Skip to Content
Two business professionals in suits walking together.
Article

Investment Advisers Act private fund reforms update

November 10, 2022 / 4 min read

As the SEC’s Investment Advisers Act private fund reforms proposal nears the end of the comment period, key themes are emerging about increased transparency, the regulatory burden on small advisers, and cybersecurity preparedness. Here’s the latest update.

In early 2022, the U.S. Securities and Exchange Commission (SEC) proposed sweeping new rules under the Investment Advisers Act of 1940 to increase the regulation of investment advisers and funds, including both registered and nonregistered private fund advisers.

The proposed rules are a direct response to the deficiencies identified in the June 23, 2020 SEC Division of Examinations (formerly OCIE) “Risk Alert: Observations from Examinations of Investment Advisers Managing Private Funds:”

Proposed rules

The lengthy proposals, almost 600 pages collectively, were issued in two separate releases on Feb. 9, 2022: “Private Fund Advisers” and “Cybersecurity Risk Management.” The proposed changes include:

Private Fund Advisers: SEC-registered

Private Fund Advisers: SEC-registered and nonregistered

Cybersecurity Risk Management: SEC-registered advisers and funds

Comment period and submitted comments

Although the public comment period was extended through June 13, 2022, for the Private Fund Advisers proposal, the SEC is still accepting comments. No timeline has been issued by the SEC on when they expect to issue final rules on these topics.

Comments on Private Fund Advisers proposal

There were nearly 350 submitted comments as of Oct. 31, 2022. Many of the individuals who commented strongly favored the proposed rule IA-5955 for Private Fund Advisers for its focus on increased transparency and accountability, while many of the advisers and business entities that commented expressed concern that the proposed rule would have unintended negative consequences, especially for small advisers.

Many of the advisers and business entities that commented expressed concern that the proposed rule would have unintended negative consequences, especially for small advisers.

For those commentators that didn’t support the proposed rule, they considered it to be excessive regulation that would discourage new private equity firms and suggested instead to have a size threshold (e.g., assets under management) for the new compliance requirements.

Of the four SEC Commissioners that voted, the one Commissioner that didn’t vote in favor of the proposed rule issued a dissenting statement, expressing concern it “could hinder capital formation” and that “[the SEC’s] resources are better spent on retail investor protection” rather than “wealthy investors who are represented by sophisticated, experienced investment professionals.”

Comments on Cybersecurity Risk Management proposal

Of the more than 60 submitted comments as of Oct. 31, 2022, the majority agreed that cybersecurity risk management is very important and should be a priority; however, there are varied opinions of how that risk management should be reported and disclosed.

Of the more than 60 submitted comments as of Oct. 31, 2022, the majority agreed that cybersecurity risk management is very important and should be a priority.

Specifically, while the proposed rule 33-11028 for Cybersecurity Risk Management aims to “enhance cybersecurity preparedness,” some commentators suggest that the proposed requirements may actually increase cybersecurity risk. For example, one commentator explained that the new public disclosure reporting requirements via Proposed Form ADV could unintentionally provide technical information to nefarious actors (i.e., hackers) about an entity’s cybersecurity shortcomings and suggested instead, in order to keep that information confidential, it should only be reported to the appropriate governmental agencies.

Other submitted comments suggested an assets under management threshold for the reporting requirements and extending the 48-hour deadline for reporting significant cybersecurity incidents — both of which would help reduce the burden on small advisers, which many commentators expressed concern about.

Compliance dates and next steps

The Private Fund Advisers proposed rule includes a one-year transition period following the effective date of any final rule. The Cybersecurity Risk Management proposed rule doesn’t currently propose a transition period or compliance date.

In response to the submitted comments, there will likely be revisions to the proposed rules. Want to hear when new information is released? Subscribe now.

Related Thinking

View of U.S. government building at night.
October 23, 2024

Maximize the Section 48 investment tax credit by beginning construction in 2024

Article 16 min read
Image of two people working
October 9, 2024

Building a world-class culture

Article 3 min read
Insurance agent discussing policies on the phone.
September 10, 2024

The NAIC’s bond classification changes: Developing an implementation plan

Article 5 min read