Survival of the Fittest:

Compliance Program Evolution

Compliance Program Maturity level,

Where does your firm fall? 

As all compliance programs continuously evolve, how do you measure your success or plan for the next step in the development of your program? This video introduces a practical approach to assessing the current maturity of your program and processes using a compliance program maturity model. This model is designed to help you track and communicate your current state as well as pinpoint the places where your program can level up including governance, risk, process, culture, and design.

Ann Oglanian

Ann Oglanian has more than 25 years’ experience in the investment management industry and is sought after for her practical guidance on strategic business planning, organizational and operational matters, and compliance program development and assessment. Prior to founding ReGroup in 2002, Ann served as managing director, general counsel, and chief compliance officer of Montgomery Asset Management and partner in the investment management practice of Vedder Price. 

You can download a full copy of the slides from this webinar.



Full transcript available below

Now we're going to talk about how you measure improvement, and the first step is to know where you are right now. If you look at the next slide, this is a cool slide. I love this thing, and I will tell you, we forgot to put, there was a firm that is actually outside our industry that created this originally, and I've adapted it over time, but it's a really neat idea that is not just for compliance. What you want to do is move from the bottom of the page to the top of the page. As you do that, you're moving from tactical, kind of a bottom up thinking, to strategic, which is more of a top down thinking. You may be doing both at the same time which is great. Maybe you're in the middle. You can actually take this compliance maturity model and apply it to each of the 10 pillars individually, and you can also apply it to your firm as a whole, your whole compliance program.

Let's start at the bottom. Hopefully we've all felt this. You may be here right now which is, it's just panic. Some of that just comes from, you know, "I'm working in isolation. Somebody just handed me this job. I'm really a marketing director. I don't know what I'm doing. I'm just trying to get the job done. I'll take resources from anywhere right now." That is normal, just so you know, normal, sort of everyone starts there, and the whole department or the whole firm starts there as well. It's not that there's someone else in your firm that actually knows more than you do. Everyone is just reacting. This is something that we saw in spades in 2005 and 2006 when the compliance world came out. If you're also just new to your job, this is how it can feel.

The good news is, you get to move up the ladder here a little bit. In the second year you're doing something because some of this is very repetitive. On an annual cycle, you'll think, "I can now anticipate what's going to happen next. I have a calendar that helps me do that. A little bit more efficiency. A little bit more automation. I'm starting to see the connections, and I can start to plan for the future." We also see that the firm starts to really accept, "Hey, this whole compliance thing, we're going to kind of have to do this."

Then you move the stage 3 which is really collaboration where you've got coordination happening between departments, between technologies. You start thinking about assessing risk. You start to prioritize risk which is the hardest thing of all to do, and you're starting to use technology for multiple purposes. An insight to help evaluate and help your compliance program, and it's not all necessarily being done by your department. It may be done by the accounting department and the marketing department, everyone starts to understand that they have compliance responsibilities.

Then you move to stage 4 which is really orchestration. This is where you're the orchestra director with regard to your program. You know the horn section is the portfolio managers, and they have a job to do, and they understand when you raise your baton, they need to play. There is a call and response there that's really working, and in unison, when we play, it actually makes a good noise. It makes music instead of just racket. This is where you're really working at an enterprise level. People are starting to be able to talk about. They've been educated to talk about enterprise level risk, really analysis and action is happening together, and there's a lot of transparency so that we're not hiding in our offices during the panic stage and not wanting to let anyone know you don't really know what you're doing. That's a really common thing at the bottom. By the top, you're like, "Oh, I want everyone to know what I'm doing because we all know what we're doing."

What you may find, and what's important is you can think of this, like I said, for your whole department or your whole compliance program, but you can also use this just to measure each one of those pillars. You know, just your policies and procedures, just your culture and tone at the top, just your ability to do reporting. You can kind of matrix it. Put into a spreadsheet and say, "Where am I on each of these things, and do I care? Is it a risky thing that I have a low rating on that, and what could I do to just bump it up a little bit?" That's what we're going to look at next.

This concept, I have somebody working for me who's in her 20's, and so she's always talking about leveling up, and she had to explain to me what that meant because I don't play video games. We have this concept, where do you need to level up. It's a great idea. What I want you to be thinking about is not being all things to all people at all times, that's a really bad idea. This is the counter to that which is to say, you need to think about these 3 things. You need to think about, "Where's the greatest risk to my firm?" Or in the alternative, "Where is the greatest benefit?" If I had my 10 pillars, and they were all at panic, right, I have to choose where is should level up, and I want you to take these 3 things into account when you're thinking about it. It's a framework.

First of all, "If I did this thing, would I get the biggest bang for my buck in terms of managing regulatory risk for the firm?" You don't need to make that decision alone. You can do that with other people. You should do that with other people who are in your firm. The next one is, "What is feasible given the resources?" You have X amount of time, X amount of talent or expertise, you've got what you've got, and you have an X amount of budget. Those things are just take up what you've got and say, "This is what I have. It's the cloth I've been given to work with, and how do I apply that and not make expectations for myself that are unreasonable?" You also need to be able to articulate that so that when you go to the CEO or a compliance committee and you say, "This is what I think we should do next, and this is why", and they say, "Well, actually we do have a little more budget. What would you do if you had an extra $10,000?" Then, "Yay, I have something, a new cloth to play with."

The last thing is what is digestible. We find that just the culture of your firm is a real thing, and when you try to make too much change happen in the firm, it cannot be digested, and so you need to be sensitive to that culture and discuss that with the people in the firm to say, "You know, I want to do X, is it too much too soon? How can we work our way into it because we need to get there?" Those are the 3 things we think about when we give recommendations to people about what's next in the strategy on their program. We love this Arthur Ash quote, "Start where you are, use what you have, and do what you can." I just don't think there's any other way to thinking about compliance than that for now. It's really peaceful if you kind of keep that in mind.

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download