The SEC announced yesterday that it is formally withdrawing a number of rules that had been proposed over the past few years, including several that would have significantly impacted SEC-registered investment advisors. A summary of some of the proposed rules that are being withdrawn is provided below.
Safeguarding Advisory Client Assets
This proposal would have amended Rule 206(4)-2 by expanding the current custody rule to protect a broader array of client assets and advisory activities, enhancing the custodial protections that clients would have received under the rule, and updating related recordkeeping and reporting requirements for advisors.
Conflicts of Interest Associated with the Use of Predictive Data Analytics
New rules and amendments were proposed to eliminate or neutralize the effect of conflicts of interest associated with a firm’s use of covered technologies, such as artificial intelligence, in investor interactions. In addition, written policies and procedures and recordkeeping would have been required for firms that utilized the covered technologies in investor interactions.
Cybersecurity Risk Management
The proposed rule and amendments would have required investment advisers to adopt and implement written policies and procedures that were reasonably designed to address cybersecurity risks, report significant cybersecurity incidents to the SEC, enhance disclosures related to cybersecurity risks and incidents, and require advisors to maintain certain cybersecurity books and records. Despite the withdrawal of this proposed rule, it is critical that investment advisors still have a robust cybersecurity program, including policies and procedures and specific practices to help address cybersecurity risks.
Enhanced Disclosures About ESG Investment Practices
The SEC proposed amendments that would have required additional specific disclosures regarding ESG strategies in advisor brochures. Other requirements would have affected ESG registered investment companies.
Outsourcing by Investment Advisors
Investment advisors would have been required to conduct due diligence before outsourcing and periodically monitor service providers’ performance, keep books and records related to due diligence and monitoring requirements, and conduct due diligence and monitoring for third-party recordkeepers.
Next Steps
Although the proposed rules above are being withdrawn, investment advisors should still consider whether additional policies and procedures for at least some of these areas are warranted based on their specific advisory activities and risks. As noted above, for example, all investment advisors should have strong cybersecurity policies and procedures in place regardless of whether there is a formal rule requirement in place or not.
If you have any questions, please contact NCA Compliance.Hayley Nelson is the President and Principal Consultant of NCA Compliance, Inc., a compliance consulting firm providing a wide range of customized compliance solutions for investment advisors. Ms. Nelson previously worked for the Securities and Exchange Commission and a large investment manager in New York.
