This is part 3 of a five-part podcast series with Tom Fox and the FCPA Compliance Report, highlighting Jeremy Kroll on governance, risk, and compliance (GRC). The series will consider the current GRC landscape, examine at GRC at work, discuss GRC and the investment community, review GRC and K2 Intelligence FIN, and conclude with a look at GRC then and now.


The investment community should be one of the biggest users of GRC platforms and technologies. Private equity is built to grow businesses and GRC is a key component as a solutions system. One regulatory area that is particularly suited to GRC application is anti-money laundering (AML). After September 11, everything related to AML changed. There was a wellspring of professionals entering the field—seeking out this new path because they wanted to serve in government or they wanted to pivot in their careers and go from being an auditor, a lawyer, or an in-house risk manager to being a warrior fighting terrorism through tracking, tracing, and reducing the threat of illicit finance. The AML industry further picked up steam in response to the financial crisis in 2008 and to increased enforcement by regulatory and enforcement bodies both in the United States and Europe. 

As a natural extension of these developments, we have also seen an explosion of growth in enforcement of the Foreign Corrupt Practices Act (FCPA), trade sanctions, and “Know Your Customer” (KYC) regulations. One way that companies have chosen to respond to these developments is by developing a strong GRC program. With its rich overlayment of RegTech, FinTech, and CompliTech, it is clear why there is a strong investment community interest in GRC. 

Prior to the COVID-19 pandemic environment, private equity firms were already interested in GRC investments due to the positive demand drivers of the space: (1) stakeholders’ demand for high performance along with high levels of transparency; (2) an ever-changing regulatory and enforcement environment; (3) the challenge of managing the exponential growth of third-party relationships; (4) the high costs of addressing compliance risks and requirements; and (5) mission-critical yet inefficient risk management. As an example, in the financial sector, noncompliance with AML and KYC accounted for greater than 60% of total global penalties against financial institutions in 2019, totaling $8.35 billion in fines alone.

The investment community has addressed the challenges associated with these risks in a variety of different methods. One of the first ways is through venture investing in emerging technologies. Additionally, there are human capital solutions, so firms have turned to hiring teams to manage the operational aspects and execute on these matters.

Moving forward, in the COVID environment a new thesis may be emerging relating to the speed with which the pandemic shuttered an 11-year bull market and will potentially expose new fraud schemes. In prior downturns, fraudulent activity was exposed shortly after market and unemployment disruptions. Yet profit pressure at financial institutions has forced some to reduce staff or reassign personnel at a time when applications for government relief programs are flooding in, heightening banks’ compliance risks, and pronouncements from the Office of the Comptroller of the Currency highlight the need for continued vigilance. 

Investment firms are looking to invest in companies that can help mitigate these risks more than ever in a post-COVID-19 environment and, in tandem, there is increased innovation and growing number of solutions emerging for entities to choose from. 

To listen to the next episode in the series, please click here