2024 Regulatory Update for Investment Advisers
In 2023, the Securities and Exchange Commission issued various proposed rules on regulatory changes that will affect SEC-registered investment advisers (RIAs). Since these rules are likely to be put into effect, RIAs should consider taking preliminary steps to start integrating the new requirements into their compliance policies and procedures.
1. Updates to the Custody Rule
The purpose of the custody rule, rule 206(4)-2 of the Investment Advisers Act of 1940 (Advisers Act), is to protect client funds and securities from potential loss and misappropriation by custodians. The SEC’s recommended updates to the custody rule would:
- Expand the scope of the rule to not only include client funds and securities but all of a client’s assets over which an RIA has custody
- Expand the definition of custody to include discretionary authority
- Require RIAs to enter into written agreements with qualified custodians, including certain reasonable assurances regarding protections of client assets
2. Internet Adviser Exemption
The SEC also proposed to modernize rule 203A-2(e) of the Advisers Act, whose purpose is to permit internet investment advisers to register with the SEC even if such advisers do not meet the other statutory requirements for SEC registration. Under the proposed rule:
- Advisers relying on this exemption would at all times be required to have an operational interactive website through which the adviser provides investment advisory services
- The de minimis exception would be eliminated, hence requiring advisers relying on rule 203A-2(e) to provide advice to all of their clients exclusively through an operational interactive website
3. Conflicts of Interest Related to Predictive Data Analytics and Similar Technologies
The SEC proposes new rules under the Adviser’s Act to regulate RIAs’ use of technologies that optimize for, predict, guide, forecast or direct investment-related behaviors or outcomes. Specifically, the new rules aim to minimize the risk that RIAs could prioritize their own interest over the interests of their clients when designing or using such technology. The new rules would require RIAs:
- To evaluate their use of such technologies and identify and eliminate, or neutralize the effect of, any potential conflicts of interest
- To adopt written policies and procedures to prevent violations of the rule and maintain books and records relating to their compliance with the new rules
4. Cybersecurity Risk Management and Outsourcing to Third Parties
The SEC has yet to issue a final rule on the 2022 proposed new rule 206(4)-9 to the Adviser’s Act which would require RIAs to adequately address cybersecurity risks and incidents. Similarly, the SEC still has to issue the final language for new rule 206(4)-11 that would establish oversight obligations for RIAs that outsource certain functions to third parties. A summary of the proposed rules can be found here: 2023 Regulatory Update for Investment Advisers: Miller Canfield
Miller Canfield is prepared to assist RIAs in drafting new compliance policies and the necessary updates to the policy and procedures/compliance manual and Form ADV. Please contact your Miller Canfield attorney or one of the authors of this alert for assistance.