(Supply) chain reaction – How the governance, risk and compliance sector is evolving and the factors driving M&A activity

On 5 January 2023, completion was announced on the sale of London Borough of Merton (LBM)’s wholly-owned subsidiary, CHAS 2013 Ltd, to Thoma Bravo backed Veriforce Ltd - a US-based supply-chain and compliance management solutions provider.

BDO LLP advised the vendors on the transaction. Following completion of the transaction Ian McKinnon, managing director at CHAS, discussed the deal and trends across the sector with Brian Keane, BDO TMT M&A.

What was the process for the deal?

In 2022, the London Borough of Merton (“LBM”) and CHAS engaged BDO to help the business understand its current position in the market and the opportunity in the markets it operates within, as well as the options available to the shareholders for the continued growth of the business.

CHAS was founded more than 25 years ago and established itself at the forefront of the market for risk assessment and safety.

Ian referenced that over this time the competitive market has evolved and with continued investment and growth in the sector. He commented, "I joined in 2016 after running a similar business. Over the past six years, the team drove the commercial elements of the business, resulting in revenue CAGR growth over this period of c.25%. We also generated returns to shareholders each year to enable LBM to support local services for constituents and residents of the borough."

What did you do as a business to ensure you were best positioned and valued for sale?

Reflecting on the key cornerstones to successful growth since he joined in 2016, Ian highlighted the following four key elements:

  1. "Investing in the leadership team - this was important to implementing the business strategy and realisation of the plans
  2. "Implementing a technology infrastructure, independent to LBM, with continued investment in CHAS’ own technology stack to ensure it is continually optimised to best serve the evolving needs of the contractor and client base. When I joined, c.60% of applications were paper based, and through investment in technology this moved towards an online solution with upfront payment on application
  3. "Expanding services for the contractor and client base. This was only made possible because of our investment in technology and talent.
  4. "Establishing CHAS’ first international expansion presence, building on the strong brand name and a route to further service contractors and clients as well as providing future growth opportunities for the business."

Where next for the business?

Ian shares he is: "delighted to be joining the Veriforce family. The acquisition provides CHAS with accelerated growth prospects that will help achieve the business’s ambitions."

The combined business will be able to deliver additional services and unlike much of the rest of the sector, the business is not solely client-led. With a strong contractor base, the transaction will help drive this position forward.

Similar to CHAS, Veriforce have a strong services delivery model. It also brings a strong training base and an Operator Qualification ("OQ") service, that allows for assessment of individuals on site to meet against specific skills and experience requirements. Through its ComplyWorks acquisition, Veriforce also has a platform that supports multiple languages and safety management frameworks.

The acquisition also gives employees the opportunity to be part of global organisation with associated career and growth prospects, while also opening new opportunities with contractors and clients.

What are you seeing in the sector – are there any wider market trends?

Ian commented that a few sector headwinds exist in the market, including the broader economic performance, continued cost inflation pressures and the competition for recruitment and retention of talent. Furthermore, clients are impacted by increasing global supply chain challenges and geo-political conflict risks, leading to a growing need for information and data to ensure these risks are identified and tracked.

In contrast, the tailwinds overall, support an increase in demand from clients/buyers of contracted services from third party providers with Ian reflecting on a number of these points:

  • Supply chain complexity and regulation – there is an increasing trend to outsource elements of the management and monitoring of supply chains to ensure adherence to best practice and receipt of most pertinent information.
  • Risk of non-compliance – there is more visibility on company decisions and behaviours, consumers are increasingly focused on company behaviours and will amend consumption patterns away from non-compliant companies.
  • Board focus and centralisation – there is an increased demand for KPIs, data and coverage of supply-chain compliance across executive teams and board discussions, with compliance matters positioned high on the agenda.
  • Awareness and adoption – a demand for more complete risk management solutions due to recent supply chain disruptions, this covers areas beyond H&S – financial, environmental risk etc.
  • Importance of ESG and reporting compliance – increasing regulatory reporting in relation to compliance and need to demonstrate best practice through tendering processes further drives the need for monitoring and insights.
  • Contractor volumes – as volumes continue to grow across all sectors, demand by contractors for enhanced accreditation and certification services will follow.

What does this mean for M&A in the sector?

Businesses in the sector have attracted a lot of interest from buyers. Where a business has recurring revenues or are providing a required service that businesses need, it will attract attention from acquirers. Additionally, the broader compliance and ESG management sector is globally estimated at c. £30bn and growing at a CAGR of c. 14%1.

The Governance, Risk, and Compliance (GRC) sector has a number of businesses operating with both of these characteristics and where both the recurring subscription revenue and compliance required service intersects, then this will result in an elevated level of interest.

In terms of business characteristics that will attract most interest, it is likely to be those with a strong subscription or annuity based revenue stream, combined with a cross-border solution and those with an enhanced or differentiated service that could add to an existing set of services; therefore, the transaction is not just consolidation for scale but also for enhanced services and capabilities.

Where next? Looking ahead to what is next for the GRC sector

There will be continued ESG evolution, and this will impact on the sector in terms of demand for additional services and coverage across new areas. Risk management is forefront of the minds of C-suite executives, mapping the supply chain, the participants within the chain and the risk exposure.

Two of the more prominent areas of demand across the Governance, Risk and Compliance (GRC) sector are focused on enhanced cybersecurity compliance solutions for clients and the growth of individual worker compliance to ensure competence and compliance with required experience and qualifications.

Organisations continually seek a single view on elements of the supply chain across finance, procurement teams, compliance department and the board of directors. With risk management services consumed by clients through centralised, API integration and standalone log-in channels.


1 – Per CIL Management Consultants

Subscribe to receive the latest BDO News and Insights

Please fill out the following form to access the download.