Skip to main content

Remarks at the ICI Investment Management Conference

William A. Birdthistle

William Birdthistle
Director, Division of Investment Management

Palm Desert, California

March 20, 2023

Good morning. Thank you, Eric, for the ICI’s gracious invitation and your own kind welcome. After so long apart during the pandemic, this opportunity to see one another face-to-face and to speak in person is a most welcome return to something like normality.

One thing that remains unchanged, however, is my obligation to make clear that my comments today are my own and do not necessarily reflect the views of the Commission, the Commissioners, or the SEC staff.

Events such as a pandemic are a sharp reminder that while we all address ourselves to the quotidian demands of our duties, whether they be to our clients, to our firms, or to our fellow citizens, we cannot afford to lose sight of the larger movements atop of which we conduct our affairs. Preparation for those tectonic developments, especially when they portend disruptive changes, must come long in advance and with conscientious forethought. The busier we find ourselves with immediate calls upon our attention, the more difficult – and yet more essential – it will be to pull our gaze up towards the approaching horizon.

Upon our horizon, my colleagues in the Division of Investment Management espy three trends worthy of our far-reaching vigilance and prompt concentration. I’d like to consider each component of this trio of large movements with you today and to offer thoughts on how several of the Division’s recent rulemakings could address these coming developments and the risks they could pose to investors and the market at large.

* * *

The first such trend involves the pattern and pace of technological advancement. This development may feel as though it already permeates all aspects of our lives, from our wallets to our watches, and from our desks to our wrists. Certainly, we live in a time when many of our daily activities are already immersed in technology. But what may be changing most is the pace of that change.

In recent months, articles on finance have been replete with references to technological advancements, from explications of the details of distributed ledgers and so-called decentralized finance to a genre devoted to artificial intelligence and machine learning. Several other moments, in recent and distant memory, have experienced similarly conspicuous marriages of technology and finance. The dot-commery cycle at the turn-of-the-millennium, for instance, witnessed large-scale internet adoption, the efflorescence of venture capital, and a spike in start-ups which combined to drive a period of massive economic growth, before a period of economic retraction. Economic historians of the business cycle like Nikolai Kondratiev and Joseph Schumpeter long ago sought insights and clairvoyance from such intersecting sinewaves of economics and technology.[1] So this relationship is nothing new. But their notions of a forty- to sixty-year time frames today seem awfully dilatory.

What we in the Division of Investment Management have seen is an accelerating pace of technological advancement and complexity in the asset management industry with respect to how advisers offer their advisory services. Although technological advancement brings many positive improvements to our lives and the markets, it can present new challenges to adviser’s obligations under the securities laws that warrant the careful attention of regulators. Asset managers and their senior leadership now must balance bottom-line investment return and performance while simultaneously facing an ever-growing frontier of, for example, cyber security risks that loom over their operational integrity and the protection of their clients’ data and assets. As a consequence, the Division has devoted attention to the importance of asset managers’ responsibilities in light of certain technological capabilities, as a complement to more traditional areas of regulatory focus, such as conflicts-of-interest management and effective disclosure.

Despite these technological advancements and their attendant risks, no Commission rules currently require firms explicitly to adopt and implement comprehensive cybersecurity programs.[2] Yet cyber threats have become more sophisticated, and cyber incidents are numerous and endanger market integrity and, in turn, investor confidence.[3] To address these concerns, last year, the Commission proposed new rules and amendments designed to confront this reality and to improve the management of cybersecurity risks by investment advisers and funds.[4] The proposed rules would serve as a significant step toward addressing the technology-related perils of our time that threaten advisers with significant financial, operational, and reputational harm.[5] Under the proposal, advisers and funds would be required to take steps to mitigate and disclose cyber security risks, to enhance adviser and fund disclosures of cyber security incidents, and to report significant cybersecurity incidents to the Commission.[6] This proposal recognizes that advisers must take these threats seriously, that clients and investors deserve better disclosure about cyber incidents, and that the Commission needs reporting of significant cyber incidents to understand better the impact of such incidents upon investors and the market more broadly.[7]

Even more recently – just a couple of days ago, in fact – the Commission voted to propose rule amendments to Regulation S-P on the topic of data breaches and customer information. Under the current rule in this area, investment companies and registered investment advisers are required, among other things, to adopt written policies and procedures for administrative, technical, and physical safeguards to protect customer records and information.[8] Since Regulation S-P was adopted in 2000, however, we have experienced tremendous developments in how we gather, store, share, and protect digital information of all varieties. These changes are obvious in many aspects of our daily lives, particularly during the pandemic – from telehealth to electronic bill pay – and are increasingly apparent in how we track our daily steps, our sleep, and other biological behavior via the panopticons in our watches. For asset managers, similar advancements in digital communications, information storage tools, and other technologies have simplified the ability of firms to obtain, share, and maintain individuals’ personal information.

While this technological progress may offer certain benefits, this evolution also has changed – or perhaps even exacerbated – risks of unauthorized access to or use of personal information. The proposed amendments to Regulation S-P would respond to these threats by requiring registered investment advisers to adopt written policies and procedures for incident response programs that address unauthorized access to or use of customer information, and would require timely notification to individuals affected by an information security incident.[9] In a world where so much of our personal information exists in a digital medium, including within the asset management arena, it’s exceedingly important that investors are given notice when their sensitive customer data is compromised so that they can respond and protect themselves.[10]

A final area in which the Division has observed important changes is investment adviser custody. As many of you may be aware, last month, the Commission voted to propose amendments to the investment adviser custody rule.[11] That proposal is designed, in part, to address many new technological advancements in custody – a realm that, not too long ago, involved what now feels like an antiquarian practice of keeping certificates in office files or safety deposit boxes.[12] In recent years, however, custody has experienced significant developments, such as the use of blockchain technology as a method to record ownership and transfer assets.[13] Though these developments may allow for certain efficiencies, they also present technological, legal, and regulatory risks to advisers and their clients.[14] In this circumstance, and as always, a responsible regulator must remain current and observant in order to identify and to address gaps in protections because technological advancements can at times be impatient – and unwilling to await the consideration of the Division of Investment Management.

On each of these important proposals, we recognize the importance of your thoughts and your suggestions, and we look forward to engaging with your considered and constructive comments.

* * *

A second trend approaches with less velocity but perhaps greater inexorability: the nation’s and the world’s changing demographics. One of the biggest shifts that we will experience in our national population over the coming decade is a deep wave of retirements within the Baby Boomer generation. In fact, the U.S. Census Bureau reminds us that – as a matter of generational definition – all Baby Boomers will be 65 or older by 2030.[15] This profound shift in the demographic composition of the American population is sure to be felt by asset managers and their regulators. Investors, as you all know better than most, have unique needs determined, in part, by their age and stage of life. An investor’s investment goals and appetite for risk are likely to evolve significantly as they enter a phase as consequential as retirement. So an entire generation of American investors will soon be reaching an age of pivotal importance to their investment horizon. Moreover, as one American cohort advances into retirement, we will welcome another into the workforce, and those new employees will be starting to invest for their futures. We are thus in a crucial moment for the Division to be acutely focused on ensuring that investors enjoy the highest quality disclosure available to make informed investment decisions. Such a seismic change in the generational makeup of the investing public also presents a timely opportunity to consider ways that disclosure should be modernized.

In October of last year, the Commission adopted amendments to the requirements for annual and semi-annual shareholder reports provided by mutual funds and exchange-traded funds.[16] These reports will be much shorter than before (with further detail available online), will highlight key information, and will facilitate comparisons amongst different products. The new streamlined reports must be concise and visually engaging to highlight particularly important information for retail shareholders to assess and monitor their investments.[17] As we approach the compliance date for these final rules next year, our Division’s staff will be available to assist the industry and their counsel, so I encourage you to engage us with any questions well in advance of that date. I am always pleased to see disclosure become more digestible and accessible to investors, but particularly so in light of the demographic trends through which we are living.

The Division’s work on improving fund disclosure will also continue through our proposal on the Names Rule. One of the most important disclosure items that investors encounter as part of their investment selection process is obvious: a fund’s name. The name of a registered investment company is often the first and most potent marketing tool available to that fund. And, for an investor, a fund’s name can be an early indication of whether that particular fund is suitable for her portfolio. Last May, the Commission proposed to modernize the Names Rule to address the evolution of practices in the fund industry.[18] The proposed amendments would require more funds to adopt an 80 percent investment policy by extending that requirement to any fund name with terms suggesting that the fund focuses in investments that have (or whose issuers have) particular characteristics.[19] The proposed amendments, if adopted, would also limit temporary departures from the 80 percent investment requirement.[20]

Given the marketing benefit a fund may enjoy as a result of a particular name, it’s exceedingly important that investor expectations are aligned with the meaning that a fund name conveys. A fund can choose its name and can choose its portfolio – this rule encourages the twain to meet. We received many thoughtful comments to the proposal, and we look forward to your continued engagement on this important topic.

The Division is also observant of demographic trends within the asset management industry itself. As I hope many of you are aware, the SEC’s Office of Minority and Women Inclusion (“OMWI”) invites regulated entities every two years to conduct and submit voluntary self-assessments of their diversity policies and practices. Although regulated entities may submit their own self-assessments, OMWI provides entities with a “Diversity Assessment Report” tool, also known as “the OMWI DAR Tool” to assist with, and streamline, entities’ self-assessments.”[21] Information collected from the survey is aggregated and used in agency reports such as the OMWI Annual Report to Congress.[22] Without identifying any particular entity, the information may also be used to identify and highlight successful policies and practices.[23] Last year, OWMI published a Diversity Assessment Report that analyzed information from OMWI DAR Tool submissions.[24] The results revealed a disappointingly low response rate: just nine percent of the 1,263 entities that OMWI asked to participate in the survey submitted responses.[25] Such a low response rate leaves a gap in our knowledge and impairs any comprehensive understanding of diversity policies and practices in the financial securities industry.[26] OMWI continues to encourage increased participation in the survey, and I would like to reinforce the importance of submitting self-assessments with you all today as well. I hope that each of your firms will consider submitting an OMWI DAR Tool or comparable self-assessment, and I encourage you to reach out to OMWI with any questions.

On a related note, the Division recently published a Staff FAQ on investment adviser consideration of DEI Factors.[27] The FAQ discussed whether an investment adviser may consider DEI factors when recommending other investment advisers to or selecting other advisers for its clients under its fiduciary duty.[28] Provided that the use of such factors is consistent with a client’s objectives, the scope of the relationship, and the adviser’s disclosures, then the answer is yes. The FAQ explains that an adviser may consider a variety of factors, including DEI factors, in such a recommendation.[29]

My hope is that these efforts by the Division, and our colleagues in OMWI, will continue to inspire thoughtful consideration of how our nation’s demographics play a role not just in the composition of the investing public, but also in the industry that serves them.

* * *

A third, and final, noteworthy trend in some ways combines the first two: rapid growth, in both the market overall and the number and type of underlying products. In recent decades, for example, the asset management industry has capitalized upon the power of technology – and of complex financial engineering – to meet the increasing demands of investors in today’s markets. The industry itself has also grown to include a host of new entities that exist to support asset managers’ endeavors to serve an ever-growing investor base.

In addition to the changing and, in many ways, more challenging demographics of American investors, the sheer growth in their number over the past several decades has been staggering. ICI’s 2022 survey on the ownership of mutual funds reports that more than half of American households -- 52.3% to be exact -- own mutual funds.[30] Compare that to only 25% in 1990 and less than 6% in 1980.[31] Similarly, between 2019 and 2021, the IAA reported a nearly 50% (47.6%) increase in the number of individuals served by investment advisers.[32]

The increased prevalence of individual investments corresponds closely with two interrelated phenomena: (1) society’s shift in the latter half of the 20th century away from defined benefit pension plans and toward defined contribution retirement savings plans; and (2) the rise of online savings and investment platforms that provide at-home access to brokerage and advisory accounts at the click of a button.[33] The second of these trends was in many ways a response to the first. Access to suitable investment opportunities – especially in the form of investment advice and diversified mutual funds – is no longer a luxury of the wealthy; it appears to have become a practical necessity for much of the middle class.

In response to growth in demand, advisers are providing more types of services, offering a wider variety of investment products, and, simultaneously, experiencing downward competitive pressure on fees.[34] To address more and increasingly complex demands from clients, advisers are looking for cost effective solutions.[35] Unbeknownst to some clients, one type of solution might involve the adviser engaging with several service providers: from model providers to software companies to compliance professionals. In some cases, clients may benefit from certain efficiencies related to outsourcing in the form of better services or perhaps even lower fees should the adviser decide to pass on any savings to investors.[36]

Many clients may be surprised, however, to know the extent to which third-party service providers are involved in the provision of advisory services. In fact, in some cases, clients may not even be aware that a service provider is serving certain functions, as advisory agreements typically represent or imply that the adviser will perform all necessary functions related to its advisory services.[37] Although outsourcing may create efficiencies or savings, investors also may not know or fully appreciate the extent to which they are exposed to certain risks from an adviser’s use of service providers – even from those providers who are not involved in the formulation of investment advice itself.[38] Outsourcing of the administration of records or compliance functions for personal trading, for instance, may involve a service provider gaining access to a client’s sensitive personally identifiable information, the mishandling of which could expose clients to identity theft and other harms.

Bespoke index providers or subadvisers, by contrast, often perform activities that form a central part of the advisers’ services.[39] Engaging an index provider or subadviser may benefit both the adviser and its clients by, among other things, gaining access to expertise or specialization in a particular asset class or market.[40] The risk of client harm, however, exists when an adviser outsources to a service providers functions that are necessary to the provision of advisory services without appropriate advisory oversight.[41] These risks are compounded when the outsourced functions are highly technical or proprietary to the service provider.[42]

Although reliance on third-party service providers is not new, the demand for advisory services and competitive trends in the industry have elevated their importance in recent years. In particular, the increasing reliance on third parties to perform activities that form a central part of an adviser’s advisory services – such as certain bespoke indexes, model providers, and subadvisers – underscores the importance of an adviser providing effective and diligent oversight of such service providers.

To address these trends and the corresponding risks that investors may face, the Commission in November proposed certain requirements related to outsourcing in new Rule 206(4)-11, as well as related changes to Form ADV and advisers’ recordkeeping obligations.[43] At its core, the proposal would require due diligence prior to engaging a service provider and ongoing monitoring of outsourcing arrangements with service providers. Although I recognize that outsourcing may be a practical necessity for some advisers and may provide significant benefits to advisers and their clients, the growing prevalence of such arrangements warrants enhanced focus by both advisers and the Commission to ensure that clients receive the benefits and protections afforded by advisers’ fiduciary obligations. Importantly, the proposal states that, despite engaging a service provider, the adviser retains ultimate responsibility to the client for providing the advisory services for which it is holding itself out.[44]

The proposal focuses on those core functions that are of particular consequence to advisers and their clients. To that end, the scope of the proposal is tailored specifically to the outsourcing of services that are necessary for an adviser to provide advisory services in compliance with the law, and that, if not performed or performed negligently, would be reasonably likely to have a negative impact on the adviser’s clients or the adviser’s ability to provide advisory services.

The proliferation in the number of Americans who choose to invest their hard-earned savings with investment managers has dramatically expanded the asset management industry, and advisers are searching for ways to keep pace with increasingly complex client demands and competitive forces. Outsourcing has the potential to add a layer – and sometimes several layers – of risk to the relationship between a client and its adviser. While there may be benefits to certain efficiencies from relationships with service providers, the Commission’s proposal would better protect investors by requiring that advisers take steps to continue to uphold their fiduciary and other legal obligations under the federal securities laws. I believe the proposed rule would thus stand as a bulwark against the possibility that rapid growth and the increasing prevalence of significant outsourcing arrangements might undermine the investor protections afforded by the Advisers Act and the securities laws more broadly.[45]

* * *

For the remainder of your time here, I wish you an enjoyable conference. Our next session brings you a regulatory overview with experts from the ICI, industry, and practice – and my esteemed colleague, Deputy Director Sarah ten Siethoff.

I would like to conclude my remarks today with a note of appreciation for the staff of the Division’s Rulemaking Office, as I’ve spent a fair bit of this address speaking about their remarkable work. Every release written by the Division reflects an astonishing wealth of knowledge and expertise, and I am consistently impressed by the rulemaking staff’s skill and professionalism. I am exceedingly grateful that we can entrust the Division’s rulemaking agenda to such a deep and seasoned bench of public servants, and know that I speak for the Division’s rule writers when I say that we look forward to continued, thoughtful engagement from all of you in this audience.

Thank you very much.

[1] See Nikolai Kondratiev, The Long Wave Cycle (Richardson & Snyder) 1984 (Guy Daniels trans.); Joseph Schumpeter, Capitalism, Socialism, and Democracy (Harper & Brothers) 1942.

[2] See Proposed Rule: Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Rel. No. 33-11028 at 9-10 (Feb. 9, 2022) (“Cyber Proposal”), available at

[3] See id at 7, n.5.

[4] See generally Cyber Proposal, supra note 2.

[5] Id.

[6] Id.

[7] Cyber Proposal, supra note 2, at 8 (“We are concerned about the efficacy of adviser and fund practices industry-wide to address cybersecurity risks and incidents, and that less robust practices may not address investor protection concerns. We are also concerned about the effectiveness of disclosures to advisory clients and fund shareholders concerning cybersecurity risks and incidents.”); Cyber Proposal, supra note 2, at 9 (“We believe requiring advisers and funds to report the occurrence of significant cybersecurity incidents would bolster the efficiency and effectiveness of our efforts to protect investors, other market participants, and the financial markets in connection with cybersecurity incidents.”).

[8] See 17 C.F.R. 248.30(a). See also Privacy of Consumer Financial Information (Regulation S-P), Exchange Act, Rel. No. 42974 (June 22, 2000) [65 FR 40334 (June 29, 2000)].

[9] See generally Proposed Rule: Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, Rel. No. 34-97141 at i (Mar. 15, 2023), available at

[10] Id. at 5.

[11] See generally Proposed Rule: Safeguarding Advisory Client Assets, Rel. No. IA-6240 (Feb. 15, 2023), available at

[12] Id. at 9.

[13] Id. at 16-17.

[14] Id.

[15] 2020 Census Will Help Policymakers Prepare for the Incoming Wave of Aging Boomers, United States Census Bureau (Dec. 10, 2019), available at

[16] See generally Final Rule: Tailored Shareholder Reports for Mutual Funds and Exchange-Traded Funds;

Fee Information in Investment Company Advertisements, Rel. No. 33-11125 (Oct. 26, 2022), available at

[17] Id.

[18] See generally Proposed Rule: Investment Company Names, Rel. No. IC-34593 (May 25, 2022), available at

[19] Id. at 16.

[20] Id.

[21] The U.S. Securities and Exchange Commission (SEC) provides the Diversity Assessment Report to entities regulated by the SEC in support of the Joint Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies (Joint Standards) issued by the federal financial regulatory agencies through an interagency policy statement dated June 10, 2015. See OMWI Diversity Assessment Survey, available at

[22] Id.

[23] Id.

[24] See OMWI Reports Highlight Progress in Diversity, Equity and Inclusion (May 2, 2022), available at

[25] See OMWI 2020 Diversity Assessment Report at 1 (May 2, 2022), available at

[26] Id.

[27] See Staff FAQ Relating to Investment Adviser Consideration of DEI Factors (Oct. 13, 2022), available at This staff FAQ represents the views of the staff of the Securities and Exchange Commission (“Commission”) and is not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved this staff FAQ. The staff FAQ, like all staff statements, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person.

[28] Id.

[29] Id.

[30] Investment Company Institute, ICI Research Perspective, at 1 (Oct. 2022), available at

[31] See id.

[32] See Investment Adviser Association, Investment Adviser Industry Snapshot 2022, at 6, available at

[33] See Congressional Research Service, A Visual Depiction of the Shift from Defined Benefit (DB) to Defined Contribution (DC) Pension Plans in the Private Sector (Dec. 27, 2021), available at

[34] See Proposed Rule: Outsourcing by Investment Advisers, Rel. No. IA-6176 at 5 (Oct. 26, 2022) (“Outsourcing Proposal”), available at

[35] Id.

[36] Id. at 7.

[37] Id. at 13.

[38] While generally focused on an adviser’s ability to provide its investment advisory services, the proposed definition of “covered function” includes functions beyond those that are central to the formulation of investment advice. Id. at 23-24.

[39] See generally Outsourcing Proposal. See also Request for Comment on Certain Information Providers Acting as Investment Advisers Rel. No. IA–6050 (June 15, 2022), available at

[40] See Outsourcing Proposal, supra note 34, at 7.

[41] Id. at 8.

[42] Id. at 9.

[43] See generally Outsourcing Proposal.

[44] Id. at 13.

[45] “In this regard, we are concerned that outsourcing these necessary functions (defined as “Covered Functions” in proposed rule 206(4)-11) in particular, without further oversight by the investment adviser, can undermine the adviser’s provision of services and compliance with the Federal securities laws, and can directly harm clients.” Id. at 13-14.

Return to Top