New rules proposed by the SEC would require greater due diligence for RIAs when working with third-party investment and compliance service providers.
The proposed rules are likely to get some pushback from advisors, especially from smaller RIAs who would be most burdened by the additional regulations.
The SEC defines two types of service providers covered under these new rules:
- The service provider delivers a function or service that is necessary for the advisor to provide its investment advisory services in compliance with the Federal securities laws.
- The service provider delivers a function or service that, if not performed or performed negligently, would be reasonably likely to cause a material negative impact on the advisor’s clients or on the advisor’s ability to provide investment advisory services.
Under those guidelines, any outsourced investment management, trading, financial planning, investment-related technology, or compliance vendor would be subject to the new rules, as well as any other service that could impact a client’s investments or your ability to comply with regulations.
“Though investment advisors have used third-party service providers for decades, their increasing use has led staff to make several recommendations to ensure advisers that use them continue to meet their obligations to the investing public,” SEC Chair Gary Gensler said in a statement. “When an investment advisor outsources work to third parties, it may lower the advisor’s costs, but it does not change an advisor’s core obligations to its clients.”
The SEC listened to the industry in many ways with these proposed rules. It is taking a stand for consumer protection while also making it clear that outsourcing services does not remove your fiduciary responsibility. However, it may be better for the industry to walk before we run. Passing these rules, while helping the end client, could present unintended consequences.
Unintended Consequences
In many ways, the new regulations could have the inverse effect of what the SEC intends.
For example, if an RIA is currently outsourcing compliance to a qualified specialist but decides to take these services in-house rather than worry about additional due diligence or adjustments to its Form ADV, now the end client could actually have less compliance oversight and thus be more at risk. Compliance duties once performed by trained specialists handling regulations day in, day out would now be handled by an advisor with less time and less experience.
In addition, added complexity often leads to added questions and inadvertent mistakes. If you have decided to take compliance in-house and you lack the full support of a larger firm or partnership model that does all of this for you, it’s now one more item to spend time on away from your clients.
Even after an advisor performs the full due diligence process, that doesn’t prevent potential risks. Let’s say you are working with a financial planning technology that experiences downtime from an unexpected bug, cyberattack or system update. You won’t be able to make timely changes for your client, which could be considered a negative impact. You would have noted that risk as part of your due diligence process, but it wouldn’t stop the risk from happening.
SEC Commissioner Mark T. Uyeda noted an example in a statement, citing an article describing problems encountered by a mutual fund service provider when it temporarily was unable to calculate net asset values (NAVs) on approximately 1,200 mutual funds in 2016.
“However, there is no discussion of whether and to what extent the mutual funds’ investment advisors conducted oversight of the service provider in accordance with their existing obligations,” he said in the statement, “and whether the specified oversight requirements contemplated by the proposed rule would have prevented or mitigated the problem.”
An advisor holds a fiduciary responsibility to a client, regardless of if a service provider is involved. The SEC seeks to provide requirements with the intent of making that clear. However, was that even a problem to begin with?
“Reducing the fiduciary duty to a set of prescriptions could undermine investor protection,” SEC Commissioner Hester M. Peirce said in a statement. “Standing alone, the fiduciary duty requires one to act in the client’s best interest at all times. If the rule intends to define what constitutes the client’s best interest, the definition quite naturally will lead to exclusion of other alternatives. The rule thus may end up abrogating fiduciary duty and replacing it with our predefined approach to best interest—one not responsive to unique facts and circumstances.”
Added Aggregation
For firms that are part of larger advisor networks, like at Carson Partners, there is little to no impact on an advisor’s day-to-day, as nearly all due diligence and compliance is done on their behalf as part of the partnership.
However, if you are doing your own compliance and working with multiple service providers, it’s now your responsibility to collect all the SEC requirements, note how you are working with them on your Form ADV, and regularly check back to ensure requirements are still being met.
“Small advisors are already stretched, and their compliance resources are limited,” Peirce said. “Adding another regulatory checklist to the compliance officer’s clipboard will only make it harder for small firms to hire high-quality compliance personnel. Costs charged by service providers who will indirectly be subject to the rule’s requirements will inevitably go up. Small advisors will have little leverage in negotiating contracts with service providers.”
Added back-office stressors tend to increase consolidation among RIAs, as advisors look to share the responsibilities or give it up completely. If you don’t have a partner managing compliance on your behalf, you could be left with more work, less time and no specialists to lean on for guidance.
Remaining Diligent
The SEC outlined what a firm would need to collect as part of the due diligence rules:
- The nature and scope of the services.
- Potential risks resulting from the service provider performing the covered function, including how to mitigate and manage such risks.
- The service provider’s competence, capacity and resources necessary to perform the covered function.
- The service provider’s subcontracting arrangements related to the covered function.
- Coordination with the service provider for Federal securities law compliance.
- The orderly termination of the provision of the covered function by the service provider.
While on the surface this does not seem like much, to fully comply with the intent of the SEC’s proposed rules, there are likely dozens of questions you will need to ask your service provider. Technology alone comes with adherent risks of cybersecurity, data protection, downtimes and more. You will need to account for these risks and note how to mitigate them.
Next Steps
The SEC is accepting public comment on these proposed rules, which you can submit online.
In the meantime, start asking the right questions of your service providers to get ahead of the regulations, especially if you’re looking for a new provider. And remember – these rules are intended to protect the end client and hold fiduciaries accountable.
Interested in learning how Carson Partners is helping advisors adapt to these rules – and all new regulations? Schedule a time to chat with our team today.