RiskMutation™ Strategic Roadmap: Outsourcing


ACA Compliance Group

Publish Date



  • Compliance
  • RiskMutation

For financial services firms, RiskMutation is accelerating the modernization of risk and compliance management. To effectively manage RiskMutation, firms need agility, scalability, and resilience so they can quickly adapt to circumstances and successfully seize opportunities while mitigating continuously evolving risks.

To successfully navigate the future of risk and compliance in the age of RiskMutation, ACA recommends that risk and compliance leaders adopt the following three strategies:

  • RegTech: Leverage regulatory technology (RegTech) to transform risk and compliance functions while delivering cost savings
  • Outsourcing: Achieve better results, increased agility, and scale for less
  • Operational Resilience: Build operational resilience to manage cyber threats, business disruption, and third-party risk across the enterprise and beyond

The business case for outsourcing

For risk and compliance leaders working under the mandate to do more with less amidst staffing shortages and budget restraints, offloading time-intensive day-to-day tasks to a trusted third-party vendor can help increase efficiencies and reduce costs.

Third-party vendors should be a trusted and credible partner with a proven track record, particularly when outsourcing risk and compliance activities. Regulators have made third-party risk a focus area due to its critical importance to investor protection and market integrity. If not properly vetted, selected, and overseen, third-party vendors can introduce RiskMutation.

Outsourcing risk and compliance processes and activities can increase effectiveness, ensure a high-quality work product, reduce turnaround times, and lower costs. Risk and compliance officers can also leverage outsourcing to fundamentally change their programs in ways that will better position their firm to address today’s unique challenges and navigate the future successfully.

We asked attendees of ACA's recent Fall 2020 Compliance Conference whether their firm plans to outsource one or more compliance, operational, or cybersecurity-related tasks during the next two years*. Here's what they said:

Outsourcing Polling Question

(*Respondents were allowed to select multiple options.) 

Outsourcing to do more with less in the age of RiskMutation

Our recent white paper, The Future of Risk and Compliance in the Age of RiskMutation, discusses risk and compliance outsourcing in detail and provides concrete action steps and guidance for investment management firms. It discusses:

  • The benefits of outsourcing risk and compliance processes and activities
  • The business case for outsourcing
  • A case study illustrating the ROI for investing in outsourcing using a real ACA client scenario
  • The strategic roadmap for outsourcing

Download White Paper

Watch the fall conference session on demand

Watch the on-demand recording of the session The Future of Risk and Compliance in the Age of Risk Mutation from ACA's Fall 2020 Virtual Conference here.

About the Author

Kimberly Daly

Kim Daly is Partner at ACA Group and the head of ACA’s managed services team located in Pittsburgh, PA. Previously, Kimberly conducted mock inspections of investment advisers, including hedge fund and private equity fund managers. She has helped clients prepare for SEC examinations, developed customized policies and procedures, and trained employees on investment adviser compliance-related issues. In addition, she has published several articles dealing with investment adviser compliance and periodically speaks at industry conferences. Prior to joining ACA in 2005, Kimberly was a Staff Accountant with the SEC’s Office of Compliance Inspections and Examinations in Washington, DC. During her six years at the SEC, she led or participated in examinations of more than 200 investment advisers.

Kimberly earned her Bachelor of Science degree in Accounting from the University of Maryland. She is a Certified Regulatory Compliance Professional.