Compliance beyond the SEC

While the private markets are accustomed to keeping a close eye on federal regulators like the SEC, meaningful oversight is increasingly coming from state agencies and international bodies. As Dan Rothenberg, head of legal at Juniper Square, commented in the inaugural session of the Juniper Square Private Markets Regulatory Council, “What's the New York Department of Financial Services going to do? What's California going to do? What's Europe going to do?”

Even in a more permissive environment at the federal level, compliance cannot be put on the back burner.

A compliance program that only focuses on federal law will leave dangerous blind spots.

For instance, the New York Department of Financial Services (NYDFS) fined fintech company Block (owner of Cash App) $40 million for AML and KYC failures. Dozens of other states coordinated their actions, resulting in an even larger settlement across 48 states. The takeaway is clear: state-level enforcement can be just as punitive as federal action.

Monetary fines are just one part of the fallout. Firms that run afoul of local regulators may also face operational restrictions. For example, a regulator could impose an independent monitor—as NYDFS did, requiring Block to hire a monitor to oversee compliance—or even suspend a company’s license to operate in that jurisdiction until issues are fixed. Being barred from doing business in a lucrative market could be a death knell for a fund’s prospects.

Compliance is no longer just about traditional financial regulations—it also encompasses technology and data practices, including the firm’s use of analytics, AI, and customer data. The EU, for instance, is moving ahead with detailed AI governance. The EU AI Act is the world’s first comprehensive law governing AI in both the public and private sectors.

“This is an opportunity for private markets compliance teams to be caught by surprise by regulators they're not used to working with,” added Rothenberg. “The FTC has already fined people for fake AI claims.”

This follows a similar pattern seen in data privacy. Europe’s GDPR set a high bar internationally, and states like California followed, even as U.S. federal privacy law lagged. Private market GPs that operate internationally or handle data across borders must account for these differences.

Another aspect to consider is the role of investors. Even if scrutiny from regulators is momentarily dialed down, the expectations from institutional investors remain high. LPs have their own compliance checklists when they vet fund managers, and nothing will shake an LP’s confidence faster than finding out a manager has been hit with a compliance scandal or fine. Losing investor trust can be as devastating as any regulatory penalty, since it directly affects a firm’s ability to raise and retain capital. Organizations like the Institutional Limited Partners Association (ILPA) publish principles on fund governance and transparency, and aligning with these can often satisfy a baseline of what investors expect.

The cost of complacency in this era of dispersed regulation is simply too high. GPs need to treat compliance as a strategic priority, not just a check-the-box exercise. On the contrary, demonstrating proactive compliance across all relevant jurisdictions can become a competitive advantage—it shows all stakeholders that a firm is diligent, forward-thinking, and trustworthy.

“This is a very big opportunity for people who have a mature yet flexible compliance department,” concluded Rothenberg. “If you can pay attention to all of the potential risks from state regulators and other jurisdictions, and you have a concrete way to make decisions and navigate, you can win very big.”

Regardless of how the regulatory requirements evolve, Juniper Square is prepared to support private market GPs in meeting their obligations. As a scaled fund administrator, we support hundreds of clients and are experienced in meeting AML/CFT and KYC compliance requirements in multiple jurisdictions. Our connected solutions integrate the collection and retention of investor identity documentation into the broader investor onboarding workflow and support ongoing sanctions screening throughout the lifecycle of an investment fund, making compliance with regulations seamless for GPs, LPs, and other stakeholders. Learn more today!