Relieving pressure in overburdened compliance teams

Andrew Welch

Regulation and compliance teams within private equity (PE) firms are overloaded with their day-to-day tasks. Relieving some of this pressure will allow them to work on strategic, risk-based matters which will see them being more effective to the business overall.

Outsourcing can help alleviate some of this stress. Andy Welch, managing director, ACA Group (ACA), outlines: “There is significant regulatory and legislative pressure to increase the effectiveness of their compliance programs, manage with fewer internal resources, ensure high-quality results, reduce turnaround times, and lower costs. There are many routine tasks which compliance teams carry out that eat up considerable time. We’re seeing many compliance professionals feeling under uncomfortable strain just to get their day-to-day work done.”

These senior team members would be far more effective and impactful to the broader business if they could focus on the more strategic, structurally valuable aspects of regulation, compliance and operations.

In view of this situation, ACA has identified a growing demand for managed services. Welch says: “We are seeing material demand for solutions around resource-heavy, administrative, repetitive tasks at a functional level. This includes providing email and call surveillance, monitoring of electronic communications, identifying conflicts of interest, transaction reporting support and assistance with KYC and AML (anti-money laundering) processes. This allows the senior compliance teams to focus on important risk-based matters.” In fact, the firm has expanded its managed services team to accommodate these requirements.

This outsourcing exercise can also help a PE firm become more competitive. Rather than the compliance teams struggling to get through a mundane list of tasks or fight fires, they have more time and energy to be proactive and have more to give the business on a strategic dimension.

From a regulatory and operational perspective, PE firms are also battling with headcount. Welch comments: “It’s difficult to get hold of the right staff just because there’s quite a lot of demand in the market for regulatory and operational professionals. Further, even fairly junior individuals are coming at a premium from a salary perspective which makes hiring costs fairly expensive.”

According to Welch, an area that outsourcing firms can expect to see considerable traction is the AML/KYC space: “This is becoming a significant burden for PE firms, but it still needs to be done. There are higher and more onerous standards introduced by the fifth anti-money laundering directive and there is a cognisance that people want to do it right.”

ACA recently launched an AML KYC/CIP solution that combines ACA’s regulatory technology (RegTech) and managed services to provide its clients with a full-service, cost-effective offering for meeting their requirements under various KYC and CIP regulations in the US, Europe, and Cayman Islands. In addition, ACA’s clients can use the solution for conducting AML oversight of their clients, prospects, vendors, and portfolio companies.

Partner selection and cyber concerns

Before selecting an outsourced provider, PE firms need to carry out an exercise in introspection. Welch suggests: “The firms need to really understand what they want from that outsourcing exercise. Is it simply a cost saving exercise or are they looking to build efficiencies? Ultimately, the GP board needs to be reassured that this is going to be a consistent, well-delivered, long-term solution.”

Fundamentally, when choosing a partner, GPs need to understand the stability of the business they are going to be working with. “They should ask about things like staff turnover, absenteeism and resilience of the technology powering that business. When considering this last point, they need to tackle it almost as though they’re building key performance indicators for that solution. They need to ask about how often its reviewed, what the senior oversight framework is and what happens if something goes wrong,” notes Welch.

Cybersecurity is also now a critical requirement as attackers in the sphere are becoming more sophisticated. Welch homes in on what is called payment fraud: “This is when a cybercriminal organisation infiltrates a firm’s technology perimeter to watch its payment flows. The criminals then mimic that process to divert funds. The concern here is often by the time the victim notices the money has moved, its too late to recover it.”

ACA has a large cybersecurity division, which focuses cyber, privacy and risk. Its solutions include payment fraud, cybersecurity and technology risk programs, data privacy compliance services, vendor and M&A diligence services, portfolio company oversight, network testing, and advisory services for companies of all sizes. The firm works with clients to understand the links between the LPs, GPs and portfolio companies. By drilling down into the payment process, ACA can make sure the firm’s whole perimeter is secure.

Welch recognises a different approach across jurisdictions: “In the US, there is cyber legislation, which means firms are legally bound to take stock of their position in this regard. This is not the case in the UK however where most of the effort in the cybersecurity space has been through industry bodies and guidance; it’s been driven by fear of being attacked rather than a pure regulatory obligation to undertake a cybersecurity exercise.”

This means some areas of the market might only pay attention to this once it’s too late. In Welch’s view technology infrastructure in the PE space is still not secure enough from a cyber perspective.

Technology, sustainability, and growth

As awareness and regulation around sustainability grows, outsourced partners can also be of support to PE firms in the ESG space. “It will be interesting to see the applied use of technology and outsourcing in the ESG arena. These can provide analytics on measuring the ESG impact of firms and their investments, and how this relates to performance. Going forward I think we will see firms really utilising technology solutions to demonstrate the impacts a firm is having on an ESG dimension; though we’re not quite there yet,” Welch observes.

He adds that GPs need to consider how to approach the ESG element from a marketing perspective. They need to decide whether they put themselves forward as a returns-based business or more of an impact and ESG-based firm that happens to be commercially successful. The way they position themselves in this regard will most likely determine how they adhere to the ESG rules. 


Andrew Welch, Managing Director, ACA Group

Andrew Welch is a Managing Director at ACA Group, at leading governance, risk and compliance advisory firm. In this role, he advises alternative private market companies, fund managers and other investment firms on their ongoing FCA compliance obligations and complex regulatory projects.

Prior to ACA, Andrew was Director of Alternative Fund Services at SS&C GlobeOp. Before that, he was Associate Director and head of Financial Services Authority (“FSA”) authorisations at a leading London compliance consultancy.