Article - June 20, 2024
Compliance Technology: Complex Regulations, Increasing Risks Drive Adoption and Growth
Multiple compliance technology segments are experiencing strong M&A momentum, including governance, risk, and compliance (GRC); environmental health and safety (EHS); and supply chain risk management (SCRM). These software categories are vital for companies to track and ensure compliance with increasingly complicated regulations and keep pace with best business practices.
Below, our senior professionals discuss why investor interest is expanding across compliance technology and highlight recent Harris Williams clients that exemplify the sector’s value-creation potential.
The Criticality of Compliance Tech
Several trends are causing demand for compliance technology to increase. “Companies must monitor a continuously shifting global regulatory landscape with frequent geographic and jurisdictional changes,” says Thierry Monjauze, a group head and managing director in the Technology Group. “They need compliance and reporting systems that can help them operate in this dynamic environment.
Growth in demand for compliance technology is further driven by a fundamental shift among companies toward more strategic and comprehensive risk mitigation. This is particularly important as the spectrum of enterprise risk increases and extends beyond the traditionally defined categories of GRC, EHS, and SCRM. “Compliance solution buyers are expanding beyond the Chief Risk Officer or Chief Compliance Officer,” notes Erik Szyndlar, a managing director in the Technology Group. “It's a company-wide effort, up and down the organization, to strategically manage the risk profile of a company’s varied business units, functions, and projects.”
SCRM and third-party risk management (TPRM) are also escalating priorities for many organizations. These solutions help companies gain confidence that contract employees, material suppliers, and other vendors are adhering to regulatory requirements, which reduces their own compliance and reputational risk. Brian Titterington, a managing director in the Technology Group, notes that risk exposure extends beyond the four walls of an organization and into a company’s supply chain. “As supply chains and vendor management become more complex, it’s imperative that organizations manage third-party risk through software and data tools that ensure compliance and enhance the qualification of their partners. SCRM and TPRM tools provide the needed visibility to enable that,” he says.
Related to the risks inherent in third-party vendors, another increasingly important buyer of compliance technology is the Chief Information Security Officer (CISO). An enterprise’s IT environment is typically built with a multitude of software and hardware vendors. Depending on the software, it may need to be used and accessed by multiple entities—including employees, suppliers, and customers—with varying levels of privileges and compliance training. Managing the risks inherent in this complicated IT ecosystem falls to the responsibility of the CISO. “The CISO’s primary purchasing decision has traditionally focused on cybersecurity software and solutions. But due to an increasing velocity of data and IT infrastructure related breaches and resulting regulatory compliance mandates, the CISO is taking on a more influential voice in the purchasing of compliance solutions,” says Priyanka Naithani, a managing director in the Technology Group.
Finally, as organizations grow into new end markets and geographies, compliance complexities with local regulations expand exponentially. “Local regulations, language requirements, and ethical business practices must meet the needs of local operations to be effective,” explains Julien Oussadon, a managing director in the Technology Group. “Because of this, trusted sources of information, data, and compliance tools that scale with a company’s expanding operations are even more critical.”
M&A Activity Across GRC, EHS, and SCRM
Several recent Harris Williams clients spanning GRC, EHS, and SCRM exemplify the many sought-after businesses and M&A opportunities within compliance technology.
GRC: Enterprise-Wide Visibility to Risk
Camms is a global provider of cloud-based GRC SaaS solutions, enabling customers to link governance, risk, and compliance to organizational strategy and objectives. It has configurable solutions across many dimensions of enterprise risk, including risk management, compliance and audit management, workplace health and safety, policy management, third-party risk management, cyber and IT risk management, ESG, business continuity, business strategy, and project management.
GAN Integrity creates broad visibility for customers, especially in TPRM. The platform enables proactive, integrated, and real-time management and monitoring of third-party and employee risk, ethics, and compliance programs. GAN Integrity has emerged as a leader in TPRM software by providing a fully integrated solution that centralizes compliance processes, risks, and mitigation efforts in one place.
Aosphere provides online legal analysis across a range of key compliance topics, while its senior lawyers work with local counsels to aggregate and preserve regulatory information. Aosphere’s data-as-a-service platform analyzes these regulations, obligations, rules, and restrictions for targeted, complex, and heavily regulated compliance areas. It also offers a suite of legal and compliance data products on topics such as financial derivatives, cross-border marketing, shareholder disclosure statements, and data privacy.
EHS: Operational Risk Management
Comply365 is a leading global provider of compliance, safety, and data intelligence technologies serving the highly regulated aviation, defense, and rail industries—all of which depend on mobile and remote workforces. Comply365 supports these workforces with targeted and personalized delivery of job-critical data that enables safe, efficient, and compliant operations, including technical publications, safety, and regulatory content.
Health & Safety Institute (HSI) is a top environmental health, safety, and quality (EHSQ) compliance software and training platform. HSI’s proprietary content and integrated cloud-based technology allows the company to reduce the financial and reputation risk of its customers and improve business outcomes. HSI offers a comprehensive portfolio of solutions, including workplace safety and skills training, a full-suite EHSQ platform, HR compliance and leadership training, and CPR/AED training and certification.
WatchWire provides integrated sustainability and energy management SaaS solutions to help organizations reduce emissions and utility expenses, drive sustainability objectives, and simplify carbon reporting compliance. WatchWire's technology empowers all parts of the real estate ecosystem to address their joint sustainability goals and enhance operational success. The company was strategically acquired by Tango, deepening its ability to deliver best-in-class, next-generation software and technology tools to the real estate and facilities management market.
Lisam Systems is a worldwide provider of EHS compliance management software solutions and services. The company is recognized for its wide range of innovative, mission-critical solutions across a variety of industries. Lisam’s customers rely on its software and services to manage the authoring and distribution of their safety documents and procedures, from safety data sheets to critical EHS workflows.
SCRM: Reaching Extensions of the Enterprise
Nalanda, a best-in-class supply chain risk and compliance management software platform, enables organizations of any size to embed trust, safety, and compliance at every stage of the supply chain. With a multi-decade history of market leadership, the company fosters a community of compliance and innovation across the construction industry and beyond.
A Resilient Future
Rising regulatory complexity, connectivity, and globalization are making monitoring risk and maintaining compliance more difficult and resource intensive. These factors are driving ongoing demand for compliance technology that can help companies protect themselves from risks across their ecosystems.
“Companies need compliance tools to manage and mitigate their risks,” says Szyndlar. “As risk management continues to grow as a strategic priority, these technologies will only become more important.”
And while there are many point solutions in the market that address specific risks, there is an increasing desire for tools that offer visibility to risk across different facets of an enterprise. “Industry support for all-in-one solutions lends itself to platform-building opportunities for the software companies in this space,” says Titterington.
To discuss M&A opportunities across compliance technology segments—including GRC, EHS, and SCRM—please contact our senior professionals.
Select Activity
Contacts
Thierry Monjauze
Managing Director
Technology
Priyanka Naithani
Managing Director
Technology
Luke Semple
Managing Director
Energy, Power & Infrastructure
Chris Smith
Managing Director
Aerospace, Defense & Government Services
Erik Szyndlar
Managing Director
Technology
Brian Titterington
Managing Director
Technology
Mathew Tsui
Director
Technology
