ACA Group, a governance, risk, and compliance advisor in financial services, has launched Aponix Foundations, a self-service SaaS cybersecurity solution. This new offering is designed to enable financial firms to establish essential cyber governance without requiring a full in-house program.

Developed by ACA Aponix, ACA’s cybersecurity and risk division, Aponix Foundations provides an automated platform for various segments of the financial services industry, including wealth managers, venture capital firms, asset managers, and broker-dealers. The launch addresses a significant concern for compliance officers, as ACA’s 2025 Investment Management Compliance Testing Survey reported that 55% of firms increased cybersecurity testing this year, making it a top-three compliance priority.

Despite increased focus, many firms, particularly those with outsourced IT functions, face challenges in maintaining strategic oversight of their cybersecurity. Aponix Foundations aims to close this industry oversight gap by offering a self-service SaaS platform that helps compliance officers establish and manage baseline cyber governance. The program integrates with ACA’s ComplianceAlpha platform, providing a centralized hub to assess risks, monitor vulnerabilities, and oversee cyber controls alongside other compliance obligations. ACA also includes an advisory call with a consultant to review assessment results, prioritize remediation, and develop a cybersecurity roadmap.

Key features of Aponix Foundations include a proprietary risk assessment that generates detailed findings, recommendations, and risk ratings, accompanied by a readout call with an ACA cybersecurity consultant. The platform also offers a risk register and management tool for prioritizing identified risks, an IT and compliance checklist with cadence tracking for key cyber activities, and web-based staff training modules. Additionally, it provides ongoing domain and threat surveillance with automatic alerts and weekly vulnerability scanning, which generates downloadable PDF reports for audit and examination support.

Aponix Foundations empowers compliance officers to verify control implementation, identify strategic risks, and produce evidence for audits or exams. By placing oversight directly with compliance officers and complementing the day-to-day management of IT operations by Managed Service Providers (MSPs), the program assists firms in meeting regulatory expectations and ensuring accountability.

Christine Tetherly-Lewis, Partner and Head of ACA Group’s Cybersecurity and Risk Advisory division, stated, “Aponix Foundations was designed to give compliance officers confidence that their firm’s cyber risks are being identified and addressed. With weekly vulnerability scans, ongoing monitoring, and evidence that can be used in audits or exams, firms can begin to take steps with cyber oversight that regulators expect without having to build a full cyber function in-house.”

Kerry Rider, Partner and Head of ACA Wealth, added, “This program goes beyond wealth managers. It’s designed for any firm that has not yet established its own cybersecurity governance. By providing a structured, self-service platform, Aponix Foundations helps firms that rely on outsourced IT establish the checks and balances needed to manage risk strategically and consider regulatory obligations.”

ACA Group, established over 20 years ago, is a global governance, risk, and compliance (GRC) advisor for financial services. The company employs 1,400 professionals, including former regulators and practitioners. Its approach combines advisory services, managed services, distribution solutions, and analytics with its ComplianceAlpha technology platform.