The National Society of Compliance Professionals (NSCP) has submitted a comment letter to the SEC addressing the regulator’s proposed amendments to Rule 206(4)-2, the Safeguards Rule, under the Investment Advisers Act of 1940.

The letter is meant to reflect the collective concerns of NSCP’s members, an organization made up mainly of professionals in compliance and audit positions, and the consultants who assist them in advising their businesses on financial industry regulations.

GRIP spoke with Lisa Crossley, Executive Director and CEO of the NSCP and Colleen Diles, President of Diles Consulting, an independent regulatory consultant servicing broker-dealer (BD) and registered investment adviser (IA) clients, to get more insight into the comment letter and the NSCP’s objectives in submitting it.

2,200 members

The NSCP has about 2,200 members, including the largest IAs, such as Fidelity and Vanguard, but the majority of its members are small or medium-sized firms.

It assembled a working group to write its comment letter and submit it to the SEC; this was comprised of 15 people from small, medium and large firms in the private fund space, IA space, dually registered BDs/IAs, plus some consultancies. Diles chaired this group.

The NSCP also sought the perspectives of its 23-person Regulatory Advisory Committee, plus its 23 board members.

“We also knew of our general memberships’ feelings about this topic, based on prior conversations and the comments they have expressed either on regulatory forum calls or on our Member Compliance Forum,” Crossley said.

“To be honest, I often hear from compliance professionals right away when a new rule or amendments are being discussed. This is because a large segment of our members come from small to medium-sized firms – and these professionals can have strong opinions about how new rule obligations will impact their businesses in a financial and human resources way,” Crossley said.

“The onus of selecting and vetting a qualified custodian for these larger groups of assets … would fall on compliance personnel.”

The proposed amendments would expand the application of the current investment adviser custody rule beyond client funds and securities to include any client assets in an investment adviser’s possession or when an investment adviser has authority to obtain possession of client assets.

Like the current rule, the proposed rule would entrust safekeeping of client assets to qualified custodians, including, for example, certain banks or broker-dealers, but the onus of selecting and vetting a qualified custodian for these larger groups of assets and reviewing an internal control report submitted by the custodian for such assets would fall on compliance personnel.

Custody of assets

The NSCP’s comment letter says the SEC’s expansion of the scope of the kinds of assets subject to the custody rule doesn’t come with a commensurate expansion of the types of qualified custodians, or alternative methods of providing custody over a wider array of assets advisers’ clients are invested in.

The NSCP observes that compliance officers might not have the right skills to manage the custodial arrangements over certain asset types (eg, digital assets, fine art, and real estate), and they say “it may be difficult for compliance professionals to implement or oversee these elements of the proposed rule without the risk of not doing ‘enough’ to satisfy the Commission’s expectation or doing ‘too much’ and incurring unnecessary expenditures”.

For its part, the SEC contemplates these hardships in its proposal, admitting that “we understand that many advisers may be reluctant to provide a full range of advisory services to their clients with respect to crypto assets because of concerns that a market for custodial services to safeguard these assets has not yet fully developed.” (The limited number of qualified custodians overall is something the SEC notes in its proposal, actually.)

But the SEC says “most crypto assets are likely to be funds or crypto asset securities covered by the current rule” anyway.

“The NSCP is concerned that the language defining custody is being interpreted differently by investment advisory firms and compliance professionals.”

So what is the greatest source of angst for the working group with the new amendments, if they could boil it down to one?

Diles said it was the definition of custody. The proposed new definition of custody includes: “Any arrangement (including, but not limited to a general power of attorney or discretionary authority) under which you are authorized or permitted to withdraw or transfer beneficial ownership of client assets upon your instruction.”

With respect to discretionary authority, the NSCP is concerned that the language defining custody is being interpreted differently by investment advisory firms and compliance professionals.

The terminology “withdraw or transfer beneficial ownership” resulted in varying interpretations, by compliance professionals, as to when discretionary authority would trigger application of the proposed safeguarding rule.

General discretionary authority

Some compliance professionals believe the safeguarding rule would be triggered by general discretionary authority, not including limited trading discretion; and some compliance professionals believe the safeguarding rule would be triggered by any discretionary authority, including limited trading discretion.

“First and foremost, the group agreed that limited trading discretionary authority should be excluded from the proposed definition of custody,” Diles said. “We believe that the proposal should generally retain the current practice, which treats a client account held at a qualified custodian in which an adviser has discretionary trading authority only as not giving rise to custody over client assets,” she said.

“Getting custodial reports is already hard, but then interpreting them is also a big ask for compliance officers. I question whether it is a compliance officer’s role here.”

Lisa Crossley, Executive Director and CEO, NSCP

Asked about the skills it would take to maintain custodial relationships over these new asset types, Crossley said it reminds her of how new compliance expectations in the cybersecurity arena first seemed so daunting to compliance professionals, especially before chief information security officers were expected and required at regulated businesses.

“Smaller and medium-sized firms have a difficult time getting the attention they need from custodians and the information they need from them even now,” she said. “Getting custodial reports is already hard, but then interpreting them is also a big ask for compliance officers. I question whether it is a compliance officer’s role here, or if this should belong in another business area of a firm,” she said.

More clarity needed

Diles added: “We discussed the requirement to make determinations about custodial practices, including ‘reasonable commercial standards’ and that making such a determination may be outside the knowledge and experience of advisers, including compliance officers. We need more clarity here, in order to put compliance professionals in a better position to successfully implement certain elements of the proposed rule.”

But can’t the compliance team hire outside advisers to help with these skills gaps and the custodial supervision anticipated here?

“Not if you’re a small to mid-sized business,” Crossley said. “Many just cannot handle that financial and resource burden. And even if there is a vendor that can help, I’m not sure the custodian will agree to have the vendor get involved, because they’re not the client here, and the amended rule’s burden remains on the investment advisory business.”

“This review of the custodian’s internal controls report places an unrealistic expectation and burden on compliance professionals.”

Colleen Diles, President, Diles Consulting

The proposed amendments include a requirement that the qualified custodian will obtain and provide a written internal control report to the investment adviser.

If the amendment is adopted as proposed, on an annual basis, the NSCP says in its comment letter that this element could result in firm or regulatory expectations that the firm’s compliance staff review and approve the sufficiency of such reports, thereby creating an additional compliance responsibility.

The SEC’s proposal states [at page 100]: “Consistent with an adviser’s fiduciary duty, an adviser should review the report for control exceptions and take appropriate action where necessary.”

Diles said: “This review of the internal control reports may require a detailed understanding of the internal operations of qualified custodians. If this, as well as other, aspects of the proposal were to be introduced more gradually, maybe some best practices could evolve to help everyone involved here. But, right now, this review of the custodian’s internal controls report places an unrealistic expectation and burden on compliance professionals.”

What next?

Whether the comments will be heeded “depends on the SEC commissioners,” said Crossley.

“A couple of the commissioners are concerned about any ambiguity in rules that can lead to disparate interpretations and outcomes, so we think we have at least a couple of commissioners, like Hester Peirce and Mark Uyeda, that might be sympathetic to our concerns here.”

She also wondered why we should leave ambiguity to be cleared up by some risk alerts or enforcement actions later on when we can deal with it now.

The thrust behind the SEC’s proposed amendments is investor protection and trying to fill what the gaps in rules that have not kept pace with the types of valuable assets traded in the marketplace. Crossley and Diles think those are laudable and understandable goals.

“Having greater clarity here and an approach that is workable for businesses with varying resources is all we’re asking for here,” Diles said. “We want to promote investor protection too, as our businesses depend on it. But there needs to be some attention paid to feasibility, the scope of the rule and its rollout.”