Riverside Co. Compliance Chief Sees Cybersecurity as Emerging Challenge for Private-Equity Industry

Midmarket investor Riverside Co. hired

Jennifer Boyce

as its first chief compliance officer in 2012. She also serves as Riverside Co.’s general counsel and is based in the firm’s Cleveland office.

Riverside Co. managed around $14.4 billion in assets across private equity, structured capital and private credit as of Sept. 30. The firm focuses on investing in growing businesses valued at up to $400 million.

Ms. Boyce spoke about the evolving role of compliance chiefs at private-equity firms as well as the impact of the pandemic and of emerging concerns such as cybersecurity on her work. Here are edited excerpts.

WSJ: What issues on the compliance front keep you awake at night?

Ms. Boyce: That could change at any given time, but I think probably cybersecurity. We have a very well-developed IT department [that is] very up to speed on this and doing everything that we can, but the cyber thieves or bad actors are very sophisticated and they’re everywhere. So we do a lot of training, we do a lot of testing on cybersecurity.

What really worries me is a cyber breach on one of our providers that we had no way to control or have anything to do with and then, all of a sudden, we’re part of whatever’s been exposed. We have a very rigorous vendor-management policy where we diligence our providers. But again, with the sophistication of these bad actors, it’s probably the biggest concern.

WSJ: How do you think the role of compliance chief at private-equity firms has evolved over the past decade?

Ms. Boyce: For Riverside, it’s evolved as we’ve taken on and started new fund products. So, Riverside traditionally was just pure control private equity. We had funds in different jurisdictions, but they were just the sort of historic private-equity funds. We now have a credit fund product. We have funds that take minority interest, a sort of mezzanine, or preferred interest, and then a fund that’s focused on early-stage tech companies and another fund that’s focused on pre-VC software lending. So with new products come new issues as well, new focus areas.

Geographically…we have funds and investors in countries other than the U.S., especially in Europe. Similar to the U.S., there are regulators putting in place different processes and procedures over there that we need to follow. So Riverside is regulated in the U.K., Australia and Luxembourg. And all of those have their different regimes that we need to follow as well.

In the industry, generally…the focus on a lot of people’s minds is cybersecurity. [Environmental, social and governance] is also a hot spot in private equity that has gained a lot of attention in the last couple of years.

WSJ: What are the main issues that you face in minimizing risks across borders?

Ms. Boyce: The boots-on-the-ground [approach] is the best way to help minimize those risks. In the last almost two years, that’s been hard with the situation we’ve all been in. Nobody’s been really in person or been able to have meetings or even dinners or lunches where you kind of figure out, you know, talk to people and [see] what’s going on.

We also rely on outside consultants who have specialty expertise in the various jurisdictions. Much of it is very jurisdictionally based, even in the U.S., but in different states, there are different regulations we need to follow.

I think constant communication is very helpful…and making people aware of what their roles and responsibilities are, and what Riverside has to do as a firm in order to be in compliance with all the various regulations and laws throughout the world.

So we find that training and even just different roundtables done virtually are very helpful to remind people of the rules and regulations we need to abide by.

WSJ: In what ways has the coronavirus pandemic affected the scope and scale of your work as chief compliance officer?

Ms. Boyce: Riverside, very early on in the pandemic—I think even before the offices closed down but when it was imminent that they were going to—we established a virus-response team that consisted of people from all over the firm and all over the world. We would meet early on regularly, maybe twice a week and then, as time has gone on, we have met probably biweekly.

But it was a great forum—as everybody was trying to understand what the impact of this virus would be and how it would impact not only Riverside, but our global portfolio—to help develop policies and procedures as well as be a source of communication, a communication channel for people within Riverside as well as the portfolio companies and their executives who were struggling with the same issues.

So that, again, was something that nobody had ever expected we would have, so that increased the workload for everybody. And then, in the meantime, while responding to the virus and the pandemic, everybody was still doing their regular full-time jobs as well. So I think, like everybody else in America or in private equity, the workload certainly did increase.

WSJ: What do you see as your main priority with challenges on the compliance front for the coming year?

Ms. Boyce: I think it’s just continually trying to evolve with living in these times and the pandemic. Just when you think you might be a little bit out of the woods, along comes something else.

I think continuing to deal with that as well as we can, with the unknown and how that would affect compliance-related matters. And then in connection with that, just making sure that we’re in touch with people and communicating with people, so everybody continues to be aware of the compliance responsibilities that we have.

Write to David Smagalla at david.smagalla@wsj.com

Comments are closed.