Every compliance professional has heard the accusation. Compliance is too slow. Compliance does not understand the business. Compliance always says no. Compliance is where deals go to die. That reputation is so common that it has a shorthand: “Dr. No from the Land of No.”
Luis Velasquez’s article, Why Effective Leaders Get Branded as Problems, offers an important way for Chief Compliance Officers to think about this challenge. His central point is that when a leader creates friction, organizations often default to one explanation: the leader is the problem. Yet the article argues that friction usually comes from one of four sources: capability, perception, identity, or system. Because those sources can look similar on the surface, organizations often collapse them into a single behavioral judgment and make poor decisions as a result.
That insight maps directly onto compliance. When compliance creates friction, the organization may assume the compliance function is the problem. Sometimes that is true. Sometimes compliance really is slow, unclear, inconsistent, or disconnected from commercial reality. But often compliance is not the problem. It is exposing the problem. The CCO’s job is to know the difference.
The Evaluation Trap for Compliance
Velasquez calls this dynamic the “evaluation trap.” Organizations overfocus on visible behavior and underweight the context around that behavior. If there is friction, the easy assumption is that the individual leader is the problem. For compliance, the same trap appears when business leaders say some of the following: “Compliance is blocking the deal. Compliance is slowing us down. Compliance is too rigid. Compliance does not understand how we make money.”
Those statements may contain useful feedback, but they are not a diagnosis. They are conclusions. A good CCO should not reject them defensively, but neither should the CCO accept them at face value.The better question is: What is really causing the friction?
Is compliance creating unnecessary delay? Is the business bringing compliance in too late? Is the policy unclear? Is the company’s incentive structure encouraging people to push risk downstream? Is the compliance team applying yesterday’s reputation to today’s improved process? Or is the function’s greatest strength, independence being overused in a way that makes compliance appear detached from the business? The answer matters because each cause requires a different response.
Why “The Land of No” Is Dangerous
Being known as “The Land of No” is more than a branding problem. It is a control problem. When employees believe compliance exists only to stop things, they stop bringing compliance into decisions early. They delay disclosure. They frame facts selectively. They look for workarounds. They ask for forgiveness instead of guidance. The compliance function then receives issues late, with fewer options and higher stakes. That reinforces the perception that compliance is always saying no.
It becomes a vicious cycle. The business avoids compliance because it fears delay. Compliance receives incomplete or late information. Compliance responds with concern or rejection. The business concludes that compliance is a blocker. The next time, the business waits even longer to engage. That is how a compliance function loses influence while still technically having authority.
The Four Sources of Compliance Friction
Velasquez identifies four sources of leadership friction: a true skill deficit, historical reputation, overextension of identity, and the system as a blocker. Each has a direct compliance equivalent.
- A True Compliance Capability Deficit
Sometimes the criticism is fair. The compliance team may be too slow. It may issue dense legal guidance that no one can use. It may give inconsistent answers across regions. It may lack business knowledge. It may escalate too many routine issues. It may have no clear intake process, no service-level expectations, no decision trees, and no practical playbooks.
The remedy is operational discipline. Build intake channels. Publish response-time expectations. Create risk-tiered approval paths. Train compliance professionals in business acumen. Give the business practical guidance, not abstract warnings. Measure cycle time, quality of advice, repeat questions, escalation frequency, and stakeholder satisfaction. A compliance function that wants credibility must be professionally managed.
- Historical Reputation
Sometimes compliance is being judged by an old story. Velasquez describes “organizational drift,” where systems rely on outdated narratives rather than current evidence. Feedback may be based on historical reputation, not recent interaction. Labels harden even when behavior changes.
In that case, behavior change alone may not be enough. The CCO must manage perception as deliberately as performance. That means asking business leaders for specific, recent examples. It means distinguishing current pain from legacy frustration. It means documenting improvements and communicating them repeatedly. It means publicizing examples where compliance helped a team win business the right way, accelerate a transaction, resolve a third-party issue, or design a better control.
- Overextension of Compliance Identity
Compliance has core strengths: independence, skepticism, discipline, documentation, escalation, and control. Those strengths are essential. But Velasquez warns that a strength can become a habit, then an identity, and then a constraint. The problem is not always the absence of skill; sometimes it is the overuse of a strength in the wrong context. That is a powerful lesson for compliance.
A compliance function that is appropriately skeptical in a bribery investigation may be unnecessarily skeptical in a low-risk gift review. A team that properly demands documentation for a high-risk distributor may over-document a routine vendor. A CCO who must be firm with the board or regulators may unintentionally use the same posture in early-stage business counseling. The answer is not to weaken compliance. The answer is to expand its range.
Compliance should know when to be an investigator, when to be an adviser, when to be a control designer, when to be an educator, and when to be a decision escalator. Not every question requires the same tone, process, or level of scrutiny. A mature compliance function does not say yes to everything. It knows how to say: Yes, if. That is very different from simply saying no.
- The System as the Blocker
Velasquez calls the system-as-blocker issue the most misunderstood trap. What looks like a behavior problem may actually be caused by culture, structures, resources, incentives, or decision rights that make the desired behavior difficult. The article notes that organizations may say they want one thing while rewarding another. This is the most important lesson for the CCO.
Compliance often gets blamed for delay created elsewhere. Sales may bring a high-risk intermediary to compliance two days before a bid deadline. Procurement may onboard vendors before due diligence is complete. Finance may discover payment issues only after an invoice is pending. Legal may escalate a contract after commercial terms have already been promised. Senior leadership may say compliance matters, while compensation plans reward speed and revenue at any cost.
In reality, the system created the bottleneck. Compliance was simply the first function willing to name it. The CCO should identify these systemic blockers and bring them to management. If the business wants faster third-party approvals, it must engage compliance earlier. If the company wants fewer rejected transactions, it must define risk appetite before the deal is negotiated. If leadership wants speak-up culture, it must protect reporters and discipline retaliation. If the
Building a Compliance Function Known for Solutions
The goal is not to become the “Land of Yes.” That would be worse. A compliance function that says yes to everything is not a compliance function. It is a permission slip. The goal is to become the Land of Know: a place where the business gets clarity, options, risk intelligence, and practical pathways. That requires a different operating model.
- Compliance must engage early. The function should be embedded in strategy discussions, product design, market entry planning, third-party selection, M&A activity, data use, AI deployment, and incentive design. Late-stage compliance review is where trust goes to die.
- Compliance must define red lines and green lanes. Business teams should know which activities are prohibited, which require escalation, and which can move quickly through preapproved controls. Ambiguity produces both delay and resentment.
- Compliance must communicate in business language. “This violates Section X of Policy Y” may be accurate, but it is rarely sufficient. The better explanation is: “This creates an undisclosed conflict, weakens our audit trail, and could make the payment look improper. Here is how we can restructure it.”
- Compliance must offer alternatives. A “no” without a path forward should be reserved for true red-line issues. In most cases, compliance should identify a lower-risk route.
- Compliance must measure enablement. Do not only track training completions, hotline numbers, or policy attestations. Track advisory response time, time to third-party decision, percentage of matters resolved with conditions, number of early consultations, repeat issues by business unit, and examples where compliance helped preserve business value.
Sixth, compliance must own its mistakes. When compliance is slow, unclear, inconsistent, or overly rigid, the CCO should say so and fix it. Credibility increases when compliance holds itself to the same accountability it expects from the business.
The CCO’s Message to the Business
The CCO should be able to say: “We are not here to stop the business. We are here to help the business grow in a way that can withstand scrutiny. Sometimes that means yes. Sometimes that means yes with controls. Sometimes that means no. But every answer should be timely, clear, risk-based, and tied to the company’s values and obligations.”
That message must be backed by behavior. Business leaders will not judge compliance by slogans. They will judge it by how the function behaves when a deal is urgent, a market is risky, a senior executive is involved, or the answer is uncomfortable.
The lesson from Velasquez’s article is simple but profound. Before deciding that the leader is the problem, ask whether the diagnosis is wrong. For CCOs, the parallel lesson is equally important: before accepting that compliance is the problem, determine what the friction is really telling you.
A strong compliance function should never aspire to be popular at all costs. But it should aspire to be trusted. The way to avoid becoming “The Land of No” is not to say yes more often. It is to become clearer, earlier, more practical, more evidence-based, and more courageous about identifying whether the real issue sits in compliance, the business, or the system itself.