Cole-Frieman & Mallon Launches First Cybersecurity Law Practice for Asset Managers With Eye to SEC’s Proposed Rules

Former Partner and Cybersecurity Authority John Araneo Returns to Lead Innovative Group

SAN FRANCISCO & NEW YORK--()--With the Securities & Exchange Commission proposing tighter cybersecurity requirements for hedge funds and other asset managers, Cole-Frieman & Mallon LLP, one of the nation’s leading boutique law firms serving the investment management industry, has launched a first-of-its-kind cybersecurity law practice. It is the only legal practice dedicated to advising investment managers on their critical and fast-evolving cybersecurity obligations, and to lead it, the firm has welcomed back its former partner and cybersecurity expert John Araneo. He will be based in New York.

“We pride ourselves on innovating to serve the needs of our clients,” said Karl Cole-Frieman, managing partner of Cole-Frieman & Mallon. “With the clear movement toward more onerous cybersecurity rules for asset managers, our clients need informed legal counsel in this complex and sensitive area. John Araneo is far and away the most qualified attorney to address that need, and we’re overjoyed that he will be bringing his innovative practice to Cole-Frieman & Mallon.”

The firm’s move comes as new cybersecurity regulations continue to surge, a trend illustrated by the SEC’s proposed Cybersecurity Risk Management Rule, which introduces an entirely new cybersecurity compliance regime that demands:

  • More comprehensive cybersecurity policies, procedures, and controls;
  • Additional continuity between annual cybersecurity assessments;
  • Reporting of significant cybersecurity incidents to the SEC;
  • New investor disclosures; and
  • A new five-year record retention rule.

Cole-Frieman & Mallon’s cybersecurity law practice is uniquely positioned to advise its clients on these requirements, to design appropriately scaled pre-breach compliance measures, and provide counsel in connection with all of the new post-breach disclosure and reporting requirements. The SEC is targeting April 2023 for a vote on the proposed rule, which is being closely watched by the asset management community.

An investment management attorney with more than 20 years of legal experience working with asset managers, Araneo departed Cole-Frieman & Mallon in 2017 to dive deeper into cybersecurity. He co-founded a cyber-focused managed IT services business (MSP) launched at Align Communications, Inc., designed specifically for investment advisors and private funds, which remains a leading MSP in the asset management space today. Widely recognized as a first mover in addressing cybersecurity compliance challenges for investment managers, he has conducted more than 500 operational cybersecurity assessments for investment advisers of every size, investment strategy, and growth stage. He has spent the last five years closely monitoring both evolving IT and cloud-based architectures and changing cybersecurity technologies, standards, and regulations, making him uniquely suited to design optimal cybersecurity systems for investment advisers.

“Regulatory change is happening, whether the most recent iteration of the SEC’s cyber rule passes or not. Investment managers should begin preparing now, to avoid the anticipated regulatory examinations, cyber sweeps, and enforcement actions, and also to satisfy investors’ due diligence focus on cyber,” said Araneo, who has liaised directly with the SEC on its proposed regulations. “The heightened reporting, governance, document retention, and transparency obligations in this new cybersecurity regime require specialized counsel that is more commensurate with the risks. Delivering that counsel through a law firm presents an elegant solution for asset managers. I’m thankful but not surprised that Cole-Frieman & Mallon has chosen to invest in this critical resource for its client base, reaffirming its leadership position.”

In addition to his recent experience building a cyber-focused MSP at Align, Araneo previously worked at national and regional law firms and was the general counsel of an electronic trading firm sold to E*Trade in 2003.

About Cole-Frieman & Mallon LLP

Cole-Frieman & Mallon LLP is one of the top investment management law firms in the United States, known for providing top-tier, innovative, and collaborative legal solutions for complex financial services matters. Headquartered in San Francisco, Cole-Frieman & Mallon LLP services both start-up investment managers and multi-billion-dollar firms. The firm provides a full suite of legal services to the investment management community, including hedge fund, private equity fund, venture capital fund, mutual fund formation, adviser registration, counterparty documentation, SEC, CFTC, NFA and FINRA matters, seed deals, hedge fund due diligence, employment and compensation matters, and routine business matters. The firm also publishes the prominent Hedge Fund Law Blog, which focuses on legal issues that impact the hedge fund community. For more information, please add us on LinkedIn and visit us at


Marcia Delgadillo
Cole-Frieman & Mallon LLP


Marcia Delgadillo
Cole-Frieman & Mallon LLP