Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date

Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered advisers and include:

  1. The requirement to establish, implement, update and enforce written physical security and cybersecurity policies and procedures;
  2. The requirement to deliver upon engagement by a client, and on annual basis thereafter, to each client a privacy policy. The privacy policy shall be promptly updated and delivered to each client if any of the information in the policy becomes inaccurate;
  3. Prohibition of any mandatory arbitration provision in an advisory contract;
  4. Notification to the Division of Securities and Retail Franchising, State Corporation Commission and the client of an unauthorized access to records that may expose a client’s identity or investments to a third party within three business days of the discovery of the unauthorized access; and
  5. Authorization to delay or refuse to place an order or to disburse funds that may involve or result in the financial exploitation of an individual pursuant to 63,2-1606 L of the Code of Virginia.

For complete details on what should be included in the physical security and cybersecurity policies and procedures, please refer to Rule 21VAC5-80-260 (Information security and privacy). The adopted amendments to Chapters 20, 30, 45, and 80 of Title 21 were enforceable as of September 16, 2019.


If you need further guidance on this rule change, or any compliance assistance with state registration, explore our compliance management services and contact us


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

Proposed Amendment to 13F – What This Really Means?

The SEC released a proposed amendment to Form 13F on July 10 to update the reporting threshold for institutional investment managers and make other targeted changes. The threshold has not been adjusted since the Commission adopted Form 13F over 40 years ago. New Proposed Reporting Threshold: The proposal would raise the reporting threshold to $3.5 … Continued

SEC Issues New Cyber Risk Alert to Financial Firms

Financial firms have a bigger target on their backs at the moment, according to a new risk alert issued July 10, 2020 by the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE).  This new risk alert on ransomware cautions investment advisers, broker-dealers, and investment companies that OCIE has recently observed a marked … Continued