RiskMutation™ Drives Firms to Seek Enhanced Solutions for Managing Rapidly Evolving Risk and Compliance Challenges


Carlo di Florio, Raj Bakhru, Kimberly Daly, Mike Pappacena

Publish Date




  • Compliance
  • RiskMutation

A survey of nearly 800 firms conducted at ACA’s Fall 2020 Virtual Conference revealed that increased risk and compliance pressures are set to be a continuing trend, with one in three firms planning to outsource one or more compliance, operational, or cybersecurity-related tasks in the next two years. 65% of the firms polled also believe that their cybersecurity and privacy functions will require the biggest increase in compliance and risk management services in 2021.

The COVID-19 pandemic has forced financial services firms to abruptly change the way they work now – and in the future. As the global pandemic mutated into an economic crisis, it caused massive unemployment and social unrest. Fires and floods added environmental crises to the mix. These risks interacted and mutated to present firms with both new challenges and opportunities: business disruptions, remote work, cyber threats, and increased compliance risk are causing risk and compliance leaders to seize the chance to invest in new opportunities and to modernize their systems and infrastructure to be more efficient and resilient in the long term.

This is a phenomenon that ACA has termed RiskMutation.

Time to Rethink Risk and Compliance for the Long Term

RiskMutation is rapidly accelerating the need for financial services firms to modernize and rethink their risk and compliance operating models through the adoption of enhanced solutions and trusted third parties. At the same time, risk and compliance leaders are being asked to do more with less and reduce costs while continuing to meet their regulatory obligations and enhance their operational resilience.

Key to success is how well risk and compliance leaders leverage technology, outsourcing, and operational resilience strategies to do more with less and successfully navigate RiskMutation. These capabilities help firms build adaptability, scale, and resilience into their processes and culture to quickly respond to rapidly evolving circumstances.

Looking at our own business, we have seen a 25% rise in demand for our outsourced managed services when compared with pre-pandemic levels. Our cybersecurity and RegTech solutions are also seeing increase demand.

Three Strategies for Managing Risk Mutation

Risk and compliance leaders should embrace three strategies to deliver significant cost savings, resilience, and value to their business while being prepared to absorb and adapt to RiskMutation as it happens and seize opportunities as they arise. These strategies include:

  • RegTech to transform risk and compliance functions while delivering cost savings of up to 60%
  • Outsourcing to achieve better results, increased agility, and scale, while reducing costs up to 50%
  • Operational resilience to manage cyber threats, business disruption, and third-party risk across the enterprise and beyond

For More Information

Visit www.riskmutation.com to download the white paper and find out how and why RiskMutation is reshaping the future of risk and compliance management. This report sets forth strategies for navigating RiskMutation, along with supporting business cases and roadmaps to assist firms in their journey.

Watch an on-demand recording of the conference session: The Future of Risk and Compliance and in the Age of RiskMutation.

About the Authors

Carlo Di Florio

Carlo Di Florio is the Global Chief Services Officer of ACA Compliance Group. At ACA, Carlo is responsible for defining and executing the vision for ACA’s governance, risk, and compliance (GRC) service offerings. His responsibilities include oversight, management, and strategic growth of ACA’s global regulatory compliance, cybersecurity and risk, AML and financial crimes, and performance practices. 

Prior to joining ACA, Carlo worked for over 25 years in executive leadership roles at PricewaterhouseCoopers (PwC), where he was a Partner in the Financial Services Risk & Regulatory Practice; the Securities and Exchange Commission (SEC), where he was the Director of the Office of Compliance Inspections and Examinations (OCIE); and the Financial Industry Regulatory Authority (FINRA), where he was the Chief Risk & Strategy Officer. In these roles, Carlo led the design and implementation of large-scale regulatory compliance improvements, technology and data analytics transformations, and risk management program enhancements.

Carlo also serves as Co-President and Governor of the Risk Management Association (RMA) NY Chapter and as Adjunct Professor at Columbia University, Master of Science program in Enterprise Risk Management. Carlo has been named one of the 100 Most Influential Leaders in Corporate Governance by the Association of Corporate Directors; one of the Top Trailblazers & Pioneers in Governance, Risk & Compliance by The National Law Journal; and one of the Most Influential People in Finance by Worth Magazine.

Raj Bakhru

Raj Bakhru is a Partner and the Chief Innovation Officer at ACA Compliance Group. In this role, Raj oversees ACA strategy, M&A, and its regtech software product, ComplianceAlpha. Previously, he was the co-founder and Division Head of ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group.

Prior to ACA’s acquisition of the firm, Raj was Chief Executive Officer of Aponix Financial Technologists. Before that, he led firm-wide software development and was part of the founding team at Kepos Capital, now a $3 billion global macro quantitative asset manager. Prior to Kepos, Raj served as a Vice President at Highbridge Capital, where he led the team building the firm’s proprietary order and execution management system. In addition, he previously worked on research and cross-asset-class algorithmic trading algorithms and software systems at Goldman Sachs Asset Management’s quantitative hedge funds.

Raj earned his Bachelor of Science degree in Computer Engineering from Columbia University and has received his CFA charter and his CISSP designation. Over the course of his career, he has been quoted in the Wall Street Journal, Ignites, HFMWeek, MarketWatch, The Private Equity Law Report, and other industry-leading publications on information security in financial services.

Kimberly Daly

Kim is Partner at ACA Compliance Group and the head of ACA’s managed services team located in Pittsburgh, PA. Previously, Kimberly conducted mock inspections of investment advisers, including hedge fund and private equity fund managers. She has helped clients prepare for SEC examinations, developed customized policies and procedures, and trained employees on investment adviser compliance-related issues. In addition, she has published several articles dealing with investment adviser compliance and periodically speaks at industry conferences. Prior to joining ACA in 2005, Kimberly was a Staff Accountant with the SEC’s Office of Compliance Inspections and Examinations in Washington, DC. During her six years at the SEC, she led or participated in examinations of more than 200 investment advisers.

Kimberly earned her Bachelor of Science degree in Accounting from the University of Maryland. She is a Certified Regulatory Compliance Professional.

Mike Pappacena

Mike Pappacena is a Partner at ACA Aponix, the cybersecurity and IT risk division of ACA Compliance Group. Prior to ACA, Mike served as a project manager for Jefferies LLC and worked on several compliance initiatives. In addition, he spent fifteen years at Goldman Sachs, where as a vice president in the Technology Division, he managed development teams supporting the firm’s Legal, Compliance and Audit, Sarbanes-Oxley, Operational Risk, and Technology Risk departments. He also managed Fundamental Equities and Alternative Investments in the GSAM division. Earlier in his career, Mike worked as an engineer at Long Island Lighting Company (now PSEG).

Mike earned his Bachelor of Electrical Engineering degree from the Pratt Institute and his Master of Business Administration degree (Finance concentration) from Adelphi University.