The Myth of “Fixing Compliance” with One Hire

Every time a bank faces regulatory pressure, the same solution tends to appear:

 

“We’ve hired a new Head of Compliance.” Or: “We’ve appointed a new MLRO.”

 

And while these are critical roles, let’s be clear:

 

➡️ One hire is not a compliance strategy.

 

In fact, the belief that a single senior appointment can “resolve compliance” is one of the most persistent myths in financial services.

 

1) Regulators don’t regulate job titles — they regulate outcomes

 

Regulators are rarely impressed by organisational charts.

 

They don’t assess compliance maturity by who sits in the role — they assess it by what the institution consistently delivers, including:

 

• Clear governance and decision-making
• Effective monitoring and testing
• Evidence-based risk assessments
• Timely remediation of findings
• A culture that escalates issues early, not late

 

A newly appointed Head of Compliance may improve direction — but regulators will still ask:

 

“Where is the evidence that the system works?”

 

2) Structural weaknesses can’t be fixed by individual strength

 

Some weaknesses are not “people problems.” They are structural problems.

 

For example:

 

• Poorly designed controls
• Weak segregation of duties
• Underfunded compliance functions
• Broken escalation routes
• Unclear ownership of risks
• Compliance teams acting as “advisers” with no authority to challenge

 

Even the best MLRO will struggle in an environment where:

 

• risk is treated as a formality
• compliance is seen as an obstacle to business growth

 

That is not a leadership failure. That is a system design failure.

 

3) Tone from the top can’t be outsourced

 

A bank can hire the most experienced compliance leader in the market…

…but if the board and executive leadership are not aligned on the basics, the same patterns repeat:

 

• “We’ll fix it later.”
• “Don’t escalate this yet.”
• “Let’s manage the optics.”
• “We can’t slow down growth.”
• “Compliance is blocking revenue.”

 

In those environments, compliance leaders become:

 

• the messenger
• the scapegoat
• or the last line of defence (which they were never meant to be)

 

Compliance leadership works best when senior management is willing to say:

 

✅ “We want to know the truth, even when it’s uncomfortable.”

✅ “We will fund the fix, not just announce it.”

✅ “We will hold the first line accountable.”

 

4) When senior hires become regulatory “signals”

 

Let’s address the uncomfortable truth:

 

Sometimes senior compliance hires are treated as regulatory signals.

 

A way of saying: “Look — we’re taking this seriously.”

 

And yes, regulators do expect capable leadership.

 

But when the appointment is used as a substitute for remediation, it becomes a compliance illusion.

 

Because the real test is not the hire.

 

The real test is what happens after:

 

• month 1
• month 3
• month 6
• and the next regulatory review

 

That is where the truth shows up.

 

5) Structural vs individual accountability — the difference matters

 

We often talk about accountability as if it sits with one person.

 

But sustainable compliance requires accountability across the institution:

 

• First line owns the risk and controls
• Second line provides oversight, challenge, and assurance
• Third line independently tests and validates

 

If the first line is not accountable, the second line becomes operational — and that is where compliance functions burn out.

A Head of Compliance is not there to “do compliance for the business.”

 

They are there to ensure the business operates within risk appetite and regulatory expectations.

 

6) What sustainable remediation really looks like

 

If you want remediation that lasts, it usually includes:

 

Clear ownership

 

Every issue has:

 

• an accountable owner
• a deadline
• measurable evidence of closure

 

 Resourcing that matches the risk

 

Not “do more with less,” but:

 

• adequate staffing
• proper tooling
• empowered oversight

 

A culture that supports challenge

 

People must feel safe to escalate, question, and pause activity when needed.

 

Evidence, not promises

Regulators don’t accept intention. They accept tested, documented outcomes.

 

Continuous monitoring, not one-off clean-up

Remediation isn’t a project. It’s a discipline.

 

Final thought

Hiring a Head of Compliance or MLRO is important — but it’s not a magic wand.

A strong compliance leader can guide the journey, but they cannot replace:

 

• governance
• culture
• systems
• accountability
• sustained investment

 

In the end, regulators will always look beyond the headline.

 

They will look for the substance.

 

And substance is never delivered by one person alone.