Key Point
- As of September 30, 2021, private fund managers registered with the CFTC as CPOs or CTAs will be required, under new NFA guidance, to supervise certain third-parties performing regulatory functions.
- Effective September 30, 2021, private fund managers that are registered with the Commodity Futures Trading Commission (either as commodity pool operators or commodity trading advisors) and are National Futures Association members will be required, under a new NFA interpretive notice,1 to demonstrate that they are effectively supervising third-parties that perform regulatory functions.
While a registered private fund manager is already required, under NFA Compliance Rule 2-9(a), to “diligently supervise its employees and agents in the conduct of their commodity interest activities,” the new interpretive notice expressly states that the manager “may be subject to discipline” if a third party’s acts or omissions cause compliance failures by the manager.
“To mitigate the risks associated with outsourcing,” the new interpretive release requires that a registered private fund manager “must have a written supervisory framework over its outsourcing function.” The NFA identified five areas to include in such a framework, and published a related list of questions to address in the Self-Examination Questionnaire.2
Initial Risk Assessment
The interpretive notice states that registered private fund managers should determine which regulatory functions are appropriate to outsource and evaluate any associated risks, and warns that “unless a Member determines that it may adequately manage the risks associated with outsourcing a particular function, a Member generally should not move forward with outsourcing the function.”
The primary areas of risk flagged in the interpretive notice include: (i) the type of confidential, personally identifying or other valuable information the service provider may have access to and the steps it takes to safeguard such information; (ii) the impact of any potential compliance failures by the service provider; and (iii) whether the service provider has the necessary resources to meet its contractual obligations and provide access to all required records.
Onboarding Due Diligence
Once a Member has established which regulatory functions are appropriate to outsource, the Member should perform due diligence to ensure any potential third-party service provider (i) is aware of relevant rules and regulations; (ii) has sufficient experience; and (iii) has the necessary operational capabilities. Due diligence should be heightened for third-party service providers who may obtain or have access to confidential data.
Key areas to consider include IT security, financial stability, background of key employees, regulatory history, business continuity and contingency plans. The NFA suggests a written agreement with a third-party service provider outlining the scope of services and addressing any additional terms, including whether the service provider uses subcontractors for any function and establishing a termination right if material changes are made with respect to the use of subcontractors.
Ongoing Monitoring
Under the interpretive notice, registered private fund managers, should establish both an ongoing review of particular functions and a periodic holistic review of performance. In addition, they should require notification of any material changes to operations, systems or processes, and establish escalation to senior management in the event of a third-party service provider’s failure to perform its duties or change in risk profile (e.g., in the event of a regulatory fine or business failure).
Termination
Sufficient notice from third-party service providers should be required prior to termination, and the manager should be able to obtain all manager and client records and to ensure former service providers return and no longer have access to confidential information.
Recordkeeping Relating to Third-Party Service Providers
Covered fund managers must maintain appropriate records pursuant to NFA Compliance Rules 2-10 and 2-49 to demonstrate compliance with the interpretive notice.
Impact on CPO/CTA Members’ Use of Third-Party Service
While the new interpretative notice did not specifically target any particular categories of service providers, many private fund managers engage third-parties for their administration, compliance and finance functions, all of which may fall within the interpretative notice’s scope of concern. As the trend of outsourcing non-investment functions continues, registered managers should ensure that their supervisory efforts increase accordingly. The timing of effective date of the interpretive notice (the end of Q3) suggests that the NFA expects this effort to be highlighted in the 2021 annual self-assessment.
1 The Interpretive Notice can be found here.
2 A comprehensive list of questions a Member may use to formulate its written framework to address the Interpretive Notice’s requirements can be found here.