Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date
Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered advisers and include:
- The requirement to establish, implement, update and enforce written physical security and cybersecurity policies and procedures;
- The requirement to deliver upon engagement by a client, and on annual basis thereafter, to each client a privacy policy. The privacy policy shall be promptly updated and delivered to each client if any of the information in the policy becomes inaccurate;
- Prohibition of any mandatory arbitration provision in an advisory contract;
- Notification to the Division of Securities and Retail Franchising, State Corporation Commission and the client of an unauthorized access to records that may expose a client’s identity or investments to a third party within three business days of the discovery of the unauthorized access; and
- Authorization to delay or refuse to place an order or to disburse funds that may involve or result in the financial exploitation of an individual pursuant to 63,2-1606 L of the Code of Virginia.
For complete details on what should be included in the physical security and cybersecurity policies and procedures, please refer to Rule 21VAC5-80-260 (Information security and privacy). The adopted amendments to Chapters 20, 30, 45, and 80 of Title 21 were enforceable as of September 16, 2019.
If you need further guidance on this rule change, or any compliance assistance with state registration, explore our compliance management services and contact us.