Numerous vendors play a pivotal role in helping an investment advisor accomplish its goals and mission. That’s why it’s so imperative for an advisor to carefully negotiate contracts with vendors at the outset to set expectations for the relationship.
It may seem that vendor contracts contain lots of boilerplate language, but they are often carefully crafted agreements that may contain potential unwanted surprises for investment advisors that must be addressed as part of an advisor’s due diligence of the vendor. Therefore, whether you’re building a relationship with a third-party manager, broker-dealer, technology service provider, landlord or other vendor, it is imperative to carefully read vendor agreements to ensure that your firm’s and your clients’ interests are properly protected. This article will provide an overview of four commonly overlooked vendor contract issues and provide recommendations on how investment advisors should approach them.
1. Data Ownership and Management
In order to perform their services, many vendors require access to a significant amount of your firm’s and your clients’ data, and, unsurprisingly, this has garnered significant attention from regulators in the past few years. The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has been, through various sweep examinations, scrutinizing how investment advisors work with vendors to protect confidential information.
Among the deficiencies cited by OCIE in its April 16 Risk Alert was the failure of certain investment advisors to ensure that their vendor contracts contain provisions requiring the vendor to keep clients’ personally identifiable information confidential, in violation of their policies and procedures. As such, it is strongly advisable to ensure that such a provision is not absent from a contract with a vendor with whom you share client or firm information, particularly where your policies and procedures require such provisions to be in vendor contracts.
However, even if vendor contracts contain confidentiality provisions, it is important to carefully read those provisions because they often contain exceptions that allow the vendor to share confidential information with certain parties under certain conditions. These provisions should ideally be negotiated to ensure that the vendor will only share such confidential information to the extent necessary to perform its services or as otherwise required by applicable laws, rules, and regulations.
Additionally, vendor contracts should also contain a provision requiring the vendor to promptly notify you should confidential information be improperly disclosed, such as through a cybersecurity breach.
Apart from confidentiality concerns, it is critical to review vendor contracts to determine how your data (including not only data disclosed to your vendor but also any work product resulting from your relationship with the vendor) will be handled upon termination of the contract. Apart from the business imperative, this is critical because, among other things, investment advisors typically must maintain certain books and records. For instance, Rule 204-2 under the Investment Advisers Act of 1940 requires SEC-registered investment advisors to retain a long list of books and records relating to their businesses, generally for at least five years from the last time the document was modified.
It is important to clarify which party owns which documents upon termination of the business relationship so that there is no confusion down the road. If an advisor’s data will not be easily accessible to the advisor once the agreement with the vendor terminates, the vendor contract should ideally contain a provision requiring the vendor to transfer such data to the advisor upon termination of the contract and/or to cooperate in good faith with the advisor to ensure that the advisor has access to its data after termination of the contract.