The U.S. Securities and Exchange Commission (SEC) has moved a step closer to adoption of its proposed Cybersecurity Risk Management Rules. The rules, originally proposed in February 2022, were recently moved from proposed rule to the final rule stage on the agency’s Regulatory Flexibility Agenda. Signs are pointing to likely action on the final rule by April 2023. There is a lot to unpack in the proposed rule. Confluence is pleased to moderate a timely discussion with experienced industry professionals about the various impacts to investment advisers and investment companies.
- Why do we need a cyber rule? What should be disclosed? Breaking down industry support and opposition to the rules
- Understanding the significant impacts to an investment adviser’s and investment company’s compliance, operations, and technology
- Cyber risk is business risk: Planning now to get ahead of the rule requirements
- Effective strategies for cyber risk assessments and the new Cyber Annual Review
The panel discussion will feature:
- Laura Grossman, Associate General Counsel, Investment Adviser Association (IAA)
- Desiree F. Moore, Partner, K&L Gates
- Adan Araujo, Chief Compliance Officer, Jasper Ridge Partners
- E.J. Yerzak, Director, Cyber IT Services, Confluence (Moderator)
LAURA L. GROSSMAN is Associate General Counsel of the Investment Adviser Association, the leading organization dedicated to advancing the interests of investment advisers. For 85 years, the IAA has been advocating for advisers before Congress and U.S. and global regulators, promoting best practices, and providing education and resources to empower advisers to effectively serve their clients, the capital markets, and the U.S. economy. Prior to joining the IAA, Laura was in private practice for over 10 years at Fulbright & Jaworski L.L.P. (now Norton Rose Fulbright) in New York, where she advised registered investment adviser, mutual fund, and private fund clients on a wide range of compliance issues. She received her law degree from the University of Pennsylvania and a B.A. from Rutgers.
Desirée F. Moore is a litigation partner and founding member and co-lead of the firm's Digital Crisis Planning & Response (DCPR) client solution. She counsels corporations, educational institutions, non-profit organizations, national governing bodies, sports leagues, and high-profile individuals in proactively planning for and effectively managing crises of varying magnitudes, including: data breach; online defamation, harassment, and impersonation; university and other education scandals; sports matters; celebrity disgrace events; key person transitions and investigations; leaked confidential and proprietary information; and more. Her work balances the considerations of a public-facing crisis with smart and prudent legal action. Desirée has been quoted in the New York Times, Wall Street Journal, Washington Post, and more on behalf of clients who are navigating high- pressure situations.
Desirée also regularly helps clients proactively identify and manage the risks associated with social media use. She counsels individuals and corporations alike on social media best practices, how to effectively implement regulations for social media use in and outside of the workplace, and how to implement disciplinary measures for unlawful social media use.
As a trial attorney, Desirée has successfully litigated in state and federal court and has managed high-level disputes in sectors such as cryptocurrency, social media, intellectual property, entertainment, product liability, labor and employment, and class action defense at the trial and appellate court level. As a co-resident of the firm's Doha, Qatar office, she also has extensive experience in domestic and international arbitration.
Desirée leads the firm's professional development committee, where she and the committee guide the PD team in their implementation of innovative training and other programming for attorneys and staff globally, including programs that have gained national attention such as the Mini-MBA, Pitch Perfect, Ted-style Talks, and more. Desirée is actively involved in the firm-wide Women in the Profession group and created the Women's Mastermind program, which supports the business development goals of women associates and partners.
Adán D. Araujo is the Chief Compliance Officer of Jasper Ridge Partners, where he is responsible for overseeing regulatory matters. Jasper Ridge Partners is a wealth advisor and asset management firm that provides advisory services to private funds, prominent families, foundations and global institutions. Prior to joining Jasper Ridge Partners, Adán was Senior Vice President and Chief Compliance Officer of FirstCommand Financial Services. He also served as Senior Counsel for the United States Securities and Exchange Commission’s Division of Enforcement, as in-house counsel at the Vanguard Group, Inc., and as an attorney at Kilpatrick Stockton, LLP. Adán has previously held positions as a board member of the National Society of Compliance Professionals and as a member of FINRA’s District 6 Committee. Adán holds a J.D. degree from Rutgers School of Law, a B.S. degree from St. Peter’s College, and completed French Civilization Studies at Universite de Grenoble.
E.J. Yerzak is the Director of Cyber IT Services at Compliance Solutions Strategies (CSS), a Confluence company. He assists financial firms and private equity portfolio companies in bridging the gap between compliance and cybersecurity risk management. He enables firms to manage cybersecurity risk through technical testing and risk assessments, including penetration testing, 2 vulnerability scanning, and dark web monitoring. As a cybersecurity expert, he is regularly requested to speak at industry events around the world on cybersecurity and blockchain. E.J. has authored numerous articles on emerging technology and regulatory issues and is the author of a technothriller fiction novel, Access Point. He is a Certified Information Systems Auditor (CISA®), Certified Information Security Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™). E.J. holds a Bachelor of Arts in both English and Computer Science, Magna Cum Laude, from Colgate University, a Master of Science degree in Computer Information Technology from Central Connecticut State University, as well as a J.D., Magna Cum Laude, from Quinnipiac University School of Law. He is licensed to practice at the State Bar of Connecticut and in federal court before the U.S. District Court for the District of Connecticut.