Governance Risk and Compliance Consulting Services

The vendor is required to provide governance, risk, and compliance (GRC) consulting on an as-needed project basis.
- Provide services and advice on the subject areas of (1) public investment board governance, (2) enterprise risk management (ERM), and (3) compliance.
1. Governance
• Strong board governance is crucial for the success and sustainability of any organization.
• It ensures that the board operates effectively, making informed decisions that align with the organization's mission and strategic goals.
• A well-governed board provides a clear framework for accountability, transparency, and ethical behavior, which are essential for maintaining stakeholder trust and confidence.
• The board has adopted several policies addressing board governance.
• The agency believes that a robust governance framework helps in mitigating risks by establishing clear roles and responsibilities, promoting a culture of accountability, and ensuring that potential issues are identified and addressed promptly.
• Ultimately, strong board governance supports the long-term success and sustainability of the organization by promoting a culture of integrity, accountability, and continuous improvement.
a. Examples of possible governance-related projects include:
• Providing guidance and direction as to pension fund governance best-practices. 
• Providing examples of relevant governance practices at agency peer organizations. 
• Reviewing board and committee charters and policies to identify updates for consideration. 
• Providing board and committee chair, vice-chair, and board member coaching. 
• Performing interviews of stakeholders to gain an understanding and obtain feedback on current practices. 
• Conducting education sessions or presentations to the board and staff on key industry trends, changes and updates.
2. Risk
• A cornerstone of a successful organization is effective risk management. 
• The agency has a long-standing, well-developed internal erm program.
• The agency established its erm program in 2006 and it has continued to grow and evolve over the years.
• The erm committee is tasked with assisting with the management of risks in the broadest possible terms, encompassing all forms of risk management activity across the agency.
• It is responsible for ensuring the agency maintains a policy and framework for effective risk management and tools for assessing its effectiveness. 
• The erm committee reports emerging and potential risks to the CEO, providing risk classification and possible enhancements to the agency’s controls and risk culture. 
• It is responsible for ensuring the agency maintains a policy and framework for effective risk management and tools for assessing its effectiveness. 
• The erm committee reports emerging and potential risks to the CEO, providing risk classification and possible enhancements to the agency’s controls and risk culture. 
• The erm committee provides channels outside normal reporting lines so that staff can report risks, including those related to noncompliance, problems in operations, and illegal acts. 
• This includes multiple anonymous channels for staff to report risks.
• The agency is responsible for oversight of the erm program.
• The agency ensures that effective risk management activities across the organization are being undertaken, fosters a risk-aware culture, and provides regular risk reporting to the executive management team. 
• The erm committee is co-chaired by the legal, risk, and compliance (LRC) director and an assistant senior investment officer in the risk management and asset allocation unit (RMAA).
a. The audit committee of the board, in relevant part, is responsible for the following:
• Ensuring that an effective process of enterprise risk management, cybersecurity risk management, risk governance, and appropriate risk culture is in place. 
• Reviewing the scope of staff’s review of risk management and obtaining risk assessment reports at least annually. 
• Reviewing the scope of any consultant’s review of risk management. 
• Reviewing and recommending for board approval any changes to the organization’s risk appetite statements.
b. Examples of possible compliance-related projects include:
• Providing consulting services directly relating to advancing the agency erm framework and tools. 
• Working with the agency in the enhancement of its mature erm program.
• Conducting specific risk identification, management or mitigation consulting projects (e.g., specific risk program development, risk surveys, table-top risk projects, etc.).
3. Compliance
• A well-functioning compliance unit is essential for any organization to ensure adherence to laws, regulations, and internal policies. 
• The agency compliance function sits within the LRC unit and covers a number of areas that impact agency investments and operations. 
• Compliance plays a critical role in identifying and mitigating risks, thereby protecting the organization from potential legal and financial repercussions. 
• By maintaining a robust compliance framework, the agency fosters a culture of integrity and accountability, which is vital for sustaining stakeholder trust and confidence.
• The agency compliance activities include, but are not limited to, monitoring agency investment policies and investment manager contracts; trade monitoring; operational due diligence reviews of real estate and public market managers; private markets compliance; personal investments and gift policy training and ongoing monitoring; state, federal, and international reports and filings; review and execution of global market-opening and anti-money laundering and know your customer (“AML/KYC”) documentation; transaction-specific filings and documentation, including jurisdiction-specific tax documentation; sanctions-related monitoring, filing, and attestations; and identification and monitoring of new regulatory requirements that may impact agency investments or require new reporting and filings.
a. Examples of possible compliance-related projects include:
• Working with staff to identify requirements and solutions to address new or novel compliance-related issues. 
• Performing gap analyses and effectiveness testing of existing agency compliance activities and providing actionable feedback on areas for improvement.
- Contract Period/Term: 5 years
- Pre-Response Conference Date: July 1, 2025
- Questions/Inquires Deadline: July 9, 2025