Stepping into the role of Chief Compliance Officer (CCO) at an investment advisory firm can feel like walking into a whirlwind. You’ve got policies, procedures, and training slides ready to go – but winning respect, buy-in, and engagement? That’s a whole different battle.

If you’ve just taken the reins in this complex and critical position, welcome. Below are seven truths you’ll want to keep in mind – and a few practical tips to help you stay steady in the storm.

1. Most of your compliance manual will go unread

You poured time into that manual – tight language, clear structure, fully tailored. But unless someone’s dealing with personal trading, ethics concerns, or the SEC, odds are they’re not reading it.

Make it more effective by bringing different teams into the process. Let them shape the parts relevant to their work. People are more likely to follow rules they helped create – and hold each other accountable. Then, deliver the content in short, targeted training sessions focused on real-world application. Interactive formats and small incentives can go a long way (snacks remain undefeated).

Most importantly, position compliance as a strategic partner. Talk with team leads about their actual challenges and tailor your support accordingly. A culture of compliance is built over time – but being accessible, practical, and solution-oriented lays the foundation.

2. Respect isn’t automatic – you earn it

Compliance doesn’t usually come with a spotlight. There is no firm-wide kudos for having zero SEC findings. Meanwhile, the guidance you rely on is often vague, contradictory, or outdated, which can make your position a tough sell internally.

This is where preparation matters. Before weighing in, review the rule, relevant guidance, internal policies, and – when in doubt – loop in outside counsel. It demonstrates professionalism and helps shift the discussion from opinion to interpretation.

When you offer advice, be decisive and practical. Simplify the regulatory framework into action items. Your team doesn’t need a legal brief – they need to know what to do and why it matters. Delivering this kind of clarity builds trust and reinforces your value as a business enabler, not just a risk mitigator.

3. No one’s reading past the first few lines of your email

You might love long emails, but your audience doesn’t. If your message isn’t clear in the first few sentences, it may never be seen at all.

Use subject lines to flag importance (for example, “Response Needed by Friday”). Lead with your ask, and format your message so it’s easy to skim – think bullets, bolding, and brevity. If background info is essential, attach it separately, but don’t assume it’ll be read.

The goal is to communicate clearly, not exhaustively. Keep it simple, actionable, and timely.

4. When leadership tunes out compliance, so does everyone else

If senior leaders treat compliance like a side project, that attitude will ripple throughout the organization. Compliance culture follows leadership’s lead.

Even small shows of support – like attending a training session – can have impact. When employees see execs engaged, they take it seriously too.

Frame compliance as more than a requirement: it’s a business asset. It protects your reputation, reduces liability, and builds client confidence. Use real examples, like the Volkswagen emissions scandal, to illustrate how culture failures can have massive costs.

And don’t forget regulatory accountability. In cases like Pekin Singer Strauss, Pennant Management, and Elste, the SEC didn’t hesitate to hold leadership responsible for compliance shortcomings. That precedent makes leadership buy-in a regulatory necessity – not just a nice-to-have.

5. You probably don’t know what you’re missing

Even veteran CCOs can be blindsided by details they didn’t know were happening. It’s easy to assume policies are followed exactly as written – but reality often deviates, especially in areas like billing or personal trading.

Take Rule 204A-1 as an example. Many firms slip on identifying new access persons or collecting their required holdings reports within 10 days. These simple oversights are still exam red flags.

Billing errors are another minefield. If automated systems are misaligned with your ADV disclosures, you could end up over- or under-charging clients without even realizing it – especially with tiered fee structures.

Want to catch these issues early? Shadow employees, ask questions, and observe how tasks are actually carried out. Reviewing SOPs isn’t your job, but understanding them is. It helps you spot inconsistencies before examiners do – and builds a more accurate view of how the firm really runs.

6. If it’s not documented, it may as well not exist

One consistent lesson from SEC exams: if you can’t show it, they won’t assume it happened.

Yes, Rule 204-2 requires certain records – but the SEC often expects more. During exams, firms are asked for risk inventories, third-party vendor due diligence, and even physical security details like building access protocols.

If you work with remote staff or third-party consultants, be ready to show how you monitor them, too. Oversight doesn’t end at your firewall.

The best way to prepare? Review SEC document request lists regularly. They offer insight into what regulators are focused on – even before it becomes formal policy.

7. Thoughtful “yes” beats reflexive “no”

Saying “no” is easy. It’s safe. But it also shuts down collaboration – and can make you irrelevant.

When compliance becomes the office gatekeeper, people stop asking for input. You’re left out of product discussions, marketing reviews, and strategy sessions. That’s when risk creeps in unnoticed.

A better approach? Aim for thoughtful flexibility. If the marketing team wants to include hypothetical performance, and time allows, explore options: adjusted disclosures, alternate presentations, or other solutions that preserve the goal without crossing the line.

Being seen as a problem-solver earns you influence. You want people to come to you early – not after they’ve already gone live.

Final thought: Keep your standards. Adjust your expectations.

Compliance isn’t glamorous. It’s often underappreciated and full of ambiguity. But it’s also one of the most critical functions in the business.

When you accept the challenges – and operate with humility, curiosity, and clarity – you’ll not only protect your firm, but help it thrive. And that’s worth sticking around for.