Hot Properties: Risk and Compliance Software

Integrated-risk vendor Lockpath, Osprey Compliance Software and RegTek.Solutions are the targets in a flurry of acquisition deals

Friday, August 16, 2019

By Jeffrey Kutler


In the first half of August, Steele Compliance Solutions, NAVEX Global and Bloomberg announced acquisitions of companies active in risk- and compliance-related technologies. Their targets were, respectively: Osprey Compliance Software, Lockpath and RegTek.Solutions.

As private, niche transactions, they would fall below the radar for tracking major M&A deals. But they signify - and continue a pattern of - fintech and regtech momentum that has been building for several years, paralleling regulatory and compliance requirements that have been growing in terms of global scale and complexity.

Among the higher-profile strategies to take shape in this field has been that of IBM, which through a combination of artificial intelligence innovations and subject matter expertise - notably the 2016 acquisition of Promontory Financial Group - has assembled a portfolio that is said to “transform how clients manage risk across the areas of governance, risk, and compliance [GRC]; financial crimes; and financial risk.” (See IBM Connects Its AI Dots)

In March this year, SAI Global, a leader in the integrated risk management technology category, purchased BWise, a GRC specialist that Nasdaq had owned since 2012. Upon completing the deal, SAI Global declared itself “better positioned to support customers navigating today's risk landscape with an integrated approach across financial, regulatory, digital and operational risk.” It noted that “organizations are now forming integrated risk management task forces convening the chief risk officer, corporate compliance officer, general counsel, head of internal audit, head of internal control, chief financial officer, chief information security officer, and data privacy officer around one table.”

Opus Global, which now has a leading position in Know Your Customer and anti-money-laundering compliance, went the acquisition route starting with third-party management platform Hiperos in 2014, followed by Alacra in 2015. Hiperos was sold to business-spend-management systems company Coupa Software in December 2018.

GRC-focused companies ACA Compliance Group and Cordium were combined in September 2018, as were Smarsh and Actiance, in communications compliance and archiving, later that same month.

Extending Platforms

Bolstering integrated, enterprise risk management capabilities for multi-industry client bases is a theme common to the Steele-Osprey and NAVEX-Lockpath transactions. Bloomberg said it is integrating RegTek.Solutions with its Regulatory Reporting Hub (RHUB), enterprise data management and trading systems, thereby “combining Bloomberg data enrichment and reporting capabilities with RegTek.Solutions' quality and control tools across a broad range of global reporting jurisdictions.”

For San Francisco-based Steele Compliance Solutions, Osprey is the third acquisition within two years that together enable for clients “a true view of their entire company-wide compliance program,” said CEO Eric Lochner.

The first in the series, in October 2017, was Compliance Wave, a provider of compliance training and learning capabilities. That was followed, in June 2018, with Transparint, which developed compliance and risk-mitigation tools based on machine-learning and natural-language-processing filtering and analytics.

Osprey “brings conflicts of interest, gifts and entertainment, incident management and (to be launched soon) policy management to Steele's already robust platform,” the company said, along with an “impressive list of Fortune 500 companies [that join] Steele's growing client community of over 700 enterprise clients.”

“Over 20 years, we pioneered compliance solutions with our innovations in due diligence and an automated risk-based platform to better comply with DOJ [Department of Justice] standards,” CEO Lochner said this month. “And now, with the acquisitions of Osprey, Compliance Wave and Transparint, we are the first to offer a truly integrated risk management platform, all under the Steele umbrella and without reseller or partnering relationships.”

“More Holistic Approach”

NAVEX Global of Portland, Oregon, with a range of software and services including policy management, ethics and compliance, and third-party risk, bought Lockpath “in direct response to our customers' desire for a more holistic approach to GRC program development that includes both compliance and integrated risk management,” NAVEX president and CEO Bob Conlin said on August 6.

“Customers want to work with a single, trusted provider who can reliably deliver and support governance, risk and compliance on a global, enterprise-wide scale,” Conlin added. “The addition of Lockpath's industry-leading risk management solutions to our existing solution portfolio positions NAVEX Global as the leader in this fast-growing market.”

Founded in 2010 and serving customers ranging from small and mid-size up to the Fortune 10, Lockpath is recognized as a Gartner Integrated Risk Management Solutions Magic Quadrant leader. In April, the company announced version 5.2 of its Keylight GRC and compliance platform, with interface and workflow upgrades. Two months later it announced Blacklight 2.0, bringing “new file integrity monitoring capabilities to Lockpath's continuous security monitoring platform.”

“Lockpath was built on solving the complex problem of managing risk across the enterprise, doing so with a purpose-built software solution that is flexible, scalable and quick to implement,” said co-founder and CEO Chris Caldwell. “We share NAVEX Global's business philosophy that puts customer success first while delivering best-in-class solutions, support and services.”

Fully Electronic Workflow

RegTek.Solutions was formed in 2017 as a spin-out from Risk Focus, a global capital markets technology and advisory firm with headquarters in New York and Brian Lynch, a UBS veteran and Risk Focus partner, as CEO. The regulatory reporting venture obtained Series A funding from Deutsche BÖrse and Illuminate Financial Management.

“Clients will have access to a fully electronic reporting workflow including transaction reporting eligibility, data validation, enrichment and reconciliation, to help them maximize accuracy and completeness in their reporting obligations” across multiple jurisdictions globally, Bloomberg said in announcing the RegTek.Solutions acquisition on August 13.

The combination “allows us to substantially expand our regulatory reporting coverage and offer quality and control tools to help our clients effectively meet the wide range of global reporting requirements,” said Alejandro Perez, Bloomberg's global head of post-trade solutions.

Brian Lynch said, “RegTek has built an award-winning product and impressive, tier-1 client base. Combining our solutions with the strength and scale of Bloomberg's RHUB services, as well as access to their market data, enterprise data management, analytics and enrichment capabilities will allow us to offer the cross-jurisdictional, cross-asset solutions that our clients demand. We can now continue to deliver sustainable compliance at a scale that will have a fundamental market impact.”


BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals