The Future of Risk and Compliance in the Age of RiskMutation™


ACA Compliance Group

Publish Date



  • Compliance
  • RiskMutation

The global COVID-19 pandemic triggered a series of catastrophic events that disrupted business and abruptly changed the way we work. Like a virus itself, these crises have mutated in myriad and sometimes unexpected ways. The initial health crisis of the pandemic sparked additional, interrelated shifts and changes on a scale not seen since The Great Depression: global economic turmoil, geopolitical tensions, supply chain disruptions, widened socioeconomic inequities, social unrest, and increased cyber and regulatory threats, among others. 

ACA calls this phenomenon RiskMutation.

For financial services firms, RiskMutation is accelerating the modernization of risk and compliance management. To effectively manage RiskMutation, firms need agility, scalability, and resilience so they can quickly adapt to circumstances and successfully seize opportunities while mitigating continuously evolving risks.

ACA's white paper The Future of Compliance and Risk in the Age of RiskMutation explores: 

  • Financial industry trends
  • Five key forces shaping the future of risk and compliance 
  • Three strategies for managing RiskMutation
  • Case studies using scenarios from ACA clients
  • The future operating model roadmap of next steps for firms

Download White Paper

About the Authors

Carlo Di Florio

Carlo Di Florio is the Global Chief Services Officer of ACA Compliance Group. At ACA, Carlo is responsible for defining and executing the vision for ACA’s governance, risk, and compliance (GRC) service offerings. His responsibilities include oversight, management, and strategic growth of ACA’s global regulatory compliance, cybersecurity and risk, AML and financial crimes, and performance practices. 

Prior to joining ACA, Carlo worked for over 25 years in executive leadership roles at PricewaterhouseCoopers (PwC), where he was a Partner in the Financial Services Risk & Regulatory Practice; the Securities and Exchange Commission (SEC), where he was the Director of the Office of Compliance Inspections and Examinations (OCIE); and the Financial Industry Regulatory Authority (FINRA), where he was the Chief Risk & Strategy Officer. In these roles, Carlo led the design and implementation of large-scale regulatory compliance improvements, technology and data analytics transformations, and risk management program enhancements.

Carlo also serves as Co-President and Governor of the Risk Management Association (RMA) NY Chapter and as Adjunct Professor at Columbia University, Master of Science program in Enterprise Risk Management. Carlo has been named one of the 100 Most Influential Leaders in Corporate Governance by the Association of Corporate Directors; one of the Top Trailblazers & Pioneers in Governance, Risk & Compliance by The National Law Journal; and one of the Most Influential People in Finance by Worth Magazine.

Raj Bakhru

Raj Bakhru is a Partner and the Chief Innovation Officer at ACA Compliance Group. In this role, Raj oversees ACA strategy, M&A, and its regtech software product, ComplianceAlpha. Previously, he was the co-founder and Division Head of ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group.

Prior to ACA’s acquisition of the firm, Raj was Chief Executive Officer of Aponix Financial Technologists. Before that, he led firm-wide software development and was part of the founding team at Kepos Capital, now a $3 billion global macro quantitative asset manager. Prior to Kepos, Raj served as a Vice President at Highbridge Capital, where he led the team building the firm’s proprietary order and execution management system. In addition, he previously worked on research and cross-asset-class algorithmic trading algorithms and software systems at Goldman Sachs Asset Management’s quantitative hedge funds.

Raj earned his Bachelor of Science degree in Computer Engineering from Columbia University and has received his CFA charter and his CISSP designation. Over the course of his career, he has been quoted in the Wall Street Journal, Ignites, HFMWeek, MarketWatch, The Private Equity Law Report, and other industry-leading publications on information security in financial services.

Kimberly Daly

Kim is Partner at ACA Compliance Group and the head of ACA’s managed services team located in Pittsburgh, PA. Previously, Kimberly conducted mock inspections of investment advisers, including hedge fund and private equity fund managers. She has helped clients prepare for SEC examinations, developed customized policies and procedures, and trained employees on investment adviser compliance-related issues. In addition, she has published several articles dealing with investment adviser compliance and periodically speaks at industry conferences. Prior to joining ACA in 2005, Kimberly was a Staff Accountant with the SEC’s Office of Compliance Inspections and Examinations in Washington, DC. During her six years at the SEC, she led or participated in examinations of more than 200 investment advisers.

Kimberly earned her Bachelor of Science degree in Accounting from the University of Maryland. She is a Certified Regulatory Compliance Professional.

Mike Pappacena

Mike Pappacena is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. Prior to ACA, Mike served as a project manager for Jefferies LLC and worked on several compliance initiatives. In addition, he spent fifteen years at Goldman Sachs, where as a vice president in the Technology Division, he managed development teams supporting the firm’s Legal, Compliance and Audit, Sarbanes-Oxley, Operational Risk, and Technology Risk departments. He also managed Fundamental Equities and Alternative Investments in the GSAM division. Earlier in his career, Mike worked as an engineer at Long Island Lighting Company (now PSEG).

Mike earned his Bachelor of Electrical Engineering degree from the Pratt Institute and his Master of Business Administration degree (Finance concentration) from Adelphi University.