April 3, 2014

Compliance Services Driving M&A In 2014

In the last several months we have seen an increasing interest in companies whose primary service offering includes compliance and/or risk management solutions. Notable transactions include New Mountain Capital’s acquisition of ACA Compliance Group, First American Financial’s acquisition of Interthinx, Inc., and Wipro’s acquisition of Opus CMC.  While it would be premature to suggest the current rate of transactions in this sector has given rise to a trend, the underlying fundamentals suggest M&A and/or private financings in this space may gain significant momentum in 2014 and beyond. What is it that sets this sector apart?

Robust Market Opportunity – Estimates for the size of the total GRC market vary widely and are highly dependent on how one defines the market. Suffice it to say that the GRC market is large, representing tens of billions of annual spend each year, and is growing in step with the unprecedented growth in regulatory reform resulting from the financial crisis. According to a 2012 Standard & Poor report, the cost to comply with Dodd Frank for the 8 largest U.S. financial institutions alone could reach $34 billion annually. These costs could take the form of lower fees, lost revenues, etc., but undoubtedly a significant portion will be spent on IT and technology vendors that financial institutions use to help them comply.

Perhaps more important for investors, GRC in some form touches every company in some way, regardless of industry and regardless of size. The ubiquity of this field coupled with the wave of new regulations and compliance requirements suggests an immense market opportunity that we contend is still underserved.

Predictability – The need to comply with regulations, policies or simply manage risk is constant. As a result, the GRC sector is (or at least should be) less susceptible to cyclical trends. That said, once vendors and/or service providers achieve scale they tend to be highly predictable business models. This attribute coupled with today’s SaaS or managed service model which delivers a recurring revenue stream creates even greater visibility, enabling business owners and investors alike to better predict profitability, growth and overall business trajectory.

No Clear Winners – Despite significant investments made in the space (e.g. IBM, EMC, MetricStream), the GRC sector is still highly fragmented. The breadth and velocity of regulations and compliance requirements is such that there is no single vendor that can solve all of a firm’s GRC needs. Additionally, in the wake of the financial crisis a large number of new entrants have emerged, akin to Sarbanes-Oxley in 2001. With this vast array of new service providers and technology vendors tackling GRC, there is an abundance of investment opportunities to pursue.

In light of these factors, we believe that the GRC sector will continue to receive heightened interest from capital market participants. However, we expect the focus to veer slightly from the traditional GRC software vendors towards, i) niche compliance solutions particularly in the financial services and health care verticals as acquiring firms seek to round out their service offerings and ii) compliance consulting services due in part to the record growth many of these firms have posted in the last several years, as well as continued convergence between technology, services and data that is stimulating demand for these businesses.