Three New Year's Resolutions (You can make and keep)

If you are a compliance and risk professional, you probably often feel different to the people around you. But like millions of other workers, you probably also capped off 2016 with a brief burst of reflection and committed yourself to doing some things differently in 2017.

Even if your commitment expires well before the first Thursday in February (the traditional last day for most NY resolutions) it’s a great way to start the year.

The reality is that, unless you’re consciously changing, you’re passively reacting to change.

Congratulations for taking the lead. If your champagne-sodden resolutions were no more specific than “have a better year” here are three practical steps you can take to significantly improve your performance in 2017:

1.     Identify and question your assumptions.

Ok, last year was spectacular, the key metrics were stellar and your efforts (alone, unaided and unappreciated) avoided a regulatory disaster of Armageddon-like proportions. Well done. Take a moment. Savour your victory, enjoy the numbers and then ask yourself “How could these be wrong?”

Financial services is a complex, highly regulated, frequently changing and highly scrutinised industry. These factors have created the compliance/risk profession, but how many compliance arrangements appropriately reflect this reality and adequately manage complexity.

Too many licensees’ arrangements are, at best, reactive or, at worst, static frameworks for the business and industry as it was at a certain point in time. If you were particularly diligent, your arrangements anticipated FOFA and snuck in a few references to conduct.  If you weren’t, or weren’t resourced enough to be diligent, your methodology, approach and metrics are still the same as the arrangements you inherited.

I can hear you asking “Why is that a problem? After all, it works and you’ve had no issues.

Sure, conservatism is comfortable and reassuring, but the environment has changed. What if your arrangements are hopelessly basic? What if your measures, processes and procedures don’t work? What if the reason there haven’t been any problems isn’t because your arrangements are working well but because they are not working at all?

What if you’ve gotten better and better at detecting specific issues that don’t substantively matter? What if your arrangements have fundamentally confused correlation and causation? What if your metrics – your “beautiful set of numbers” – are misrepresenting the compliance and other risks in your business?

It might not be the case in your business, but early January provides the perfect opportunity to reflect, revise and refine. Take the time to do so but ensure that, when you do so, you:

Ask the stupid questions – when you’re reviewing your controls approach them from the perspective of an ingénue. Look at your register and ask what risks you are trying to manage. Ask why you’re trying to manage those risks. Review your controls and question whether they actually manage and mitigate the identified risk. Are your measures effective or simply easy to manage? Start with Why (quickly followed by What, Who, How and When)

Be aggressively critical – Instead of congratulating yourself on a job well done, look at your compliance arrangements and pretend they were written by professional fraudsters. Are your arrangements current? Are they too cosy, too commercial or too convenient? Would a plaintiff lawyer consider them to be “reasonable steps to comply with the financial services laws”? You may have been comfortable with some of the compromises you’ve made over time, but take the opportunity to re-examine those decisions from an external perspective in light of recent regulatory actions. Even if your arrangements are best in class, brainstorm ideas about your controls and actively consider emerging issues, behavioural changes and current management structures. Better yet, challenge yourself by asking what you could do if the published controls were completely unavailable to you? What alternatives are available to you? What new measures, processes and procedures might work better? Consider whether your arrangements reflect the current environment or a less challenging period? (We’ve seen licensees happily using access databases and excel spreadsheets that hadn’t been updated since FSR commencement. They seemed to be committed to the “if it aint broke don’t fix it” rule and absurdly confident that, if there was a problem with their arrangements, “someone would have said something”. See Tip 3).

Question everything – Your compliance and risk arrangements are (or should be) based on the law and your licence. However, in every business these objective elements are influenced, and affected by, a range of subjective factors, assumptions, compromises and commercial considerations. This is perhaps inevitable, but it’s a poor defence to regulatory challenge. Take the time to think about whether your arrangements are effective, look effective or simply deliver palatable results. Are your arrangements formally or substantively effective? If you have the time and inclination, identify a key result and prove that it’s wrong (or show how it can be false, compromised or misrepresented). Look at a control and, taking a pointer from Peter Thiel, ask yourself “what if I do the opposite?” Test, model, experiment and refine.

2.     Identify your purpose

You’re a Compliance Manager (or Risk Manager or Head of Governance or any equivalent or sexier titled role). In all likelihood, your job description probably outlines your role and your key performance indicators. That’s the management aspect done. While you should take the opportunity to consider these functional elements, the new year provides you with the perfect opportunity to consider, to seriously consider, the leadership role. This is more fundamental than your Myers-Briggs or HBDI profile but goes to the fundamental reasons you do what you do. As the Compliance Manager for the business, what is your purpose?

·      Is your purpose to prevent risk (and business being written)?

·      Is your purpose to ensure the regulator doesn’t get in the way?

·      Is your purpose to act as a Steward for the license?

·      Are you the advocate for the business’ clients or the person charged to ensure the sustainability of the business?

There’s no right answer but one of the biggest problems for most compliance managers (or their equivalent) is their failure to understand their purpose (or their employer’s view of their purpose). Without clarity on this fundamental point, there’s always ineffectiveness and, eventually, disaster. More problematically, in most Licensees your purpose is often assumed but seldom discussed. Before you’re too deep into 2017, make sure that there’s not a fundamental misalignment between you and management.

Employer expectations and alignment matter. One compliance manager at a large organisation used to be referred to as “the Postman” because he (allegedly) had a role limited to collating reports and providing them to management. Another compliance manager at a different organisation, believed his purpose was to ensure the sustainability of the business. Unfortunately, his long-term focus on effectively managing risks, frustrated a management team whose remuneration depended on achieving, and continuing to achieve, ambitious financial targets. The eventual outcome was entirely predictable.

Once you reach a conclusion about what your purpose is, ask yourself whether you’re satisfying that purpose (or whether you’re even able to).

Remember, work is the medium you have chosen to develop your character. We’re not suggesting resignation if there’s misalignment between your view and your employer’s view, but, with your new clarity, you’re in a better position to address the “elephant in the room”. In our experience, no salary/title/bonus structure is worth compromising your core values or undermining your own professional reputation.

3.     Compare and Contrast

Daniel Pink’s analysis highlights that leaders embrace evaluation. They love to be compared against, and contrasted to, their peers because this calls out their successes and identifies how they can improve. (In our experience, “managers”, in contrast, much prefer to focus on differentiation. This strategy allows them to obscure their failures and allow them to control the narrative).

Embrace evaluation. Take the opportunity in January to compare your arrangements, and your metrics, against those of similar businesses. Even if your analysis never sees the light of day, the insights you’ll gain from your investigation and consideration will deliver significant benefits. If you’re ahead of your peers, it’s validation to stay the course. If the analysis is troubling, it will allow you to plot a new course before ASIC or the Courts take the wheel.

Even if you don’t have access to independent compliance data and benchmarks (such as those available on openAFSL) you may find that your peers at other licensees are willing to have open, but generalised, discussions about common issues.

Reflect, Review and Refine.

We appreciate that these three recommendations may cut into the traditional ease-in and cricket watching period of your year, but we’re convinced in the value of this prescription. It’s a dose of prevention that will benefit you and your Licensee far more than any other conceptual work you’re considering. If you need help, reach out (

If you’re concerned about the ambition and scope of the work simply remember Goethe’s words (or words attributed to Goethe)

“Whatever you can do, or dream you can, begin it. Boldness has genius, power and magic in it.”

Good luck (and Happy New Year)


(c) 2017 Sean Graham . Assured Support Pty Ltd

(c) 2017 Sean Graham . Assured Support Pty Ltd