The Investment Advisers Association (IAA) believes that three major pending proposals affecting investment advisers—those on cybersecurity, beneficial ownership, and T+1 settlement—can be improved, and has sent the SEC its suggestions for how to do that. The three separate comment letters express the IAA’s general support for the Commission’s intent, such as increased transparency and improved cyber resilience, but also outline the IAA’s concerns with the current provisions in of the proposals.
Cyber proposal. The cybersecurity proposed rules would require investment advisers and funds to implement cybersecurity policies and procedures tailored based on the adviser’s or fund’s business operations, including its complexity, and attendant cyber risks. The SEC would require advisers and funds, at least annually, to review and evaluate the design and effectiveness of their cybersecurity policies and procedures.
The Commission also proposed amendments to adviser and fund disclosure requirements to provide current and prospective advisory clients and fund shareholders with improved information regarding cybers risks and incidents. The SEC also proposed to have advisers report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission on a confidential basis.
The IAA said that it supports the goals of enhanced preparedness and resiliency of investment advisers against cyber threats, but objected to the plan to have advisers reports incidents to the Commission within 48 hours, as well as several details proposed to be included in public disclosures. The IAA is concerned that the proposed requirements would impede advisers’ efforts to respond to cybersecurity incidents as they are occurring, provide a roadmap to threat actors, and impose unnecessary operational and compliance burdens.
The IAA recommended that the SEC coordinate with other federal regulators towards adopting a uniform risk-based federal requirement for reporting cybersecurity and data breach incidents. It also said that it believes the Commission is underestimating the costs and burdens that would be imposed on investment advisers, particularly smaller firms, and suggested that smaller advisers be excluded from the reporting requirement altogether.
The IAA’s recommendation also include, among other things:
- The Commission should consider layered reporting of significant adviser cybersecurity incidents, consisting of a concise initial Form ADV-C within four business days and a final submission following the incident. Advisers should not be required to amend Form ADV-C prior to the final filing.
- Advisers should not be subject to unnecessary regulatory scrutiny of information provided on Form ADV-C that was made in good faith based on information known at the time but turns out to be materially inaccurate.
- An adviser and sub-adviser should be permitted to file one report per incident and agree on who should report.
- Duplicative reporting on Form ADV-C and Form PF should be avoided.
The SEC has proposed to revise the current deadlines for Schedule 13D and Schedule 13G filings, amend Rule 13d-3 to deem holders of certain cash-settled derivative securities as beneficial owners of the reference covered class, and align the text of Rule 13d-5, as applicable to two or more persons who act as a group, with the statutory language in Sections 13(d)(3) and (g)(3). Finally, the SEC set forth the circumstances under which two or more persons may communicate and consult with one another and engage with an issuer without concern that they will be subject to regulation as a group with respect to the issuer’s equity securities.
The IAA commended the SEC for its efforts to modernize the reporting requirements, but said that the accelerated timelines pose operational challenges and do not provide sufficient time for accurate and complete reporting. In the IAA’s opinion, the short deadlines may also exacerbate free riding and front running.
The IAA opposes deeming holders of certain cash-settled derivative securities to beneficially own the reference securities just as if they held such securities. In its view, this treatment of cash-settled derivatives is unclear and inconsistent with the purpose behind the beneficial ownership reporting regime. The IAA also expressed concern that the proposed definition of a “group” is overbroad and could chill valuable shareholder engagement. The association provided a series of recommendations to change the proposed filing schedule to provide filers with a more reasonable amount of time, and create consistency.
T+1 settlement. In the T+1 release, the SEC has proposed to shorten the standard settlement cycle for most broker-dealer transactions from two business days after the trade date (T+2) to one business day after the trade date (T+1). To facilitate a T+1 standard settlement cycle, the Commission also proposed new requirements for the processing of institutional trades by broker-dealers, investment advisers, and certain clearing agencies.
In its comment letter, the IAA said that it supports the shortening of the standard settlement cycle for most broker-dealer transactions to T+1. The association agreed that the amendments could reduce the credit, market, and liquidity risks in securities transactions, and that the amendments can provide capital and operational efficiencies.
The IAA did offer several recommendations that it believes will better balance the Commission’s desire for information with the technical and operational realities of how investment advisers engage in securities trading and obtain and retain trading information.
Specifically, the IAA recommended that the Commission:
- Allow investment advisers that are parties to agreements under proposed Rule 15c6-2 to rely on compliance by third parties to meet obligations for allocations and affirmations;
- Allow the investment advisers to rely on third parties to satisfy compliance with the proposed recordkeeping obligations under the Advisers Act;
- Coordinate and engage with global regulators and market participants when overseeing the T+1 settlement cycle in order to minimize disruptions;
- Set the T+1 settlement cycle compliance date for May 28, 2024; and
- Require Commission staff to provide a T+0 report to the Commission within two years of the compliance date of T+1 implementation.