5 things PE managers should consider when it comes to tech

Technology should constantly be on a PE firm's radar, but it's not always easy deciding what's the best fit. RFA chief information officer Michael Asher lays out important considerations, and how managers can improve security and due diligence frameworks.

Private equity managers, a continuously growing segment of interest for allocators, depend on their ability to keep up with evolving demands – not only as it relates to the efficiency of their (and their portfolio companies’) operations. Technology is often a key aspect of portfolio company strategy, but, surprisingly, the GP is often behind the curve comparatively in its use of technology. Below are five technology-focused considerations that are paramount for managers who want to maximize operational efficiency, as well as improve security and due diligence frameworks.

Your security

In 2018, we experienced a tsunami of cyber breaches including Facebook, Marriott, Under Armour and British Airways, to name a few. Moreover, breaches are increasingly more expensive than they were a few years ago. Not counting litigation and insurance costs, breaches demand substantial monetary investment to identify, fix and assure against future attacks.

Ironically, the technology used within the affected companies is what contributed to many of these breaches. There is a market lag in what is being appropriated for monitoring, detection and protection versus the methods used by attackers to infiltrate a system. Unfortunately, cyber criminals are significantly more agile in adapting state-of-the-art cyber practices, and private companies continue to rely on stagnant software programs that are reactive in nature, and on average, are two years behind on the latest best practices.

Given the state-of-the-art technology available on the market, the best foot forward to thwart such attacks and position away from vulnerability is to instead have preemptive cyber protection systems that rely on AI/ML-driven software rather than layered, hardware-married systems from disparate manufacturers.

Since PE managers are not insulated from these risks, we strongly recommend that you consider how your firm’s operations and client data are protected from exposure.

The public cloud

While public cloud technology has been around for the better part of the decade, adoption by PE firms has been far from universal. Companies who adopted “–aaS” applications did not have the experience and foresight to predict their viability and how they might play out in future cloud ecosystems.

Many firms are currently finding themselves in the position of having to pay for expensive migrations of legacy systems that were not built to support or adapt to a more complex IT landscape. The regulatory differences in varying jurisdictions also dictate a further breakdown in how cloud technology, for example, can be applied within the same organization alone. Consider a firm that operates in both the UK and US – its cloud applications need to accommodate different compliance and ODD standards, yet still cater to broader functional data needs that the firm may have.

Given the intense travel schedules of PE managers, public cloud applications need to be agile enough to promote remote and collaborative workflows, compliant enough to meet jurisdictional regulation standards and secure enough to defend across an inherently increased surface area for an attack. Many proprietary SaaS programs no longer cut it, and PE managers need to consider broader cloud technology specifications and integrity before making this investment.


It’s no surprise that compliance continues to play a role in key tech decisions. Oversight committees and regulatory guidelines are tightening, and investors are also increasing their focus on the compliance of manager reporting at the GP level, as well as throughout their portfolio. Noticeably, firms with mature compliance functions are significantly more efficient at adapting to changing landscapes, all while maintaining robust reporting infrastructures. Technology can greatly enhance and even automate this task, as well as reduce reporting redundancies.

When considering how to enhance their compliance operations, PE firms have two options: keep and grow in-house, or outsource to a third party. In-house solutions can benefit from scalable SaaS integration, and modern DevOps offerings in particular can be employed to create firm-specific regtech applications. A software development philosophy that shortens development timelines by releasing updates and bug fixes over time, DevOps is nimble enough to evolve in parallel with a business’s functions. However, the maintenance of an in-house and always-on operation can quickly become expensive and frequently requires additional and expensive hires. Outsourcing can be both more cost-efficient and more collaborative in its ability to supply tailored programs, but increased data touchpoints create increased exposure risks, and therefore demand a third-party provider with a strong security infrastructure.

In the end, PE managers need to weigh the pros and cons of each option based on their specific needs.


Operational due diligence can help not only as an internal litmus test for how your firm operates, but also serve as a valuable tool for when allocators assess your firm.

Given that this task can quickly become daunting for any PE manager – especially when considering the infinite intricacies of present and evolving IT infrastructures – having a trusted managed service provider (MSP) with industry-specific specialization can relieve internal assets and make the process substantially more efficient and fruitful. In particular, an IT MSP provides valuable consultation encompassing key IT-related stress areas for the firm, helping to identify threats and areas for improvement. Given how impactful IT downtime and cyber threats are, ensuring against them through diligent monitoring and taking preemptive measurement definitively provides a positive ROI.

When was your firm’s last comprehensive technology assessment? Continuous re-assessment and re-alignment of your technology strategy and controls with best practices is necessary in today’s landscape; by incorporating a good MSP into your firm’s ODD prep, you can stay ahead of the curve.

AI and automation

The latest addition to the technology toolbox is undoubtedly the emergence and utilization of artificial intelligence and automation techniques. Within financial services, these techniques are already being utilized for trading, compliance monitoring and data management. However, PE firms can benefit by considering where else within their operations AI can be implemented. Normally, this requires the use of external DevOps services, rather than buying a pre-made solution. From our perspective, the application of these techniques is still in its nascent stages, but we expect it to continue to grow as managers become more comfortable in amalgamating and analyzing their internal data.

Applying AI and data warehousing techniques within operations can not only reduce inefficiencies, but improve human error reconciliation, speed up investment approvals and reviews, shorten execution timelines and automate minor decisions. Whether auditing your current tech infrastructure or considering broader upgrades, it is important to understand whether you’re maximizing potential uses of data as well as the full impact of any proposed additions to your technology stack.

Michael Asher is the chief information officer of RFA, a service provider with a focus on technology.