For chief compliance officers, chief operating officers and CTOs at buy-side firms, the question confronting compliance functions has moved beyond simply keeping up with regulation.
According to ACA Group, the real test is how to scale in a landscape defined by mounting operational complexity, fast-moving technology, sharper investor scrutiny and persistent resource constraints.
ACA Group recently delved deeper into successfully scaling compliance in a changing risk environment.
These pressures dominated the conversation at ACA Group’s recent Compliance Officers Breakfast in London, where senior compliance professionals traded practical insights on scaling their functions, deploying AI responsibly and meeting shifting regulatory expectations.
One conclusion surfaced early: compliance teams are operating in a fundamentally different world from five years ago. Investment strategies, operating models and technology stacks have grown markedly more sophisticated as firms chase competitive edge through automation, algorithmic trading, AI tools and increasingly intricate data infrastructures.
Compliance risk, as a consequence, is broader, faster-moving and more interconnected. Firms must now oversee cyber risk, operational resilience, third-party technology providers, communications surveillance, AI governance and multi-jurisdictional obligations, all against flat budgets and minimal headcount growth.
Rethinking what scalability means
A recurring theme was the intensifying pressure to do more with less. Historically, compliance functions grew reactively, adding people in response to regulatory change, business expansion or operational incidents. Attendees agreed that model is buckling as the pace of change accelerates. Instead of defaulting to headcount, firms are re-examining how compliance work is performed, which activities must stay in-house, and where technology, outsourcing or co-sourcing can deliver scale more effectively.
Crucially, the debate is no longer just about cost. The emphasis has shifted towards resilience, efficiency and freeing compliance professionals for higher-value, judgement-led work. Talent retention featured heavily too: as administrative tasks become candidates for automation, firms see an opportunity to create more intellectually engaging roles in a fiercely competitive hiring market.
AI shifts from experiment to operations
While AI remains an evolving field, the discussion made clear that many firms have moved past experimentation and are embedding AI into daily compliance processes, including communications surveillance, policy reviews, monitoring workflows, trade analysis, reconciliations, exception identification and large-scale data reviews.
The consensus was that AI’s value currently lies less in outright cost savings and more in efficiency, scalability, speed and enhanced analytical capability, particularly when reviewing vast data sets and surfacing anomalies that manual processes would miss.
Equally, there was broad agreement that adoption must stay grounded: many compliance decisions still demand human oversight, contextual judgement and regulatory interpretation that current AI models cannot replicate.
Governance expectations keep evolving
Attendees stressed the need for robust governance frameworks around AI usage, including risk assessments, clear accountability structures, escalation processes and a firm grasp of how AI-driven outputs are produced.
Governance should be proportionate to a firm’s business model and risk profile, and firms adopting AI or outsourced solutions cannot lean on vendor assurances or assume responsibility has transferred externally. Third-party oversight and operational resilience were flagged as areas of sustained regulatory focus.
Global models bring fresh friction
Managing compliance across jurisdictions remains a challenge, with regulatory approaches to AI, resilience, data governance and market oversight evolving at different speeds internationally.
Global operating models can drive efficiency, but firms must guard against over-centralisation and local divergence. Effective global governance will demand sharper oversight frameworks and closer alignment between compliance, technology, operations and senior leadership.
Practical steps for firms now
Firms should reassess whether current operating models remain scalable; identify manual processes ripe for automation; underpin AI adoption with documented governance and risk-based oversight; review third-party supervision arrangements; strengthen cross-functional collaboration; concentrate compliance resources on higher-risk, judgement-led activities; and test whether global governance frameworks address growing regulatory divergence.
As compliance functions evolve, many firms are turning to specialist support. ACA Group supports firms through managed services, regulatory advisory and RegTech solutions designed to improve scalability, strengthen oversight, cut manual processes and respond to rising regulatory complexity.
Read the full ACA Group post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst





