Skip to content
Best Practices Employee Conflicts of Interest

Compliance Leaders: What To Do In Your First 90 Days

The first three months on the job are critical in so many ways. Here’s a guide to getting them right

For the month of March in this space, we’ve explored the evolving state of the modern compliance function from multiple angles: what the ideal skillset of a compliance officer should be, what the ideal make-up of a compliance team should be, and how to attract the best talent to your team. In this final blog of the series, we’ll offer priorities for those critical first three months as team leader.

Compliance means different things to different firms. Presumably, somewhere in the interview process, your formal role and duties were discussed, but that doesn’t necessarily mean you know everything you need to know to do your job on day one. In some places, compliance means monitoring employee conflicts of interest. In other places, it means managing the regulatory relationships. It varies from firm to firm as to what compliance deals with in practice.

“The only thing you can be certain compliance handles is the regulatory relationship,” says a veteran compliance team leader from a large UK asset manager. “Though even there, general counsel might be involved to some degree. So maybe it’s regulatory development: knowing what new rules are coming in. But sometimes other teams are involved in that. There’s no one size fits all, i.e., this is how you do it.”

Next up is identifying the risks. “New leaders need to understand exactly what risks the firm is facing,” says a team leader from a large US asset manager. “So their first days need to be spent sizing those up.” These risks come in all shapes and sizes. There are regulatory risks. There are people risks. There are technology risks. There are cultural risks, i.e., those surrounding firm culture. There are process and procedure risks. It’s a lot to get one’s head around. 

“After you identify the risks,” our US team leader continues, “you need to figure out the firm’s risk tolerance. As compliance professionals, so much of what we do revolves around trying to reduce risk, but at times it may not be necessary to reduce risk in category A because it’s just not a concern for the company. So you’ll need to understand where the risks are in your own mind, and then see what the company is willing to accept from a risk tolerance perspective.”

A firm that operates primarily in the equities space, for example, may not be as concerned with monitoring employee outside business activities or private investments. A compliance department in a firm like this may still be required to gather that information, but likely won’t feel pressured to throw a lot of money at finding a solution that’s going to automatically detect potential problems in those areas. But for personal trading? “We’ll spend more time and money on a data feed that helps us monitor news events we can correlate with trades,” says our US team leader, “because that’s where our risk is.”

Get yourself in front of the people who can help you get your head around what’s going on as regards firm culture. Where the critical risks are. Though this isn’t as straightforward as you may think. Again, our UK team leader: “There’s no definitive list of people you need to speak to. Part of the job is working that list out for yourself. It all depends on how the firm is organized. Different firms use the same name for different jobs. Or different names for the same jobs.”

That said, talk to the chief executive as soon as possible. The general counsel would be another smart bet, as would the finance chief. So would heads of divisions. Talk to everyone you can. Compliance officers are investigators, after all. And don’t stop with the usual suspects. “You should also probably talk to someone in the back office, and the person in the post room,” our UK team leader adds with a smile. “Why? Just because you ought to. Don’t trust the org chart. Go over and ask the guy in the corner what he does, and then talk to the person he reports to. Keep whittling it all down until you feel comfortable you understand what’s going on.”

You’ve identified the role your team is going to play, identified the risks the firm is facing, and identified the people you need to get in front of. Now’s your chance to shape the team as you simultaneously shape your priorities. You’ll never be the brand new team leader again. Take full advantage of the benefit of the doubt—from peers, subordinates, and senior management—you as the new person now likely enjoy.

Depending on your team’s remit, it’s worth reviewing the firm’s code of conduct or code of ethics and determining if any changes or adjustments need to be made. This is, after all, the starting point not just for firm culture but also for what gets programmed into the rules engine of your compliance software. Speaking of tech, when was the last time a rules audit was done? This gets at not just firm culture but also basic regulatory compliance.

And now’s the time to evaluate what tech you have in place, whether or not it’s doing the job, and whether or not you have the people on your team to make the most of it. Compliance tech, like any other, is constantly in motion, and more and more tasks previously done manually can now be done automatically. For a compliance team that needs to run lean, as so many do these days, this is good news. The team will also need to be evaluated for purposes beyond tech, to ensure it can realistically carry out everything it’s tasked to do. (Discover what the ideal compliance team should look like here.)

Finally, this is your chance to evaluate employee training. How is training currently conducted? What’s the regimen? What’s the schedule? What are the onboarding processes and procedures? This is the ideal time to introduce yourself and push for your ideas. To reset the system. To make it more efficient and more effective with regard to basic compliance training and overall. To reinforce firm culture if it’s good, or to try and change it if it’s not.


  • Identify your team’s particular role. Compliance means different things to different firms.
  • Identify the risks. There are regulatory risks, people risks, technology risks, and culture risks.
  • Identify the people you need to talk with to get a handle on the current state of the firm.
  • Identify first steps to help set your course. Evaluate the firm, your team, and your tech.