Compliance leaders at buy-side firms are confronting a stark reality: the old playbook for scaling their functions no longer works.
According to ACA Group, for CCOs, COOs and CTOs, the question is no longer whether they can keep up with regulation, but whether their operating models can survive an environment defined by mounting operational complexity, accelerating technological change, intensifying investor scrutiny and persistent resource constraints.
ACA Group recently delved deeper into successfully scaling compliance in a changing risk environment.
These pressures dominated the conversation at ACA Group’s recent Compliance Officers Breakfast in London, where senior compliance professionals gathered to share practical insights on scaling compliance, deploying AI responsibly and meeting shifting regulatory expectations.
One conclusion surfaced quickly: compliance today bears little resemblance to the discipline of five years ago. Investment strategies, operating models and technology stacks have grown markedly more sophisticated as firms chase competitive advantage through automation, algorithmic trading, AI tools and increasingly intricate data infrastructures. Risk, as a result, has become broader, faster moving and more interconnected. Firms must now oversee cyber threats, operational resilience, third-party technology providers, communications surveillance, AI governance and multi-jurisdictional obligations, all against flat budgets and limited headcount growth.
Rethinking what scalable compliance looks like
A recurring theme was the pressure to do more with less. Historically, compliance teams grew reactively, adding staff in response to new rules, business expansion or operational incidents. Attendees agreed that model is buckling under the pace of change. Instead of defaulting to headcount, firms are reassessing which activities must remain core, and where technology, outsourcing or co-sourcing can deliver scalability more effectively.
Crucially, the debate has moved beyond cost cutting. The emphasis is now on resilience, efficiency and freeing compliance professionals for higher-value, judgement-led work. Talent retention featured strongly too: as repetitive administrative tasks become prime candidates for automation, firms see an opportunity to build more intellectually engaging roles in a fiercely competitive hiring market.
AI shifts from experimentation to operations
While AI remains an evolving field, many firms are already embedding it in daily compliance processes. Participants cited AI supporting communications surveillance, policy reviews, monitoring workflows, trade analysis, reconciliations, exception identification and large-scale data reviews.
The consensus was that AI’s value currently lies less in outright cost savings and more in efficiency, scalability, speed and analytical depth, with tools proving particularly effective at surfacing patterns and anomalies across vast data sets that manual review would miss. Equally, attendees agreed adoption must stay grounded: many compliance decisions still demand human oversight, contextual judgement and regulatory interpretation that today’s models cannot replicate.
Governance and global complexity
Attendees stressed the need for robust governance frameworks around AI, spanning risk assessments, clear accountability, escalation processes and a genuine understanding of how AI outputs are generated. Governance should be proportionate to a firm’s business model and risk profile, and firms cannot lean on vendor assurances or assume responsibility has transferred externally — a point especially relevant to third-party risk management and outsourced arrangements.
Multi-jurisdictional operations add further strain, with regulatory approaches to AI, resilience and data governance diverging internationally. While global operating models bring efficiency, over-centralisation carries its own risks, demanding stronger cross-functional collaboration between compliance, technology, operations and senior leadership.
Practical steps for firms
Firms should reassess whether current operating models remain scalable, identify manual processes ripe for automation, underpin AI adoption with documented governance, review third-party oversight arrangements, deepen collaboration across functions, focus resources on judgement-led activities, and test whether global governance frameworks address rising regulatory divergence.
ACA Group supports firms through managed services, regulatory advisory and RegTech solutions designed to improve scalability, strengthen oversight and reduce manual processes.
Read the full ACA Group post here.
Copyright © 2026 FinTech Global









