Nov. 5, 2022
November 5, 2022 This rule seems exceedingly broad. The cost to each RIA of $132,320 in the first year and $44,107 every year thereafter is extremely high unless there are mass deficiencies causing material investor harm. It seems instead that there have been isolated incidents where an investor has been harmed with the primary cause being a poorly-chosen vendor. That would prescribe a very different piece of regulatory guidance than this document It would be specific and targeted at the causal points of failure rather than broadly applied. Further, most of the 'examples' listed within the document seem to imply that RIAs are choosing large vendors with systematic processes (which should be on-average good for investor protection) and the SEC is concerned that sometimes these vendors have systematic failures. This regulation will not change that - the large vendors will be least effected, as their scale affords cost-efficient provision of diligence packets to RIAs seeking outsourcing. The actual result of this regulation will be that small vendors will not enter the market to compete, because of the high cost of producing such due diligence to the first few hundred customers is cost-prohibitive. I'd much prefer to see the rule address specific problems the SEC sees with the current due diligence being done by RIAs who have a FIDUCIARY duty to perform reasonable due diligence of their vendors. Start with much more limited requirement of these \"prescribed diligence\" rules, while leaving most diligence under the Fiduciary responsibility of the RIA. For example, apply these \"prescribed diligence\" rules when: an RIA outsources any trading, portfolio management, separate account management, or custom indexing functions to a non-SEC registered company. an RIA outsource to vendors abroad when client PII is involved. an RIA outsources CCOs duties such as email review and quarterly compliance checklists (and also make it abundantly that the principles of the RIA cannot divest ultimate responsibility for ensuring the adequacy of compliance measures). I'm sure there are other areas where investor harm originate regularly enough to justify the cost of due diligence. One suggestion for substantially limiting the scope would be to revert to a general duty as a Fiduciary when outsourcing to another SEC/FINRA/CFTC registered firm (like a TAMP or SMA provider) or a major software vendor for software-only contracts (like Microsoft/Salesforce or Tamarac/Orion). While such a carve-out does not alleviate the systemic risk concerns (which themselves are outweighed by improvement in the consistency of the client-deliverable or RIAs wouldn't be outsourcing so prolifically), it would massively reduce cost if you can get most of the top-10 solutions in each category into a carved-out umbrella that allows status quo level due diligence.