You’ve Started in a Senior Compliance Role - Where Do You Begin?
By Tom Anderson
Tom is an experienced Compliance professional, who was previously the Chief Compliance Officer at Nationwide and now advises firms on compliance strategy and risk management.
Whether you’re walking into a well-resourced setup or a team under pressure, in my experience having been a Chief Compliance Officer and having advised multiple firms on compliance strategy, the early months are critical. Get them right, and the new Compliance head sets the tone for credibility, influence, and progress. Get them wrong, and the new leader risks losing trust before they have really even got going.
Based on experience and observation, I think it is helpful to think of the first few months in three distinct phases:
Diagnose and Understand
Own and Stabilise
Vision and Change
Each phase has its own mindset, rhythm, and set of priorities. They are not neatly divided. But here's how I think it makes sense to approach them.
Phase One: Diagnose and Understand
This isn’t the time to make instant changes. This is where the new leader needs to resist the urge to reach snap judgements on what needs to change – thinking that someone new can instantly diagnose the problems and change operations for the better is risky, particularly in terms of making sure that the new leader brings the existing team with them. This initial phase is much more about taking the time to understand where you’ve landed - honestly, clearly, and deeply. That means listening more than talking, and observing more than directing.
Start with Values and Behaviours
Every firm has a story about Compliance. Is it seen as a strategic or reactive function? Collaborative or obstructive? Are you inheriting a team that’s respected, ignored, or resented? These assumptions, which are as likely to be unspoken as spoken in my experience, shape how Compliance is treated and how you’ll have to lead your team and determine the future direction and strategy.
Ask:
What’s the dominant narrative about and view of Compliance here?
Has Compliance been seen as a blocker, a fixer, a partner, or an afterthought?
What has been tried before? What failed – what are the reasons why? Is there agreement on what these reasons are or are there various different competing versions?
Is there an appetite for change within the team and/or the wider organisation? Or just fatigue?
Your objective here is not to just assess the framework. You should equally be focussed on diagnosing the culture around compliance. This should give you a clearer view of where resistance might lie within the team and the firm, and what kind of leadership the Compliance function really needs going forward.
Clarify Stakeholder Expectations
Early one-to-ones with key stakeholders across the firm are essential. But don’t just ask stakeholders what they want from Compliance - ask what they think the role of the Compliance function is. You will inevitably hear different points of view and that ultimately is the point. Understanding the range of stakeholder expectations, from the Board to first line business management, as well as within the Compliance team, realistic or otherwise, is an important step in building stakeholder relationships, as well as managing stakeholder expectations.
Some questions to guide you:
What do key leaders expect Compliance to focus on?
Are those expectations aligned, or contradictory?
Who are your biggest allies? Who is most sceptical?
What role do stakeholders believe Compliance should play in decision-making? At what level?
At the same time , it is important to understand regulatory expectations. Review any open issues that the firm has with regulators, supervisory correspondence and past thematic reviews. These issues may not be sitting with the Compliance function to remedy, but understanding this wider regulatory context is important.
Review the Foundations
Get to grips with the mechanics: policies, risk appetite statements, training, monitoring plans, governance structures, MI packs. But don’t just read them - ask who uses them, how often, and to what effect. Many frameworks look fine on paper. That doesn’t mean they work.
Key areas to review:
Compliance framework - Does it reflect the firm’s actual risk profile and business model?
Risk appetite - Is it understood and operationalised? Or is it a document nobody reads?
Governance – Which committees do Compliance attend? What’s the role of Compliance? Is it passive or influential?
Resources - Is the team structured to match the firm’s risks? Does it have the skills and experience needed?
Balance of activity - Too much advisory? Too little monitoring?
Training – Is it tailored, practical, and relevant - or generic and ignored?
This questioning is important. Don’t assume anything. Don’t settle for initial, superficial answers where you sense that people are just saying what they think you want to hear.
Phase Two: Own and Stabilise
Once you've diagnosed the landscape, the next challenge is to take ownership of it. There is a point when someone leads a team when the issues you inherited stop being “legacy problems” – they can quickly become yours as you establish yourself in the role. And the team needs to understand that you are not blaming previous leadership.
Deepen Relationships
Credibility doesn’t come from title. It comes from consistency. This is the phase where you show stakeholders you’re not just here to point out problems and criticise previous management. The Compliance function needs to be clear in this phase on how it will support the firm to solve them. That means following up on earlier conversations, reporting back on what you’ve learned, and starting to shape expectations about where the Compliance function will go next.
At the same time, relationships within your team matter just as much. You can’t lead a high performing Compliance function effectively unless you understand your team’s strengths, gaps, motivations, and frustrations. This is where you start shaping the internal culture of the function.
Strengthen the Function
You’ll inevitably inherit a mix of strengths and weaknesses in the Compliance function. Your job now is to start stabilising. That might mean addressing resource gaps, fixing broken processes, rebuilding morale, or simplifying over-engineered frameworks. Whatever you do, it is important to do it transparently, explaining decisions to the team, ensuring that they understand the trade-offs and thinking behind decisions
This is also the right time to start putting together your first set of priorities. These should span three levels:
Task - What compliance risks or regulatory actions must be addressed immediately? What is the Compliance function’s role here?
Team - What roles, skills, or processes need to evolve?
Employee – What cultural signals are you sending about what good looks like?
One useful tactic: be explicit about what’s staying the same. Change fatigue is real. Don’t fix what isn’t broken. And acknowledge the strengths of the team.
Phase Three: Vision and Change
Once you have created stability, you can look ahead. This phase is about showing where the Compliance function is going and why this is important. You’re no longer just reacting to issues. You’re setting a direction for the team. Judging when you have reached this stage can be very difficult. If you initiate changes too early you risk not knowing enough about the organisation, its issues and its ways of working. And your network of relationships may not be strong enough for you to implement your changes. But making changes too late risks losing momentum and the newcomer’s licence to question existing approaches.
Communicate the Vision
Assuming that 1) you have determined the optimal moment to initiate change; 2) you have a good sense of what’s working and 3) you’re clear on what needs to change, your job is to translate these components into a clear narrative that connects with both your team and the wider organisation.
This isn’t a slogan or a values statement. It’s a practical, believable picture of what you want the Compliance function to be, grounded in your diagnosis and anchored in the firm’s strategy.
However you articulate the vision for the team it should be backed up with specifics: what you’re focusing on, how success will be measured, and how you will engage people across the business to get there.
Send Signals That Matter
Leading change isn’t just about frameworks. It’s about signals - what you tolerate, reward, ignore, or push back on. Your team and the wider firm will be watching closely. A few well-judged actions can shift perception faster than any compliance policy update.
This might mean calling out poor conduct, pushing for a key seat at a decision-making committee, or reinforcing the importance of monitoring when others see it as a nuisance.
Be intentional. Choose your moments carefully. The goal is to make an impact that moves you towards your vision
Maintain Strategic Relationships at the Core of Your Leadership
As the Compliance function evolves and begins to operate with greater clarity and purpose, the importance of maintaining strong, strategic relationships cannot be overstated. While it may be tempting to focus exclusively on frameworks, policies, or issue resolution, sustainable influence in a senior compliance role is built first and foremost on trust and credibility with others. Whether dealing with senior executives, members of the board, regulators, or team members, your ability to lead effectively depends on the strength and consistency of these connections.
This requires deliberate, ongoing investment and focus. Internally, that means establishing regular, candid communication with key stakeholders across the business. Understand their goals and concerns, and ensure they understand yours. It is important that you maintain visibility.
Externally, particularly in regulated industries, the compliance leader is often a key point of contact with supervisory authorities. Here too, relationship-building is essential. Establish a tone of openness and professionalism. Demonstrate that the firm takes its regulatory responsibilities seriously, not only in words, but in how issues are identified, escalated, and addressed.
Within your own function, clarify roles and accountabilities continuously. Make sure your team understands not only what is expected of them, but why and how their work contributes to broader business objectives. Set clear standards for behaviour, judgment, and performance. And be present. Your visibility reinforces alignment and signals that leadership is both accessible and engaged.
Finally, remember that credibility is cumulative. It’s not earned through a single presentation or one well-written report. It’s built one interaction at a time, by how you listen, how you respond, and how you show up under pressure. Protect it carefully, because once trust is lost, whether with colleagues, regulators, or your own team, it is very difficult to recover.
In short, relationships are not a “soft” element of the role. They are the infrastructure that supports everything else.
Final Thoughts
Closing Reflections: A Structured Approach to Early Compliance Leadership
There is no universal playbook for stepping into a senior compliance role. Each organisation is different - its regulatory history, risk culture, leadership dynamics, and commercial strategy all shape the environment the new compliance leader is entering. However, a structured approach can provide the clarity and confidence needed to navigate those crucial first months.
The three phases outlined in this article - Diagnose and Understand, Own and Stabilise, and Vision and Change - offer more than a sequence of tasks. They provide a leadership framework, which balances listening with action, stabilisation with ambition, and credibility with strategic intent.
In the early phase, resist the instinct to act quickly. Instead, prioritise understanding: the internal culture, the business's expectations, the regulatory landscape, and the team's capabilities. A clear diagnosis sets the foundation for all future decisions.
As you move into the second phase, take visible ownership of inherited challenges. Clarify direction, prioritise resources, and begin to define what will stay the same and what must evolve. This is where your leadership starts to take shape - not just in words, but in decisions, behaviours, and early progress.
As the function begins to stabilise, your role should shift from assessment and repair to direction-setting. This is the point to articulate where the Compliance function is heading, which needs to be more than a slogan. You need to set out a clear plan grounded in what the business needs and what the risks demand. Be specific about priorities. Be realistic about timelines. And back your vision with consistent, visible action.
It is very important to keep building relationships with your team, business leaders and regulators. Influence in compliance isn’t something that can be imposed; it’s earned through judgment, trust, and consistent delivery.
In the end, effective compliance leadership is not just about avoiding regulatory trouble. It’s about improving how decisions are made, how risks are understood, and how accountability is embedded across the organisation. It’s about making compliance relevant to the business, because it helps the business run better.
There may be no universal template for stepping into a senior compliance role. But the three phases - Diagnose and Understand, Own and Stabilise, Vision and Change - offer a disciplined way to approach the role. They help you focus your time, your energy, and your leadership on what matters most in those early, defining months.