For CCOs, COOs, and Chief Technology Officers (CTOs) at buy-side firms, the challenge facing compliance functions is no longer simply keeping pace with regulation. It is determining how to scale effectively in an environment shaped by rising operational complexity, rapid technological change, heightened investor scrutiny, and ongoing resource constraints.
These themes were central to the discussion at ACA Group’s recent Compliance Officers Breakfast in London, where senior compliance professionals gathered to exchange practical insights on scaling compliance functions, leveraging AI responsibly, and meeting evolving regulatory expectations.
One clear takeaway emerged early in the discussion. Compliance functions operate in a fundamentally different environment from when they did just five years ago. Investment strategies, operating models, and technology stacks have become significantly more sophisticated, particularly as firms seek competitive advantage through automation, algorithmic trading, AI tools, and increasingly complex data infrastructures.
The result is that compliance risk is becoming broader, faster moving, and more interconnected. Firms are now expected to oversee cyber risk, operational resilience, third-party technology providers, communications surveillance, AI governance, and multi-jurisdictional regulatory obligations, all while managing constrained budgets and limited headcount growth.
For many firms, traditional approaches to scaling compliance are no longer sustainable.
Compliance Functions Are Being Forced to Rethink Scalability
A recurring theme throughout the session was the growing pressure on compliance teams to do more with less.
Historically, many compliance functions evolved reactively, with resources added in response to regulatory change, business growth, or operational incidents. However, participants acknowledged that this model is becoming increasingly difficult to maintain as the pace of change accelerates.
Rather than relying solely on headcount expansion, firms are reassessing how compliance activities are performed, which functions should remain core, and where technology, outsourcing, or co-sourcing can support scalability more effectively.
Importantly, attendees noted that the conversation is no longer purely about cost reduction. Instead, the focus has shifted towards resilience, efficiency, and enabling compliance professionals to spend more time on higher-value, judgement-led activities.
There was also considerable discussion around talent retention and engagement. As repetitive and administrative tasks increasingly become candidates for automation, firms are recognising the importance of creating more intellectually engaging roles for compliance professionals, particularly in a highly competitive hiring environment.
AI Adoption Is Moving from Experimentation to Operational Use
While AI remains an evolving area, the discussion demonstrated that many firms are already moving beyond experimentation and embedding AI tools into day-to-day compliance processes.
Participants shared examples of AI being used to support communications surveillance, policy reviews, monitoring workflows, trade analysis, reconciliation processes, exception identification, and large-scale data review exercises.
The consensus was that the value of AI currently lies less in outright cost savings and more in operational efficiency, scalability, speed, and enhanced analytical capability. In several cases, AI tools were seen as significantly improving firms’ ability to review large data sets and identify patterns or anomalies that would otherwise be difficult to detect through manual processes alone.
At the same time, there was broad agreement that AI adoption must remain grounded in practical reality. Firms acknowledged that many compliance decisions still require human oversight, contextual judgement, and regulatory interpretation that current AI models cannot fully replicate.
This balance between innovation and oversight is becoming increasingly important as firms seek to adopt AI responsibly while continuing to satisfy regulatory expectations.
Governance Expectations Are Continuing to Evolve
The discussion also highlighted a growing industry focus on governance, accountability, and oversight as firms adopt more complex operating models and technology solutions.
Participants stressed the importance of implementing robust governance frameworks around AI usage, including risk assessments, clear accountability structures, appropriate escalation processes, and a strong understanding of how AI-driven outputs are generated.
A key point raised throughout the session was that governance should be proportionate to the firm’s business model, operational complexity, and risk profile. Firms adopting AI or outsourced solutions cannot rely solely on vendor assurances or assume that responsibility has transferred externally.
This was particularly relevant in the context of third-party risk management, where attendees discussed the practical challenges associated with overseeing technology providers, managed service providers, and outsourced compliance support arrangements.
Operational resilience also featured prominently in the discussion, particularly as regulators continue to focus on firms’ ability to evidence effective oversight across increasingly interconnected operational ecosystems.
Global Operating Models Are Creating New Compliance Challenges
Managing compliance across multiple jurisdictions continues to present both operational and regulatory challenges for global firms.
Participants discussed the growing difficulty of navigating differing regulatory expectations across markets, particularly as approaches to AI, operational resilience, data governance, and market oversight continue to evolve at different speeds internationally.
While global operating models can create efficiencies and consistency, firms must also remain mindful of local regulatory divergence and the potential risks associated with over-centralisation.
As technology adoption accelerates, attendees noted that maintaining effective governance across global businesses will require increasingly sophisticated oversight frameworks, stronger cross-functional collaboration, and greater alignment between compliance, technology, operations, and senior leadership teams.
Practical Steps Firms Should Be Taking Now
Several practical themes emerged from the discussion that firms should be considering as part of their compliance strategy:
- Reassess whether current compliance operating models remain scalable and resilient in a more complex risk environment.
- Identify repetitive, manual processes that may benefit from automation or AI-enabled efficiencies.
- Ensure AI adoption is supported by documented governance, clear accountability, and risk-based oversight frameworks.
- Review third-party oversight arrangements to ensure firms can evidence effective supervision and operational resilience.
- Strengthen collaboration between compliance, technology, operations, and business leadership teams.
- Focus compliance resources on higher-risk and judgement-led activities rather than purely administrative processes.
- Consider whether existing global governance frameworks adequately address increasing regulatory divergence across jurisdictions.
Firms Are Seeking Specialist Support to Scale Compliance
As compliance functions continue to evolve, many firms are reassessing how operational support, specialist expertise, and technology solutions are delivered across the compliance lifecycle.
At ACA Group, we support firms through a combination of managed services, regulatory advisory, and regulatory technology solutions designed to help compliance teams improve scalability, strengthen oversight frameworks, reduce manual processes, and respond more effectively to growing regulatory complexity.
Key support areas include:
- Outsourced and co-sourced compliance managed services
- Regulatory technology, communications surveillance, and monitoring solutions
- Operational resilience, AI governance, and third-party risk advisory
- Research Compliance Solutions, including AI-enabled expert network oversight and monitoring support
- Regulatory advisory and compliance operating model support
To discuss how your firm can scale compliance more efficiently, implement AI responsibly, or strengthen oversight frameworks, contact us today.
FAQs
How are firms scaling compliance without increasing headcount?
Many firms are focusing on automation, AI-enabled workflows, outsourcing, and more efficient operating models to improve scalability without relying solely on additional hiring. The objective is typically to reduce manual processes and allow compliance teams to focus on higher-risk, judgement-led activities.
What are the biggest risks when using AI in compliance?
Key risks include insufficient governance, lack of transparency around AI-generated outputs, data security concerns, overreliance on automation, and inadequate oversight of third-party AI providers. Firms should ensure AI adoption is supported by clear accountability, documented risk assessments, appropriate controls, and a “human-in-the-loop” approach to oversee decision-making and challenge AI-generated outcomes where necessary.
What are regulators expecting from firms using AI tools?
Regulators continue to focus on governance, accountability, operational resilience, and effective oversight. Firms are expected to understand how AI tools are being used within their business, identify associated risks, and demonstrate appropriate supervision and decision-making processes.
Which compliance activities are firms automating most frequently?
Areas commonly being explored for automation include communications surveillance, monitoring workflows, policy reviews, reconciliation processes, trade surveillance, exception reporting, and large-scale data analysis.
How can firms evidence effective oversight of third parties?
Effective oversight typically includes documented governance frameworks, ongoing monitoring, clear accountability structures, risk assessments, service-level reviews, escalation processes, and evidence of regular engagement with third-party providers.