Goldman Sachs Bought the Firm That Audits AI Governance. Here's What That Signal Means.
On March 5, 2026, Goldman Sachs Alternatives announced it was taking a majority investment in Schellman.
Most accounting and law firm owners haven't heard of Schellman. But Goldman Sachs has, and the fact that one of the world's most sophisticated capital allocators just put its name on an AI governance compliance firm is a signal worth reading carefully.
What Schellman Does
Schellman is a top-50 cybersecurity and compliance attestation firm. Its practitioners certify whether organizations are doing what they say they're doing: SOC 2 compliance, ISO 27001, FedRAMP, HITRUST. In the last two years, the firm has moved aggressively into AI governance — building the audit frameworks that verify whether AI systems are operating transparently, within policy, and in compliance with emerging regulatory standards.
When a major bank needs to certify that its AI models aren't making discriminatory lending decisions, it calls a firm like Schellman. When a healthcare network needs a third-party audit of its AI diagnostic tools before regulators ask for it, it calls a firm like Schellman. When enterprise clients start asking their vendors and professional advisors for documented AI governance policies — and they will — the certifications behind those policies come from a firm like Schellman.
Goldman Sachs Alternatives is expected to close its majority stake by end of Q2 2026.
Why Goldman Made the Bet
Goldman doesn't take majority positions in mid-market professional services firms without a thesis. The thesis here is legible: AI governance compliance is about to follow the same arc as cybersecurity compliance in the 2010s.
In 2010, fewer than 10% of enterprise procurement requirements included vendor cybersecurity documentation. By 2018, SOC 2 reports were effectively table stakes for any software vendor selling to an enterprise client. The market for cybersecurity compliance advisory grew at double-digit rates for a decade. Firms that built credentials in that space early — building practices around SOC 2 readiness, ISO certifications, and audit trail documentation — captured recurring revenue that has compounded for fifteen years.
Goldman is betting AI governance follows the same curve, but faster. Three regulatory drivers are already in motion:
- Illinois SB 315 (effective January 1, 2027): targets frontier AI model developers, but signals that state governments are building governance frameworks that will extend down the AI value chain
- Connecticut SB 5 (effective October 1, 2026): requires employers using AI in employment decisions to document AI use and notify affected candidates — the first state-level employer AI governance mandate
- EU AI Act Article 50 (August 2, 2026): general transparency obligations for AI-generated content and AI-driven client interactions
Firm owners typically read these regulatory updates and ask "does this apply to me?" Goldman is betting that their clients will soon be asking the same question about the firms they hire.
What This Means for Your Firm
If you run an accounting, consulting, or law firm, the Schellman/Goldman deal has two direct implications.
First, the market for AI governance advisory is validated — and currently underserved. Goldman Sachs doesn't back a market it thinks is a niche. The investment confirms that enterprise clients will pay for AI governance expertise, and that demand is rising. Your clients — the ones who ask you about tax compliance, legal risk, and financial controls — will start asking about their AI governance exposure too. The firm that answers that question first builds the relationship that outlasts the question.
Second, the window for independent firms to differentiate in this space is narrowing. A Goldman-backed Schellman will have sales resources, marketing reach, and pricing authority that independent boutique firms can't match at scale. The pattern is the same as PE consolidation in accounting: once the large platforms have first-mover advantage in a service category, smaller firms either differentiate through specialization or compete on price. Neither is a comfortable position.
The way to get ahead of this: build AI governance credentials before the Goldman-backed platforms own the market's perception of the category.
What AI Governance Advisory Looks Like for a Small Firm
You don't need to be a certified auditor to offer AI governance advisory. The attestation and certification functions are what Schellman provides. The advisory and preparation work — which is where most of your clients actually need help — is accessible to any firm that advises on compliance or technology risk.
For most small and mid-sized business clients, the foundational AI governance work covers four areas:
Vendor risk inventory: What AI tools does the organization use? What data do those tools access? Who authorized them? This alone is unknown at most 20-200 person companies.
AI use policy: A written policy that defines acceptable use, data classification rules, required disclosure protocols, and staff training expectations. Most firms don't have one.
Regulatory gap analysis: Does existing AI use create obligations under applicable laws (state AI employment laws, EU AI Act, sector-specific regulations)? For clients with employees in multiple states, this analysis is already billable.
Client-facing disclosure review: If the client's firm uses AI to generate work product for their own clients, what disclosure obligations apply? (Relevant for any professional services client.)
None of these require Schellman-level certification infrastructure. They require the same analytical skills your firm applies to tax compliance or legal risk assessment — applied to a new domain.
The One Action This Month
If you advise business clients on compliance, technology, or operational risk: identify one client in the next two weeks who uses AI tools as part of their operations, and ask them a single question — "Have you inventoried what your staff is using AI for, and what data those tools are accessing?"
In most cases, the answer will be no. That conversation is your entry point to an AI governance advisory engagement. It's not a certification sale. It's the diagnostic audit that comes before the certification — and it's the work Goldman Sachs just validated as valuable enough to build a platform around.
The firms that start those conversations now will be the ones with documented expertise when clients make it a requirement.
Get the weekly briefing
AI adoption intelligence for accounting, law, and consulting firms. Free to start.
Related Reading
- Private Equity Is Buying Your Industry — 1,052 Acquisitions and Counting
- Crowe Just Sold to KKR. Here's What That Means for Your Firm.
- The $25K–$100K Service Line Your Clients Are Already Looking For
- Your Staff Is Already Using AI With Client Data. Here's What to Do About It.
- Modus Just Raised $85M to Build an AI-Native Accounting Firm — Here's What That Means for Yours
This is the kind of intelligence premium subscribers get every week.
Deep analysis, cross-sector patterns, and the frameworks that help professional services firms make the crossing.