KKR Q&A: Building an effective compliance program

With greater regulatory scrutiny on private funds, KKR’s global CCO and former national chief of the SEC's Asset Management Unit Bruce Karpati talks about the key components of a successful compliance program and how compliance pros can stay on top of evolving issues.

The SEC’s ambitious private funds regulatory agenda has put a great deal of pressure on private equity firms to build out strong compliance programs, ensure the adherence of everyone within the firm and keep on top of new regulations.

Private Funds CFO recently spoke with KKR global chief compliance officer Bruce Karpati about how the increased focus on private fund regulation is motivating compliance pros and their firms to be more adaptable to regulatory changes and to prepare for various resulting issues.

Bruce Karpati

What do you think makes an effective compliance program? And, what’s unique about the way KKR approaches compliance?

The way we think about this, and the way I present it internally, is that there are four key components to effective compliance.

In no particular order, I would say the first component is culture and the tone that is set throughout the organization, from the top to the middle to the bottom. The second component is governance, which includes policies and procedures, including how to escalate issues through the organization. The third is resources. If you’re not adequately resourced, you’re not going to be able to do your job and be effective at it.

Finally, you have to be forward looking. Are you monitoring, testing, and looking for gaps in your compliance program? Your firm needs to prepare to handle things that could go wrong and be able to remediate them quickly and effectively.

We’re committed to being prepared to address issues that come up and have the ability to escalate them through various forums. For example, I have a seat on our risk and operating committee; I chair our global conflicts committee; and I sit on various other governance bodies throughout the firm.

Often you will need to respond to an issue quickly, and need to be prepared for those eventualities. For example, we spend a lot of time on exam response and doing mock exams, and preparing for cyber-incidents and other issues that could come up.

What’s an example of something the compliance team dealt with in recent memory you’re most proud of? How did they deal with it?

I am especially proud of the work we do with our portfolio companies. While our portfolio companies employ their own compliance frameworks, we can often provide valuable counsel on their anti-corruption programs and help them address specific compliance issues as they come up. Having 100-plus portfolio companies globally gives us a unique perspective for providing counsel on compliance topics. We have quarterly calls with our portfolio companies to discuss issues and help them in any way they need.

An effective compliance program should be designed, in part, to prevent wrongdoing. But what should firms do if an issue is uncovered?

I analogize what we do on the compliance side to being a goaltender in hockey. What makes a good goalie? You have to be adaptable and flexible and be able to act quickly and respond to a flurry of “shots” when they come up.

In my years with the government, I saw that things can go very wrong when people are not prepared and fail to take action. When it comes to compliance, if you’re not regularly doing things like mock exams or exam response preparation or cyber-exercises, you’re not going to be ready to respond when the time comes.

Some people may not understand why firms have to be so prepared all the time, but I come from a regulatory background and have seen things inevitably happen. You’ll be better positioned to respond to those issues if you’ve practiced for any eventuality. It’s also important to have good external advisers, because you need the ability to think independently from the business.

You would hope employees come to the CCO with potential issues, but what are some warning signs that employees aren’t fully committed to the compliance program or aren’t comfortable coming to you with potential issues?

It’s important to instill a culture of compliance and have regular trainings to ensure that employees are up to date and aware of compliance issues that could come up in the regular course of business. Accountability is one of our core values and our employees take that very seriously. Training and culture are so important to making sure you’re prepared for any issues. Nothing ever goes perfectly, so your firm needs to be ready to deal with anything that comes up, and if someone in the firm isn’t fully committed to this, then you need to address it.

Like you said, compliance issues happen. In today’s environment, what do you think are the biggest regulatory and compliance issues facing private fund managers?

Many of the topics we’re looking at today are the same ones I worked on at the SEC a decade ago.

One of the key areas of recent focus is the private fund rule proposal. There are conflict issues related to fees and expenses and those are topics that we have been dealing with for years as a regulated entity, but it’s one example of many that creates more complexity for private fund advisers.

How do you stay on top of new regulatory requirements or changes at the firm that impact compliance so you can make any necessary changes to the program? 

Looking at the regulatory aspect is a big part in this, in terms of staying abreast of regulatory developments and rule proposals. I think the SEC risk alerts and enforcement actions are a good tool. The risk alerts come from actual exams while enforcement actions emanate from actual investigations at other firms, so they are useful in designing your compliance program appropriately to deal with the issues outlined.

Another useful resource is my peer group. I get together with my peers regularly and talk about issues and how to deal with them. Then you have industry groups, like the National Society of Compliance Professionals, where I co-chair the Private Fund Forum. We engage quarterly on different topics.

So, I think it’s a combination of listening to and hearing your regulators, talking to your peers and participating in industry forums. I’m also blessed to have an awesome team here at KKR; there are 50 of us on the compliance side.

Finally, you need to have a seat at the table and constantly be in touch with the business to know what’s going on at your firm.