Private equity is ripe for disruption from AI. Highly-compensated and -skilled investment analysts spend vast amounts of time:

• Researching investment targets

• Estimating potential returns

• Drafting deal memos

And especially because driving efficiency in portfolio companies is a key value proposition for private equity firms, doing the same thing for internal processes is imperative.

Firms that embrace new technology, especially generative AI-powered processing of unstructured information, will drive superior returns for their investors.

Those that don’t risk being left behind.

TJC as an AI-powered leader

Founded in 1982 and with nearly $29 billion of assets under management, TJC is a private equity powerhouse. Managing over 85 portfolio companies, the firm takes a hands-on approach to transform smaller businesses into large, integrated enterprises through both internal growth and targeted acquisitions.

“Walter is the master of AI governance. Moving quickly from analyzing dense regulations to personally inspecting bleeding-edge source code, he knows secure AI from top to bottom. Every recommendation he made during our engagement was reasonable, actionable, and timely. I would absolutely recommend data-driven investment advisors work with StackAware to manage their AI-related risk.”

- Richie Caputo, Director of Data and AI, TJC

Understanding the changing technological landscape, TJC became an early adopter of AI tools such as ChatGPT as well as specialized, investment firm-specific offerings like BlueFlame.

At the same time, TJC’s

• Data

• Operations

• Compliance

teams had a thorough appreciation of the challenges that came along with new technology.

Cybersecurity

Private equity firms handle huge amounts of sensitive data. Protecting the following was thus high on TJC’s list:

• Roll-up strategies

• Financial projections

• Investment target identities

Understanding - and mitigating - the risk of unintended training and sensitive data generation was thus a key concern for the firm.

Compliance

Regulated by the Securities and Exchange Commission (SEC), TJC has a strong culture of adhering to applicable laws and regulations. With evolving challenges, such as an ongoing SEC sweep related to AI and enforcement actions targeting “AI-washing,” the firm needed to stay on top of AI-related regulatory developments.

“Protecting the firm and its reputation are my top priorities. The explosion in AI tools over the past few years, while creating a lot of value, have also greatly increased risk. Walter and the StackAware team did an incredibly thorough job building our AI governance program. Addressing technical, regulatory, and reputational challenges, the systems they built for us help manage the full range of AI-related risks. If this is something you are worried about, definitely consider teaming up with them.”

- Ugo Ude, Chief Compliance Officer, TJC

Privacy

Protecting limited partner (LP) privacy is an absolute imperative for any investment advisor. TJC takes it extremely seriously. Accordingly, the firm needed to ensure no personal information is improperly exposed to AI systems.

Refer a friend

Enter StackAware

Given its stringent requirements for effective AI governance, TJC contracted with StackAware to assess its risk posture and mature its existing program. StackAware quickly delivered by:

Mapping AI-related risk throughout the supply chain

Through a detailed review of TJC’s technology infrastructure, StackAware identified - and provided  mitigating controls for - issues such as:

• An open source library with business continuity / sole maintainer risk

• Indefinite data retention challenges with ChatGPT Team

• A key vendor with unclear AI training policies

Managing risk with effective governance

With the key issues spotted, StackAware moved to build a comprehensive set of controls to address identified risks. These took the form of a custom AI policy and procedure.

Using the National Institute of Standards and Technology (NIST) Artificial Intelligence (AI) Risk Management Framework (RMF) and Cybersecurity Framework (CSF) as guides, StackAware wove AI governance into the firm’s existing security program.

“Securing TJC’s operations is challenging enough without the added wrinkles of AI-related risk. That’s why we were thrilled to bring in StackAware to help us manage it. Walter and team are outstanding partners and incredibly easy to work with. They expertly pointed out emerging challenges and prevented blind spots from developing in our risk posture. If you are concerned about AI-related cybersecurity, compliance, and privacy, work with StackAware.”

- Jordan Melnick, Vice President of Operations, TJC

Educating key stakeholders

While effective AI governance is itself a powerful tool, only by communicating about the safeguards in place can a company harness the technology’s full value. Toward that end, StackAware:

• Built a detailed training module to help TJC employees understand best practices when it comes to secure and responsible AI use.

• Drafted externally-facing documentation describing the firm’s AI governance structure and controls for use with limited partners and others.

With the right communication tools at its disposal, the firm is well positioned to address questions and concerns proactively.

A trusted advisor

On top of the deliverables described about, StackAware also delivered rapid updates to the TJC team about AI governance developments like:

• The SEC’s proposed predictive data analytics rule

• Changes in ChatGPT chat history functionality

• The xz-utils software supply chain infiltration

The speed at which technology and policy are evolving makes having a dedicated advisor a requirement for complex organizations leveraging AI.

Ready to unlock LP value with AI?

If you are a data, security, or compliance professional at a private equity firm and want to let your teams use AI while managing risk:

Book a call