U.S. and Canadian venture capital and mid-market private equity firms are increasingly focused on cybersecurity and artificial intelligence governance as their most pressing technology-related risks, according to new research examining compliance pressures across the sector.
The study, conducted among senior executives responsible for a combined US$335 billion in assets under management, found that 75 per cent of respondents believe cybersecurity compliance and data protection obligations will represent the greatest technology challenge for their firms over the next two years. This concern outweighed challenges related to AI governance, cited by 60 per cent of respondents.
Beyond technology, people-related compliance pressures are also intensifying. More than six in ten executives identified difficulties in recruiting and retaining qualified compliance professionals, alongside the complexity of managing regulatory obligations in offshore jurisdictions, as the most significant workforce-related challenges facing their firms.
Legacy infrastructure remains another constraint. Fifty-eight per cent of respondents said integrating new compliance and security technologies with existing systems posed a major challenge, while more than half pointed to the rising cost of compliance platforms, RegTech tools and ongoing regulatory requirements tied to digital infrastructure.
Regulatory scrutiny continues to weigh heavily on investment managers. Around 42 per cent of respondents said increased enforcement activity and the need for independent oversight would be a significant challenge, while 45 per cent cited the cost of maintaining internal compliance resources. A smaller but notable proportion flagged reliance on external legal counsel as a growing concern.
When selecting external vendors for compliance or technology support, reputation emerged as the most important factor, ahead of cost. Nearly half of respondents ranked industry reputation as their top consideration, followed by system integration capability, customisation options and a proven regulatory track record. Cost was ranked as the most important factor by just over a quarter of firms, suggesting a shift toward prioritising reliability and regulatory credibility over price.
Commenting on the findings, Howard Nurtman, Head of U.S. Regulatory and Compliance at Ocorian, said regulatory expectations around cybersecurity and AI were accelerating faster than many firms anticipated.
“Cybersecurity and AI governance are no longer emerging issues – they are established compliance risks that require specialist expertise,” he said. “At the same time, firms are facing sustained pressure on their compliance teams, with recruitment challenges and increasingly complex cross-border regulatory obligations.”
Nurtman said the research reflects a broader industry trend toward valuing experience and regulatory fluency when engaging external providers, rather than viewing outsourcing purely as a cost-saving measure.
The findings highlight a sector grappling with overlapping technology, regulatory and talent pressures, as cybersecurity resilience and AI governance move to the centre of compliance strategies for investment managers operating in an increasingly scrutinised environment.
