Article by Carrie Whamond, Founding Partner at Alternit One
Since the onset of the pandemic in 2020, the pace of digital transformation has accelerated faster than many of us anticipated, impacting professional services markets heavily and showing no signs of slowing down. Despite its growth and speed of operation, the PE market was seen to be slow to embrace the trend. A report issued by KMPG entitled ‘The digital transformation imperative’, stated that ‘PE firms who do not take steps to integrate the latest digital tools and data and analytics technology, may as well be working with a built-in expiration date’. The delay in uptake has now all but disappeared and Private Equity is taking digitalisation seriously.
Understanding the benefits of digital transformation has been a critical turning point for the PE market and embracing this change will lead to success for individual firms. A key part to digital operations within private equity can often mean outsourcing cloud, data management, and cybersecurity processes to specialist vendors. The FCA state that there is an expectation for firms operating in the PE sector to have appropriate risk management systems and controls in place, impacting how firm (and client) data is hosted, handled and secured by outsourced vendors. The requirements regarding third party relationships in Senior Management Arrangements, Systems and Controls are set out in the FCA handbook. This should directly impact the vendor assessment process – understanding the availability, continuity and security of (your) data hosted with outsourced vendors is pivotal to meeting the requirements.
The FCA regulations suggest it is advantageous to work with vendor diverse suppliers, as it helps to effectively manage risk. Even in today’s digital climate, the risk to firms regarding outsourced suppliers does still include physical and environmental variables.
For example, if all line of business software vendors are utilising the same underlying AWS datacentres, that presents a risk of total service loss in an incident. It is also prudent not to rely on one firm to perform too many operational tasks because if the vendor faces financial difficulty, is subject to a cyber attack or technical malfunction as this could gravely impact the operations of the PE firm itself. Working with vendors who can offer solutions that are designed and built with vendor dependency and technology neutrality in mind can help PE firms fulfil their own regulatory obligations.
Firms are accountable to both regulators and investors to be able to evidence they have taken all reasonable steps to retain data in a secure, auditable and accessible form. The FCA’s requirement for an adequate level of security to protect outsourced data means that firms within the PE sector should consider seeking to outsource to multiple vendors to ensure they are not overly reliant on any one operator on a day-to-day basis. Working with a vendor diverse IT firm for cloud functions, cybersecurity and data management can help ensure operational resilience and is a prudent and active investment in their business continuity strategy, in the event it needs to be activated.
Alternit One (A1) designs, builds and runs vendor diverse IT solutions for regulated firms, including cloud infrastructure, cybersecurity and compliance, consultancy and technological support. Alternit One own none of the infrastructure or proprietary platforms, working with a wide range of service providers to outsource subjectively for each client depending on their own bespoke requirements. Meaning A1, and consequently clients, are not reliant on any one provider. We can therefore adapt to market turbulence with agility and speed, whilst protecting the business continuity of clients operating in the PE space.