Q&A on Compliance Program
Maturity and Design
As all compliance programs continuously evolve, how do you measure your success or plan for the next step in the development of your program? In this video Ann Oglanian answers questions put forward by Compliance officers on best practice for compliance pragram design and evaluation of a compliance programs maturity.
Ann Oglanian
Ann Oglanian has more than 25 years’ experience in the investment management industry and is sought after for her practical guidance on strategic business planning, organizational and operational matters, and compliance program development and assessment. Prior to founding ReGroup in 2002, Ann served as managing director, general counsel, and chief compliance officer of Montgomery Asset Management and partner in the investment management practice of Vedder Price.
You can download a full copy of the slides from this webinar.
Full video transcript available below
It looks like we've got one question. Let me see if I can read this. What are some of the concrete measures of success of compliance programs to present to the committee? It says, for example, in technology or business? The way I look at is that you get together with the committee and you say, "Where is our risk, right, and what do we want to mitigate, what do we want to focus on? Where do we need to clean up?" You should simply be reporting the success that you're reporting is the success of that common belief, you know, that common expectation that that thing is going to get done. For example if you didn't have a committee. |
Or, here's a good example. We have a committee, and we realize that one of the risks I the committee isn't meeting. Then we say, "Well, why is the committee not meeting?" It's not meeting because the agenda is stupid. Nobody wants to talk about this stuff. Then you say, "Ah, well this is no good. I want to have something that's more thoughtful than that. Let me go back and rewrite the agenda." The success is that you took the time and you were thoughtful about solving the problem. For me it doesn't matter what the problem is. It is that you are ultimately problem solvers. You're wicked problem solvers, and so you want to report everything like that where you have adjusted to respond to change. The change in this case was getting the input or seeing the fact that, "Here I am doing my testing, and I'm like oh I have a committee, did they meet?" No. "Well, that's ridiculous, so why are they not meeting? Are they just big jerks? I doubt it. There's some reason. They probably don't think it's useful. What would make it useful?" |
I always call it, let's make compliance sexy. How do we make that meeting sexy, and it's when you're very transparent about information, and there's something useful, and they feel heard. How can you respond? Concrete measures of success is interesting because I think of them all along those pillars, it can be anything. That's actually why we designed it that way because we really want this very expansive view of the design of your entire program, and every time you have a success, we want you to report that out. It starts to feel good, and it starts to let the cohort know, "My god, you're doing a lot." You count the fact ... you know, let's say you improve your testing program, you know, we've gone from testing on excel spreadsheets to a system, we've systematized it, and here's what we view is the benefits, including a reduced risk. I want you to report that out. It's the same thing to me. |
The other question is, of the pillars, what are the hardest for organizations to level up on? That's a great question. Let me go back and look at all 10 of them. I think the hardest one is probably culture and leadership because it's kind of the immovable object of your firm. I think it's also very intimidating to compliance officers because a lot of people are a little intimidated by the CEO, and I am a CEO, so I'm actually not intimidated by CEO's, and what I find is very determined by whether you the CCO can really create a partnering relationship with the CEO or whether, like if you don't report to them directly, if you don't have meetings with them one on one, if they don't ... you haven't established trust and communication with them. That is very individualistic. |
Are you able to do that? Like is that your skill set, and do they want you to that? Changing the hearts and minds of people around their leadership style and around other communication styles is probably the toughest thing. Anything that involves people. Honestly, it's kind of easy to change your best execution testing. You can pretty much do that with you and the head trader talking about it. This is very, very personal to the CEO. I think the conversation has to be had, so it's kind of, how brave are you, and how much trust is there. You need to do it in a really thoughtful way because there's a lot of ... you can hurt somebody's feelings, honestly. CEO's have feelings too. I think that's the one I think is probably the trickiest. Are there any other questions? |
How do I incorporate these tools into the testing monitoring if I'm already doing it? Yay, you're already doing it, so yay. Maybe one of our pillars is actually program evaluation, and program evaluation is your testing. Maybe you're already doing a great job with testing, so one of the things that we do with this is when we do testing, right, just like you're doing, we would take each one of these and start to evaluate it. For example, what we see in testing programs is people are testing the specific policy and procedure. "Are we doing our marketing review correctly? Here's what the procedure says, let's go find out, did we do what we said we were going to do?" That's important, but we do is realize that we can have, for example, the exact same problem across all of our procedures. |
For example, what I said about policies and procedures that are really realistic but there's no procedure there. What we found is that we see that all the way across all the policies and procedures, there are 52 of them, that's not 52 problems, that's one problem, and the problem is our procedures don't included procedures. Using those tools of good design will allow you to have a different conversation with yourself about how you see your program, is this well designed, and more importantly, probably, it allows you to have a conversation with the other people that you work for, boards of directors, etc.. I think that this is something that they can understand better than, "We need to change a comma on page 82 of the best X procedures." That's not what they want to know. You guys probably know that already. |
There's one more question. What are the current hottest topics in compliance at the board level that you're seeing? I'm actually going to stop us there because I think that's a great question, but I'm afraid that's a topic for an entire presentation, and a little outside the scope of what we're trying to accomplish today. I will say that the design, good design, and talking about good design, and these 10 pillars is something we've done with boards, specifically mutual [inaudible 00:50:36] boards, and they get it. They like it. They understand it. They think it's thoughtful, and so I wouldn't hesitate to use these with them as well. |