Published on January 11th, 2022 📆 | 4190 Views ⚑
0Riverside Co. Compliance Chief Sees Cybersecurity as Emerging Challenge for Private-Equity Industry
Private-equity firms face a potential surge in their compliance workload as they look to improve cybersecurity and sustainability oversight among their portfolio companies while contending with a potentially more robust regulatory regime under the Biden administration.
Under the 2010 Dodd-Frank Act, private-equity firms in many cases had to register as investment advisers. For those firms that had previously left compliance to outside counsel, the change led to some bringing this work in-house.
Midmarket investor Riverside Co. hired
Jennifer Boyce
as its first chief compliance officer in 2012. She also serves as Riverside Co.âs general counsel and is based in the firmâs Cleveland office.
Riverside Co. managed around $14.4 billion in assets across private equity, structured capital and private credit as of Sept. 30. The firm focuses on investing in growing businesses valued at up to $400 million.
Ms. Boyce spoke about the evolving role of compliance chiefs at private-equity firms as well as the impact of the pandemic and of emerging concerns such as cybersecurity on her work. Here are edited excerpts.
WSJ: What issues on the compliance front keep you awake at night?
Ms. Boyce: That could change at any given time, but I think probably cybersecurity. We have a very well-developed IT department [that is] very up to speed on this and doing everything that we can, but the cyber thieves or bad actors are very sophisticated and theyâre everywhere. So we do a lot of training, we do a lot of testing on cybersecurity.
What really worries me is a cyber breach on one of our providers that we had no way to control or have anything to do with and then, all of a sudden, weâre part of whateverâs been exposed. We have a very rigorous vendor-management policy where we diligence our providers. But again, with the sophistication of these bad actors, itâs probably the biggest concern.
WSJ: How do you think the role of compliance chief at private-equity firms has evolved over the past decade?
Ms. Boyce: For Riverside, itâs evolved as weâve taken on and started new fund products. So, Riverside traditionally was just pure control private equity. We had funds in different jurisdictions, but they were just the sort of historic private-equity funds. We now have a credit fund product. We have funds that take minority interest, a sort of mezzanine, or preferred interest, and then a fund thatâs focused on early-stage tech companies and another fund thatâs focused on pre-VC software lending. So with new products come new issues as well, new focus areas.
GeographicallyâŚwe have funds and investors in countries other than the U.S., especially in Europe. Similar to the U.S., there are regulators putting in place different processes and procedures over there that we need to follow. So Riverside is regulated in the U.K., Australia and Luxembourg. And all of those have their different regimes that we need to follow as well.
In the industry, generallyâŚthe focus on a lot of peopleâs minds is cybersecurity. [Environmental, social and governance] is also a hot spot in private equity that has gained a lot of attention in the last couple of years.
WSJ: What are the main issues that you face in minimizing risks across borders?
Ms. Boyce: The boots-on-the-ground [approach] is the best way to help minimize those risks. In the last almost two years, thatâs been hard with the situation weâve all been in. Nobodyâs been really in person or been able to have meetings or even dinners or lunches where you kind of figure out, you know, talk to people and [see] whatâs going on.
We also rely on outside consultants who have specialty expertise in the various jurisdictions. Much of it is very jurisdictionally based, even in the U.S., but in different states, there are different regulations we need to follow.
I think constant communication is very helpfulâŚand making people aware of what their roles and responsibilities are, and what Riverside has to do as a firm in order to be in compliance with all the various regulations and laws throughout the world.
So we find that training and even just different roundtables done virtually are very helpful to remind people of the rules and regulations we need to abide by.
WSJ: In what ways has the coronavirus pandemic affected the scope and scale of your work as chief compliance officer?
Ms. Boyce: Riverside, very early on in the pandemicâI think even before the offices closed down but when it was imminent that they were going toâwe established a virus-response team that consisted of people from all over the firm and all over the world. We would meet early on regularly, maybe twice a week and then, as time has gone on, we have met probably biweekly.
But it was a great forumâas everybody was trying to understand what the impact of this virus would be and how it would impact not only Riverside, but our global portfolioâto help develop policies and procedures as well as be a source of communication, a communication channel for people within Riverside as well as the portfolio companies and their executives who were struggling with the same issues.
So that, again, was something that nobody had ever expected we would have, so that increased the workload for everybody. And then, in the meantime, while responding to the virus and the pandemic, everybody was still doing their regular full-time jobs as well. So I think, like everybody else in America or in private equity, the workload certainly did increase.
WSJ: What do you see as your main priority with challenges on the compliance front for the coming year?
Ms. Boyce: I think itâs just continually trying to evolve with living in these times and the pandemic. Just when you think you might be a little bit out of the woods, along comes something else.
I think continuing to deal with that as well as we can, with the unknown and how that would affect compliance-related matters. And then in connection with that, just making sure that weâre in touch with people and communicating with people, so everybody continues to be aware of the compliance responsibilities that we have.
Write to David Smagalla at david.smagalla@wsj.com
Copyright Š2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Gloss