With the Securities & Exchange Commission proposing tighter cybersecurity requirements for hedge funds and other asset managers, Cole-Frieman & Mallon LLP, one of the nation’s leading boutique law firms serving the investment management industry, has launched a first-of-its-kind cybersecurity law practice. It is the only legal practice dedicated to advising investment managers on their critical and fast-evolving cybersecurity obligations, and to lead it, the firm has welcomed back its former partner and cybersecurity expert John Araneo. He will be based in New York.
“We pride ourselves on innovating to serve the needs of our clients,” said Karl Cole-Frieman, managing partner of Cole-Frieman & Mallon. “With the clear movement toward more onerous cybersecurity rules for asset managers, our clients need informed legal counsel in this complex and sensitive area. John Araneo is far and away the most qualified attorney to address that need, and we’re overjoyed that he will be bringing his innovative practice to Cole-Frieman & Mallon.”
The firm’s move comes as new cybersecurity regulations continue to surge, a trend illustrated by the SEC’s proposed Cybersecurity Risk Management Rule, which introduces an entirely new cybersecurity compliance regime that demands:
- More comprehensive cybersecurity policies, procedures, and controls;
- Additional continuity between annual cybersecurity assessments;
- Reporting of significant cybersecurity incidents to the SEC;
- New investor disclosures; and
- A new five-year record retention rule.
Cole-Frieman & Mallon’s cybersecurity law practice is uniquely positioned to advise its clients on these requirements, to design appropriately scaled pre-breach compliance measures, and provide counsel in connection with all of the new post-breach disclosure and reporting requirements. The SEC is targeting April 2023 for a vote on the proposed rule, which is being closely watched by the asset management community.
An investment management attorney with more than 20 years of legal experience working with asset managers, Araneo departed Cole-Frieman & Mallon in 2017 to dive deeper into cybersecurity. He co-founded a cyber-focused managed IT services business (MSP) launched at Align Communications, Inc., designed specifically for investment advisors and private funds, which remains a leading MSP in the asset management space today. Widely recognized as a first mover in addressing cybersecurity compliance challenges for investment managers, he has conducted more than 500 operational cybersecurity assessments for investment advisers of every size, investment strategy, and growth stage. He has spent the last five years closely monitoring both evolving IT and cloud-based architectures and changing cybersecurity technologies, standards, and regulations, making him uniquely suited to design optimal cybersecurity systems for investment advisers.
“Regulatory change is happening, whether the most recent iteration of the SEC’s cyber rule passes or not. Investment managers should begin preparing now, to avoid the anticipated regulatory examinations, cyber sweeps, and enforcement actions, and also to satisfy investors’ due diligence focus on cyber,” said Araneo, who has liaised directly with the SEC on its proposed regulations. “The heightened reporting, governance, document retention, and transparency obligations in this new cybersecurity regime require specialized counsel that is more commensurate with the risks. Delivering that counsel through a law firm presents an elegant solution for asset managers. I’m thankful but not surprised that Cole-Frieman & Mallon has chosen to invest in this critical resource for its client base, reaffirming its leadership position.”
