Survival of the Fittest:

Compliance Program Evolution

How to think about improvements in Compliance design 

As all compliance programs continuously evolve, how do you measure your success or plan for the next step in the development of your program? This video introduces a practical approach to assessing the current maturity of your program and processes using a compliance program maturity model. This model is designed to help you track and communicate your current state as well as pinpoint the places where your program can level up including governance, risk, process, culture, and design.


Ann Oglanian

Ann Oglanian has more than 25 years’ experience in the investment management industry and is sought after for her practical guidance on strategic business planning, organizational and operational matters, and compliance program development and assessment. Prior to founding ReGroup in 2002, Ann served as managing director, general counsel, and chief compliance officer of Montgomery Asset Management and partner in the investment management practice of Vedder Price.

 You can download a full copy of the slides from this webinar.

 

Download 

 Full video transcript available below

What we did, in this case, I just wanted to show you really quickly how to think about improvement in a single sleeve of design which in this case is the continuous improvement around governance risk and supervision. Let's go to the next slide. These are my little stair steps. Number 1 is you've got an org chart. It reflects the supervisory structure. It's complete that you're going to practice getting by in. If you don't have one, you're going to practice this as a way of getting by, and this would be tied to the structure, the actual supervisory liability in your firm, and we find oftentimes we've got an org chart, but the truth is, Robin is really the one who's supervising this entire area, but none of these people actually report to her, and I'm like, "Wait a second, you've got supervisory liability that is not tied to your org chart, and it needs to align." This would be sort of like a step 1.

Step 2, on the next slide, for improvement would be [inaudible 00:34:51] risk assessment. You know, I've created a repeatable process. I've involved an interdisciplinary team in doing my risk assessment, again, I've practiced getting by that I'm not always going to win the argument about where the risk is. That's okay. I would rather, to me success looks like getting a group of people together, managing that process, and hearing what everyone says, coming to a consensus. We may have 182 risks, but we really only can ... 3 of them need to be at the top. I need to prioritize those results so that we can all do something about them and focus on getting those 3 things done, and obviously using those results to allocate resources and to set priorities, which may be for your compliance program, but it may be for the firm overall.

The next slide is sort of a step 3. Therese your compliance committee. You have clarity on the role of the committee. I want to see a written compliance committee charter. You also want to practice getting buy in. You want to practice having these meetings. That's a thing for people, if you haven't led a meeting or you haven't participated in this way, there's some learning to do there.

Step number 4. You have to actually have the meetings. We have lots of people that, "Oh yeah, we have committee." Do they ever meet? "Well, no." Well, you have to actually meet. We want to see meetings. We want to see people attending the meetings. We want to see reporting of important matters taking place at the committee so that it's not a committee in name only, but it actually has a job to do, and that they know what it is. They're actually making decisions. You're taking minutes, and you're creating accountability by saying, "The committees decided these 3 things need to be done. These 3 policies need to be set", and then in the next quarter or month or whatever those things are actually getting done and then being reported back to the committee.

Number 5 is we're going to actually use our risk results. A lot of people do a risk assessment and they go, "Here's the thing I can give to the SEC when they come in because they're going to ask", but they're not actually using the results to govern resource allocation, priorities. It sort of sits in a bucket by itself, so you have to make it live. You might think about using your governance, the committee to report the risk results to get approval of the results and approval of what the recommendations are that should fall from the risk assessment.

Then number 6 is using the system to make decisions. Getting to a place at the top of that orchestration is that you have inner-disciplinary decision making. The tech guys and the HR guys, and the compliance guys, and the business guys get together and they're making decisions together. They've integrated the results with resources and priorities. As a group we're making a decision, "We need to hire some more help for the compliance department." Or, "We're at a place where we all believe that some technology is a good purchase for our firm." You want to see repeated processes over and over again. You want to see continuous improvement to those processes. If you're doing something that doesn't work, stop doing it. It is really understood that governance and risk assessment and having a thoughtful process is part of the culture of the firm. That's where we want to see you get to get to the top of, this is sort of an example, of the stair steps you can move through in determining, "What do I need to do next to improve my program?" This is sort of that process. I hope that's a good ...

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo

 

MCO_brochure-image.png

Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download