As the Global Chief Compliance Officer for investment firm KKR, Bruce Karpati faces an interesting challenge: making sure KKR’s own practices remain best-in-class in a highly regulated industry, while simultaneously keeping the companies in which KKR invests up to snuff. Karpati spoke with Ethisphere Magazine about how innovation, and his work with Ethisphere, helps him keep up.

Craig Moss: Can you just tell me a little bit about KKR’s business, what you all do, and what your role is as the global chief compliance officer for the firm?

Bruce Karpati: KKR is a multi-strategy investment firm. Today we are involved in multiple investment strategies, which includes private markets—private equity, infrastructure, energy, real estate, and growth equity. We also have a public markets business focused on corporate credits and debt, and a capital markets business, which provides underwriting and financing capabilities.

In terms of my job, I’m the Global Chief Compliance Officer. My job is focused on compliance and oversight as it relates to KKR as a regulated entity. We’re also looking after our portfolio companies and making sure they understand the importance of strong compliance programs. We educate them on best practices and how to apply them to their companies.

CM: Your portfolio companies are all over the globe. So, can you tell me a little bit more about what your geographic spread is like and what markets you’re operating in?

BK: Our investment strategies are quite broad, and we invest in all types of companies, whether technology, retail, healthcare, or industrials, as examples, and the geographic scope also covers the globe. We’re heavily focused on three main regions: the Americas, Europe, and Asia. We have investment funds and teams encompassing most of the strategies that I discussed in each of those regions.

We also have different teams at KKR who support our investment professionals. For example, we have the KKR Global Institute that analyzes many political and regional issues across the globe, and the Public Affairs Group, which supports KKR on stakeholder, media, public policy, and environmental, social, and governance (ESG) issues. The legal and compliance team is one of those teams that not only makes sure investments are commercially and legally appropriate, but that they’re doing well in other fundamental areas, whether it be compliance or ESG or other important stakeholder issues.

CM: You clearly take an approach that goes beyond just wanting portfolio companies to “be compliant.” You really do focus on helping them to try to embed compliance activities into how they operate.

BK: KKR’s co-founders and co-CEOs Henry Kravis and George Roberts really want to make sure that both our investors and our portfolio companies are able to trust us. That has a lot to do with the values that we’re incorporating not only at KKR but at our portfolio companies. When we’re thinking about our investments, we’re not only thinking commercially. We’re thinking about how those companies operate across the globe. And a significant part of that is their compliance, the ethics and integrity component of how those companies are doing business.

CM: Can you take me through the lifespan of a company in your portfolio?

BK: One early point of interaction that we need to get right is pre-acquisition due diligence work. The critical aim there is to do anti-corruption checks, to interview key players, and to make sure that from an anti-corruption perspective, we know the companies that we’re acquiring. Second, we have a monitoring process that includes portfolio company check-ins based on the risks that we perceive in that company. Working with our outside advisors, we will periodically check in with the company and make sure that policies are being developed, that there is the right tone, and that companies are responding satisfactorily to the extent that regulation has changed.

Ethisphere has been really helpful in two areas of our overall program. One is that we host a program for our compliance and legal colleagues at our portfolio companies, on an annual basis, where we’ll focus in on a particular issue to build awareness. We chose anti-corruption as a first phase, and now we’re focused on cybersecurity and the protection of confidential information. That’s one area we’ve been working on with Ethisphere.

The second area where Ethisphere has been involved is helping individual portfolio companies measure their current program maturity and drive improvements. Ethisphere conducts assessments and workshops around making sure that we’re measuring, for example, the anti-corruption risks at a company, and then working on a particular project improvement plan with those companies. We’ve gone through that with a variety of different companies, and now we’ve expanded not only to go deeper on anti-corruption, but to start looking at cyber-related issues at portfolio companies.

CM: How do you try to integrate the work of compliance into the rest of the business in your portfolio companies?

BK: I think one of the key attributes of this program with Ethisphere is making sure that compliance is not sitting there siloed apart from the business. The program brings together the disparate parts of the company, whether it’s senior leadership, sales people, or people in compliance, and makes this effort cross-functional.

Beyond compliance, the program is very much focused on creating efficiencies in those companies. What I’ve seen impress some of our portfolio companies is that this goes beyond just how to comply with the law. It’s about creating a level of efficiency and transparency related to a number of potential issues. For example, one focal point has been procurement. Historically we know corruption can occur in procurement processes. Ethisphere’s team is able to come in, assess different parts of procurement, and then create enhancements to the procurement process to make it more efficient and more productive.

CM: That leads into my next question: in what ways have your processes, either internally at KKR or in the work that you are doing to build up capacity at your portfolio companies, changed or been augmented by new technologies in the last few years?

BK: Technology is a fundamental component of our compliance program. As you can imagine, we’re dealing with a variety of different complex issues, whether it’s trading issues, investment allocations, sanctions, or cyber issues—technology and innovation are only going to help us do our job better. When regulators come in and look at a program, they now expect a level of automation and technology.

One example is how we’ve created a proprietary workflow tool that tracks all of our investment deals and makes sure that we’re connecting the dots in every transaction, including anti-corruption, AML, and sanctions checks. That creates a good audit trail to demonstrate to regulators that we’re doing what we need to do. Another part of our compliance program is incorporating artificial intelligence into the way we monitor our activities, which we’re incorporating into our electronic communications surveillance.

CM: In a prior life, you spent over a dozen years working as a regulator at the SEC. How does that experience inform your work today?

BK: Some people may not think that there are natural parallels, but when I was at the SEC, I ran the asset management unit, which investigated investment advisors of all stripes. With that experience, some things were clear to me when I entered the world of compliance. Ultimately, when people look from the outside, they’re going to expect that you have set up a process-oriented compliance program. And when I think about the attributes of our program, it’s really about identifying issues, being proactive around those issues, and having the right processes that still let us do our business.

Similarly, we have also been focused on bringing in specialized expertise and making sure we have the ability to really understand what the business is doing, as well as understanding different regulatory areas, whether it’s anti-corruption, conflicts of interest, or trading issues, among others.

CM: So looking forward to the next year or two, what innovations or evolutions in your program are you most excited about?

BK: One is assisting our portfolio companies on cyber-related issues. That’s an area that we get to engage with Ethisphere, in terms of doing cyber workshops with our portfolio companies. It’s an area, as we all know, that is fraught with daily issues across many different companies. Although it keeps me up at night, I’m excited about the prospects there. I’m also excited about using new technology and being in a position where we can not only help compliance, but also help our portfolio companies to be more innovative around compliance issues.

And then, of course, I’m excited about the growth of our business. We’ve built one of the largest franchises in Asia, where many of our investment strategies are being built out. So we’re going to be able to provide value in different markets across the globe.


About the Expert:

Bruce Karpati joined KKR in 2014, is a Member of the Firm, and serves as Global Chief Compliance Officer and Counsel. Prior to joining KKR, he was the Chief Compliance Officer of Prudential Investments, the mutual fund and distribution business of Prudential Financial. Mr. Karpati was previously the National Chief of the SEC’s Asset Management Unit, which he co-founded. In this role, he supervised a staff of 75 attorneys, industry experts, and other professionals. In 2007, he founded the SEC’s Hedge Fund Working Group, a cross-office initiative to combat securities fraud in the hedge fund industry. Mr. Karpati is the incoming Chair of the National Society of Compliance Professionals, which serves and advocates for compliance professionals in financial services, and he serves as an Adjunct Professor at Fordham Law School. He began his career in private practice at Dechert LLP.