Numerous vendors play a pivotal role in helping an investment advisor accomplish its goals and mission. That’s why it’s so imperative for an advisor to carefully negotiate contracts with vendors at the outset to set expectations for the relationship.
It may seem that vendor contracts contain lots of boilerplate language, but they are often carefully crafted agreements that may contain potential unwanted surprises for investment advisors that must be addressed as part of an advisor’s due diligence of the vendor. Therefore, whether you’re building a relationship with a third-party manager, broker-dealer, technology service provider, landlord or other vendor, it is imperative to carefully read vendor agreements to ensure that your firm’s and your clients’ interests are properly protected. This article will provide an overview of four commonly overlooked vendor contract issues and provide recommendations on how investment advisors should approach them.
1. Data Ownership and Management
In order to perform their services, many vendors require access to a significant amount of your firm’s and your clients’ data, and, unsurprisingly, this has garnered significant attention from regulators in the past few years. The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has been, through various sweep examinations, scrutinizing how investment advisors work with vendors to protect confidential information.
Among the deficiencies cited by OCIE in its April 16 Risk Alert was the failure of certain investment advisors to ensure that their vendor contracts contain provisions requiring the vendor to keep clients’ personally identifiable information confidential, in violation of their policies and procedures. As such, it is strongly advisable to ensure that such a provision is not absent from a contract with a vendor with whom you share client or firm information, particularly where your policies and procedures require such provisions to be in vendor contracts.
However, even if vendor contracts contain confidentiality provisions, it is important to carefully read those provisions because they often contain exceptions that allow the vendor to share confidential information with certain parties under certain conditions. These provisions should ideally be negotiated to ensure that the vendor will only share such confidential information to the extent necessary to perform its services or as otherwise required by applicable laws, rules, and regulations.
Additionally, vendor contracts should also contain a provision requiring the vendor to promptly notify you should confidential information be improperly disclosed, such as through a cybersecurity breach.
Apart from confidentiality concerns, it is critical to review vendor contracts to determine how your data (including not only data disclosed to your vendor but also any work product resulting from your relationship with the vendor) will be handled upon termination of the contract. Apart from the business imperative, this is critical because, among other things, investment advisors typically must maintain certain books and records. For instance, Rule 204-2 under the Investment Advisers Act of 1940 requires SEC-registered investment advisors to retain a long list of books and records relating to their businesses, generally for at least five years from the last time the document was modified.
It is important to clarify which party owns which documents upon termination of the business relationship so that there is no confusion down the road. If an advisor’s data will not be easily accessible to the advisor once the agreement with the vendor terminates, the vendor contract should ideally contain a provision requiring the vendor to transfer such data to the advisor upon termination of the contract and/or to cooperate in good faith with the advisor to ensure that the advisor has access to its data after termination of the contract.
Some vendor contracts contain provisions allowing a vendor’s affiliates or agents to perform certain services to be provided under the contract. Advisors should carefully review such provisions to determine the scope of services that can be outsourced and to whom such responsibilities can be outsourced to determine if they are comfortable with such arrangements.
If you are contemplating permitting a vendor to outsource some of its responsibilities, it may be advisable to conduct due diligence not only on the vendor, but also on the third parties to whom the vendor can outsource its responsibilities to ensure that you adequately protect your firm and your clients.
3. Liability and Indemnification
These are typically some of the most important sections of a vendor contract to review. Often first drafts of vendor contracts will contain liability provisions where the vendor disclaims most, if not all, responsibility for any of its acts or omissions under the contract and indemnification provisions where the vendor requires an advisor to be responsible for, and compensate, the vendor with respect to a broad range of issues should something go wrong. Failure to adequately consider and negotiate these provisions could lead to severe consequences for an advisor should a dispute between the advisor, on the one hand, and the vendor or a third party, on the other hand, arise down the road.
Ideally, an advisor should try to narrow its indemnification obligations in the contract and include or expand the vendor’s indemnification obligations. At the very least, an advisor should aim to ensure that both sides have equivalent indemnification obligations for delineated acts or omissions. Even in situations where a vendor has agreed to assume liability and indemnification obligations, they may limit such obligations to circumstances where the vendor has acted egregiously (e.g., with gross negligence, willful misconduct, or bad faith), and an advisor must determine whether it is comfortable with such a limitation. Separately, where a vendor has agreed to assume certain indemnification obligations, an advisor should aim to require the vendor to defend the advisor should an indemnifiable claim arise because an advisor does not want to come out of pocket for expenses associated with defending a claim.
4. Termination of Contract
Any provisions dealing with termination of the agreement are important to consider because, where properly negotiated, they can provide a failsafe mechanism for terminating the business relationship with a vendor should something go awry.
Ideally, the amount of notice required to terminate the contract should be minimized to allow the advisor to walk away from the relationship, particularly where the vendor has engaged in wrongdoing. Nonetheless, this may not always be a viable alternative, depending on the amount of work that a vendor is required to perform in winding down the services it provides. Properly negotiated termination provisions should also clearly spell out each party’s obligations in the event of a contract termination in order to ensure a smooth transition.
Ultimately, depending on the bargaining power in the advisor-vendor relationship, it may not be feasible for an investment advisor to get everything it wants from a vendor when negotiating a contract. However, an advisor should carefully consider the issues addressed above (as well as many others) and conclude whether it has the risk appetite to move forward with a business relationship with a vendor given the vendor’s positions on such issues.
Disclaimer: The foregoing information is provided for informational purposes only and does not constitute legal advice. Readers should consult an attorney if they require advice regarding their particular circumstances. Please contact Richard Chen at email@example.com with any questions.
Richard Chen is an investment management attorney who has been practicing for nearly two decades with several top multinational law firms and a leading compliance consulting firm. He now runs his own law firm practice, which serves independent wealth managers, hedge and private equity fund sponsors, financial planners, and other financial institutions. He can be reached at firstname.lastname@example.org.