Questions you should ask,
when assessing your program's maturity
As all compliance programs continuously evolve, how do you measure your success or plan for the next step in the development of your program? This video introduces a practical approach to assessing the current maturity of your program and processes using a compliance program maturity model. This model is designed to help you track and communicate your current state as well as pinpoint the places where your program can level up including governance, risk, process, culture, and design.
Ann Oglanian
Ann Oglanian has more than 25 years’ experience in the investment management industry and is sought after for her practical guidance on strategic business planning, organizational and operational matters, and compliance program development and assessment. Prior to founding ReGroup in 2002, Ann served as managing director, general counsel, and chief compliance officer of Montgomery Asset Management and partner in the investment management practice of Vedder Price.
Full transcript available below
We had a quick polling question. I think there's 3 of them, actually. Do you have a compliance committee right now? If you guys could answer that, that would be great. We'll move to the next polling question in just a minute. Okay, this is great. Okay, let's talk about this for a minute. Yes, 41% and no, 59%. For those of you who do have them, having a [inaudible 00:21:20] for governance is one of the pillars, and governance is just a fancy word for deciding who decides. Having a committee of people who are committed to hearing those reports, say on a quarterly basis, hearing issues that get escalated, or even just having this very conversation we're talking about today is an absolute best practice. For those of you who don't have that, I think that's probably a good thing to think about. It doesn't have to be super formal. I know some firms don't like committees, but this is one that it's just, I don't know how you function without one. |
Number 2 is "Have you done a risk assessment?" I will tell you as you answer that, risk assessments are tricky. It's not like you learned how to do a risk assessment in college. No one explained this to you, so most people really have to go, "All right. What is a risk assessment?" If that's where you find yourself, again, that's where you are. 80% have done a risk assessment. That is outstanding. Again, the ability to think through governance in risk is that we view as one of those pillars. The fact that you have, say, you've got a risk assessment, but you don't have a committee tells you, "Hey, maybe I have an area where I can improve, but I also have some strength." |
Does your firm have an organizational chart that identifies every person and every title? Of course this is something that the SEC will ask for. It's like the first thing that they ask for, and it used to be we could have kind of fuzzy org charts, and today, they basically take no prisoners on this stuff. Every person, every title, every reporting relationship should be identified, but some firms, just their culture, they just don't like it. "Oh, we have a flat organization. We don't want to do this." Let's see. Yes, of course. Look at that. Outstanding. |
Let's just assume that you're a person that has an org chart and done a risk assessment, but doesn't have a compliance committee. You could think, "Well, hm, that could be maybe the next thing that I did to take to level up in terms of governance and supervision at my firm." Perfect. Perfect. Those answers were terrific. |