Survival of the Fittest:

Compliance Program Evolution

Introduction to the

Evolving Compliance Program

As all compliance programs continuously evolve, how do you measure your success or plan for the next step in the development of your program? The slides introduce a practical approach to assessing the current maturity of your program and processes using a compliance program maturity model. This model is designed to help you track and communicate your current state as well as pinpoint the places where your program can level up including governance, risk, process, culture, and design.

Ann Oglanian

Ann Oglanian has more than 25 years experience in the investment management industry and is sought after for her practical guidance on strategic business planning, organizational and operational matters, and compliance program development and assessment. Prior to founding ReGroup in 2002, Ann served as managing director, general counsel, and chief compliance officer of Montgomery Asset Management and partner in the investment management practice of Vedder Price.

 You can download a full copy of the slides from this webinar.



Full video transcript below

Welcome to the webinar today. We have about a half-an-hour, 45 minutes to go through something I get really excited about which are a couple of tools that we've developed that are going to help you assess where you are in your program today and how you move it forward. We've had a good amount of success with these tools with lots of clients’ different sizes. I just want to do a check on moving the video forward. There we go, thank you, I wasn't sure if that was me.

Today, what we're going to do is say why it is important to measure your success. We tend to all be a little under water, and at the end of the year when we have to stop and say, "What did I do? What did we accomplish this year?” it can be really difficult. It can also be difficult to put that into the terms that your cohort of other executives can understand because they're not really in the weeds with you every day. The first thing that we want to do is set some expectations, especially around continuous improvement, and sort of debunk the myth that the program is ever done. We can improve, and we're going to show you how to measure that, but it's not really ever done. The second thing is how do you measure and report your progress in a way that your colleagues can really understand and really get behind? We're going to go over 2 tools.

The first one is our 10 pillars of good compliance program design. What we've realized over the years is that design is a thing, and we don't talk about it very much, but you are actually designers and architects and engineers in addition to being good compliance professionals, so we're going to talk a little bit about that today in our compliance program maturity model which is something that applies to any progression of sophistication for almost anything whether it's an IT program or a compliance program. It doesn't really matter. We sort of converted this to make sense for the compliance community, and we'll go over our case study.

Why is compliance like every other business line? What we find in our practice is sometimes compliance professionals believe what they're doing is very special and shouldn't be measured by the business standards because well the FCC said so or FINRA said so, "So what do you want me to do?", you know. The truth is there's a lot of power in recognizing that you actually are like every other business line. You have things to do, you’re accountable for them. You should be effective in getting it done, and you should be efficient. It's actually not different than what's required of the HR department, at least hopefully, the IT guys, the sales guys, everyone has to be able to measure their success.

For you, two of the reasons in doing that are you want to be able to manage the risks profile of your firm, and so you want to measure against risk and say, "How much risk have we been able to mitigate?" This is a little like the TSA who says, "Well, we found this many knives before they got onto the plane, but how many did we miss? We don't know." I realize that it's squishy, but we need to start somewhere and have a discussion so that honestly, at the end of the day or at the end of the month or the end of the year when it comes to bonus time you have something to show for all of the work that you've done throughout the year.

The other thing, of course is resource requests. We find a lot of CCO that we work with are abundantly frustrated because they walked into the CEO's office and said, "I need more resources, we need to hire someone", and they say that when they're already utterly frustrated instead of making the business case for additional resources, whether it's technology or more expertise, or more bodies, whatever it is you need. This way of doing it helps you also set the expectation that as we hit certain triggers of complexity or size, guess what, we're going to need more resources.

The thing we want to do, like I said, is set this expectation for continuous improvement. If you don't define what success looks like, someone will define it for you. There's a lot of CEO's, you may work for one of them, who believes that success is you keep me out of jail. I always thought that that was little bit of an insult to compliance because you're doing so much more. What you're doing is more nuanced. It is more valuable, even though keeping him out of jail, probably, is ultimately valuable to him or her, but this is just good business. This creates transparency. It creates accountability. It creates clarity. It's all those great consulting words, but it's really powerful stuff if it's done well. I don't ever want to give that up in terms of owning that value set that you're creating every day.

We definitely also want to talk about being smart about where we're going to improve. It's almost always related to change. Change in personnel. Change in your business. Change in regulations. Change in how much expertise you have available to you. Change in technology. We also want to keep that in the back of our mind all the time, how can we use these things, and how can we also respond to these things on a day-to-day basis? My belief is that even though effectiveness is required by law, you're required to have an effective program, I also think you need to have an efficient program. Instead of fighting efficiency, my view is embrace efficiency because it is exactly what the other business people in your firm are also being asked to do. It's also good business. You don't need to build the Taj Mahal of compliance when, you know, kind of a little cabin works. Then the question is knowing how much is enough.

Then we want to definitely measure and report your progress because the thing that I find when I talked to CEO's, they don't actually know what you do all day. We want to tell them about what you do in small bites that make sense to them, and talk in business language not in compliance language, and how can we do that? On the next slide, there we go.

Setting those expectations. First of all, you want to know where you are right now. You can't change that. You have to look at, we call it, in the law, you call it the victim as you find them. It's just, there they are, and this is where we are today. You need to be able to assess, and we call it pinning the tail on the donkey. How sophisticated are you today? Where are your real risks today, and can you actually say those things out loud? Can you articulate it?

We also think you would benefit from thinking about creating a PR plan for your program that is going to change some expectations over time. For example, if you have an executive cohort that believes that keeping them out of jail is your job, and you'd like to own a little more than that, then you need to change hearts and minds over time, and it's an education opportunity, but it also takes a lot of time. It can 24, 36 months, so be a little nicer to yourself if you've made the case and made the case and made the case. Honestly, just try a new way and keep making the case if you believe that the expectations you're trying to set are correct and benefit the firm. Every conversation is an opportunity. Every time you meet with executives, you know, you want to have certain messages that you're repeating. Repetition, it's amazing how effective it can be. Instead of saying 125 different things, there's really 3 or 4 things you want to say over and over again.

Creating, also, periodic formal presentation to executives. My suggestion may be quarterly. It's short and sweet. Its fifteen minutes, but it sort of put an [inaudible 00:09:56] about what you've accomplished and what you're going to accomplish. Of course patience is the soft skill here. I don't have a lot of it, so use it wisely. Use what you've got. You need to be assertive without being aggressive, and that's always that interesting place to live, right in the middle of that.

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download