What’s Next
After PFAR?

What’s Next After PFAR?

In its highly awaited opinion released on June 5, 20241, the U.S. Court of Appeals for the Fifth Circuit vacated all of the Securities and Exchange Commission’s (SEC) Private Fund Adviser rules (PFAR), agreeing with industry trade associations that the SEC lacked the necessary statutory authority to adopt PFAR. 

The initial question following the opinion was whether the SEC would appeal the Fifth Circuit’s panel decision or petition the U.S. Supreme Court to review the case – particularly given the priority SEC Chair Gary Gensler placed on PFAR and the considerable resources the SEC devoted to it.

The windows for these options have now closed. The SEC ultimately took neither approach, which was not surprising; in particular, the current political composition of the Supreme Court would have been unlikely to result in a more favorable view of the SEC’s authority, and the Supreme Court in general tends to select cases for review most often when the issue presented is one of national importance and/or there has been a split among U.S. Circuit Courts in decisions on the same issue2.

While the SEC still has until early September to petition the U.S. Supreme Court to review the case, we think the likelihood is very low

Further, our expectation is that, given the breadth of Chair Gensler’s agenda and the number of rules that have not yet been finalized, the SEC will use the time remaining before the November elections to prioritize rulemaking that could have greater staying power and to use its existing tools (e.g., examinations and enforcement) to target the conduct that it had aimed to address with PFAR.

While the SEC still has until early September to petition the U.S. Supreme Court to review the case, we think the likelihood is very low

In its highly awaited opinion released on June 5, 20241, the U.S. Court of Appeals for the Fifth Circuit vacated all of the Securities and Exchange Commission’s (SEC) Private Fund Adviser rules (PFAR), agreeing with industry trade associations that the SEC lacked the necessary statutory authority to adopt PFAR. 

The initial question following the opinion was whether the SEC would appeal the Fifth Circuit’s panel decision or petition the U.S. Supreme Court to review the case – particularly given the priority SEC Chair Gary Gensler placed on PFAR and the considerable resources the SEC devoted to it.

The windows for these options have now closed. The SEC ultimately took neither approach, which was not surprising; in particular, the current political composition of the Supreme Court would have been unlikely to result in a more favorable view of the SEC’s authority, and the Supreme Court in general tends to select cases for review most often when the issue presented is one of national importance and/or there has been a split among U.S. Circuit Courts in decisions on the same issue2.

While the SEC still has until early September to petition the U.S. Supreme Court to review the case, we think the likelihood is very low

Further, our expectation is that, given the breadth of Chair Gensler’s agenda and the number of rules that have not yet been finalized, the SEC will use the time remaining before the November elections to prioritize rulemaking that could have greater staying power and to use its existing tools (e.g., examinations and enforcement) to target the conduct that it had aimed to address with PFAR.

What Questions Still Remain?

Since PFAR’s adoption in August 2023 and the filing of the lawsuit, many private fund sponsors had been focused on the two looming questions: What would be the outcome of the litigation? And how should firms go about preparing for compliance in light of the litigation?

In considering the second question in particular, it is worth exploring the issue of statutory authority and its direct effects on SEC rulemaking.

What Questions Still Remain?

Since PFAR’s adoption in August 2023 and the filing of the lawsuit, many private fund sponsors had been focused on the two looming questions: What would be the outcome of the litigation? And how should firms go about preparing for compliance in light of the litigation?

In considering the second question in particular, it is worth exploring the issue of statutory authority and its direct effects on SEC rulemaking.

Statutory Authority: A Closer Look

One of the industry associations’ central arguments in the litigation was that neither of these statutes in fact gave the SEC the requisite authority to adopt PFAR.

Statutory Authority: A Closer Look

One of the industry associations’ central arguments in the litigation was that neither of these statutes in fact gave the SEC the requisite authority to adopt PFAR.

Statutory Authority: The Fifth Circuit’s View

Statutory Authority: The Fifth Circuit’s View

Statutory Authority: Implications for Other Rules

Reviewing the pending Advisers Act rules that remain on the SEC’s agenda (as outlined in the table that follows), we note that four proposals cite to these same subsections (211(h) and 206(4)), and therefore appear susceptible to the same challenges brought by the industry and defects identified by the Fifth Circuit.

Statutory Authority: Implications for Other Rules

Reviewing the pending Advisers Act rules that remain on the SEC’s agenda (as outlined in the table that follows), we note that four proposals cite to these same subsections (211(h) and 206(4)), and therefore appear susceptible to the same challenges brought by the industry and defects identified by the Fifth Circuit.

Pending Advisers Act Rules

Rule

Statutory Authority (Advisers Act)

Proposal Date

Proposal Components

Predictive Data Analytics

Sections 204, 211(a), 211(h)

July 2023

- New Rule 211(h)(2)-4 (conflicts of interest) and

- Amendments to Rule 204-2 (Books and Records)

Safeguarding

Sections 203, 204, 206(4), 211(a), 223

February 2023

Proposed new Rule 223-1, redesignates existing Rule 206(4)-2 (Custody Rule)

Outsourcing

Sections 203, 204, 206(4), 211(a), 211(h)

October 2022

- New Rule 206(4)-11 (service providers);

- Amendments to Rule 204-2 (Books and Records); and

- Amendments to Form ADV

Adviser ESG Disclosure

Sections 203, 204, 211

May 2022

Amendments to Form ADV

Adviser Cybersecurity

Sections 203, 204, 206(4), 211(a), 211(h)

February 2022

- New Rule 206(4)-9 (cybersecurity policies and procedures);

- New Rule 204-6 and Form ADV-C (reporting “significant” cybersecurity incidents to SEC); and

- Amendments to Rules 204-2 (Books and Records) and 204-3 (Brochure Rule)

Predictive Data Analytics and Safeguarding Will Be Re-Proposed

Predictive Data Analytics

The SEC’s proposal relied on Section 211(h) as authority for a new conflicts rule that would apply to private fund (and other registered) advisers3. We believe this rule will be the most difficult for the SEC to justify in the wake of the PFAR decision.

That said, Chair Gensler has emphasized repeatedly that the regulation of artificial intelligence usage in capital markets – and addressing the threat that conflicts of interest relating to digital engagement practices pose to investors – are among his top priorities. He has already suggested that the SEC plans to re-propose Predictive Data Analytics rather than move right to a final version4.

What might the new version look like? The new proposal could rely on Section 211(h) but apply only to advisers’ interactions with retail customers – not to private funds themselves or to investors in such funds. The new proposal could also include amendments to, or rules under, the recordkeeping and/or anti-fraud provisions that apply to all registered advisers (for recordkeeping rules) and all advisers (for 206(4) rules). For a new rule under 206(4), the SEC would need to include clear descriptions of a well-defined fraud that the rule is meant to address.

Chair Gensler has emphasized thatthe regulation of AI usage in capital markets is among his top priorities

The SEC may also take the opportunity to fix other widely noted concerns with the original proposal, including the overbroad definition of “covered technology” and the novel, undefined concept of “neutralizing” a conflict of interest.

Safeguarding

The Safeguarding Rule, by contrast, is one that we think would be able to move forward under the same statutory authority (Sections 203, 204, 206(4), 211(a), and 223) as the original proposal. But because other aspects of the proposal – including numerous practical issues that commenters identified – are likely to require substantive changes, Chair Gensler has previewed that the SEC plans to re-open the comment period or re-propose the rule.

To strengthen the nexus between the existing Custody Rule and the new Safeguarding Rule, the SEC may drop its plans to renumber the Rule

The Safeguarding Rule is intended to replace the existing Advisers Act Custody Rule, a well-established anti-fraud rule under Section 206(4). In the proposing release, the SEC included a substantial amount of discussion and examples of fraudulent conduct – including references to Madoff – to support continued authority under Section 206(4)5.

To strengthen the nexus between the existing Custody Rule and the new Safeguarding Rule, the SEC may drop its plans to renumber the Rule (as Rule 223-1) and move it forward as an amended version of the existing Custody Rule (206(4)-2).

Predictive Data Analytics and Safeguarding Will Be Re-Proposed

Predictive Data Analytics

The SEC’s proposal relied on Section 211(h) as authority for a new conflicts rule that would apply to private fund (and other registered) advisers3. We believe this rule will be the most difficult for the SEC to justify in the wake of the PFAR decision.

That said, Chair Gensler has emphasized repeatedly that the regulation of artificial intelligence usage in capital markets – and addressing the threat that conflicts of interest relating to digital engagement practices pose to investors – are among his top priorities. He has already suggested that the SEC plans to re-propose Predictive Data Analytics rather than move right to a final version4.

What might the new version look like? The new proposal could rely on Section 211(h) but apply only to advisers’ interactions with retail customers – not to private funds themselves or to investors in such funds. The new proposal could also include amendments to, or rules under, the recordkeeping and/or anti-fraud provisions that apply to all registered advisers (for recordkeeping rules) and all advisers (for 206(4) rules). For a new rule under 206(4), the SEC would need to include clear descriptions of a well-defined fraud that the rule is meant to address.

Chair Gensler has emphasized thatthe regulation of AI usage in capital markets is among his top priorities

The SEC may also take the opportunity to fix other widely noted concerns with the original proposal, including the overbroad definition of “covered technology” and the novel, undefined concept of “neutralizing” a conflict of interest.

Safeguarding

The Safeguarding Rule, by contrast, is one that we think would be able to move forward under the same statutory authority (Sections 203, 204, 206(4), 211(a), and 223) as the original proposal. But because other aspects of the proposal – including numerous practical issues that commenters identified – are likely to require substantive changes, Chair Gensler has previewed that the SEC plans to re-open the comment period or re-propose the rule.

To strengthen the nexus between the existing Custody Rule and the new Safeguarding Rule, the SEC may drop its plans to renumber the Rule

The Safeguarding Rule is intended to replace the existing Advisers Act Custody Rule, a well-established anti-fraud rule under Section 206(4). In the proposing release, the SEC included a substantial amount of discussion and examples of fraudulent conduct – including references to Madoff – to support continued authority under Section 206(4)5.

To strengthen the nexus between the existing Custody Rule and the new Safeguarding Rule, the SEC may drop its plans to renumber the Rule (as Rule 223-1) and move it forward as an amended version of the existing Custody Rule (206(4)-2).

Outsourcing, Adviser ESG Disclosure, and Cybersecurity

Outsourcing

The Outsourcing Rule was also proposed under Section 206(4) and prohibits advisers from retaining service providers to perform certain functions without conducting prescribed due diligence and ongoing monitoring6. But unlike the Safeguarding Rule, the SEC seemed to struggle in the Outsourcing Rule’s proposing release to articulate and provide substantial evidence of the fraud that the proposal was designed to address.

With the Fifth Circuit so clearly denouncing “vague assertions” from the SEC regarding fraudulent adviser conduct as justification for anti-fraud rulemaking, the SEC would need to demonstrate that reliance on Section 206(4) for the Outsourcing Rule is not merely a pretext to introduce substantive diligence and monitoring requirements that the SEC thinks would constitute better business practices.

Unlike the Safeguarding Rule, the SEC seemed to struggle in the Outsourcing Rule’s proposing release to articulate and provide substantial evidence of the fraud it was designed to address

Some alternatives the SEC could consider would be to shift from new conduct requirements to investor disclosure requirements regarding risks associated with the use of service providers, including concentration risk and the possibility of operational or compliance gaps, or to focus on books and records relating to the use and ongoing oversight of service providers.

Adviser ESG Disclosure

The proposal has been criticized by commenters for the over-inclusive ESG product characterization framework that it would create

As the name suggests, the Adviser ESG Disclosure proposal would create new disclosure obligations for registered advisers on their Form ADV filings and brochures7.

Although Chair Gensler has often stated his desire to combat “greenwashing” in the investment management industry, Adviser ESG Disclosure was not proposed as an anti-fraud rule. The SEC relied on Sections 203 and 204 (along with Section 211, but not 211(h)), which provide broad authority to require disclosure of business practices – authority that remains intact.

The proposal has been criticized by commenters for the over-inclusive ESG product characterization framework that it would create, but this may be a relatively straightforward issue for the SEC to address in a final version.

Cybersecurity

The Fifth Circuit’s opinion in PFAR may also pose less of an obstacle to the SEC’s ability to finalize the Adviser Cybersecurity rules.

The SEC may decide to narrow the set of final Adviser Cybersecurity rules to ones mandating disclosure and reporting

The Adviser Cybersecurity proposal includes a new Rule 206(4)-9 requiring advisers to adopt and maintain cybersecurity policies and procedures as well as a series of disclosure requirement rules under Section 204 and a new “Form ADV-C” for reporting to the SEC (but not the public) any significant cybersecurity event8.

If the SEC moves to finalize these rules, it will likely focus on defining more precisely what the fraud is – as opposed to what external threats from third-party bad actors may exist – that the Rule is designed to address.

The SEC finalized a set of cybersecurity disclosure rules for public companies in July 2023, and so the SEC may decide to narrow the set of final Adviser Cybersecurity rules to ones mandating disclosure and reporting.

Outsourcing, Adviser ESG Disclosure, and Cybersecurity

Outsourcing

The Outsourcing Rule was also proposed under Section 206(4) and prohibits advisers from retaining service providers to perform certain functions without conducting prescribed due diligence and ongoing monitoring6. But unlike the Safeguarding Rule, the SEC seemed to struggle in the Outsourcing Rule’s proposing release to articulate and provide substantial evidence of the fraud that the proposal was designed to address.

With the Fifth Circuit so clearly denouncing “vague assertions” from the SEC regarding fraudulent adviser conduct as justification for anti-fraud rulemaking, the SEC would need to demonstrate that reliance on Section 206(4) for the Outsourcing Rule is not merely a pretext to introduce substantive diligence and monitoring requirements that the SEC thinks would constitute better business practices.

Unlike the Safeguarding Rule, the SEC seemed to struggle in the Outsourcing Rule’s proposing release to articulate and provide substantial evidence of the fraud it was designed to address

Some alternatives the SEC could consider would be to shift from new conduct requirements to investor disclosure requirements regarding risks associated with the use of service providers, including concentration risk and the possibility of operational or compliance gaps, or to focus on books and records relating to the use and ongoing oversight of service providers.

Adviser ESG Disclosure

The proposal has been criticized by commenters for the over-inclusive ESG product characterization framework that it would create

As the name suggests, the Adviser ESG Disclosure proposal would create new disclosure obligations for registered advisers on their Form ADV filings and brochures7.

Although Chair Gensler has often stated his desire to combat “greenwashing” in the investment management industry, Adviser ESG Disclosure was not proposed as an anti-fraud rule. The SEC relied on Sections 203 and 204 (along with Section 211, but not 211(h)), which provide broad authority to require disclosure of business practices – authority that remains intact.

The proposal has been criticized by commenters for the over-inclusive ESG product characterization framework that it would create, but this may be a relatively straightforward issue for the SEC to address in a final version.

Cybersecurity

The Fifth Circuit’s opinion in PFAR may also pose less of an obstacle to the SEC’s ability to finalize the Adviser Cybersecurity rules.

The SEC may decide to narrow the set of final Adviser Cybersecurity rules to ones mandating disclosure and reporting

The Adviser Cybersecurity proposal includes a new Rule 206(4)-9 requiring advisers to adopt and maintain cybersecurity policies and procedures as well as a series of disclosure requirement rules under Section 204 and a new “Form ADV-C” for reporting to the SEC (but not the public) any significant cybersecurity event8.

If the SEC moves to finalize these rules, it will likely focus on defining more precisely what the fraud is – as opposed to what external threats from third-party bad actors may exist – that the Rule is designed to address.

The SEC finalized a set of cybersecurity disclosure rules for public companies in July 2023, and so the SEC may decide to narrow the set of final Adviser Cybersecurity rules to ones mandating disclosure and reporting.

Statutory Authority: What About the Marketing Rule?

We expect to see a continued focus by the SEC staff on compliance with the Marketing Rule, as suggested by a recent Risk Alert from the Division of Examinations and staff guidance in the form of FAQs. The Risk Alert highlighted observations from SEC examination staff on advisers’ compliance with the Marketing Rule-related items of Form ADV, Rule 206(4)-7 (the “Compliance Rule”), and Rule 204-2 (the “Books and Records Rule”), as well as the Marketing Rule’s prohibitions and requirements relating to the substance of advertisements. In other words, the SEC took the opportunity to note adviser compliance issues relating to disclosure, policies and procedures, recordkeeping, and fraud (such as performance presentations that misled investors) – thereby supporting its ongoing justification for the rule.

Statutory Authority: What About the Marketing Rule?

We expect to see a continued focus by the SEC staff on compliance with the Marketing Rule, as suggested by a recent Risk Alert from the Division of Examinations and staff guidance in the form of FAQs. The Risk Alert highlighted observations from SEC examination staff on advisers’ compliance with the Marketing Rule-related items of Form ADV, Rule 206(4)-7 (the “Compliance Rule”), and Rule 204-2 (the “Books and Records Rule”), as well as the Marketing Rule’s prohibitions and requirements relating to the substance of advertisements. In other words, the SEC took the opportunity to note adviser compliance issues relating to disclosure, policies and procedures, recordkeeping, and fraud (such as performance presentations that misled investors) – thereby supporting its ongoing justification for the rule.