INTRODUCTION
What makes a successful Chief Compliance Officer? Right or wrong, CCOs are often judged by the perceived success of the firm’s compliance program. But, what “success” means isn’t always clear, nor are there easy ways of measuring it. Unlike metrics such as the firm’s revenues, AUM, and number of clients, which are straightforward to track and understand, compliance metrics are more nebulous.
Compounding the problem, there is no single consistent approach for evaluating compliance effectiveness across the industry. The goalposts and metrics one firm uses to measure compliance efforts and activities often differ from those used by other firms.
A firm’s organizational structure, locations, culture, compliance program maturity, size, and product offerings all impact risk and compliance needs and efforts.
However, there is no question that firms need to monitor whether their compliance policies, procedures, technologies, and personnel are producing desired results. Budget and resource allocations often rely heavily on the perceived needs and effectiveness of the department.
Consider five elements as you evaluate the success of your compliance program as outlined in the following pages.
ELEMENT ONE: NUMBER OF COMPLIANCE ISSUES AND VIOLATIONS
Executives who are not in the trenches dealing with compliance issues every day sometimes hold the misperception that if the firm hasn’t had any regulatory sanctions or findings, then the compliance program must be effective.
Of course, it’s good to avoid compliance violations – no firm wants regulatory scrutiny or negative publicity. However, it is unrealistic to think that the Compliance department’s success can be determined at the macro level, only considering regulatory action or a lack thereof.
Evaluating the following factors, and considering how they are interrelated, can provide a deeper, more complete picture of the Compliance department’s success:
- Most recent regulatory exam results, findings and remediation efforts.
- Results and outcomes of internal compliance controls testing and annual review processes.
- Employee whistleblower reports.
- Compliance inquiries resulting in violations or other potential issues, uncovered through the course of ongoing compliance monitoring
Look for trends or patterns in these findings. Have the number of issues or violations decreased over time? If not, are there clear reasons behind static or increasing numbers, or were there a number of violations or issues attributable to one specific employee, branch, or department?
Don’t try to prove compliance success by the mere absence of violations. Instead, demonstrate that your compliance program is effective by being transparent about any violation, that you identified and addressed, and which specific compliance systems, personnel, or policies played material roles in doing so.
ELEMENT TWO: IMPACT OF TRAINING AND COMMUNICATIONS ON RELATED METRICS
Training and communication form the backbone of most organizations’ risk and compliance programs, so it is only natural to evaluate how effective those programs are in helping inform and drive behavior.
Because the training needs for various types of firms differ in size and scope, there is not a one-size-fits-all training solution or “best” way to inform and educate.
What is important is making sure that the content and methods your firm uses for compliance training resonate with employees, and that they are able to understand and apply what they’ve learned.
Some firms mistakenly measure the success of their training programs by looking at completion rates alone. If 99 percent of your employee base completed a new computer-based training module on political contributions, that simply means that 99 percent of employees completed the training – not that 99 percent of them understand what they learned.
Look at training dates and corresponding activity for the underlying subject matter. Was there a spike of political contribution requests or reports shortly after rolling out pay-to-play training, or did a communication about personal investment accounts transactions result in an influx of newly reported accounts and transactions? These metrics can be a better litmus test for whether the lessons in compliance training were effective.
ELEMENT THREE: CAPACITY TO HANDLE NEW/EMERGING COMPLIANCE ISSUES
Part of evaluating compliance program effectiveness is considering your team’s ability to address the issues your firm will face tomorrow, next year, and further into the future.
While you may feel your Compliance department is effective today, with personnel and processes that can adequately protect the firm and its stakeholders against risks, you should ask yourself the following questions:
- How scalable are your compliance processes?
- Does your staff rely on spreadsheets and manual processes to manage compliance oversight?
- Have you invested in compliance technology to facilitate and streamline monitoring?
If your department’s resources are stretched too thin, you will likely struggle with staying on top of compliance as your firm grows and as the regulatory environment changes. That’s true whether growth is organic or comes through mergers and acquisitions. Simply put, don’t celebrate your compliance program’s effectiveness today if you don’t have the staff, technology, and other resources you need to meet tomorrow’s emerging risks and challenges.
ELEMENT FOUR: RISK SURVEYS, DISCUSSIONS, AND EXIT INTERVIEWS
Rather than relying on metrics alone, you can also gauge your Compliance department’s effectiveness by asking employees what they think.
Consider conducting annual or more frequent compliance and risk assessment surveys. Many firms are surprised by how candid employees are when asked to share their opinions about the organization’s compliance efforts. Firms often learn about trouble areas they didn’t know were issues, helping redirect resources to address problems before such matters escalate into costly issues.
In addition to using periodic surveys, there can be tremendous value in talking to managers of other departments. What do sales, finance, operations, and other departments think of the firm’s compliance program? This goes directly to the firm’s culture of compliance and can help bolster claims that compliance is effective or identify ways the CCO can make improvements.
Reviewing survey trends and department leaders’ feedback over time is another way of determining whether your compliance efforts are having a meaningful impact on employees, and on the firm as a whole.
Consider also what exiting employees have to say. Some companies routinely include questions about compliance programs and risks in the HR exit interview process for employees who are retiring or leaving the firm to pursue other opportunities. High turnover rates certainly don’t automatically indicate there are problems with the firm’s compliance program. Still, asking departing employees to share their perception of risk and compliance efforts can provide valuable feedback and opportunities to shore up or strengthen your regulatory compliance program.
ELEMENT FIVE: SAVINGS RELATED TO PROACTIVE AND AUTOMATED COMPLIANCE MEASURES
Finally, CCOs can also demonstrate compliance program success by quantifying cost savings realized through the use of RegTech solutions and other proactive compliance efforts.
RegTech solutions should accomplish the following:
- Automate processes to streamline review and reporting efforts.
- Significantly lower the risk of human errors.
- Give Compliance personnel more time to focus on handling potential issues, not just identifying them.
- Save time on reviewing and transmitting records manually.
The practical impact is that Compliance is able to do more with less, broadening oversight and being better-equipped to identify and address problems promptly and thoroughly.
In addition to saving time and resources in the compliance budget, implementing compliance technologies makes it easier for employees across the firm to meet compliance obligations.
In firms with dozens or hundreds of employees, streamlining the way workers report personal investments, political contributions, gifts and gratuities, and submit attestations and certifications can result in a notable increase in productivity.
CONCLUSIONS
Your Compliance team works hard protecting the firm, its clients, and key stakeholders. However, it can be difficult to determine whether policies and procedures are effective, and to quantify success. Measuring your compliance efforts using multiple factors and metrics, rather than focusing on one area alone, should provide a clearer picture of your department’s strengths and its opportunities for improvement.
This, in turn, can help strengthen your case for continued or additional resources, including qualified staff and RegTech solutions designed to improve compliance program effectiveness.
Download “Measuring the Success of Your Compliance Program” for five elements to evaluate your compliance progress and needs including:
- Number of compliance issues and violations
- Impact of training and communications on related metrics
- Capacity to handle new/emerging compliance issues
- Risk surveys, discussions, and exit interviews
- Savings related to proactive and/or automated compliance measures