A proposed SEC rule would make financial advisors responsible for ensuring there are no breaches of fiduciary duty at the third-party companies they turn to for help with investing software, investment indexes, regulatory compliance and other functions.
The Securities and Exchange Commission voted 3-2 on Oct. 26 to advance a 232-page
"When an adviser outsources a core function, that adviser does not check its fiduciary duties at the door," said Commissioner Caroline Crenshaw.
Industry representatives quickly charged that the commission is overestimating how much control advisors can have over subcontractors. Karen Barr, the president and CEO of the Investment Adviser Association, an industry-funded trade group and lobby, contended in a statement that the new rules would be "overly burdensome and prescriptive and fail to recognize how little leverage firms have over many service providers."
The proposal, now open for
The proposal specifically excludes services related to clerical, ministerial, utility or general office functions. And it states that certain services would be "covered" in certain circumstances and not in others. For instance, advisors who turn to an outside index provider for help in drawing up an investment plan for clients would be outsourcing a covered service. But advisors who were merely looking for an index to measure their own independently devised strategy against would not.
The proposal would prevent advisors from outsourcing any given service without first considering six factors:
- the nature and scope of the service to be outsourced
- the potential risks from outsourcing the service and ways to mitigate those risk
- the third party's competence and capacity to perform the service
- the service provider's own subcontracting relationships
- steps the service provider has taken to comply with federal securities laws
- And plans to terminate the relationship with the service provider in an orderly way should the need arise
Advisors who choose to outsource would have to subject their third-party subcontractors to monitoring at regular intervals and periodically reassess whether that provider is in fact the best choice. They would also have to keep detailed records of their monitoring activities and of any covered functions they've farmed out. Third parties in turn would have to keep records for any financial matters entrusted to them and provide data that federal regulators could use to track outsourcing trends in the industry.
The proposal comes in response both to advisors' increased reliance on third parties for various services and to past catastrophes.
In Aug. 2015, for instance, a system used by Bank of New York Mellon to calculate securities prices for 1,200 mutual funds and exchange-traded funds crashed for several days following an update by one of the bank's subcontractors, SunGard Systems. BNY Mellon had to pay a $3 million settlement for the glitch, which was estimated to have affected 66 clients. And in July 2020, a ransomware attack against M.J. Brunner, a vendor used by the asset manager and fund administrator SEI Investments, was found to have released the personal information of at least 100 investors.
William Birdthistle, the director of the SEC's Division of Investment Management, said these cases illustrate "some of the risks of outsourcing."
The two Republican-appointed SEC commissioners who voted against the proposal — Mark Uyeda and Hester Peirce — raised similar doubts in statements about the proposal. Uyeda asked why the SEC has not provided hypothetical examples of how the new rules would prevent such mishaps in future.
Peirce said the proposed rules seem to presume that advisors think that by outsourcing certain services, they outsource their related fiduciary duties. But current law, she said, already makes it clear that these responsibilities can't be shed.
"Why this sudden urgency to propose a rulemaking reconfirming the incontrovertible fact that outsourcing does not terminate an adviser's fiduciary duty?," Peirce said. "Has there been a surge of enforcement actions against advisers for service provider-related failures or infractions?"
Max Schatzow, the founder and a partner at RIA Lawyers, a firm that exclusively represents investment advisors, said the new rule would fall disproportionately on small RIAs. Companies with small staffs are much more likely than their large rivals to need to look elsewhere for help with certain services.
"And the SEC is considering an incredibly broad definition of 'covered functions,'" Schatzow said. "There really is no limit to what is subject to this rule."
Schatzow predicted that, rather than cut back services, most small advisory firms would respond to the SEC's proposed rule by doing the bare minimum to stay in compliance.
"They'll check some lists," he said. "They'll paper their files and say, 'Look we did something. We complied with the rule.' But I'm not sure what it's going to accomplish."
The commissioners who voted for the proposal said past horror stories are far from the only impetus. Commissioner Crenshaw noted that the SEC now doesn't require advisors to have agreements in writing with third pirates they outsource services to.
"Is that in line with investor expectations?" she asked.
The industry's turn to outside help is likely a result of advisors offering an increasingly diverse array of products and services. The 15,000 advisors registered with the SEC — generally advisors with $100 million or more under management — now have $128 trillion in assets under management, according to the proposed rule. That's up from $47 trillion a decade ago.
The draft rule says it's not uncommon for advisors to offer services related to taxes, retirement, estates, education and insurance. In doing so, many rely on electronic systems not only for these functions but also for record-keeping. Clients, for their part, often want access to sophisticated investment options like derivatives and exchange-traded funds.
All of that places advisors under pressure to look beyond their own firms for help with services that exceed their expertise. SEC Chairman Gary Gensler said the guiding mantra for many industries, including finance, was laid down by management consultant Peter Drucker in the early 1990s: "Do what you do best, and outsource the rest."
The commissioners argued that the current lack of strong monitoring and reporting requirements increases the risks of conflicts of interest. Third parties that are not subject to strict scrutiny, for instance, might feel they have greater leeway to direct money toward investments they have an undisclosed interest in.
The commissioners also expressed concerns that the need for expertise in some services will cause advisors to turn to the same third-party firms repeatedly. That could expose the entire system to risk if the third parties were to suffer a cyberattack, be located in a place where a natural disaster occurs or — especially if they are overseas — be put at risk by political upheaval.
"Outsourcing could also pose significant systemic risks, particularly if a widely-used provider of a specialized function fails to perform," Commissioner Jaime Lizarraga said before voting in favor of the proposed rule. "It's important that advisers evaluate how dependent they are on a particular service provider and the impacts on the adviser and clients in the case of service disruptions."
- This story has been updated with comments from Max Schazow of RIA Lawyers.