could 
result in a decline in the number of registered advisers and, a 
decrease in competition among registered advisers, as a result. A 
decrease in competition among registered advisers could manifest itself 
in terms of poorer service, poorer pricing, or some combination of the 
two, for clients.
---------------------------------------------------------------------------

    \245\ See supra section III.E.1. If there are fixed costs 
associated with the proposed regulations, then smaller advisers 
would generally tend to bear a greater cost, relative to adviser 
size, than larger advisers. If there are material fixed costs 
associated with the proposed rule, then we would expect the possible 
negative effect on competition to be greater for smaller advisers 
who engage service providers because the proposed regulations would 
tend to increase their costs more (relative to adviser size) than 
for larger advisers that engage service providers.
---------------------------------------------------------------------------

    Finally, the proposed rules may affect competition among service 
providers or their subcontractors. The rules are designed to increase 
transparency into an adviser's outsourced covered functions for clients 
and investors, as well as for the Commission. One possible result of 
this increased transparency may be increased competition among service 
providers with respect to the quality of their services. Advisers may 
be able to scrutinize service providers more closely, and thus better 
select more effective service providers or service providers who better 
align with their needs, to the extent these relationships are not 
already appropriately aligned, and service providers overall may seek 
to adjust the quality of their services accordingly. On the other hand, 
the proposed rules may have the opposite effect, in the event that the 
increased costs of the rule cause certain service providers to exit the 
market, or choose not to contract with investment advisers, either to 
avoid incurring new costs or to avoid the costs of improving the 
quality of their services. The increased costs associated with the rule 
could also dissuade new entry of service providers. In this case, the 
number of service providers to investment advisers may shrink, which 
may in turn result in higher service provider prices, although any 
change in the average quality of remaining providers would depend on 
whether higher or lower quality service providers would be more likely 
to exit to avoid new costs.
3. Capital Formation
    Lastly, the enhancements to client and investor protection as well 
as the additional information available to potential current clients 
and potential investors could result in current investors being willing 
to invest more and potential investors being more willing to invest for 
the first time. For example, potential investors may be more willing to 
invest for the first time knowing that outsourced covered functions 
would be subject to enhanced due diligence and monitoring, as well as 
knowing that any third-party service providers maintaining the records 
of their investment would be subject to enhanced oversight.\246\ To the 
extent that the proposed rule leads to greater investment, we could 
expect greater demand for securities, which could, in turn, promote 
capital formation.
---------------------------------------------------------------------------

    \246\ See supra sections II.B, II.C, II.E.
---------------------------------------------------------------------------

F. Reasonable Alternatives

1. Alternatives to the Proposed Scope
    Scope of Covered Functions. As noted above, the proposed rule would 
generally apply to a registered adviser that outsources a covered 
function to a service provider.\247\ A covered function is defined in 
the proposed rule as a function or service that is necessary for the 
adviser to provide its investment advisory services in compliance with 
the Federal securities laws, and if not performed or performed 
negligently, would be reasonably likely to cause a material negative 
impact on the adviser's clients or on the adviser's ability to provide 
investment advisory services.\248\ The Commission alternatively could 
define covered functions to include broader or narrower sets of 
outsourced functions. Changing the definition of covered functions 
could provide a benefit in terms of either (i) increased client 
protection and investor protection in the case of broadening the 
definition or (ii) a reduction in the cost of the compliance with the 
rule in the case of narrowing the definition.
---------------------------------------------------------------------------

    \247\ See proposed rule 206(4)-11(a).
    \248\ Proposed rule 206(4)-11(b).
---------------------------------------------------------------------------

    We believe the definitions that we have included in the proposed 
rule will provide additional protections with respect to advisers 
outsourcing that we think are important for the protection of clients 
and investors. Additionally, the definition of covered functions, in 
combination with other requirements of the proposed rule, would provide 
efficiencies for our examination staff, as well as provide the public 
with additional information about advisers to make more informed 
decisions about the selection and retention of investment advisers. 
Narrowing the scope of the definitions could reduce the cost of the 
proposed rule's requirements, but could also result in a reduction in 
client and investor protections as a result of being under-inclusive. 
For instance, the rule could have alternatively limited the scope of 
the definition of a covered function to a pre-identified list of 
specific functions, but this could limit the rule's protections when 
there are material changes in the manner in which advisers operate that 
are outside the scope of the stated functions. This list could be 
either the same as those provided by service provider types listed in 
the proposed amendments to Form ADV, or more expansive, or more 
restrictive. For example, it could define covered function as those 
services pertaining to the selection, trading, valuation, management, 
monitoring, indexing, use of predictive data analytics, and modeling of 
investments.\249\ The rule could also provide detailed guidance on 
variations of descriptions of functions that different service 
providers may use. For example, the rule could separately define 
``trading'' and ``execution,'' and provide explicit instruction as to 
how they would be treated by the rule. As another example, the rule 
could provide separate explicit instruction for ``management and 
selection'' as separate from ``indexing and modeling.'' \250\ The rule 
could also explicitly state that its application is limited to core 
investment advisory services, and provide an explicit definition for 
core investment advisory services. The rule could alternatively apply 
based on a percentage of either regulatory assets under management or 
clients directly affected by the service provider's performance. These 
limitations may broadly have the effect of lowering compliance costs of 
the proposed rule, but they may not reflect what is core to any 
particular investment adviser.
---------------------------------------------------------------------------

    \249\ See supra section II.A.
    \250\ See supra section II.A.3.
---------------------------------------------------------------------------

    Alternatively, broadening the scope would have the opposite effect, 
increasing the cost of the proposed rule's requirements but potentially 
resulting in greater client and investor protections. For instance, the 
rule could scope in service providers such as public utilities or 
providers of commercially available word processing software. We 
believe that the proposed rule strikes an appropriate balance in terms 
of the scope of its definition of covered functions by requiring 
advisers to provide sufficient oversight in those specific 
circumstances where the function or service is one that, if not 
performed or performed negligently, would be reasonably likely to cause 
a material negative impact on clients and is necessary for the adviser 
to provide advisory services.\251\
---------------------------------------------------------------------------

    \251\ The Commission requests comment on our analysis of the 
benefits and costs of both narrowing and expanding the scope. See 
supra section III.G.
---------------------------------------------------------------------------

    Scope of Service Providers. The proposed rule excludes supervised 
persons of an adviser from the definition of a service provider.\252\ 
The

[[Page 68862]]

proposed rule does not, however, make a distinction between third-party 
providers and affiliated service providers. The Commission 
alternatively could exclude affiliated service providers from the 
definition of a service provider. Arguably, the use of affiliated 
service providers may create less risk. For example, use of an 
affiliated service provider could mitigate the risk of limited 
information about conflicts of interests associated with the use of a 
third-party service provider.\253\ Excluding affiliated service 
providers from the definition of a service provider, could benefit 
advisers by reducing the cost of compliance when using an affiliated 
service provider.
---------------------------------------------------------------------------

    \252\ See proposed rule 206(4)-11(b).
    \253\ For example, an affiliated service provider who does not 
operate covered functions for multiple advisers would have no scope 
for benefiting one adviser's clients at the expense of another. See 
supra section III.B.2.
---------------------------------------------------------------------------

    We believe, however, that while certain risks may be diminished, 
risks the proposed rule are designed to address still exist whether the 
service provider is affiliated or unaffiliated. For example, the 
ability to have direct control or full transparency may be limited when 
an adviser outsources a covered function, even to an affiliated service 
provider, which increases the risk for failed regulatory compliance. 
There may also still be risks of conflicts of interest when the 
affiliated service provider performs services to more than one adviser. 
We believe that including affiliated service providers in the 
definition of service providers strikes the right balance in terms of 
mitigation of risk and the cost of complying with the proposed rule.
    Similarly, the proposed rule does not make an exception for sub-
advisers that are registered as investment advisers with the 
Commission. This rulemaking alternatively could have excepted 
registered sub-advisers, which may have lowered the total cost of the 
rule. However, we believe that such an exception would diminish the 
effectiveness of the rule, as the fact that a sub-adviser is registered 
with the Commission does not negate the need for sufficient due 
diligence and monitoring to be undertaken for the benefit of the 
client. If an adviser allocates some or all of a client's portfolio to 
a sub-adviser, the adviser is still ultimately responsible for 
reasonably ensuring that the services rendered are consistent with the 
adviser's representation of the services to the client. We believe that 
reduced benefit from the resulting gap in adviser oversight would not 
be justified by the cost savings that could be obtained by providing an 
exception to registered sub-advisers.
    The proposed rule could also have provided an exception for 
separately managed accounts and other wrap fee programs. As proposed, 
an adviser in such a program would be subject to the proposed rule if 
they retain a service provider for its provision of advisory services. 
As such, multiple advisers that retain the same service provider may 
need to conduct due diligence and monitoring on that service provider, 
depending on whether such services are covered function. As an 
alternative, the proposed rule could provide an exclusion for advisers 
that engage service providers to perform covered functions as part of a 
larger program or arrangement, such as the sponsor of a wrap fee 
program or other separately managed account program in which the 
sponsor is subject to the proposed rule with respect to the 
participation of the service providers in the program. One advantage of 
such an exception could be reducing the potential for redundancy in the 
due diligence and monitoring of service providers conducted in wrap fee 
programs. However, we believe that sub-advisers that retain service 
providers are best positioned to conduct appropriate due diligence and 
monitoring of a service provider in connection with its particular sub-
advisory role. For instance, while a sub-adviser overseeing fixed-
income portfolio strategies and a sub-adviser overseeing equity 
portfolio strategies may retain the same service provider, there may be 
different operational risks, conflicts of interest, or other problems 
discovered upon due diligence or monitoring with respect to each of 
these roles. Therefore, we do not believe that it would be appropriate 
to provide an exception for such cases.
2. Alternatives to the Proposed Due Diligence and Monitoring 
Requirements
    One alternative to proposed new rule 206(4)-11 would be amendments 
to existing rules. For example, amendments to rule 204A-1 (which 
provides for minimum provisions to an investment adviser's code of 
ethics) could introduce requirements for protections of sensitive 
client information.\254\ Amendments to Form ADV and/or rule 204-3 could 
introduce more requirements for advisers to disclose information about 
service providers to their clients in their brochures.\255\ These 
requirements could include greater detail on the adviser's use of 
service providers, the adviser's understanding of the operational risks 
associated with those service providers, and the adviser's existing due 
diligence and monitoring practices. Further protections in the case of 
advisers engaging service providers on behalf of registered investment 
companies could be achieved by amending rule 38a-1 to require advisers 
to approve compliance policies and procedures associated with service 
providers.\256\ We could also amend Advisers Act rule 206(4)-7 to 
require specific policy and procedure requirements for service provider 
oversight. However, these amendments would not create the same 
consistent framework requiring both due diligence and ongoing 
monitoring, as proposed rule 206(4)-11 would. We believe that a 
prophylactic rule that creates a consistent framework for advisers to 
use and continue to use a service provider is more likely to result in 
consistent client and investor protections than expanding the scope of 
rules that are not uniformly intended to address the risks associated 
with outsourcing. Moreover, amendments to existing rules would 
primarily address issues with dissemination of sensitive client 
information, and would not achieve the same benefits associated with 
broadly reducing risk of fraud or other harms associated with 
outsourced functions, advisers failing to secure regulatory oversight, 
or other benefits of proposed rule 206(4)-11.\257\
---------------------------------------------------------------------------

    \254\ See rule 204A-1, see also supra section III.B.3.
    \255\ See rule 204-3, see also supra footnote 62 and 
accompanying text.
    \256\ See rule 38a-1, see also supra section III.B.3; see also 
infra section V.E.
    \257\ See supra section III.C.
---------------------------------------------------------------------------

    A second alternative to the proposed new rule 206(4)-11 would be a 
rule limited to requiring minimum consistent disclosures as to an 
adviser's existing due diligence and monitoring processes for 
outsourced covered functions. For example, amendments to existing rule 
204-3 could enhance what an adviser must include in its brochures, and 
such amendments could require advisers to describe their due diligence 
and monitoring processes in greater detail. Advisers could also be 
required to make quarterly or annual statements to their clients on the 
status of their service providers and the outsourced covered functions, 
including any anticipated operational risks for the subsequent 
reporting period uncovered as part of the adviser's existing due 
diligence and monitoring processes. This alternative could potentially 
result in reduced costs relative to the proposal, but only insofar as 
it is less costly for an adviser to make appropriate disclosures than 
it is for an adviser to enhance its due diligence and monitoring 
processes. For example, for

[[Page 68863]]

an adviser who already conducts substantial due diligence and 
monitoring and may already be in substantial compliance with the 
proposed rule but does not make regular disclosures regarding covered 
functions to clients or investors, an alternative disclosures-based 
framework would be more costly than the proposed rules. A disclosures-
based framework would also have fewer direct risk-reduction benefits 
relative to a framework directly requiring minimum consistent due 
diligence and monitoring. Moreover, an adviser cannot waive its 
fiduciary duty and should be overseeing outsourced functions to ensure 
its obligations are met. It would be a breach of its fiduciary duty and 
deceptive for an adviser to outsource certain covered functions without 
conducting initial due diligence and ongoing oversight, particularly 
those related to its advisory services and compliance with the Federal 
securities laws. With respect to both of these alternatives, we believe 
proposed rule 206(4)-11 strikes the right balance in terms of 
mitigation of risk and the costs of complying with the proposed rule.
3. Alternatives to the Proposed Amendments to the Books and Records 
Rule
    We propose to require advisers to make and retain certain books and 
records attendant to their obligations under the proposed oversight 
framework, such as lists or records of covered functions, records 
documenting due diligence and monitoring of a service provider, records 
of certain notifications, and copies of any written agreements that the 
adviser enters into with service providers.\258\ The proposed 
recordkeeping requirements would assist our examination staff in 
monitoring compliance with the proposed rule. Alternatively, the 
proposed rule could require the retention of more, fewer, or no 
additional records. Requiring advisers to retain more records would aid 
our examination staff in monitoring compliance with the proposed rule, 
but increase the cost of compliance for advisers. Requiring advisers to 
retain fewer, or no, additional records would hamper the ability of our 
staff to monitor compliance with the proposed rule, but decrease the 
cost of compliance for advisers. We believe that limiting the scope of 
the required recordkeeping to the current proposal strikes the 
appropriate balance between minimizing costs and making information 
available that is important to the examination process.
---------------------------------------------------------------------------

    \258\ See proposed rule 204-2(a)(24).
---------------------------------------------------------------------------

    The proposed rule contains provisions related to the adviser's 
responsibilities concerning third-party creation, storage and retention 
of records. Specifically, every investment adviser that relies on a 
third party for any recordkeeping function required by the 
recordkeeping rule must obtain reasonable assurances that the third 
party will meet certain standards intended to maintain the integrity of 
and access to records in providing the outsourced function.\259\ For 
example, for electronic records, the third party must allow the 
investment adviser and staff of the Commission to access the records 
easily through computers or systems during the required retention 
period of the recordkeeping rule.\260\ As an alternative, the proposed 
rule could require investment advisers to direct service providers 
(other than cloud service and other records providers) to transfer 
required records periodically to the adviser, but not impose any other 
requirement for reasonable assurances of other recordkeeping standards. 
By removing the more detailed standards currently proposed, this 
alternative could potentially lower the cost to advisers and service 
providers when records are created indirectly as a result of a service 
provider's contracted activity. For instance, a service provider that 
an adviser retains to calculate a fund's performance or rates of return 
creates new records that need to be stored and retained, even though 
the service provider is not retained for a recordkeeping purpose.\261\ 
However, this approach could reduce the assurances to the adviser and 
its clients and investors of proper storage and retention of records. 
As such, we believe the current rule is better suited to ensure the 
adviser is able to comply with the Advisers Act recordkeeping and other 
relevant Federal securities laws.
---------------------------------------------------------------------------

    \259\ See supra section II.E.
    \260\ Id.
    \261\ Id.
---------------------------------------------------------------------------

    Additionally, the proposed rule could require a written agreement 
between the adviser and its service providers of covered functions. 
Under this alternative, the proposed rule could incorporate the 
currently proposed due diligence requirements as requirements to be 
included in a contract between the adviser and service provider. The 
alternative could be required for only certain covered functions and 
not others, for example by defining a list of critical covered 
functions and requiring a written agreement for those functions, or 
could be required for all covered functions. Such a requirement could 
have the benefit of reducing the risk of ambiguity between advisers and 
service providers, as well as potentially increasing transparency to 
the Commission. As noted, the recordkeeping rule could be satisfied by 
such a written agreement.\262\ However, we believe that requiring a 
written agreement between advisers and service providers of all covered 
functions could be overly burdensome, in instances where certain large 
service providers may be unwilling to modify their standard contracts 
for advisers to comply with regulation if advisers are a fraction of 
their client base. While we do not know how frequently that would 
occur, we nevertheless do not currently believe that the benefits of 
explicitly requiring written agreements between advisers and service 
providers would justify the costs. We request comment on whether a 
written agreement should be explicitly required.\263\
---------------------------------------------------------------------------

    \262\ See supra section II.E.
    \263\ See supra section II.A.3.
---------------------------------------------------------------------------

    Finally, the proposed rule could require disclosure in Form ADV 
Part 1A of whether an adviser has a written agreement for each covered 
function, or could require disclosure in cases where an adviser does 
not have a written agreement for a particular covered function. Such a 
requirement could have the benefit of alerting investors and the 
Commission to instances in which ambiguity between advisers and service 
providers could be heightened by the lack of a written agreement. 
However, these benefits would be limited to the instances in which 
clients and investors would access and make use of the additional Form 
ADV information generated by advisers. Therefore, we do not currently 
believe the benefits of requiring disclosures of written agreements 
would justify the costs of preparing additional Form ADV disclosures, 
but we request comment above on whether the rule should require these 
additional disclosures.\264\
---------------------------------------------------------------------------

    \264\ See supra section II.A.3.
---------------------------------------------------------------------------

4. Alternatives to the Form ADV Requirements
    We are proposing to amend Form ADV to require advisers to identify 
their service providers that perform covered functions, provide their 
location, the date they were first engaged to provide covered 
functions, and state whether they are related persons of the adviser. 
One alternative to the proposed amendments to a public Form ADV 
disclosure would be a nonpublic report to the Commission in a format 
other

[[Page 68864]]

than Form ADV. Absent the Form ADV disclosures, however, clients would 
no longer receive the direct benefit of less costly information 
gathering. Also, we believe that it is more efficient to compile 
information about advisers on Form ADV, which can enhance our staff's 
ability to effectively carry out its risk-based examination program and 
risk monitoring activities, and could improve client and investor 
protection by evaluating and forming regulatory policies and focusing 
examination activities, thereby creating a greater indirect benefit to 
clients as well.\265\
---------------------------------------------------------------------------

    \265\ See supra section II.D.
---------------------------------------------------------------------------

    Another alternative to the proposed Form ADV disclosures would be 
to add additional required disclosures on fund registration statements, 
such as comparable information about service provider arrangements. For 
instance, fund registration documents could be required to directly 
disclose all of the information that is currently proposed to be 
required on Form ADV, such as the legal names of their service 
providers, whether the service provider is a related person, and which 
covered functions the service provider is engaged to provide, so that 
investors do not need to analyze Form ADV to obtain this information. A 
similar approach could also require private fund advisers to provide 
comparable information to private fund investors. This alternative 
would potentially improve access to information for fund investors in 
addition to direct advisory clients, to the extent that registered fund 
investors (unlike private fund investors) are unlikely to analyze Form 
ADV data.
    However, we believe there are several downsides to this approach 
that are inconsistent with the intent of the proposed rule. First, 
funds are separate entities from advisers that are often capable of 
entering into agreements directly with a service provider. Therefore, 
this approach would capture data related to service providers to funds 
instead of service providers to advisers. Assuming the service 
provider's relationship was with the adviser as opposed to the fund, 
this approach would still only capture data for advisers to funds. It 
would not capture data for advisers to advisers that did not have fund 
clients, such as advisers to solely retail clients.
    Another downside of this approach would be that it would involve 
the modification and collection of information from various 
registration documents depending on the type of fund under advisement 
of an RIA. For instance, open-end mutual funds register using Form N-
1A, while closed-end mutual funds register using Form N-2. For these 
reasons, we believe that it is more efficient and effective to compile 
information about advisers on Form ADV. The proposed rule can enhance 
our staff's ability to effectively carry out its risk-based examination 
program and risk monitoring activities, and could improve client and 
investor protection by evaluating and forming regulatory policies and 
focusing examination activities, thereby creating a greater indirect 
benefit to clients as well. Further, clients and investors may find 
such information more readily accessible when it is consolidated onto a 
single form, which may lower the costs of their information gathering. 
We therefore believe that Form ADV is the most appropriate medium for 
advisers to report their use of service providers for covered 
functions.
5. Alternatives to the Transition and Compliance Period
    We are proposing that advisers registered or required to be 
registered with the Commission be required to comply with the rule 
applicable to it, if adopted, starting on the compliance date, which is 
proposed as ten months from the rule's effective date.\266\ This would 
provide a transition period during which a registered investment 
adviser can prepare to comply with any final rule. The proposed rule, 
if adopted, would apply to any new engagement of service providers made 
on or after the compliance date of the proposed rules and 
amendments.\267\ The ongoing monitoring requirements, if adopted, also 
would apply to existing engagements beginning on the compliance 
date.\268\
---------------------------------------------------------------------------

    \266\ See supra section II.G.
    \267\ Id.
    \268\ Id.
---------------------------------------------------------------------------

    As one alternative, the Commission could only require advisers to 
comply with any final rule with respect to new funds or client 
relationships. Arguably, under the rule as proposed, clients who have 
already invested in funds or have an existing advisory relationship 
have agreed to negotiated economic terms. To the extent that these 
negotiations granted any economic terms to the client to compensate for 
operational risks, requiring an adviser to come into compliance with 
any final new rule without renegotiating all terms of a client's 
contract could represent a windfall to the client in the form of a 
reduction in its risk with no additional cost to the client.\269\ 
Clients with established contractual terms may also face higher costs 
of coming into compliance with any final rule, to the extent that the 
parties do renegotiate the broader economic terms of the contract. 
These considerations potentially motivate the alternative that would 
only require advisers to comply with any final rule with respect to new 
funds or client relationships. However, many client contractual 
relationships may be evergreen, or allow for a multiple extensions to 
the life of the contractual relationship, and so allowing for advisers' 
existing client relationships to forego compliance could substantially 
reduce the benefits of any final rule. We believe that providing no 
exemptions for existing clients strikes the right balance in terms of 
mitigation of risk and the cost of complying with any final rule.
---------------------------------------------------------------------------

    \269\ For a fund with a pass-through expense model, in which all 
expenses are passed through to the investors, there would be no such 
windfall. See, e.g., Eli Hoffmann, Welcome To Hedge Funds' Stunning 
Pass-Through Fees, Seeking Alpha (Jan. 24, 2017), available at 
https://seekingalpha.com/article/4038915-welcome-to-hedge-funds-stunning-pass-through-fees.
---------------------------------------------------------------------------

    As another alternative, the Commission could provide for a longer 
transition and compliance period, which would increase the amount of 
time advisers have to comply with any final rule. This alternative 
would reduce the benefits of the proposed rule by foregoing the 
benefits of any rule during the extended compliance period. However, to 
the extent it is less costly for advisers to come into compliance over 
a longer time period, this alternative could reduce the costs of any 
final rule. We believe that the proposed transition and compliance 
period strikes the right balance in terms of the costs of coming into 
compliance with any final rule, but we request comment on whether 
proposed transition period following any final rule's effective date is 
appropriate.\270\
---------------------------------------------------------------------------

    \270\ See supra section II.G.
---------------------------------------------------------------------------

G. Request for Comment

    The Commission requests comment on all aspects of this initial 
economic analysis, including whether the analysis has: (i) identified 
all benefits and costs, including all effects on efficiency, 
competition, and capital formation; (ii) given due consideration to 
each benefit and cost, including each effect on efficiency, 
competition, and capital formation; and (iii) identified and considered 
reasonable alternatives to the proposed rule. We request and encourage 
any interested person to submit comments regarding the proposed rule, 
our analysis of the potential effects of the proposed rule, and other 
matters that may have an effect on the proposed rule. We request that 
commenters identify sources of data

[[Page 68865]]

and information as well as provide data and information to assist us in 
analyzing the economic consequences of the proposed rule. We also are 
interested in comments on the qualitative benefits and costs we have 
identified and any benefits and costs we may not have discussed.
    In addition to our general request for comment on the economic 
analysis associated with the proposed rule, we request specific comment 
on certain aspects of the proposal:
    87. We request comment on our characterization of the risks 
associated with outsourcing. Are there other risks or potential harms 
to clients that our analysis has not identified?
    88. We request comment on our characterization of market failures 
associated with outsourcing to service providers that may hinder reform 
in the absence of the proposed rules. Do commenters agree with the 
relevance of the described principal-agent and moral hazard problems?
    89. The proposed rule would require an adviser to identify the 
potential risks to clients, or to the adviser's ability to perform its 
advisory services, resulting from outsourcing a covered function. To 
what extent do advisers currently have such, or similar, processes in 
place?
    90. The proposed rule would require the adviser to determine that 
the service provider has the competence, capacity, and resources 
necessary to provide timely and effective services. To what extent do 
advisers currently have such, or similar, processes in place?
    91. The proposed rule would require that the adviser determine 
whether the service provider has any subcontracting arrangements that 
would be material to the performance of the covered function, and would 
require the adviser to identify and determine how it will mitigate and 
manage potential risks to clients or its ability to perform advisory 
services in light of any such subcontracting arrangement. To what 
extent do advisers currently have such, or similar, processes in place?
    92. The proposed rule would require an adviser to obtain reasonable 
assurance from a service provider that it is able to, and will, 
coordinate with the adviser for purposes of the adviser's compliance 
with the Federal securities laws, as applicable to the covered 
function. To what extent do advisers currently have such, or similar, 
processes in place?
    93. The proposed rule would require an investment adviser to obtain 
reasonable assurance from the Service Provider is able to, and will, 
provide a process for orderly termination of its performance of the 
covered function. To what extent do advisers currently have such, or 
similar, processes in place?
    94. The proposal would require advisers to monitor the service 
provider's performance of the covered function and reassess the due 
diligence requirements of the proposed rule with such a frequency that 
the adviser can reasonably determine that it is appropriate to continue 
to outsource the covered function and that it remains appropriate to 
outsource it to the service provider. To what extent do advisers 
currently have such, or similar, processes in place?
    95. The proposal would provide for certain new books and 
recordkeeping requirements. To what extent do advisers currently have 
such, or similar, processes in place?
    96. We request comment on all aspects of the quantified estimates 
of costs of the rule. In particular:
a. To what extent would the required minimum staffing from personnel 
and third parties differ from the estimates provided here, for each of 
the proposed rules?
    b. To what extent would the required minimum number of hours from 
those staff differ from the estimates provided here, for each of the 
proposed rules?
    c. What additional data should the Commission consider in its 
estimation of the minimum costs an adviser would face in conjunction 
with the proposed rules?
    d. Do commenters agree that only certain advisers would frequently 
transfer regulatory records from their service providers? Are there 
other voluntary actions that only certain advisers would undertake in 
pursuit of coming into compliance with the proposed rules?
    e. What additional sources of variation are there that would result 
in an adviser facing more than the minimum costs of coming into 
compliance with the proposed rules? What additional information should 
the Commission consider when quantifying those additional costs?
    f. To what extent would the upper bound of average costs faced by 
any particular adviser differ from the estimates provided here, for 
each of the proposed rules?
    g. What are the likely highest costs any single adviser would be 
likely to face in coming into compliance with the proposed rules? What 
information should the Commission consider when quantifying those 
highest costs?
    h. To what extent would the estimated costs be impacted by advisers 
electing, in response to the proposed rules, to provide covered 
functions themselves that are currently outsourced? What would the 
costs of this transition be? To what extent would those costs differ 
from other expected costs of complying with the proposed rules?
    i. If possible, for commenters who already undertake similar 
processes to those described in the proposed rules, please provide 
estimates of the cost of undertaking those processes. What additional 
considerations can the Commission use to extrapolate such figures in 
order to estimate costs to other advisers?
    j. What additional considerations can the Commission use to 
estimate the costs and benefits of the proposed amendments?
    97. We request comment on the anticipated costs to service 
providers as a result of the proposed regulations. Are there 
significant direct or indirect costs to service providers beyond those 
stated in section III.D? To what extent do commenters believe that the 
costs to service providers would be proportional to, and thus can be 
extrapolated from, the costs that would be imposed on advisers? We 
additionally request any data which could aid in the calculation of the 
costs of the proposed rule to service providers.
    98. How do commenters anticipate that the costs of complying with 
the proposed rule will be shared between advisers' and their clients?
    99. How do commenters believe the proposed regulations will affect 
efficiency, competition, and capital formation in the industry? Please 
explain.
    100. Do commenters believe that the alternatives the Commission 
considered are appropriate? Are there other reasonable alternatives 
that the Commission should consider? If so, please provide additional 
alternatives and how their benefits and costs would compare to the 
proposal. Specifically, we request comment on the following:
    a. Do commenters agree with our assertion that broadening the 
definitions of covered functions would enhance client and investors 
protections, but increase the costs of compliance? Do commenters agree 
with our belief that the proposed rule strikes the right balance in 
terms of the scope of its definitions of covered functions? Why or why 
not?
    b. Do commenters believe that limiting the scope of the required 
recordkeeping to that required by the proposed rule strikes the 
appropriate balance between minimizing costs and making information 
available for the examination process? Why or why not? Should the 
Commission increase or

[[Page 68866]]

decrease the scope of the required recordkeeping? Why or why not?
    101. Are there alternatives to required Form ADV disclosure in 
addition to targeted examinations that we should implement?

IV. Paperwork Reduction Act Analysis

A. Introduction

    Certain provisions of the proposed rule and proposed amendments 
contain ``collection of information'' requirements within the meaning 
of the Paperwork Reduction Act of 1995 (``PRA'').\271\ We are 
submitting the proposed collections of information to the Office of 
Management and Budget (``OMB'') for review in accordance with the 
PRA.\272\ The proposed amendments to rule 204-2 under the Advisers Act 
(other than new rule 204-2(l)) and Form ADV would have an effect on 
currently approved collection of information burdens. Proposed rule 
206(4)-11 and proposed rule 204-2(l) would not require new collections 
of information. Proposed Rule 206(4)-11 would require an adviser to 
conduct due diligence and monitoring of covered functions performed by 
a service provider, and proposed rule 204-2(l) would affect the manner 
in which an adviser can rely on a third-party to store required books 
and records. Any documentation required by proposed rule 206(4)-11's 
due diligence and monitoring requirements is captured in the collection 
of information burden for Rule 204-2.
---------------------------------------------------------------------------

    \271\ 44 U.S.C. 3501 through 3521.
    \272\ 44 U.S.C. 3507(d); 5 CFR 1320.11.
---------------------------------------------------------------------------

    The titles for the existing collections of information are: (1) 
``Rule 204-2 under the Investment Advisers Act of 1940'' (OMB control 
number 3235-0278); and (2) ``Form ADV'' (OMB control number 3235-0049).
    An agency may not conduct or sponsor, and a person is not required 
to respond to, a collection of information unless it displays a 
currently valid OMB control number. Each requirement to disclose 
information, offer to provide information, or adopt policies and 
procedures constitutes a collection of information requirement under 
the PRA. These collections of information would help increase the 
likelihood that advisers have a reasonable basis for determining that 
it would be appropriate to outsource particular functions or services 
to a service provider, and collectively would serve the Commission's 
interest in protecting clients and investors by reducing the risk that 
a service provider could significantly affect a firm's operations and 
directly or indirectly harm clients. The Commission staff would also 
use the collection of information in its examination and oversight 
program to prepare better for, and more efficiently conduct, their on-
site examinations. We discuss below the collection of information 
burdens associated with the proposed rule amendments.

B. Rule 204-2

    Under section 204 of the Advisers Act, investment advisers 
registered or required to register with the Commission under section 
203 of the Advisers Act must make and keep for prescribed periods such 
records (as defined in section 3(a)(37) of the Exchange Act), furnish 
copies thereof, and make and disseminate such reports as the 
Commission, by rule, may prescribe as necessary or appropriate in the 
public interest or for the protection of clients and investors. Rule 
204-2, the books and records rule, sets forth the requirements for 
maintaining and preserving specified books and records. This collection 
of information is found at 17 CFR 275.204-2 and is mandatory. The 
Commission staff uses the collection of information in its examination 
and oversight program. Responses provided to the Commission in the 
context of its examination and oversight program concerning the 
proposed amendments to rule 204-2 would be kept confidential subject to 
the provisions of applicable law.
    Concurrent with proposed rule 206(4)-11, we are proposing 
corresponding amendments to rule 204-2. The proposed amendments would 
require advisers to make and retain: (1) a list or other record of 
covered functions that the adviser has outsourced to a service 
provider, along with a record of the factors that led the adviser to 
list each function; (2) records documenting the due diligence 
assessment conducted pursuant to proposed rule 206(4)-11, including any 
policies and procedures or other documentation as to how the adviser 
will mitigate and manage the risks of outsourcing a covered function; 
(3) a copy of any written agreement, including amendments, appendices, 
exhibits, and attachments, entered into pursuant to proposed rule 
206(4)-11; and (4) records documenting the periodic monitoring of a 
service provider of a covered function. Each of these records would be 
maintained and preserved consistent with proposed Advisers Act Rule 
204-2(e)(4) in an easily accessible place throughout the time period 
during which the adviser has outsourced a covered function to a service 
provider and for a period of five years thereafter. These proposed 
amendments would help facilitate the Commission's inspection and 
enforcement capabilities.
    The respondents to this collection of information are investment 
advisers registered or required to be registered with the Commission. 
All such advisers will be subject to the proposed amendments to rule 
204-2. As of December 31, 2021, there were 14,756 advisers registered 
with the Commission. We estimate that all of them would use a service 
provider for a covered function and be subject to these books and 
records requirements. In our most recent Paperwork Reduction Act 
submission for rule 204-2, we estimated for rule 204-2 a total annual 
aggregate hour burden of 2,764,563 hours, and a total annual aggregate 
external cost burden of $175,980,426.\273\ The table below summarizes 
the initial and ongoing annual burden estimates associated with the 
proposed amendments to rule 204-2. We have made certain estimates of 
the burdens associated with the proposed amendments solely for the 
purpose of this PRA analysis. Based on staff experience, most advisers 
already conduct some level of oversight of service providers so as to 
fulfill the adviser's fiduciary duty, comply with the Federal 
securities laws, and protect clients from potential harm. Our burden 
estimates therefore presume that advisers are already making some 
records of due diligence and monitoring.
---------------------------------------------------------------------------

    \273\ Supporting Statement for the Paperwork Reduction Act 
Information Collection Submission for Revisions to Rule 204-2, OMB 
Report, OMB 3235-0278 (Aug. 2021).

[[Page 68867]]



                                        Table 1--Rule 204-2 PRA Estimates
----------------------------------------------------------------------------------------------------------------
                                                                                                        Annual
                               Internal initial   Internal annual   Wage rate \2\   Annual internal    external
                                 hour  burden       hour burden                        time costs    cost burden
----------------------------------------------------------------------------------------------------------------
                                               PROPOSED ESTIMATES
----------------------------------------------------------------------------------------------------------------
Make and Retain list of        6 hours \1\.....  2 hours.........  $292.75          $585.50                   $0
 outsourced Covered Functions                                       (blended rate    (Internal
 and factors \5\.                                                   for compliance   Annual Hour
                                                                    manager,         Burden of 2
                                                                    attorney, and    hours x Wage
                                                                    senior           rate of
                                                                    business         292.75).
                                                                    analyst).
Total burden per adviser.....  6 hours.........  2 hours.........  ...............  $585.50........            0
Total number of affected       x 14,756          x 14,756          ...............  x 14,756.......            0
 advisers.                      advisers.         advisers.
Sub-total burden for           88,536 hours....  29,512 hours....  ...............  $8,639,638.....            0
 aggregated advisers.
Make and retain records        0...............  6 hours.........  $292.75          $1,756.50......            0
 documenting due diligence                                          (blended rate
 assessment \3\.                                                    for compliance
                                                                    manager,
                                                                    attorney, and
                                                                    senior
                                                                    business
                                                                    analyst).
Total annual burden per        0...............  6 hours.........  ...............  $1,756.50......            0
 adviser.
Total number of affected       0...............  x 14,756........  ...............  x 14,756.......            0
 advisers.
Sub-total burden.............  0...............  88,536 hours....  ...............  $25,918,914....            0
Retention of written           0...............  1...............  $72.50 (blended  $72.50.........            0
 agreement with service                                             rate for
 provider \4\.                                                      general clerk
                                                                    and compliance
                                                                    clerk).
Total annual burden per        0...............  1...............  ...............  $72.50.........            0
 adviser.
Total number of affected       0...............  x 14,756........  ...............  x 14,756.......            0
 advisers.
Sub-total burden.............  0...............  14,756 hours....  ...............  $1,069,810.....            0
Make and retain records        8 hours.........  6...............  $292.75          $1,756.50......            0
 documenting monitoring of                                          (blended rate
 service providers of covered                                       for general
 functions \6\.                                                     clerk and
                                                                    compliance
                                                                    clerk).
Total annual burden per        8 hours.........  6...............  ...............  $1,756.50......            0
 adviser.
Total number of affected       14,756..........  x 14,756........  ...............  x 14,756.......            0
 advisers.
Sub-total burden.............  118,048 hours...  88,536 hours....  ...............  $25,918,914....            0
Total annual aggregate burden  206,584 hours     221,340 hours...  ...............  $61,547,276....            0
 of rule 204-2 amendments.      (initial burden
                                hours).
Current annual estimated       NA..............  2,764,563 hours.  ...............  $175,980,426...            0
 aggregate burden of rule 204-
 2.
Total annual aggregate burden  NA..............  2,985,903 hours.  ...............  $237,527,702...            0
 of rule 204-2.
----------------------------------------------------------------------------------------------------------------
\1\ We believe that the estimated internal hour burdens associated with the proposed amendment would include one-
  time initial burdens, and we then amortize these initial burdens over three years to determine the ongoing
  annual burden. Our estimate assumes that there would be required annual maintenance and review of the list of
  covered functions and factors. Taking into account the various sizes of SEC registered advisers with varying
  operational complexities, we estimate that each adviser would outsource an average of six covered functions.
\2\ The Commission's estimates of the relevant wage rates are based on salary information for the securities
  industry compiled by the Securities Industry and Financial Markets Association's Office Salaries in the
  Securities Industry 2013. The estimated figures are modified by firm size, employee benefits, overhead, and
  adjusted to account for the effects of inflation. The rates used to create the blended rates are as follows:
  compliance manager--$339; attorney--$455; senior business analyst--$300; compliance clerk--$77; general clerk--
  $68. See Securities Industry and Financial Markets Association, Report on Management & Professional Earnings
  in the Securities Industry 2013 (``SIFMA Report'').
\3\ The proposed rule's due diligence requirements would apply before a service provider is retained to perform
  a covered function (note that monitoring would apply to existing engagements). For new advisers, we believe
  that the time, effort, and financial resources would be incurred in the normal course of activities and
  therefore there is no additional burden. Based on staff experience, most advisers already conduct some level
  of oversight of service providers so as to fulfill the adviser's fiduciary duty, comply with the Federal
  securities laws, and protect clients from potential harm. Our burden estimates therefore presume that advisers
  are already making some records of due diligence and monitoring. Our burden estimate addresses the making and
  retention of the due diligence records only. It is not an estimate of the time needed to conduct due
  diligence. This estimate also presumes that an adviser initiates the outsourcing, or amends an existing
  outsourcing agreement, for an average of two covered functions per year. In reaching our estimate, we
  considered that larger advisers, or advisers with more complex operations and strategies, may exceed this
  average, while smaller advisers or advisers with comparatively streamlined operations may outsource fewer
  covered functions than this average.
\4\ Because the proposed rule would not apply until a new covered function is outsourced, or existing outsourced
  covered function is amended, there should be no initial burden that differs from the annual burden. The
  proposed amendments would require the retention of a written agreement only if such agreement is made. Based
  on staff experience, it is customary business practice for advisers to enter into written agreements with
  service providers that are performing a covered function. We therefore estimate that the additional burden of
  retaining written agreements, if applicable, will be minimal.
\5\ Based on staff experience, and considering the varying sizes and complexities of advisers, we estimate that
  advisers will outsource an average of six covered functions. We anticipate that larger advisers, or advisers
  with more complex operations and strategies, may exceed this average, while smaller advisers or advisers with
  comparatively streamlined operations may outsource fewer covered functions than this average.
\6\ Because the monitoring obligations would apply to existing agreements as of the compliance date, we believe
  there would be an initial monitoring burden that differs from the annual burden in the first year that the
  rule becomes effective. This is because advisers may need to alter their existing monitoring practices
  resulting in collections of information that they did not previously develop. Our burden estimate addresses
  the making and retention of the monitoring records only. It is not an estimate of the time needed to conduct
  monitoring. This estimate assumes advisers monitor an average of six outsourced covered functions each year
  (this is in addition to our estimate of two new or amended outsourced functions that would be subject to
  initial due diligence each year). In reaching our estimate, we considered that larger advisers, or advisers
  with more complex operations and strategies, may exceed this average, while smaller advisers or advisers with
  comparatively streamlined operations may outsource fewer covered functions than this average.

C. Form ADV

    Form ADV is the investment adviser registration form under the 
Advisers Act. Part 1 of Form ADV contains information used primarily by 
Commission staff, and Part 2A is the client brochure. Part 2B requires 
advisers to create brochure supplements containing information about 
certain supervised persons. Part 3: Form CRS (relationship summary) 
requires certain registered investment advisers to prepare and file a 
relationship summary for retail investors. We use the information on 
Form ADV to determine eligibility for registration with us and to 
manage our regulatory and examination programs. Clients and investors 
use certain of the information to determine whether to hire or retain 
an investment adviser, as well as what types of accounts and services 
are appropriate for their needs. The collection of information is 
necessary to provide advisory clients, prospective clients, other 
market participants and the Commission with information about the 
investment adviser and its business, conflicts of interest and 
personnel. Rule 203-1 under the Advisers Act requires every person 
applying for investment adviser registration with the Commission to 
file Form ADV. Rule 204-4 under the Advisers Act requires certain 
investment advisers exempt from registration with the Commission 
(``exempt reporting advisers'' or ``ERAs'') to file reports with the

[[Page 68868]]

Commission by completing a limited number of items on Form ADV. Rule 
204-1 under the Advisers Act requires each registered and exempt 
reporting adviser to file amendments to Form ADV at least annually, and 
requires advisers to submit electronic filings through IARD. The 
paperwork burdens associated with rules 203-1, 204-1, and 204-4 are 
included in the approved annual burden associated with Form ADV and 
thus do not entail separate collections of information. These 
collections of information are found at 17 CFR 275.203-1, 275.204-1, 
275.204-4 and 279.1 (Form ADV itself) and are mandatory. Responses are 
not kept confidential.
    We are proposing amendments to Form ADV Part 1 to enhance client 
and investor disclosure and our ability to oversee investment advisers. 
Specifically, the proposed amendments would amend Item 7 of Part 1A to 
require an adviser to disclose whether it outsources any covered 
function, and if so, to provide additional information on Schedule D. 
The proposed amendments would add Section 7.C. to Schedule D of Part 1A 
to require advisers to disclose the following for each service provider 
to which a covered function is outsourced: legal name, primary business 
name, legal entity identifier (if applicable), whether the service 
provider is a related person of the adviser, date the service provider 
was first engaged, location of the service provider's office primarily 
responsible for the covered function, and the covered function(s) that 
the service provider is engaged to perform. The collection of this 
information is necessary to improve information available to us and to 
the general public about advisers' use of service providers to perform 
covered functions. Our staff would also use this information to help 
prepare for examinations of investment advisers. We are not proposing 
amendments to Parts 2 or 3 of Form ADV.
    The amount of time that a registered adviser will incur to complete 
Item 7.C. and Section 7.C. of Schedule D will vary depending on the 
number of service providers the advisers engages. Nevertheless, we 
believe that the proposed revisions to Part 1A would impose few 
additional burdens on advisers in collecting information as advisers 
should have ready access to all the information necessary to respond to 
the proposed items in their normal course of operations. We anticipate, 
moreover, that the responses to many of the questions are unlikely to 
change from year to year, minimizing the ongoing reporting burden 
associated with these questions.
    The respondents to current Form ADV are investment advisers 
registered with the Commission or applying for registration with the 
Commission and exempt reporting advisers.\274\ Based on the IARD system 
data as of December 31, 2021, approximately 14,756 investment advisers 
were registered with the Commission, and 4,813 exempt reporting 
advisers file reports with the Commission. The amendments we are 
proposing would increase the information requested in Part 1 of Form 
ADV for registered investment advisers that engage a service provider 
to perform a covered function.\275\ We estimate that all registered 
investment advisers will engage at least one service provider to 
perform a covered function. The burdens associated with completing 
Parts 2 and 3 also are included in the PRA for purposes of updating the 
overall Form ADV information collection.\276\ Based on the prior 
revision of Form ADV, we estimated the annual compliance burden to 
comply with the collection of information requirement of Form ADV is 
433,004 burden hours and an external cost burden estimate of 
$14,125,083.\277\ We propose the following changes to our PRA 
methodology for Form ADV:
---------------------------------------------------------------------------

    \274\ An exempt reporting adviser is an investment adviser that 
relies on the exemption from investment adviser registration 
provided in either section 203(l) of the Advisers Act because it is 
an adviser solely to one or more venture capital funds or section 
203(m) of the Advisers Act because it is an adviser solely to 
private funds and has assets under management in the United States 
of less than $150 million.
    \275\ Exempt reporting advisers are required to complete a 
limited number of items in Part 1A of Form ADV (consisting of Items 
1, 2.B., 3, 6, 7, 10, 11, and corresponding schedules). The proposal 
does not include any requirement for exempt reporting advisers to 
respond to proposed new Item 7.C.
    \276\ See Updated Supporting Statement for PRA Submission for 
Amendments to Form ADV under the Investment Advisers Act of 1940 
(``Approved Form ADV PRA'').
    \277\ See Investment Adviser Marketing, Final Rule, Investment 
Advisers Act Release No. 5653 (Dec. 22, 2020) [81 FR 60418 (Mar. 5, 
2021)] (``IA Marketing Release'') and corresponding submission to 
the Office of Information and Regulatory Affairs at reginfo.gov 
(``2021 Form ADV PRA'').
---------------------------------------------------------------------------

     Form ADV Parts 1 and 2. Form ADV PRA has historically 
calculated an hourly burden per adviser per year for Form ADV Parts 1 
and 2 for each of (1) the initial burden and (2) the ongoing burden, 
which reflects advisers' filings of annual and other-than-annual 
updating amendments. We noted in previous PRA amendments that most of 
the paperwork burden for Form ADV Parts 1 and 2 would be incurred in 
the initial submissions of Form ADV. However, recent PRA amendments 
have continued to apply the total initial hourly burden for Parts 1 and 
2 to all currently registered or reporting RIAs and ERAs, respectively, 
in addition to the estimated number of new advisers expected to be 
registering or reporting with the Commission annually. We believe that 
the total initial hourly burden for Form ADV Parts 1 and 2 going 
forward should be applied only to the estimated number of expected new 
advisers annually. This is because currently registered or reporting 
advisers have generally already incurred the total initial burden for 
filing Form ADV for the first time. On the other hand, the estimated 
expected new advisers will incur the full total burden of initial 
filing of Form ADV, and we believe it is appropriate to apply this 
total initial burden to these advisers. We propose to continue to apply 
any new initial burdens resulting from proposed amendments to Form ADV 
Part 1, as applicable, to all currently registered investment advisers.
    Table 2 below summarizes the burden estimates associated with the 
proposed amendments to Form ADV Part 1. The proposed new burdens also 
take into account changes in the numbers of advisers since the last 
approved PRA for Form ADV, and the increased wage rates due to 
inflation.

[[Page 68869]]



                                                             Table 2--Form ADV PRA Estimates
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                 Internal annual
                                        Internal initial        amendment burden         Wage rate \2\       Internal time costs    Annual external cost
                                          burden hours              hours \1\                                                            burden \3\
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                             PROPOSED AMENDMENTS TO FORM ADV
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                        RIAs (burden for Parts 1 and 2, not including private fund reporting) \4\
--------------------------------------------------------------------------------------------------------------------------------------------------------
Proposed addition (per adviser) to   1.5 hours (reflects     0.7 hours \1\.........  $299.50 per hour       2.2 hours x $299.50 =  1 hour of external
 Part 1 (Item 7.C and Section 7.C     estimate of 18                                  (blended revised       $658.90.               legal services
 of Schedule D).                      minutes per                                     rate for senior                               ($531) for \1/4\ of
                                      outsourced covered                              compliance examiner                           advisers that
                                      function x estimated                            and compliance                                prepare Part 1; 1
                                      average of 5 covered                            manager) \5\.                                 hour of external
                                      functions per                                                                                 compliance
                                      adviser).                                                                                     consulting services
                                                                                                                                    ($791) for \1/2\ of
                                                                                                                                    advisers that
                                                                                                                                    prepare Part 1.\6\
Current burden per adviser \7\.....  29.72 hours \8\.......  11.8 hours \9\........  $273 per hour          (29.72 + 11.8) x $273  $2,069,250 aggregated
                                                                                      (blended current       = $11,334.96.          (previously
                                                                                      rate for senior                               presented only in
                                                                                      compliance examiner                           the aggregate).\10\
                                                                                      and compliance
                                                                                      manager).
Revised burden per adviser.........  29.72 hours + 1.5       0.7 hours + 11.8 hours  $299.50 (blended       (31.22 + 12.5) x       $5,019.75.\11\
                                      hours = 31.22 hours.    = 12.5 hours.           revised rate for       $299.50 = $13,094.14.
                                                                                      senior compliance
                                                                                      examiner and
                                                                                      compliance manager).
Total revised aggregate burden       39,367.44 hours \12\..  190,975 hours \13\....  Same as above........  (39,367.44 + 190,975)  $10,565,759.\14\
 estimate.                                                                                                   x $299.5 =
                                                                                                             $68,987,560.80.
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                              RIAs (burden for Part 3) \15\
--------------------------------------------------------------------------------------------------------------------------------------------------------
No proposed changes................  ......................  ......................  .....................  .....................  .....................
Current burden per RIA.............  20 hours, amortized     1.58 hours\17\........  $273 (blended current  $273 x (6.67 + 1.71)   $2,433.74 per
                                      over three years =                              rate for senior        = $2,287.74.           adviser.\18\
                                      6.67 hours \16\.                                compliance examiner
                                                                                      and compliance
                                                                                      manager).
Total updated aggregate burden       66,149.59 hours \19\..  14,573.92 hours \20\..  $299.50 (blended       $24,176,691.20         $8,732,193.75.\21\
 estimate.                                                                            revised rate for       (($299.50 x
                                                                                      senior compliance      (66,149.59 hours +
                                                                                      examiner and           14,573.92 hours)).
                                                                                      compliance manager).
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                          ERAs (burden for Part 1A, not including private fund reporting) \22\
--------------------------------------------------------------------------------------------------------------------------------------------------------
No proposed changes................  ......................  ......................  .....................  .....................  .....................
Current burden per ERA.............  3.60 hours \23\.......  1.5 hours + final       $273 (blended current  Wage rate x total      $0.
                                                              filings \24\.           rate for senior        hours (see below).
                                                                                      compliance examiner
                                                                                      and compliance
                                                                                      manager).
Total updated aggregate burden       1,245.6 \25\..........  7,775.6 hours \26\....  $299.50 (blended       $2,701,849.40          $0.
 estimate.                                                                            revised rate for       ($299.50 x (1,245.6
                                                                                      senior compliance      + 7,775.6 hours)).
                                                                                      examiner and
                                                                                      compliance manager).
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                               Private Fund Reporting \27\
--------------------------------------------------------------------------------------------------------------------------------------------------------
No proposed changes................  ......................  ......................  .....................  .....................  .....................
Current burden per adviser to        1 hour per private      N/A-included in the     $273 (blended current  .....................  Cost of $46,865.74
 private fund.                        fund \28\.              existing annual         rate for senior                               per fund, applied to
                                                              amendment reporting     compliance examiner                           6% of RIAs that
                                                              burden for ERAs.        and compliance                                report private
                                                                                      manager).                                     funds.\29\
Total updated aggregate burden       1,150 hours \30\......  N/A...................  $299.50 (blended       $3,978,123.50 ($279.5  $15,090,768.30.\31\
 estimate.                                                                            revised rate for       x 14,233 hours)).
                                                                                      senior compliance
                                                                                      examiner and
                                                                                      compliance manager).
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                      TOTAL ESTIMATED BURDENS, INCLUDING AMENDMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------------
Current per adviser burden/external                             23.82 hours \32\                            23.82 hours x $273 =   $777.\33\
 cost per adviser.                                                                                           $6,502.86 per
                                                                                                             adviser cost of the
                                                                                                             burden hour.
Revised per adviser burden/external                             15.70 hours \34\                            15.70 hours x $299.50  $1,678.59.\35\
 cost per adviser.                                                                                           = $4,702.15 per
                                                                                                             adviser cost of the
                                                                                                             burden hour.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Current aggregate burden estimates.            433,004 initial and amendment hours annually \36\            433,004 x $273 =       $14,125,083.\37\
                                                                                                             $118,210,092
                                                                                                             aggregate cost of
                                                                                                             the burden hour.

[[Page 68870]]

 
Revised aggregate burden estimates.           321,237.15 \38\ Initial and amendment hours annually          321,237.15 x $299.50   $34,355,721.05.\39\
                                                                                                             = $96,210,526.40
                                                                                                             aggregate cost of
                                                                                                             the burden hour.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Notes:
\1\ This column estimates the hourly burden attributable to annual and other-than-annual updating amendments to Form ADV, plus RIAs' ongoing obligations
  to deliver codes of ethics to clients. The internal annual amendment burden hours estimate for the proposed Part 1 Item 7.C. is the sum of the
  internal initial burden estimate annualized over a three-year period (1.5 initial hour/3 = 0.5 hours), plus 0.2 hours of ongoing annual burden hours,
  and it assumes annual reassessment and execution: ((1.5 initial hours/3 years) + 0.2 hours of additional ongoing burden hours) = 0.7 hour.
\2\ As with Form ADV generally, and pursuant to the currently approved PRA (see 2021 Form ADV PRA), we expect that for most RIAs, the performance of
  these functions would most likely be equally allocated between a senior compliance examiner and a compliance manager, or persons performing similar
  functions. The Commission's estimates of the relevant wage rates are based on salary information for the securities industry compiled by the SIFMA
  Wage Report. The estimated figures are modified by firm size, employee benefits, overhead, and adjusted to account for the effects of inflation. For
  RIAs that do not already have a senior compliance or a compliance manager, we expect that a person performing a similar function would have similar
  hourly costs. The estimated wage rates in connection with the proposed PRA estimates are adjusted for inflation from the wage rates used in the
  currently approved PRA analysis.
\3\ External fees are in addition to the projected hour per adviser burden. Form ADV has a one-time initial cost for outside legal and compliance
  consulting fees in connection with the initial preparation of Parts 2 and 3 of the form. In addition to the estimated legal and compliance consulting
  fees, investment advisers of private funds incur one-time costs with respect to the requirement for investment advisers to report the fair value of
  private fund assets.
\4\ Based on Form ADV data as of December 31, 2021, we estimate that there are 14,756 RIAs (``current RIAs'') and 552 net new advisers that are expected
  to become RIAs annually (``newly expected RIAs''). We obtain the newly expected RIAs number by taking the average number of new RIAs over the past
  three years (1,287) and subtracting the average RIA deregistrations over the past three years (735), for a total of 552 net new advisers on average.
\5\ The $299.50 wage rate reflects current estimates from the SIFMA Wage Report of the blended hourly rate for a senior compliance examiner ($260) and a
  compliance manager ($339). ($260 + $339)/2 = $299.50.
\6\ We estimate that a quarter of RIAs would seek the help of outside legal services and half would seek the help of compliance consulting services in
  connection with the proposed amendments to Form ADV Part 1. This is based on previous estimates and ratios we have used for advisers we expect to use
  external services for initially preparing various parts of Form ADV. See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in
  the 2021 Form ADV PRA did not change that estimate). Because the SIFMA Wage Report does not include a specific rate for an outside compliance
  consultant, we are proposing to use the rates in the SIFMA Wage Report for an outside management consultant, as we have done in the past when
  estimating the rate of an outside compliance counsel. We are adjusting these external costs for inflation, using the currently estimated costs for
  outside legal counsel and outside management consultants in the SIFMA Wage Report: $531 per hour for outside counsel, and $791 per hour for outside
  management consultant (compliance consultants).
\7\ Per above, we are proposing to revise the PRA calculation methodology to apply the full initial burden only to expected RIAs, as we believe that
  current RIAs have generally already incurred the burden of initially preparing Form ADV.
\8\ See 2020 Form ADV PRA Renewal (stating that the estimate average collection of information burden per adviser for Parts 1 and 2 is 29.22 hours,
  prior to the most recent amendment to Form ADV). See also 2021 Form ADV PRA (adding 0.5 hours to the estimated initial burden for Part 1A in
  connection with the most recent amendment to Form ADV). Therefore, the current estimated average initial collection of information hourly burden per
  adviser for Parts 1 and 2 is 29.72 hours (29.22 + 0.5 = 29.72).
\9\ The currently approved average total annual burden for RIAs attributable to annual and other-than-annual updating amendments to Form ADV Parts 1 and
  2 is 10.5 hours per RIA, plus 1.3 hours per year for each RIA to meet its obligation to deliver codes of ethics to clients (10.5 + 1.3 = 11.8 hours
  per adviser). See 2020 Form ADV PRA Renewal (these 2020 hourly estimates were not affected by the 2021 amendments to Form ADV). As we explained in
  previous PRAs, we estimate that each RIA filing Form ADV Part 1 will amend its form 2 times per year, which consists of one interim updating amendment
  (at an estimated 0.5 hours per amendment), and one annual updating amendment (at an estimated 8 hours per amendment), each year. We also explained
  that we estimate that each RIA will, on average, spend 1 hour per year making interim amendments to brochure supplements, and an additional 1 hour per
  year to prepare brochure supplements as required by Form ADV Part 2. See id.
\10\ See 2020 Form ADV PRA Renewal (the subsequent amendment to Form ADV described in the 2021 Form ADV PRA did not affect that estimate).
\11\ External cost per RIA includes the external cost for initially preparing Part 2, which we have previously estimated to be approximately 10 hours of
  outside legal counsel for a quarter of RIAs, and 8 hours of outside management consulting services for half of RIAs. See 2020 Form ADV Renewal (these
  estimates were not affected by subsequent amendments to Form ADV). We add to this burden the estimated external cost associated with the proposed
  amendment (an additional hour of each, bringing the total to 11 hours and 9 hours, respectively, for \1/4\ and \1/2\ of RIAs, respectively). We
  therefore calculate the revised burden per adviser as follows: (((.25 x 14,756 RIAs) x ($531 x 11 hours)) + ((0.50 x 14,756 RIAs) x ($791 x 9 hours)))/
  14,756 RIAs = $5019.75 per adviser.
\12\ Per above, we are proposing to revise the PRA calculation methodology for current RIAs to not apply the full initial burden to current RIAs, as we
  believe that current RIAs have generally already incurred the initial burden of preparing Form ADV. Therefore, we calculate the initial burden
  associated with complying with the proposed amendment of 1.5 initial hour x 14,756 current RIAs = 22,134 initial hours in the first year aggregated
  for current RIAs. We are not amortizing this burden because we believe current advisers will incur it in the first year. For expected new RIAs, we
  estimate that they will incur the full revised initial burden, which is 31.22 hours per RIA. Therefore, 31.22hours x 552 expected RIAs = 17,233.44
  aggregate hours for expected new RIAs. We do not amortize this burden for expected new RIAs because we expect a similar number of new RIAs to incur
  this initial burden each year. Therefore, the total revised aggregate initial burden for current and expected new RIAs is 22,134 hours + 17,233.44
  hours = 39,367.44 aggregate initial hours.
\13\ 12.5 amendment hours x (14,756 current RIAs + 552 expected new RIAs) = 190,975 aggregate amendment hours.
\14\ Per above, for current RIAs, we are proposing to not apply the currently approved external cost for initially preparing Part 2, because we believe
  that current RIAs have already incurred that initial external cost. For current RIAs, therefore, we are applying only the external cost we estimate
  they will incur in complying with the proposed amendment. Therefore, the revised total burden for current RIAs is (((.25 x 14,756 RIAs) x ($531 x 1
  hour)) + ((0.50 x 14,756 RIAs) x ($791 x 1 hour))) = $7,794,857 aggregated for current RIAs. We do not amortize this cost for current RIAs because we
  expect current RIAs will incur this initial cost in the first year. For expected new RIAs, we apply the currently approved external cost for initially
  preparing Part 2 plus the estimated external cost for complying with the proposed amendment. Therefore, $5,019.75 per expected new RIA x 552 =
  $2,770,902 aggregated for expected new RIAs. We do not amortize this cost for expected new RIAs because we expect a similar number of new RIAs to
  incur this external cost each year. $7,794,857 aggregated for current RIAs + $2,770,902 aggregated for expected RIAs = $10,565,759 aggregated external
  cost for RIAs.
\15\ Even though we are not proposing amendments to Form ADV Part 3 (``Form CRS''), the burdens associated with completing Part 3 are included in the
  PRA for purposes of updating the overall Form ADV information collection. Based on Form ADV data as of October 31, 2021, we estimate that 8,877
  current RIAs provide advice to retail investors and are therefore required to complete Form CRS, and we estimate an average of 347 expected new RIAs
  to be advising retail advisers and completing Form CRS for the first time annually.
\16\ See Form CRS Relationship Summary; Amendments to Form ADV, Investment Advisers Act Release No. 5247 (Jun. 5, 2019) [84 FR 33492 (Sep. 10, 2019)]
  (``2019 Form ADV PRA''). Subsequent PRA amendments for Form ADV have not adjusted the burdens or costs associated with Form CRS. Because advisers have
  been required to comply with the Form CRS requirements for less than three years, we have, and are continuing to, apply the total initial amendment
  burden to all current and expected new RIAs that are required to file Form CRS, and amortize that initial burden over three years for current RIAs.
\17\ As reflected in the currently approved PRA burden estimate, we stated that we expect advisers required to prepare and file the relationship summary
  on Form ADV Part 3 will spend an average 1 hour per year making amendments to those relationship summaries and will likely amend the disclosure an
  average of 1.71 times per year, for approximately 1.58 hours per adviser. See 2019 Form ADV PRA (these estimates were not amended by the 2021
  amendments to Form ADV),
\18\ See 2020 Form ADV PRA Amendment (this cost was not affected by the subsequent amendment to Form ADV and was not updated in connection with that
  amendment; while this amendment did not break out a per adviser cost, we calculated this cost from the aggregate total and the number of advisers we
  estimated prepared Form CRS). Note, however, that in our 2020 Form ADV PRA Renewal, we applied the external cost only to expected new retail RIAs,
  whereas we had previously applied the external cost to current and expected retail RIAs. Because advisers have been required to comply with the Form
  CRS requirements for less than three years, we believe that we should continue to apply the cost to both current and expected new retail RIAs. See
  2019 Form ADV PRA.
\19\ 8,877 current RIAs x 6.67 hours each for initially preparing Form CRS = 59,209.59 aggregate hours for current RIAs initially filing Form CRS. For
  expected new RIAs initially filing Form CRS each year, we are not proposing to use the amortized initial burden estimate, because we expect a similar
  number of new RIAs to incur the burden of initially preparing Form CRS each year. Therefore, 347 expected new RIAs x 20 initial hours for preparing
  Form CRS = 6,940 aggregate initial hours for expected RIAs. 59,209.59 hours + 6,940 hours = 66,149.59 aggregate hours for current and expected RIAs to
  initially prepare Form CRS.
\20\ 1.58 hours x (8,877 current RIAs updating Form CRS + 347 expected new RIAs updating Form CRS) = 14,573.92 aggregate amendment hours per year for
  RIAs updating Form CRS.

[[Page 68871]]

 
\21\ We have previously estimated the initial preparation of Form CRS would require 5 hours of external legal services for an estimated quarter of
  advisers that prepare Part 3, and 5 hours of external compliance consulting services for an estimated half of advisers that prepare Part 3. See 2020
  PRA Renewal (these estimates were not amended by the most recent amendment to Form ADV). The hourly cost estimate of $531 and $791 for outside legal
  services and management consulting services, respectively, are based on an inflation-adjusted figure in the SIFMA Wage Report. Therefore, (((.25 x
  8,877 current RIAs preparing Form CRS) x ($531 x 5 hours)) + ((0.50 x 8,877 current RIAs preparing Form CRS) x ($791 x 5 hours))) = $23,447,040. For
  current RIAs, since this is still a new requirement, we amortize this cost over three years for a per year initial external aggregated cost of
  $7,815,680. For expected RIAs that we expect would prepare Form CRS each year, we use the following formula: (((.25 x 347 expected RIAs preparing Form
  CRS) x ($531 x 5 hours)) + ((0.50 x 347 expected RIAs preparing Form CRS) x ($791 x 5 hours))) = $916,513.75 aggregated cost for expected RIAs. We are
  not amortizing this initial cost because we estimate a similar number of new RIAs would incur this initial cost in preparing Form CRS each year,
  $7,815,680 + $916,513.75 = $8,732,193.75 aggregate external cost for current and expected RIAs to initially prepare Form CRS.
\22\ Based on Form ADV data as of Dec. 31, 2021, we estimate that there are 4,813 currently reporting ERAs (``current ERAs''), and an average of 346
  expected new ERAs annually (``expected ERAs'').
\23\ See 2021 Form ADV PRA.
\24\ The previously approved average per adviser annual burden for ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See
  2021 Form ADV PRA. As we have done in the past, we add to this burden the burden for ERAs making final filings, which we have previously estimated to
  be 0.1 hour per applicable adviser, and we estimate that an expected 371 current ERAs will prepare final filings annually, based on Form ADV data as
  of Dec. 2020.
\25\ For current ERAs, we are proposing to not apply the currently approved burden for initially preparing Form ADV, because we believe that current
  ERAs have already incurred this burden. For expected ERAs, we are applying the initial burden of preparing Form ADV of 3.6 hours. Therefore, 3.6 hours
  x 346 expected new ERAs per year = 1,245.6 aggregate initial hours for expected ERAs. For these expected ERAs, we are not proposing to amortize this
  burden, because we expect a similar number of new ERAs to incur this burden each year. Therefore, we estimate 1,245.6 aggregate initial annual hours
  for expected ERAs.
\26\ The previously approved average total annual burden of ERAs attributable to annual and updating amendments to Form ADV is 1.5 hours. See 2020 Form
  ADV Renewal (this estimate was not affected by the subsequent amendment to Form ADV). As we have done in the past, we added to this burden the
  currently approved burden for ERAs making final filings of 0.1 hour, and multiplied that by the number of final filings we are estimating ERAs would
  file per year (371 final filings based on Form ADV data as of Dec. 2020). (1.5 hours x 4,813 currently reporting ERAs) + (0.1 hour x 371 final
  filings) = 7,256.6 updated aggregated hours for currently reporting ERAs. For expected ERAs, the aggregate burden is 1.5 hours for each ERA
  attributable to annual and other-than-annual updating amendments to Form ADV x 346 expected new ERAs = 519 annual aggregated hours for expected new
  ERAs updating Form ADV (other than for private fund reporting). The total aggregate amendment burden for ERAs (other than for private fund reporting)
  is 7,265.6 + 519 = 7,775.6 hours.
\27\ Based on Form ADV data as of Oct. 31, 2021, we estimate that 5,232 current RIAs advise 43,501 private funds, and expect an estimated 136 new RIAs
  will advise 407 reported private funds per year. We estimate that 4,959 current ERAs advise 23,476 private funds, and estimate an expected 372 new
  ERAs will advise 743 reported private funds per year. Therefore, we estimate that there are 66,977 currently reported private funds reported by
  current private fund advisers (43,501 + 23,476), and there will be annually 1,150 new private funds reported by expected private fund advisers (407 +
  743). The total number of current and expected new RIAs that report or are expected to report private funds is 5,368 (5,232 current RIAs that report
  private funds + 136 expected RIAs that would report private funds).
\28\ See 2020 Form ADV PRA Renewal (this per adviser burden was not affected by subsequent amendments to Form ADV).
\29\ We previously estimated that an adviser without the internal capacity to value specific illiquid assets would obtain pricing or valuation services
  at an estimated cost of $37,625 each on an annual basis. See Rules Implementing Release, supra footnote82. However, because we estimated that external
  cost in 2011, we are proposing to use an inflation-adjusted cost of $46,865.74, based on the CPI calculator published by the Bureau of Labor
  Statistics at https://www.bls.gov/data/inflation_calculator.htm. As with previously approved PRA methodologies, we continue to estimate that 6% of
  RIAs have at least one private fund client that may not be audited. See 2020 Form ADV PRA Renewal.
\30\ Per above, for currently reported private funds, we are proposing to not apply the currently approved burden for initially reporting private funds
  on Form ADV, because we believe that current private fund advisers have already incurred this burden. For the estimated 1,150 new private funds
  annually of expected private fund advisers, we calculate the initial burden of 1 hour per private fund. 1 hour per expected new private fund x 1,150
  expected new private funds = 1,150 aggregate hours for expected new private funds. For these expected new private funds, we are not proposing to
  amortize this burden, because we expect new private fund advisers to incur this burden with respect to new private funds each year. Therefore, we
  estimate 1,150 aggregate initial hours for expected private fund advisers.
\31\ As with previously approved PRA methodologies, we continue to estimate that 6% of registered advisers have at least one private fund client that
  may not be audited, therefore we estimate that the total number of audits for current and expected RIAs is 6% x 5,368 current and expected RIAs
  reporting private funds or expected to report private funds = 322.08 audits. We therefore estimate that approximately 322 registered advisers incur
  costs of $46,865.74 each on an annual basis (see note 29 describing the cost per audit), for an aggregate annual total cost of $15,090,768.30.
\32\ 433,004 currently approved burden hours/18,179 advisers (current and expected annually) = 23.82 hours per adviser. See 2021 Form ADV PRA.
\33\ $14,125,083 currently approved aggregate external cost/18,179 advisers (current and expected annually) = $777 blended average external cost per
  adviser.
\34\ 321,237.15 aggregate annual hours for current and expected new advisers (see infra note 38)/(14,756 current RIAs + 552 expected RIAs + 4,813
  current ERAs +346 expected ERAs) = 15.70 blended average hours per adviser.
\35\ $34,355,721.05 aggregate external cost for current and expected new advisers (see infra note 39)/(20,467 advisers current and expected annually
  (see supra footnote 34) = $1,678.59 blended average hours per adviser.
\36\ See 2021 Form ADV PRA.
\37\ See 2021 Form ADV PRA.
\38\ 39,367.44. hours (internal initial burden for Parts 1 and 2) + 190,975 4 hours (internal annual amendment burden for Parts 1 and 2) + 66,149.59
  hours (internal initial burden for Part 3) + 14,573.92 hours (internal annual amendment burden for Part 3) + 1,245.6 hours (internal initial burden
  for ERAs) + 7,775.6 hours (internal annual amendment burden for ERAs) + 1,150 hours (Internal initial burden for private funds) = 321,237.15 aggregate
  annual hours for current and expected new advisers.
\39\ $10,565,759 + $8,732,193.75 + $15,090,768.30 = $34,355,721.05.

D. Request for Comment

    We request comment on whether these estimates are reasonable. 
Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments 
in order to: (1) evaluate whether the proposed collection of 
information is necessary for the proper performance of the functions of 
the Commission, including whether the information will have practical 
utility; (2) evaluate the accuracy of the Commission's estimate of the 
burden of the proposed collection of information; (3) determine whether 
there are ways to enhance the quality, utility, and clarity of the 
information to be collected; and (4) determine whether there are ways 
to minimize the burden of the collection of information on those who 
are to respond, including through the use of automated collection 
techniques or other forms of information technology.
    Persons wishing to submit comments on the collection of information 
requirements of the proposed amendments should direct them to the OMB 
Desk Officer for the Securities and Exchange Commission, 
[email protected], and should send a copy to 
Vanessa A. Countryman, Secretary, Securities and Exchange Commission, 
100 F Street NE, Washington, DC 20549-1090, with reference to File No. 
S7-25-22. OMB is required to make a decision concerning the collections 
of information between 30 and 60 days after publication of this 
release; therefore a comment to OMB is best assured of having its full 
effect if OMB receives it within 30 days after publication of this 
release. Requests for materials submitted to OMB by the Commission with 
regard to these collections of information should be in writing, refer 
to File No. S7-25-22, and be submitted to the Securities and Exchange 
Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 
20549-2736.

V. Initial Regulatory Flexibility Act Analysis

    The Commission has prepared the following Initial Regulatory 
Flexibility Analysis (``IRFA'') in accordance with section 3(a) of the 
Regulatory Flexibility Act (``RFA'').\278\ It relates to proposed rule 
206(4)-11 under the Advisers Act and proposed amendments to Form ADV 
and rule 204-2 under the Advisers Act.
---------------------------------------------------------------------------

    \278\ 5 U.S.C. 603(a).
---------------------------------------------------------------------------

A. Reason For and Objectives of the Proposed Action

    The reasons for, and objectives of, the proposed rule and 
amendments are discussed in more detail in sections I and II, above. 
The burdens of these

[[Page 68872]]

requirements on small advisers are discussed below as well as above in 
sections III and IV, which discuss the burdens on all advisers.
    We are proposing rule 206(4)-11 under the Advisers Act to require 
all advisers registered with the Commission to conduct due diligence 
and monitoring of its service providers. We believe advisers are 
increasingly relying on service providers to outsource certain 
functions without appropriate oversight, and there may be heightened 
risks because of it such as compliance gaps, poor operational 
management or risk measurement, or loss of sensitive client information 
and data. The proposed rule would therefore require a minimum and 
consistent oversight framework for all investment advisers outsourcing 
functions or services that are necessary to provide their advisory 
services in compliance with the Federal securities laws, and that if 
not performed or performed negligently, would be reasonably likely to 
cause a material negative impact on an adviser's clients or an 
adviser's ability to perform its services.\279\
---------------------------------------------------------------------------

    \279\ See proposed rule 206(4)-11(a).
---------------------------------------------------------------------------

    We are also proposing related amendments to rule 204-2, the 
Advisers Act books and records rule, which set forth requirements for 
making and keeping records related to the due diligence and monitoring 
requirements.\280\ We are proposing these amendments to: (1) conform 
the books and records rule to the proposed service provider oversight 
rule; (2) help ensure that an investment adviser retains records of all 
of its documents related to its service provider oversight; and (3) 
facilitate the Commission's inspection and enforcement capabilities. In 
addition, we are proposing to add a new provision to rule 204-2 
requiring advisers that rely on a third party for any recordkeeping 
function required by that rule to perform due diligence and monitoring 
of that third party consistent with the requirements under proposed 
rule 206(4)-11 as though the recordkeeping function were a ``covered 
function'' and the third party were a ``service provider,'' each as 
defined in proposed rule 206(4)-11(b), and obtain reasonable assurances 
that the third party will meet certain standards.\281\ The standards 
are intended to protect required records from loss, alteration or 
destruction and to require that such records be accessible to the 
investment adviser and the Commission staff while maintaining 
appropriate freedom for investments advisers to contract with service 
providers to assist with recordkeeping functions.
---------------------------------------------------------------------------

    \280\ See proposed rule 204-2 (recordkeeping); proposed rule 
204-6, and amendments to rule 204-3 and Form ADV (reporting); and 
amendments to Forms N-1A, N-2, N-3, N-4, N-6, N-8B-2, and S-6 
(disclosure).
    \281\ See proposed rule 204-2(l).
---------------------------------------------------------------------------

    Lastly, we are proposing amendments to Form ADV for advisers 
registered or required to be registered with the Commission to disclose 
information about certain service providers. We believe this 
requirement would help the Commission and its staff in their efforts to 
oversee registered investment advisers and enhance client and investor 
disclosures. More information about service providers that perform 
covered functions would provide the Commission with a better 
understanding of the material services and functions that advisers 
outsource and permit us to enhance our assessment of advisers' reliance 
on service providers for purposes of targeting examinations. The 
information would also help us identify particular service providers 
that may pose a risk to clients and investors and provide us with the 
ability to conduct a more comprehensive assessment of advisers.
    We believe that the proposed rule and amendments discussed above 
would, together, improve the ability of advisers as well as their 
clients and prospective clients to evaluate and understand relevant 
risks and incidents related to the use of service providers that they 
face and the potential effect on the advisers' services and operations.
1. Proposed Rule 206(4)-11
    Proposed rule 206(4)-11 would require an adviser to conduct due 
diligence before engaging a service provider to perform a covered 
function.\282\ In conducting its due diligence, the adviser would be 
required to, among other things, identify the nature and scope of the 
covered function the service provider is to perform, identify and 
determine how it will mitigate and manage potential risks, determine 
that the service provider has the competence, capacity, and resources 
necessary to perform the covered function, determine whether the 
service provider has any material subcontracting arrangements, and 
obtain certain reasonable assurances from the service provider.\283\ 
The proposed rule would also require the adviser periodically to 
monitor the service provider's performance of the covered function and 
reassess the due diligence required under the proposed rule.\284\
---------------------------------------------------------------------------

    \282\ See proposed rule 206(4)-11(a)(1).
    \283\ See proposed rule 206(4)-11(a)(1).
    \284\ See proposed rule 206(4)-11(a)(2).
---------------------------------------------------------------------------

2. Proposed Amendments to Rule 204-2
    We are proposing related amendments to rule 204-2, the books and 
records rule, under the Advisers Act, which sets forth requirements for 
maintaining, making, and retaining specified books and records. We are 
proposing to amend the current rule to require advisers to make and 
keep: (1) a list or other record of covered functions that the adviser 
has outsourced to a service provider, along with a record of the 
factors that led the adviser to list it as a covered function; (2) 
records documenting the due diligence assessment; (3) a copy of any 
written agreement; and (4) records documenting the periodic monitoring 
of a service provider.\285\ These records would be required to be 
maintained throughout the time period during which the adviser has 
outsourced a covered function to a service provider and for a period of 
five years thereafter.\286\
---------------------------------------------------------------------------

    \285\ See proposed rule 204-2(a)(24).
    \286\ See proposed rule 204-2(e)(4).
---------------------------------------------------------------------------

    We are also proposing an amendment to the rule 204-2 to require 
every investment adviser registered or required to be registered that 
relies on a third party to make and/or keep required by rule 204-2, to 
perform due diligence and monitoring of that third party as prescribed 
in proposed rule 206(4)-11 as though the recordkeeping function were a 
``covered function'' and the third party were a ``service provider'', 
each as defined in proposed rule 206(4)-11(b), and obtain reasonable 
assurances that the third party will meet four standards: (i) adopt and 
implement internal processes and/or systems for making and keeping 
records on behalf of the investment adviser that meet all of the 
requirements of the recordkeeping rule applicable to the adviser in 
providing services to the adviser; (ii) make and/or keep records that 
meet all of the requirements of the recordkeeping rule applicable to 
the adviser; (iii) for electronic records, allow the investment adviser 
and staff of the Commission to access the records easily through 
computers or systems; and (iv) have arrangements in place to ensure the 
continued availability of records in the event that the third party's 
operations cease or the relationship with the investment adviser is 
terminated.\287\
---------------------------------------------------------------------------

    \287\ See proposed rule 204-2(l).
---------------------------------------------------------------------------

3. Proposed Amendments to Form ADV
    We are proposing related amendments to Form ADV. The amendments 
would require advisers registered or required to be registered with the 
Commission to identify their service providers that

[[Page 68873]]

perform covered functions, provide their location, the date they were 
first engaged to provide covered functions, and state whether they are 
related persons of the adviser. For each of these service providers, 
the amendments would require specific information that would clarify 
the services or functions they provide. The new reporting item would 
appear in Item 7 of Form ADV, which currently requires advisers to 
disclose information about financial industry affiliations. More 
detailed information would be required to be filled in Schedule D of 
Part 1A under the revised Item 7.

B. Legal Basis

    The Commission is proposing rule 206(4)-11 under the Advisers Act 
under the authority set forth in sections 203(d), 206(4), and 211(a) 
and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(d), 10b-6(4) and 
80b-11(a) and (h)]. The Commission is proposing amendments to rule 204-
2 under the Advisers Act under the authority set forth in sections 204 
and 211 of the Advisers Act of 1940 [15 U.S.C. 80b-4 and 80b-11]. The 
Commission is proposing amendments to Form ADV under section 19(a) of 
the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of 
the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of 
the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of 
the Investment Company Act [15 U.S.C. 80a-37(a)], and sections 
203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 
U.S.C. 80b-3(c)(1), 80b-4, and 80b-11(a) and (h)].

C. Small Entities Subject to the Rules and Rule Amendments

    In developing these proposals, we have considered their potential 
effect on small entities that would be subject to the proposed rule and 
amendments. The proposed rule and amendments would affect many, but not 
all, investment advisers registered with the Commission, including some 
small entities.
1. Small Entities Subject to Proposed Rule 206(4)-11 and Proposed 
Amendments to Rule 204-2 and Form ADV
    Under Commission rules, for the purposes of the Advisers Act and 
the RFA, an investment adviser generally is a small entity if it: (1) 
has assets under management having a total value of less than $25 
million; (2) did not have total assets of $5 million or more on the 
last day of the most recent fiscal year; and (3) does not control, is 
not controlled by, and is not under common control with another 
investment adviser that has assets under management of $25 million or 
more, or any person (other than a natural person) that had total assets 
of $5 million or more on the last day of its most recent fiscal 
year.\288\ Our proposed rule and amendments would not affect most 
investment advisers that are small entities (``small advisers'') 
because they are generally registered with one or more state securities 
authorities and not with the Commission. Under section 203A of the 
Advisers Act, most small advisers are prohibited from registering with 
the Commission and are regulated by state regulators. Based on IARD 
data, we estimate that as of December 31, 2021, approximately 471 SEC-
registered advisers are small entities under the RFA.\289\
---------------------------------------------------------------------------

    \288\ Advisers Act rule 0-7(a) [17 CFR 275.0-7].
    \289\ Based on SEC-registered investment adviser responses to 
Items 5.F. and 12 of Form ADV.
---------------------------------------------------------------------------

    The Commission estimates that based on IARD data as of December 31, 
2021, approximately 14,756 investment advisers would be subject to 
proposed rule 206(4)-11 and the related proposed amendments to rule 
204-2 under the Advisers Act and Form ADV.\290\
---------------------------------------------------------------------------

    \290\ See supra section III.B.1.
---------------------------------------------------------------------------

    All of the approximately 471 SEC-registered advisers that are small 
entities under the RFA would be subject to proposed rule 206(4)-11 and 
the related proposed amendments to rule 204-2 under the Advisers Act 
and Form ADV.

D. Projected Reporting, Recordkeeping and Other Compliance Requirements

1. Proposed Rule 206(4)-11
    Proposed rule 206(4)-11 would impose certain compliance 
requirements on investment advisers, including those that are small 
entities. All registered investment advisers, including small entity 
advisers, would be required to comply with the proposed rule's due 
diligence and monitoring requirements. The proposed requirements, 
including compliance and recordkeeping requirements, are summarized in 
this IRFA (section V.A. above). All of these proposed requirements are 
also discussed in detail, above, in sections I and II, and these 
requirements and the burdens on respondents, including those that are 
small entities, are discussed above in section III (the Economic 
Analysis) and below. The professional skills required to meet these 
specific burdens are also discussed in sections III and IV.
    There are different factors that would affect whether a smaller 
adviser incurs costs relating to these requirements that are higher or 
lower relative to other firms and likely to vary depending on the 
adviser's current practices. The specifics of these burdens are 
discussed in the Economic Analysis, which also discusses the burdens on 
all registered investment advisers.\291\ For example, although a 
smaller adviser's use of service providers should include sufficient 
oversight by the adviser so as to fulfill the adviser's fiduciary duty, 
comply with the Federal securities laws, and protect clients from 
potential harm, those current practices may not meet the specific 
requirements of the proposal. In addition, smaller advisers who may not 
enjoy economies of scale or scope or may have less valuable brands than 
larger advisers, could be expected to be more prone to underinvestment 
in service provider oversight than larger advisers.\292\
---------------------------------------------------------------------------

    \291\ See supra section III.D.
    \292\ See supra section III.D at footnote 121 and accompanying 
text.
---------------------------------------------------------------------------

    Also, while we would expect larger advisers to incur higher costs 
related to this proposed rule in absolute terms relative to a smaller 
adviser, we would expect a smaller adviser to find it more costly, per 
dollar managed, to comply with the proposed requirements because it 
would not be able to benefit from a larger adviser's economies of 
scale. For example, if there are fixed costs associated with the 
proposed regulations, then smaller advisers would generally tend to 
bear a greater cost, relative to adviser size, than larger advisers. To 
the extent there are material fixed costs associated with the proposed 
rule, then we would expect the possible negative effect on competition 
to be greater for smaller advisers who engage service providers because 
the proposed regulations would tend to increase their costs more 
(relative to adviser size) than for larger advisers that engage service 
providers.\293\
---------------------------------------------------------------------------

    \293\ See also supra footnote 192 and accompanying text. The 
division of the service provider's direct costs between the service 
provider and the adviser would depend primarily on the relative 
bargaining power of the two parties.
---------------------------------------------------------------------------

    Of the approximately 471 small advisers currently registered with 
us, we estimate that 100 percent of those advisers would be subject to 
the proposed rule 206(4)-11. The proposed rule 206(4)-11 under the 
Advisers Act, which would require advisers to conduct due diligence and 
monitoring of their service providers, would create new annual costs 
for advisers.\294\ We estimate that the due diligence and monitoring 
requirements would create an ongoing annual burden of

[[Page 68874]]

approximately 195.56 hours per small adviser, or 92,108.76 hours in 
aggregate for small advisers.\295\ We therefore expect the annual 
monetized aggregate cost to small advisers associated with our proposed 
amendments would be approximately $27,698,987.\296\
---------------------------------------------------------------------------

    \294\ See supra sections III.D.1, III.D.2, and IV.
    \295\ See supra sections III.D.1 and III.D.2. We estimate that 
the ongoing annual burden for the required due diligence and 
monitoring of service providers would be on the minimum-cost 
estimates as described in sections III.D.1 and III.D.2 because we 
expect smaller advisers to be represented in these lower bound 
estimates.
    \296\ See supra sections III.D.1, III.D.2. $867,783,964 total 
cost x (471 small advisers/14,756 advisers) = $27,698,986.70.
---------------------------------------------------------------------------

2. Proposed Amendments to Rule 204-2
    The proposed amendments to rule 204-2 would impose certain 
requirements related to the creation and maintenance of records on 
investment advisers, including those that are small entities. All 
registered investment advisers, including small entity advisers, would 
be required to comply with the recordkeeping amendments, which are 
summarized in this IRFA (section V.C. above). The proposed amendments 
are also discussed in detail, above, in sections I and II, and the 
requirements and the burdens on respondents, including those that are 
small entities, are discussed above in sections III and IV (the 
Economic Analysis and Paperwork Reduction Act Analysis, respectively) 
and below. The professional skills required to meet these specific 
burdens are also discussed in sections III and IV.
    Of the approximately 471 small advisers currently registered with 
us, we estimate that 100 percent of those advisers would be subject to 
the proposed amendments to rule 204-2. The proposed amendments to rule 
204-2 under the Advisers Act, which would require advisers to make and 
keep certain documents required under proposed rule 206(4)-11 and 204-
2(l), would create a new annual burden of approximately 15 hours per 
small adviser, or 7,065 hours in aggregate for small advisers.\297\ We 
therefore expect the annual monetized aggregate cost to small advisers 
associated with recordkeeping required by the proposed amendments would 
be $1,964,541.\298\ The proposed amendments to rule 204-2 also would 
require advisers that rely on third parties to make and/or keep records 
required by rule 204-2 to perform certain due diligence and monitoring 
of such third parties.\299\ We estimate that these due diligence and 
monitoring requirements would create an ongoing annual burden of 
approximately 29 hours per small adviser, or 13,659 hours in aggregate 
for small advisers.\300\ We therefore expect the annual monetized 
aggregate cost to small advisers associated with the due diligence and 
monitoring requirements required by the proposed amendments would be 
approximately $4,154,849.\301\
---------------------------------------------------------------------------

    \297\ See supra section IV.B.
    \298\ $61,547,276 total cost x (471 small advisers/14,756 
advisers) = $1,964,541.
    \299\ See proposed rule 204-2(l).
    \300\ See supra section III.D.3. We estimate that the ongoing 
annual burden for the required due diligence and monitoring of 
third-party recordkeepers would be on the minimum-cost estimates as 
described in section III.D.3 because we expect smaller advisers to 
be represented in this lower bound estimate.
    \301\ $130,167,595 total cost x (471 small advisers/14,756 
advisers) = $4,154,848.01.
---------------------------------------------------------------------------

3. Proposed Amendments to Form ADV
    The proposed amendments to Form ADV would impose certain reporting 
and compliance requirements on investment advisers, including those 
that are small entities. Specifically, new Item 7.C. of Form ADV would 
require advisers to disclose whether they outsource any covered 
functions to a service provider and report more detailed information 
about such service providers in new Section 7.C. of Schedule D. All 
SEC-registered investment advisers, including small entity advisers, 
would be required to comply with the proposed rule's reporting 
requirement by completing this portion of Form ADV.\302\ The proposed 
requirements, including reporting and compliance requirements, are 
summarized in this IRFA (section V.C. above). All of these proposed 
requirements are also discussed in detail, above, in sections I and II, 
and these requirements and the burdens on respondents, including those 
that are small entities, are discussed above in sections III and IV 
(the Economic Analysis and Paperwork Reduction Act Analysis, 
respectively) and below. The professional skills required to meet these 
specific burdens are also discussed in sections III through IV.
---------------------------------------------------------------------------

    \302\ The proposal would not require exempt reporting advisers 
to respond to Item 7.C. See proposed General Instruction 3 (not 
requiring exempt reporting advisers to complete Form ADV, Part IA, 
Item 7.C.
---------------------------------------------------------------------------

    Of the approximately 471 small advisers currently registered with 
us, we estimate that 100 percent of those advisers would be subject to 
the Form ADV amendments. New Item 7.C. of Form ADV, which would require 
advisers to report to the Commission information about certain of their 
service providers, would create a new annual burden of approximately 
0.7 hours per adviser, or 329.7 hours in aggregate for small 
advisers.\303\ We therefore expect the annual monetized aggregate 
internal cost to small advisers associated with our proposed amendments 
would be $98,745.15.\304\
---------------------------------------------------------------------------

    \303\ See supra section IV.C.
    \304\ $3,093,595.40 total cost x (471 small advisers/14,756 
advisers) = $98,745.15.
---------------------------------------------------------------------------

E. Duplicative, Overlapping, or Conflicting Federal Rules

1. Proposed Rule 206(4)-11
    In proposing this rule 206(4)-11, we recognize that investment 
advisers today are subject to a number of rules and regulations which 
indirectly address the oversight of an adviser's service providers. 
However, investment advisers do not have explicit due diligence and 
monitoring obligations under the Advisers Act specifically for service 
providers. The proposed rule would provide a comprehensive oversight 
framework, consisting of specific due diligence and monitoring 
elements, which we believe would be complementary to existing 
obligations and practices rather than duplicative or conflicting.
    In addition, rule 206(4)-7 under the Advisers Act requires advisers 
to consider, among other things, their regulatory obligations and 
formalize policies and procedures reasonably designed to prevent 
violation of the Advisers Act. While rule 206(4)-7 does not enumerate 
specific elements that an adviser must include in its compliance 
program, advisers may already be assessing the various risks created by 
their particular circumstances in hiring service providers when 
developing their compliance policies and procedures to address such 
risks. To the extent there may be overlap between existing practices 
employed by firms in implementing their written policies and procedures 
under rule 206(4)-7 and the proposal, these practices may not meet all 
the specific requirements of the proposal as existing rules do not 
provide a comprehensive oversight framework when outsourcing covered 
functions. Therefore, these practices would be complementary to the 
requirements of the proposed rule, rather than duplicative or 
conflicting.
    Advisers may also consider the risks associated with the use of 
service providers when service providers are engaged on behalf of 
registered investment companies, which may be subject to other 
oversight rules under the Federal securities laws. For example, rule 
38a-1 under the Investment Company Act requires certain compliance 
procedures and practices by registered investment

[[Page 68875]]

companies including board approval of the policies and procedures of 
each adviser, principal underwriter, administrator, and transfer agent 
of the fund.\305\ The board approval must be based on a finding by the 
board that the policies and procedures are reasonably designed to 
prevent violation of the Federal securities laws by the fund and the 
adviser.\306\ If these same service providers (i.e., principal 
underwriter, administrator, and transfer agent) are engaged by the 
adviser to service their mutual fund clients, then there may be 
potential for overlap between the proposed rule and rule 38a-1. 
However, we believe that the two rules are complementary, and that the 
adviser should separately conduct its own due diligence and monitoring 
to the extent that it engages a service provider for its fund clients 
because unlike 38a-1, the proposed rule is not limited to reviewing 
solely a service provider's policies and procedures.\307\
---------------------------------------------------------------------------

    \305\ See rule 38a-1(a)(1) and (2).
    \306\ See id.
    \307\ See id.
---------------------------------------------------------------------------

    Advisers to registered investment companies might also consider the 
risks of service providers when valuation agents or pricing services 
are engaged for purposes of complying with rule 2a-5, also known as the 
valuation rule, under the Investment Company Act.\308\ The valuation 
rule requires that funds assess periodically any material risks 
associated with determining the fair value of the fund's investments, 
including material conflicts of interest, and managing those identified 
valuation risks.\309\ As part of the rule, the fund's board might 
designate a fund's investment adviser as the ``valuation designee,'' 
which would be subject to the board's oversight. As the valuation 
designee, the adviser may choose to outsource certain functions to a 
service provider such as a third-party pricing agent or valuation 
company. In the event that it does, there would have to be fund board 
oversight, which includes periodic reporting to the board of any 
reports or materials related to the fair value of investments or 
process for fair valuing fund investments as well as prompt board 
notification and reporting of any occurrence of matters that materially 
affect the fair value of the designated portfolio of investments.\310\ 
An adviser's engagement of a valuation agent or pricing services might 
involve some oversight such as due diligence and monitoring, but it 
would be focused on the fair valuation of investments, and not a 
comprehensive oversight of the service provider that engages in other 
covered functions, which our proposed rule is designed to strengthen.
---------------------------------------------------------------------------

    \308\ See rule 2a-5.
    \309\ See id.
    \310\ See rule 2a-5(b)(1).
---------------------------------------------------------------------------

    Some advisers may also consider the risks associated with the use 
of service providers when complying with certain obligations under the 
Advisers Act. For example, advisers registered or required to be 
registered with the Commission are subject to section 204A of the 
Advisers Act, which requires an adviser to establish, maintain, and 
enforce written policies and procedures reasonably designed to prevent 
the misuse of material, nonpublic information by the adviser or any 
person associated with the adviser.\311\ In addition, rule 204A-1 under 
the Advisers Act requires, among other things, that an adviser's code 
of ethics sets forth requirements that certain advisory personnel 
report personal securities trading to provide a mechanism for the 
adviser to identify improper trades or patterns of trading and its 
supervised persons comply with the Federal securities laws.\312\ As 
part of an adviser's compliance with these obligations and 
implementation of its code of ethics, an adviser may conduct some 
oversight of third party arrangements which relate to certain 
obligations under its code of ethics, such as the use and protection of 
material non-public information. While such oversight may include some 
due diligence and monitoring, it would be focused on the requirements 
of the adviser's code of ethics, and not a comprehensive oversight of 
the service provider that engages in other covered functions.
---------------------------------------------------------------------------

    \311\ See 15 U.S.C. 80b-4a.
    \312\ See 17 CFR 275.204A-1.
---------------------------------------------------------------------------

    Other rules also include requirements for protecting an investment 
adviser's client information, including the provision of that 
information to third parties, which could include service providers 
covered by the proposed rule. Regulation S-P and Regulation S-ID 
require, among other things, investment advisers registered with the 
Commission to adopt policies and procedures to protect various records 
and information of customers. Regulation S-P provides requirements to 
adopt written policies and procedures reasonably designed to: (i) 
insure the security and confidentiality of records and information of 
an adviser's client; (ii) protect against any anticipated threats or 
hazards to the security or integrity of such records and information; 
and (iii) protect against unauthorized access to or use of such records 
or information that could result in substantial harm or inconvenience 
to an adviser's client.\313\ Regulation S-ID provides requirements to 
develop and implement a written identity theft program that includes 
policies and procedures to identify relevant types of identity theft 
red flags, detect the occurrence of those red flags, and to respond 
appropriately to the detected red flags.\314\ If the adviser is a 
financial institution or creditor with covered accounts, Reg. S-ID, at 
17 CFR 248.201(e)(4), requires it to ``Exercise appropriate and 
effective oversight of service provider arrangements,'' and section 
VI(c) of the Interagency Guidelines on Identity Theft Detection, 
Prevention, and Mitigation in Appendix A to Reg. S-ID provides: \315\
---------------------------------------------------------------------------

    \313\ See 17 CFR 248.30.
    \314\ See 17 CFR 248.201.
    \315\ 17 CFR 248 Appendix A to Subpart C.

    Whenever a financial institution or creditor engages a service 
provider to perform an activity in connection with one or more 
covered accounts the financial institution or creditor should take 
steps to ensure that the activity of the service provider is 
conducted in accordance with reasonable policies and procedures 
designed to detect, prevent, and mitigate the risk of identity 
---------------------------------------------------------------------------
theft.

    Where an adviser outsources certain cybersecurity functions, the 
adviser may already conduct due diligence and monitoring of service 
providers pursuant to policies and procedures to address Regulation S-P 
or Regulation S-ID. For example, advisers may already have policies and 
procedures to address the handling of non-public trading information or 
PII when service providers have access to such information under 
Regulation S-P and S-ID. As another example, if a nonaffiliated trading 
services provider were to receive nonpublic personal information from 
the adviser under an exception from Reg. S-P's notice and opt out 
requirements, its reuse and re-disclosure of the information would be 
limited to performing trading services for the adviser's clients by 
Reg. S-P, at 17 CFR 248.11(a), or the corresponding requirement of 
another Gramm-Leach-Bliley Act regulatory agency if the service 
provider is not regulated by the SEC.
    While some advisers may conduct proper due diligence and monitoring 
of their valuation agents or pricing services, third-party 
recordkeepers, and certain service providers such as those arrangements 
that raise privacy or cybersecurity risks under the existing regulatory 
framework, there are no Commission rules that explicitly require firms 
to conduct the comprehensive due diligence and monitoring of their 
service providers, as proposed under the

[[Page 68876]]

proposed rule. As stated above, we believe that the proposed rule would 
be complementary, rather than duplicative of, the current and other 
proposed rules.
2. Proposed Amendments to Rule 204-2
    Together with proposed rule 206(4)-11, we are proposing 
corresponding amendments to rule 204-2, the Advisers Act books and 
records rule. Rule 204-2 prescribes the type, manner, location and 
duration of records to be maintained by registered investment advisers 
registered or required to be registered with the Commission, but does 
not currently prescribe requirements for when an adviser outsources one 
or more required recordkeeping functions to a third party. Under the 
proposed amendments to rule 204-2, when an adviser relies on a third 
party to make and keep records of the adviser required under the rule, 
an adviser would be required to comply with the requirements of 
proposed rule 204-2(l), including performing the same due diligence and 
monitoring prescribed by proposed rule 206(4)-11 as though the 
recordkeeping function were a ``covered function'' and the third party 
were a ``service provider'', each as defined in proposed rule 206(4)-
11(b). An adviser may currently conduct certain due diligence and 
monitoring of these types of third-party recordkeepers as part of the 
adviser's efforts to ensure its compliance with its existing 
recordkeeping obligations. However, these practices may not meet all 
the specific requirements of the proposal as rule 204-2 does not 
currently prescribe specific due diligence and monitoring requirements 
nor does the existing rule framework provide a comprehensive oversight 
of such service providers. Additionally, under rule 204-2(f), an 
investment adviser, before discontinuing its investment advisory 
business or otherwise terminating its advisory activities, is required 
to arrange and be responsible for the preservation of books and records 
required by the rule for the remainder of the required retention 
period. While an adviser may currently seek to coordinate with a third-
party recordkeeper to ensure records required under the recordkeeping 
rule will be preserved for the required retention period, that adviser 
may not have obtained reasonable assurance that the third party will 
make arrangements to ensure the continued availability of records 
should the third party cease its business operations. Proposed rule 
204-2(l) is intended to complement existing rule 204-2(f) and ensure 
the continued availability of the records in the event that a third-
party recordkeeper ceases operations or the relationship with the 
adviser is terminated.
    The amendments to rule 204-2 are complementary to the existing 
recordkeeping framework because the changes would conform rule 204-2 to 
the proposed service provider oversight rule and provide express 
requirements for when an adviser outsources recordkeeping functions. 
There are no duplicative, overlapping, or conflicting Federal rules 
with respect to the proposed amendments to rule 204-2.
3. Proposed Amendments to Form ADV
    Our proposed new Item 7.C in Form ADV Part 1A would require SEC-
registered advisers to: (1) indicate whether they outsource any covered 
functions to a service provider; (2) disclose information of each such 
service provider including legal and primary business names of the 
service provider, legal entity identifier, and address of service 
provider; (3) indicate whether identified service provider is a related 
person of the adviser; (4) date the service provider was first engaged, 
and (5) the covered function(s) that the service provider is engaged to 
perform. Currently, Item 7 in Form ADV Part 1A requires an adviser to 
disclose information about financial industry affiliations and 
activities, and to state whether the adviser advises any private funds, 
and if so, provide certain information related to those private funds. 
The proposed requirements would not be duplicative of, overlap, or 
conflict with, other information advisers are required to provide on 
Form ADV.

F. Significant Alternatives

    The Regulatory Flexibility Act (``RFA'') directs the Commission to 
consider significant alternatives that would accomplish our stated 
objective, while minimizing any significant economic effect on small 
entities.\316\ We considered the following alternatives for small 
entities in relation to our proposal: (1) exempting advisers that are 
small entities from the proposed due diligence and monitoring 
requirements under proposed rule 206(4)-11 and related provisions under 
the proposed amendments to rule 204-2, to account for resources 
available to small entities; (2) establishing different requirements or 
frequency, to account for resources available to small entities; (3) 
clarifying, consolidating, or simplifying the compliance requirements 
under the proposal for small entities; and (4) using design rather than 
performance standards.
---------------------------------------------------------------------------

    \316\ See 5 U.S.C. 603(c).
---------------------------------------------------------------------------

1. Proposed Rules 206(4)-11 and 204-2
    The RFA directs the Commission to consider significant alternatives 
that would accomplish our stated objectives, while minimizing any 
significant adverse effect on small entities. We considered the 
following alternatives for small entities in relation to the proposed 
rules 206(4)-11 and 204-2: (1) differing compliance or reporting 
requirements that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the proposed rule for such 
small entities; (3) the use of design rather than performance 
standards; and (4) an exemption from coverage of the proposed rule, or 
any part thereof, for such small entities.
    Regarding the first and fourth alternatives, the Commission 
believes that establishing different compliance or reporting 
requirements for small advisers, or exempting small advisers from the 
proposed rule, or any part thereof, would be inappropriate under these 
circumstances. Because the protections of the Advisers Act are intended 
to apply equally to clients of both large and small firms, it would be 
inconsistent with the purposes of the Advisers Act to specify 
differences for small entities under the proposed rule 206(4)-11 and 
corresponding changes to rule 204-2. We believe that the proposed rule 
would result in multiple benefits to clients.\317\ For example, having 
appropriate due diligence and monitoring measures in place would help 
address any potential risks and incidents that occur at the service 
provider and help protect advisers and their clients from greater risk 
of harm. We believe that these benefits should apply to clients of 
smaller firms as well as larger firms. Establishing different 
conditions for large and small advisers even though advisers of every 
type and size rely on various service providers for performing covered 
functions and thus face increasing compliance gap and other risks would 
negate these benefits. The corresponding changes to rule 204-2 are 
tailored to address proposed rule 206(4)-11 and the requirements for 
outsourcing recordkeeping functions.
---------------------------------------------------------------------------

    \317\ See supra section III.D.
---------------------------------------------------------------------------

    Regarding the second alternative, we believe the current proposal 
is clear and that further clarification, consolidation, or 
simplification of the compliance requirements is not necessary. The 
proposed rule would require advisers to:

[[Page 68877]]

(1) conduct certain due diligence before engaging a service provider to 
perform a covered function; and (2) periodically monitor the service 
provider's performance of the covered function and reassess the 
retention of the service provider in accordance with the due diligence 
requirements.\318\ The proposed rule would provide a minimum, 
consistent oversight framework regarding an adviser outsourcing 
functions or services that are necessary to provide advisory services 
in compliance with the Federal securities laws, and that if not 
performed or if performed negligently would be reasonably likely to 
cause a material negative impact on an adviser's clients or an 
adviser's ability to perform its services. The proposed rule would 
serve as an explicit requirement for advisers to oversee service 
providers covered by the rule appropriately and is designed to address 
our concern that outsourcing covered functions in particular, without 
further action by the investment adviser, can undermine the adviser's 
provision of services, and can otherwise harm clients.
---------------------------------------------------------------------------

    \318\ See proposed rule 206(4)-11. See also supra section II.B 
and C.
---------------------------------------------------------------------------

    Regarding the third alternative, we determined to use performance 
standards rather than design standards. Although the proposed rule 
requires due diligence and monitoring that are reasonably designed to 
address a certain number of elements, we do not place certain 
conditions or restrictions on how to adopt and implement such 
requirements. The general elements are designed to enumerate core areas 
that firms must address when conducting due diligence and monitoring of 
a service provider. Given the number and varying characteristics of 
advisers, we believe firms need the ability to tailor their measure or 
method in conducting due diligence and monitoring based on their 
individual facts and circumstances.\319\ Similarly, rather than 
requiring a written agreement with specific language provisions, the 
proposed rule would afford advisers the flexibility to customize and 
tailor their processes to the proposed requirements.\320\ Proposed rule 
206(4)-11 therefore allows advisers to address the general elements 
based on the particular risks posed by each adviser's operations and 
business practices as well as the types of covered functions that are 
outsourced and the types of service providers engaged. The proposed 
rule would also provide flexibility for the adviser to determine the 
personnel who would implement and oversee the effectiveness of its due 
diligence and monitoring.
---------------------------------------------------------------------------

    \319\ See supra section II.B and C.
    \320\ See proposed rule 206(4)-11(a).
---------------------------------------------------------------------------

2. Proposed Amendments to Form ADV
    The RFA directs the Commission to consider significant alternatives 
that would accomplish our stated objectives, while minimizing any 
significant adverse effect on small entities. We considered the 
following alternatives for small entities in relation to the proposed 
amendments to Form ADV: (1) differing compliance or reporting 
requirements that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the proposed amendments for 
such small entities; (3) the use of design rather than performance 
standards; and (4) an exemption from coverage of the proposed 
amendments, or any part thereof, for such small entities.
    Regarding the first and fourth alternatives, the Commission 
believes that establishing different compliance or reporting 
requirements for small advisers, or exempting small advisers from the 
proposed amendments, or any part thereof, would be inappropriate under 
these circumstances. Because the protections of the Advisers Act are 
intended to apply equally to clients of both large and small firms, it 
would be inconsistent with the purposes of the Advisers Act to specify 
differences for small entities under the proposed amendments to Form 
ADV. We believe that the proposed amendments would result in multiple 
benefits to clients.\321\ For example, the proposed amendments to Form 
ADV would improve the ability of clients and prospective clients to 
evaluate and conduct a more comprehensive due diligence of an adviser, 
addressing any potential concerns related to an adviser's use of a 
particular service provider. We believe that these benefits should 
apply to clients of smaller firms as well as larger firms. Establishing 
different conditions for large and small advisers even though all 
advisers, regardless of type and size, engage service providers to 
outsource certain covered functions, would negate these benefits.
---------------------------------------------------------------------------

    \321\ See supra section III.D.
---------------------------------------------------------------------------

    Regarding the second alternative, we believe the current proposed 
amendments are clear and that further clarification, consolidation, or 
simplification of the compliance requirements is not necessary. The 
proposed amendments to Form ADV would require advisers to disclose 
information regarding the service providers that perform covered 
functions.\322\ The proposed amendments to Form ADV would provide for 
advisers to present clear and meaningful disclosure regarding such 
service providers to their clients and prospective clients.
---------------------------------------------------------------------------

    \322\ See supra section II.D.
---------------------------------------------------------------------------

    Regarding the third alternative, we determined that for the 
Commission and its staff to better identify and address risks related 
to outsourcing by advisers and oversee advisers' use of service 
providers and to enable clients to make better informed decisions about 
the retention of an adviser, advisers must provide certain baseline 
information about their service providers. The proposed amendments to 
Form ADV do not contain any specific limitations or restrictions on the 
disclosure of service providers. Given the number and varying types of 
advisers, as well as the types of covered functions and service 
providers that may be engaged at a particular adviser, respectively, we 
believe firms need the ability to tailor their disclosures according to 
their own circumstances.\323\
---------------------------------------------------------------------------

    \323\ See supra section II.B.
---------------------------------------------------------------------------

G. Solicitation of Comments

    We encourage written comments on the matters discussed in this 
IRFA. We solicit comment on the number of small entities subject to the 
proposed rule 206(4)-11 and proposed amendments to rule 204-2 and Form 
ADV. We also solicit comment on the potential effects discussed in this 
analysis; and whether this proposal could have an effect on small 
entities that has not been considered. We request that commenters 
describe the nature of any effect on small entities and provide 
empirical data to support the extent of such effect.

VI. Consideration of Impact on the Economy

    For purposes of the Small Business Regulatory Enforcement Fairness 
Act of 1996, or ``SBREFA,'' \324\ we must advise OMB whether a proposed 
regulation constitutes a ``major'' rule. Under SBREFA, a rule is 
considered ``major'' where, if adopted, it results in or is likely to 
result in (1) an annual effect on the economy of $100 million or more; 
(2) a major increase in costs or prices for consumers or individual 
industries; or (3) significant adverse effects on competition, 
investment or innovation. We request comment on whether the proposal 
would be a ``major rule'' for purposes of SBREFA. We request comment on 
the potential effect of the

[[Page 68878]]

proposed amendments on the U.S. economy on an annual basis; any 
potential increase in costs or prices for consumers or individual 
industries; and any potential effect on competition, investment or 
innovation. Commenters are requested to provide empirical data and 
other factual support for their views to the extent possible.
---------------------------------------------------------------------------

    \324\ Public Law 104-121, Title II, 110 Stat. 857 (1996) 
(codified in various sections of 5 U.S.C., 15 U.S.C., and as a note 
to 5 U.S.C. 601).
---------------------------------------------------------------------------

VII. Statutory Authority

    The Commission is proposing rule 206(4)-11 under the Advisers Act 
under the authority set forth in sections 203(d), 206(4), and 211(a) 
and (h) of the Advisers Act of 1940 [15 U.S.C. 80b-3(d), 10b-6(4) and 
80b-11(a) and (h)]. The Commission is proposing amendments to rule 204-
2 under the Advisers Act under the authority set forth in sections 204 
and 211 of the Advisers Act of 1940 [15 U.S.C. 80b-4 and 80b-11]. The 
Commission is proposing amendments to Form ADV under section 19(a) of 
the Securities Act [15 U.S.C. 77s(a)], sections 23(a) and 28(e)(2) of 
the Exchange Act [15 U.S.C. 78w(a) and 78bb(e)(2)], section 319(a) of 
the Trust Indenture Act of 1939 [15 U.S.C. 7sss(a)], section 38(a) of 
the Investment Company Act [15 U.S.C. 80a-37(a)], and sections 
203(c)(1), 204, and 211(a) and (h) of the Advisers Act of 1940 [15 
U.S.C. 80b-3(c)(1), 80b-4, and 80b-11(a) and (h)].

List of Subjects in 17 CFR Parts 275 and 279

    Reporting and recordkeeping requirements, Securities.

Text of Proposed Rule and Form Amendments

    For the reasons set out in the preamble, title 17, chapter II of 
the Code of Federal Regulations is proposed to be amended as follows:

PART 275--RULES AND REGULATIONS, INVESTMENT ADVISERS ACT OF 1940

0
1. The authority citation for part 275 continues to read, in part, as 
follows:

    Authority: 15 U.S.C. 80b-2(a)(11)(G), 80b-2(a)(11)(H), 80b-
2(a)(17), 80b-3, 80b-4, 80b-4a, 80b-6(4), 80b-6a, and 80b-11, unless 
otherwise noted.
* * * * *
    Section 275.204-2 is also issued under 15 U.S.C. 80b-6.
* * * * *
    Amend Sec.  275.204-2 by adding reserved paragraphs (a)(20) through 
(23) and paragraphs (a)(24), (e)(4), and (l) to read as follows:


Sec.  275.204-2  Books and records to be maintained by investment 
advisers.

    (a) * * *
    (20)-(23) [Reserved]
    (24)(i) A list or other record of Covered Functions that the 
adviser has outsourced to a Service Provider, as defined in Sec.  
275.206(4)-11, including the name of each Service Provider, along with 
a record of the factors, corresponding to each listed function, that 
led the adviser to list it as a Covered Function;
    (ii) Records documenting the due diligence assessment conducted 
pursuant to Sec.  275.206(4)-11, including any policies and procedures 
or other documentation as to how the adviser will comply with Sec.  
275.206(4)-11(a)(1)(ii);
    (iii) A copy of any written agreement, including any amendments, 
appendices, exhibits, and attachments, entered into with a Service 
Provider regarding Covered Functions, each as defined in Sec.  
275.206(4)-11; and
    (iv) Records documenting the periodic monitoring of a Service 
Provider pursuant to Sec.  275.206(4)-11.
* * * * *
    (e) * * *
    (4) Books and records required to be made under paragraph (a)(24) 
of this rule shall be maintained in an easily accessible place 
throughout the time period during which the adviser has outsourced a 
Covered Function to a Service Provider and for a period of five years 
thereafter.
* * * * *
    (l) Every investment adviser subject to paragraph (a) of this 
section that relies on a third party to make and/or keep any books and 
records required by this section (the recordkeeping function) must:
    (1) Due diligence and monitoring. Perform due diligence and 
monitoring as prescribed in Sec.  275.206(4)-11(a)(1) and (a)(2) with 
respect to the recordkeeping function, and make and keep such records 
as prescribed in paragraph (a)(24) of this section, in each case as 
though the recordkeeping function were a Covered Function as defined in 
Sec.  275.206(4)-11(b) and the third party were a Service Provider as 
defined in Sec.  275.206(4)-11(b); and
    (2) Obtain reasonable assurances that the third party will:
    (i) Adopt and implement internal processes and/or systems for 
making and/or keeping records on behalf of the investment adviser that 
meet all of the requirements of this section as applicable to the 
investment adviser;
    (ii) Make and/or keep records of the investment adviser that meet 
all of the requirements of this section as applicable to the investment 
adviser;
    (iii) For electronic records of the investment adviser that are 
made and/or kept by the third party under this subparagraph, allow the 
investment adviser and staff of the Commission to access the records 
easily through computers or systems during the required retention 
period pursuant to this section; and
    (iv) Make arrangements to ensure the continued availability of 
records of the investment adviser that are made and/or kept under this 
subparagraph by the third party that will meet all of the requirements 
of this section as applicable to the investment adviser in the event 
that the third party ceases operations or the relationship with the 
investment adviser is terminated.
0
3. Section 275.206(4)-11 is added to read as follows:


Sec.  275.206(4)-11  Service Providers.

    (a) As a means reasonably designed to prevent fraudulent, 
deceptive, or manipulative acts, practices, or courses of business 
within the meaning of section 206(4) of the Act (15 U.S.C. 80b-6(4)), 
it shall be unlawful for an investment adviser registered or required 
to be registered under section 203 of the Act (15 U.S.C. 80b-3) to 
retain a Service Provider to perform a Covered Function unless:
    (1) Due diligence. Before engaging such Service Provider, the 
adviser reasonably identifies, and determines that it would be 
appropriate to outsource the Covered Function and that it would be 
appropriate to select that Service Provider, by:
    (i) Identifying the nature and scope of the Covered Function the 
Service Provider is to perform;
    (ii) Identifying, and determining how it will mitigate and manage, 
the potential risks to clients or to the adviser's ability to perform 
its advisory services resulting from engaging a Service Provider to 
perform the Covered Function and engaging that Service Provider to 
perform the Covered Function;
    (iii) Determining that the Service Provider has the competence, 
capacity, and resources necessary to perform the Covered Function in a 
timely and effective manner;
    (iv) Determining whether the Service Provider has any 
subcontracting arrangements that would be material to the Service 
Provider's performance of the Covered Function, and identifying and 
determining how the investment adviser will mitigate and manage 
potential risks to clients or to the investment adviser's ability to 
perform its advisory services in light of any such subcontracting 
arrangement;
    (v) Obtaining reasonable assurance from the Service Provider that 
it is able

[[Page 68879]]

to, and will, coordinate with the investment adviser for purposes of 
the adviser's compliance with the Federal securities laws, as 
applicable to the Covered Function; and
    (vi) Obtaining reasonable assurance from the Service Provider that 
it is able to, and will, provide a process for orderly termination of 
its performance of the Covered Function.
    (2) Monitoring. The adviser periodically monitors the Service 
Provider's performance of the Covered Function and reassesses the 
retention of the Service Provider in accordance with the due diligence 
requirements of paragraph (a)(1) of this section and with a manner and 
frequency such that the investment adviser reasonably determines that 
it is appropriate to continue to outsource the Covered Function and 
that it remains appropriate to outsource it to the Service Provider.
    (b) Definitions. For the purposes of this section:
    Covered Function means a function or service that is necessary for 
the investment adviser to provide its investment advisory services in 
compliance with the Federal securities laws, and that, if not performed 
or performed negligently, would be reasonably likely to cause a 
material negative impact on the adviser's clients or on the adviser's 
ability to provide investment advisory services. A covered function 
does not include clerical, ministerial, utility, or general office 
functions or services.
    Service Provider means a person or entity that:
    (i) Performs one or more Covered Functions; and
    (ii) Is not a supervised person, as defined in 15 U.S.C. 80b-
2(a)(25), of the investment adviser.

PART 279--FORMS PRESCRIBED UNDER THE INVESTMENT ADVISERS ACT OF 
1940

0
4. The authority citation for part 279 continues to read as follows:

    Authority: The Investment Advisers Act of 1940, 15 U.S.C. 80b-1 
et seq., Pub. L. 111-203, 124 Stat. 1376.

0
5. Amend Form ADV (referenced in Sec.  279.1) by:
0
a. In General Instructions, revising the second sub-bullet point 
paragraph to the first bullet point paragraph under Instruction 3;
0
b. In Instructions for Part 1A, revising the heading and introductory 
text of 6. Item 7;''
0
c. In Glossary of Terms, redesignating items 11 through 53 as 12 
through 54, and items 55 through 65 as 57 through 67;
0
d. In Glossary of Terms, adding new items 11 and 57;
0
e. In Part 1A, revising Item 7 heading and introductory text, and 
adding C; and
0
f. In Schedule D, adding Section 7.C.
    The additions and revisions read as follows:

    Note: The text of Form ADV does not, and this amendment will 
not, appear in the Code of Federal Regulations.

BILLING CODE 8011-01-P

[[Page 68880]]

[GRAPHIC] [TIFF OMITTED] TP16NO22.000


[[Page 68881]]


[GRAPHIC] [TIFF OMITTED] TP16NO22.001


[[Page 68882]]


[GRAPHIC] [TIFF OMITTED] TP16NO22.002


[[Page 68883]]


[GRAPHIC] [TIFF OMITTED] TP16NO22.003


    By the Commission.

    Dated: October 26, 2022.
Vanessa A. Countryman,
Secretary.
[FR Doc. 2022-23694 Filed 11-15-22; 8:45 am]
BILLING CODE 8011-01-C

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.