Risk Assessments and Regulatory Compliance Testing Services

Technology and cloud assessments, penetration testing and vulnerability assessments, and cyber exams

We offer a variety of risk assessment services to help companies identify gaps in their cybersecurity and regulatory posture and identify technology-related risks. We can also conduct penetration testing and identify network vulnerabilities.

Our solutions

Risk Assessments and Testing

We can conduct an assessment across 700+ topics to identify technology-related risks and provide recommendations for improvement.

Mock Regulatory Cyber Exams

We can help your firm prepare for an SEC, NFA, or FINRA cyber exam by reviewing your information security program from a regulator’s perspective.

Cyber threats are constantly evolving, so it’s important to stay on top of new threats and address them as quickly as possible. We provide regulatory and cyber alerts, paste site and domain registration monitoring, and staff phishing testing to help protect your company from cyber attacks

We can help identify network vulnerabilities that could be exploited by a hacker and lead to a breach through vulnerability scanning or penetration testing. 


We can help your firm better understand payment flow and fraud risk mitigation opportunities with payment flow review, risk analysis, and reporting.

Microsoft Office 365 Security and Cloud Assessments

Companies are increasingly moving to cloud-based services such as Microsoft® Office 365®. Many companies do not take full advantage of the available security settings, which can dramatically impact the security and regulatory posture of your environment. This is also true of other cloud environments. Our assessment can help determine whether your company’s cloud environment is configured to protect user identities, enable compliance oversight obligations, and identify data loss. Based on our findings, we can assist your company with developing a practical action plan to address key risks.

1 of

Latest insights

London from above

Achieving Differentiated Support for Private Equity Firms

August 04, 2021

Fundraising and compliance challenges are expected to increase for private equity firms in the second half of 2021 into 2022. We speak with Private Equity Wire about why support that blends practical and regulatory advice is becoming critical.

  • Compliance
  • ComplianceAlpha
  • ESG
  • Cybersecurity
  • Regulatory Technology
  • Mirabella
ACA Threat Intelligence Alert Blog Image

Firms Report Phishing Attempts That Impersonate Microsoft®

July 30, 2021

Multiple firms (including ACA) have reported recent receipt of phishing emails claiming to be from Microsoft. The emails are clearly spoofed. In this alert, we explain how to spot a phishing attempt.

Cyber Alert
  • Cybersecurity
  • Phishing

The Evolution of Ransomware: A Growing Threat to Financial Services Firms

July 23, 2021

Ransomware is an evolving and serious problem, particularly for financial services firms. In the first of a three-part blog series, we answer the question, “Why is ransomware a threat to my business?"

  • Cybersecurity
ACA Threat Intelligence Alert Blog Image

Critical Security Flaw Discovered in Fortinet Security Products Require Upgrade

July 22, 2021

Remote attackers can exploit a flaw in Fortinet to gain unauthorized access to devices, and then exfiltrate data or perform other criminal activities from within the breached network.

Cyber Alert
  • Cybersecurity
abstract blue shapes connected by dots of light

The Department of Homeland Security Requires Pipeline Operators to Set Cybersecurity Safeguards

July 21, 2021

The U.S. TSA and DHS have issued a directive to operators of fuel and gas pipelines that requires them to improve their cybersecurity defenses.

Cyber Alert
  • Cybersecurity
  • Portfolio Company Risk Management
Roads and roundabouts

Protecting Your Business as Offices Reopen: A Seven Step Cybersecurity Action Plan for Physical and Hybrid Work Environments

July 17, 2021

ACA Aponix’s cybersecurity experts have developed the following action plan to help your firm review, revise, and implement a strong cyber program that will help protect your firm against reputational and financial damage as well as meet regulatory obligations, no matter what type of work model you’re employing.

  • Cybersecurity
Solution Spotlight

Aponix Protect™ comprehensive cybersecurity and technology risk solution

Aponix Protect helps firms address evolving cyber risks and threats to ensure that their cybersecurity needs are covered year-round. This solution is available in three tiers, each one designed to provide firms with a flexible, robust, responsive, and cost-effective cybersecurity program.


96% of Firms Unprepared for the FCA’s New Prudential Regime

With less than six months to go until UK investment firms are subjected to a completely new prudential regime, a recent survey reveals that the industry is vastly underprepared. The data shows that just 4% of respondents are ready and capitalised for the FCA’s new Investment Firm Prudential Regime (IFPR) coming into effect in January 2022. Learn more about what this means for firms.

Waters Rankings 2021 Name ACA Group's ComplianceAlpha® Best Anti-Money Laundering Compliance Solution Provider

Our ComplianceAlpha® platform has been named Best Anti-Money Laundering Compliance Solution Provider in the Waters Rankings 2021.

ACA's Regulatory Reporting Monitoring & Assurance (ARRMA) service winner of the 2021 HFM European Technology Awards

Within a year of launching, ACA Group is delighted to announce that our ACA Regulatory Reporting Monitoring & Assurance (ARRMA) service has been selected as Best Regulatory Reporting Solution in the 2021 HFM European Technology Awards.

Upcoming events

Senior Management Obligations under the SM&CR - 11 August 2021

The ever-increasing focus by the Regulators on the accountability of senior management, particularly when things go wrong, emphasises how important it is for individuals in senior positions to have a clear understanding of what is expected of them. This succinct course is designed to assist Senior Managers to have a full understanding of what they need to do to achieve compliance with the rules under the obligations created by the Senior Managers and Certification Regime (SMCR).

Online Training

Compliance Induction - 17 August 2021

Senior management in Financial Services firms have a responsibility to ensure their employees have sufficient knowledge and understanding of the Regulatory environment they are working in. This knowledge helps in emphasising the need for compliance with policies and procedures in order to protect the firm and the individual from failing to “do the right thing”.

Online Training