Managing Up in Compliance: How to Speak So the C-Suite Listens
- Raymond Snytsheuvel
- Mar 25
- 5 min read
Updated: Mar 26
Being great at compliance isn’t just about knowing the rules—it’s about knowing how to communicate them. If you’ve ever felt like your concerns are being ignored or dismissed, you’re not alone.
As a General Counsel and Chief Compliance Officer, I’ve spent years translating complex legal and compliance issues for the C-suite. Through trial and error and a whole lot of hope, I’ve learned that managing up isn’t just about what you say—it’s about how, when, and to whom you say it.
If you struggle to get leadership to prioritize compliance, these hard-earned lessons will help you gain trust, communicate effectively, and influence decision-making.
Don’t Change Anything (Yet!)
Here’s one of the best pieces of advice I ever received: When you step into a new role, especially one focused on compliance, don’t change anything for the first six months.
Why? Because people don’t like change—especially long-term employees who have operated under the same systems for years. So resist the urge to dive in and start fixing things immediately.
Instead, use this time to:
Understand the existing landscape and those who built it.
Identify key players—your own cast of characters in The Office.
Earn respect by listening before suggesting improvements.
Prioritize what truly needs to change—and what doesn’t.
The reality: Even if you were hired to improve compliance, rushing into changes without understanding company culture and priorities is a fast track to resistance.
Understand the Company’s Risk Appetite
Not every company sees compliance the same way. Some embrace risk, while others avoid it at all costs.
Knowing where your company falls on this spectrum is crucial to your success.
High-risk appetite? Compliance may be seen as a speed bump, not a necessity.
Low-risk appetite? Compliance is a safety net. Leadership will expect more conservative guidance.
Your move? Adapt your approach. If you’re too risk-averse, you could seem like a roadblock. Too flexible, and you risk being dismissed.
Pro Tip: This does not mean advocating for anything unethical. Your job is to navigate risk within legal boundaries, not to eliminate it altogether.
Know Your Relevance in the Institution
Sometimes compliance professionals forget that executives often understand compliance risks better than we think.
Your job isn’t to educate them from scratch—it’s to align expectations with how much they want to engage.
Some leaders will want details; others will want a high-level risk assessment. Match their level of engagement, and you’ll be heard.
_______________________________________________________________
If compliance isn’t a major priority for leadership, pushing harder
won’t help. Instead, adapt, inform, and document.
_______________________________________________________________
Don’t Care More Than Leadership Does
This one is tough, but it’s essential: If leadership isn’t prioritizing an issue, don’t push harder than they are willing to go.
How to handle it:
Clearly articulate the risk and potential impact.
Ensure leadership understands the issue — and the consequences of inaction.
Document your efforts, then step back.
It’s frustrating when compliance isn’t taken as seriously as it should be. But your job is to inform, not to force decisions. Some priorities—like urgent financial risks—will always take precedence. It’s not personal. It’s business.
Communicate at the Right Level
Have you ever been in a meeting where leadership seemed completely uninterested in what you were saying? You may be speaking at the wrong level.
There are five levels of compliance communication:
Level/What the Leader Wants | Challenges for Compliance Professionals | Best Approach |
Level 1: A simple "yes" or "no" without any additional context. | Compliance professionals instinctively want to explain risks and avoid oversimplifying. Providing too much detail can frustrate the leader. | Build a circle of trust (see the “6-month” rule). When possible, offer a one-sentence clarification that hints at nuance without overwhelming them. Example: "Yes, but with conditions" or "No, and here’s why in one sentence." |
Level 2: A "yes" or "no," plus a very brief, non-legal explanation of the risks involved. | There’s no room for deep discussion or exploring every scenario. Leaders expect efficiency, not legal lectures. | Stick to one key risk and phrase it in plain language. Avoid citing regulations or diving into "what-ifs." Example: "No, because that could violate fair lending rules and lead to penalties." |
Level 3: A short conversation about the risk implications with a few legal references (but not an in-depth discussion). | Leaders want quick insights, not exhaustive legal analysis. Too much detail could lose their attention. | Provide a high-level risk assessment. Mention only essential regulations (e.g., "This could be a RESPA issue"). Keep it concise and action-driven. Example: "There’s a moderate risk under RESPA—our approach should be X to stay compliant." |
Level 4: A more detailed conversation, with references to laws and regulations, but without full legal text. | Leaders are open to more depth, but they don’t need every citation. Too much legalese can still overwhelm them. | Paraphrase key provisions and explain why the issue is tricky. Focus on the business impact rather than just legal wording. Example: "This falls under Reg Z, which limits how we can structure fees. Here’s what that means for us…" |
Level 5: A detailed legal discussion with full citations, legal texts, and thorough analysis. | This level is rare because most executives don’t need this level of detail. It’s usually reserved for the legal department. | Engage with legal teams and only go this deep if requested. Ensure the leader wants this level of detail before preparing long reports or citing full regulations. Example: "Here’s the legal provision that applies, along with case law that supports our interpretation." |
Reality check: Most executives operate in Levels 1–3. It can be tempting to dive deep into compliance details—either out of genuine passion for the topic or a desire to fully protect yourself if something goes wrong. However, your messaging should be tailored in a way the leaders will best understand your message.
There’s a fine line between helping leadership understand the issue and overloading them with information as a form of self-defense. The most effective compliance professionals know where each leader’s appetite for detail ends—and stop there. Communicate clearly, highlight key risks, and know that drowning leaders in data won’t make your point more convincing.
Keep Records. Always.
Corporate memory is short — but emails aren’t. Your best defense? Good documentation.
Archive, don’t delete. I never deleted an email—I just archived them by year and quarter to keep my inbox clear.
Track conversations. Some leaders avoid putting things in writing. I obliged when possible—but I always kept personal notes.
Come with receipts. When leadership asks, “Did we discuss this?”—you’ll be ready with proof.
Final Thought: Compliance Leadership Is About Influence, Not Control
Managing up in compliance isn’t about being the loudest voice in the room. It’s about being the most strategic one.
Build trust before making changes.
Adapt your approach to the company’s risk appetite.
Speak at the level leadership wants to engage.
Provide clear recommendations and let leadership decide.
Keep records—your future self will thank you.
Need Expert Guidance on Compliance & Risk Management?
Compliance shouldn’t feel overwhelming. At Loan Risk Advisors, we help mortgage professionals cut through the complexity and make compliance manageable, practical, and stress-free.
Whether you need a risk assessment, customized training, or hands-on guidance, we’re here to help you stay compliant—without the guesswork.
Let’s talk! Contact us today to schedule a review.
Comments