In early 2022, the U.S. Securities and Exchange Commission (SEC) proposed sweeping new rules under the Investment Advisers Act of 1940 to increase the regulation of investment advisers and funds, including both registered and nonregistered private fund advisers.
The proposed rules are a direct response to the deficiencies identified in the June 23, 2020 SEC Division of Examinations (formerly OCIE) “Risk Alert: Observations from Examinations of Investment Advisers Managing Private Funds:”
- (A) conflicts of interest
- (B) fees and expenses
- (C) policies and procedures relating to material nonpublic information.
Proposed rules
The lengthy proposals, almost 600 pages collectively, were issued in two separate releases on Feb. 9, 2022: “Private Fund Advisers” and “Cybersecurity Risk Management.” The proposed changes include:
Private Fund Advisers: SEC-registered
- Increased quarterly reporting requirements related to performance, fees, and expenses
- Specific annual audit requirements for each private fund coupled with reporting requirements related to triggering events such as modification of opinion or termination of auditor
- Requiring a ‘fairness opinion’ from an independent opinion provider for adviser-led secondary transactions
Private Fund Advisers: SEC-registered and nonregistered
- Prohibition of certain activities that are contrary to the public interest and the protection of investors, for example:
- Charging accelerated monitoring fees
- Charging SEC examination fees
- Inappropriately limiting liability (i.e., seeking indemnification)
- Reducing adviser clawback by taxes
- Charging investors fees that aren’t pro rata
- Borrowing from private fund clients
- Prohibition of preferential treatment (e.g., undisclosed side letters), including:
- Redemption or providing information about portfolio holdings or exposures or other types of preferential treatment that would be expected to have a material, negative effect on other investors in that private fund (or in a substantially similar pool of assets)
- Any other preferential treatment unless: (1) it doesn’t necessarily disadvantage other fund investors and (2) the adviser provides written disclosures to prospective and current investors
- Requirement for written documentation of the annual review of compliance policies and procedures
Cybersecurity Risk Management: SEC-registered advisers and funds
- Implementation of written policies and procedures to address cybersecurity risks
- New reporting requirements via Proposed Form ADV-C for significant cybersecurity incidents (advisers only)
- Additional required disclosures to investors related to cybersecurity risks and incidents via Proposed Form ADV Part 2A
- Increased cybersecurity-related recordkeeping
Comment period and submitted comments
Although the public comment period was extended through June 13, 2022, for the Private Fund Advisers proposal, the SEC is still accepting comments. No timeline has been issued by the SEC on when they expect to issue final rules on these topics.
Comments on Private Fund Advisers proposal
There were nearly 350 submitted comments as of Oct. 31, 2022. Many of the individuals who commented strongly favored the proposed rule IA-5955 for Private Fund Advisers for its focus on increased transparency and accountability, while many of the advisers and business entities that commented expressed concern that the proposed rule would have unintended negative consequences, especially for small advisers.
For those commentators that didn’t support the proposed rule, they considered it to be excessive regulation that would discourage new private equity firms and suggested instead to have a size threshold (e.g., assets under management) for the new compliance requirements.
Of the four SEC Commissioners that voted, the one Commissioner that didn’t vote in favor of the proposed rule issued a dissenting statement, expressing concern it “could hinder capital formation” and that “[the SEC’s] resources are better spent on retail investor protection” rather than “wealthy investors who are represented by sophisticated, experienced investment professionals.”
Comments on Cybersecurity Risk Management proposal
Of the more than 60 submitted comments as of Oct. 31, 2022, the majority agreed that cybersecurity risk management is very important and should be a priority; however, there are varied opinions of how that risk management should be reported and disclosed.
Specifically, while the proposed rule 33-11028 for Cybersecurity Risk Management aims to “enhance cybersecurity preparedness,” some commentators suggest that the proposed requirements may actually increase cybersecurity risk. For example, one commentator explained that the new public disclosure reporting requirements via Proposed Form ADV could unintentionally provide technical information to nefarious actors (i.e., hackers) about an entity’s cybersecurity shortcomings and suggested instead, in order to keep that information confidential, it should only be reported to the appropriate governmental agencies.
Other submitted comments suggested an assets under management threshold for the reporting requirements and extending the 48-hour deadline for reporting significant cybersecurity incidents — both of which would help reduce the burden on small advisers, which many commentators expressed concern about.
Compliance dates and next steps
The Private Fund Advisers proposed rule includes a one-year transition period following the effective date of any final rule. The Cybersecurity Risk Management proposed rule doesn’t currently propose a transition period or compliance date.
In response to the submitted comments, there will likely be revisions to the proposed rules. Want to hear when new information is released? Subscribe now.
