Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date

Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered advisers and include:

  1. The requirement to establish, implement, update and enforce written physical security and cybersecurity policies and procedures;
  2. The requirement to deliver upon engagement by a client, and on annual basis thereafter, to each client a privacy policy. The privacy policy shall be promptly updated and delivered to each client if any of the information in the policy becomes inaccurate;
  3. Prohibition of any mandatory arbitration provision in an advisory contract;
  4. Notification to the Division of Securities and Retail Franchising, State Corporation Commission and the client of an unauthorized access to records that may expose a client’s identity or investments to a third party within three business days of the discovery of the unauthorized access; and
  5. Authorization to delay or refuse to place an order or to disburse funds that may involve or result in the financial exploitation of an individual pursuant to 63,2-1606 L of the Code of Virginia.

For complete details on what should be included in the physical security and cybersecurity policies and procedures, please refer to Rule 21VAC5-80-260 (Information security and privacy). The adopted amendments to Chapters 20, 30, 45, and 80 of Title 21 were enforceable as of September 16, 2019.


If you need further guidance on this rule change, or any compliance assistance with state registration, explore our compliance management services and contact us


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

Countdown to CCPA: Are You Ready to Comply with New Data Privacy Requirements?

With less than one month before the California Consumer Privacy Act (CCPA) is effective, companies are preparing to update their cybersecurity programs. Many must address the regulation’s new data privacy requirements, which have caught some financial institutions off guard. Modeled to some extent after the European Union’s General Data Protection Regulation (GDPR), the CCPA provides … Continued

ESMA Updates AIFMD Q&A on Reporting to National Competent Authorities

The European Securities and Markets Authority (ESMA) has updated its Questions and Answers on the Alternative Investment Fund Managers Directive (AIFMD). One new Q&A has been added with regard to reporting to National Competent Authorities. ESMA has provided clarification on reporting on liquidity stress tests for closed-ended unleveraged Alternative Investment Funds (AIFs). These AIFs are exempt from the … Continued

CSS Named to RegTech 100 List of World’s Most Innovative RegTech Companies

NEW YORK – Compliance Solutions Strategies (CSS) is proud to announce its inclusion in the RegTech 100 for 2020, a list recognizing the world’s most innovative RegTech companies compiled by RegTech Analyst, a specialist research firm. “We are honored to be selected as one of the most innovative companies within such a competitive and evolving … Continued