One of the offerings at The Compliance Professionals Forum – in fact, one of our key differentiators – is our monthly Compliance Peer Group conference calls. Groups of no more than 15 individuals spend an hour or more, once a month, diving into compliance questions, issues, challenges, and successes.
Terri Haley, our Director of Compliance, and I, moderate the calls, so we have a front-row seat, in a sense, at these working sessions. And I think it’s fair to say that, if we were asked to describe the tenor of these groups, the description would be “overwhelmed.” On top of all internal policies and procedures compliance oversees, there is a veritable flood of changing laws and regulations to keep up with.
Luke Umstetter, general counsel for Resurgent Capital Services, recently published an article over on CPF titled “Change Reaction: Implementing Change Control Processes in Your Organization” (you’ll need to be a member of The Compliance Professionals Forum in order to read this, and other, full articles).
It has been said that change is the only real constant. Nowhere is that more true than in the ARM industry nowadays. The pace and degree of change on the legal and regulatory fronts in recent years has been staggering, and there is no sign of it slowing any time soon. With the continuous barrage of new laws, regulations and other requirements, organizations that are not prepared to manage change will eventually be overwhelmed by it. A change control process, or “CCP,” is the way in which an organization implements and manages sudden or ongoing change. For ARM companies, the need for change can arise suddenly and aggressively at the regulatory or market levels.
Luke gets at that drinking-from-the-firehose sensation right there in the opening paragraph. He goes on to lay out three key things a compliance department should keep in mind when it starts to get serious about change control processes:
1) Organizations must have a solid grasp on their compliance management system (CMS). In fact, that’s a regular feature of the monthly peer group conference calls: “Where are you in your process? Can you help me get there? And is there something I’m doing that you’re not that I can share, too?” Additionally, this year’s ARM-U (in the Dallas/Ft Worth area) is focusing a half-day specifically on compliance management systems: gap assessments, best practices, problem-solving.
2) Make sure you’ve set up a system for documenting, logging, and tracking any issues that prompt a change in a policy or procedure. “Once determined, implementation should involve a task owner or team of subject matter experts that, depending on the scope and materiality of the change and reactions thereto should report progress on the matter to a committee or board.”
3) You’ll want to make sure “all relevant organizational documentation should be updated contemporaneously to reflect the implementation of the change(s), and each discrete process affected should be similarly trained and updated consistent with the new process or adjustment.”
Since it’s clear that change is really the only dependable constant any ARM company can rely on, it makes sense to develop solid solutions to manage those changes. What, specifically, is your company doing to manage change, rather than being managed by change?