SEC’s Proposed Outsourcing Rule Could Be Hardest on Small Advisers

The new rules, if approved, would likely require more catch-up by smaller firms to vet third-party providers, says a legal expert.

The SEC rule proposed last week, which would increase adviser oversight of their subcontractors, could have a disproportionate impact on smaller adviser firms, an industry attorney said.

Marcia Wagner, the founder of the Wagner Law Group, said the proposal, which is intended to prevent financial advisers from taking a “set it and forget it” approach to outsourcing, could add work and costs for smaller firms that previously haven’t done the kind of due diligence the SEC now proposes.

“Large investment advisers servicing retirement plan clients are presently devoting significant time and resources with respect to the vetting and monitoring of third-party providers, and the proposed SEC regulations, if adopted, would have a limited impact upon them,” Wagner said.

“However, for small firms who have not previously performed the due diligence requirements as set forth in the proposed SEC regulations, there will very likely be a significant cost increase, whether the adviser exercises increased oversight or brings the previously outsourced functions in house.”

The outsourced services that fall under this rule can include things such as sub-advising, cybersecurity, investment risk, portfolio management, regulatory compliance and valuation. The rule explicitly excludes clerical, utility and general office functions.

SEC Chairman Gary Gensler explained in a press release that the proposal is intended to “ensure that advisers’ outsourcing is consistent with their obligations to clients.”

The proposal would amend the Investment Advisers Act of 1940 to require advisers who make use of outsourcing to do the following:

  1. Do due diligence on the third party and continuously monitor their performance.
  2. Identify the scope and nature of the regulated function being outsourced.
  3. Identify the risks of outsourcing the service and develop a plan to mitigate those risks.
  4. Determine that the provider has the competence and resources to perform the regulated function.
  5. Require the service provider to keep books related to due diligence.
  6. Amend form DV to collect information on service providers, to include their identity, location and starting date of services.
  7. Identify any relevant sub-contracting agreements that the service provider has themselves.
  8. Obtain assurance that the provider will coordinate on issues of compliance.
  9. Obtain assurance of an orderly termination of services.

The proposal also has requirements for adviser oversight of recordkeepers. An adviser must obtain assurances that their recordkeeper will:

  1. Have internal processes for keeping records that meet recordkeeping requirements that are applicable to the adviser.
  2. Actually keep records in accordance with that policy.
  3. Provide the adviser access to electronic records.
  4. Ensure the continued availability of those records if their business relationship ends.

The public comment period for this proposal is open until December 27, 2022. There would be a 10-month transition period if it is adopted.

The full text of the rule and instructions on how to submit a public comment can be found here.