All Articles
Risk Management

Promoted Into the Past: How Internal Succession Is Locking UK Compliance Functions Into Outdated Thinking

By Coleman's CTTS Risk Management
Promoted Into the Past: How Internal Succession Is Locking UK Compliance Functions Into Outdated Thinking

The Loyalty Dividend and Its Hidden Cost

There is an understandable logic to promoting from within. Long-serving employees understand the culture, the operational rhythms, and the unwritten rules that govern how work actually gets done. When a compliance manager or health and safety lead retires, the instinct to appoint their most trusted deputy feels both pragmatic and fair.

The difficulty is that this instinct, however well-meaning, carries a structural risk that rarely appears on any succession planning document. The person most familiar with how compliance has historically been managed is also the person most likely to replicate it — including the parts that were never quite right.

Across UK industries, from manufacturing to financial services, this pattern plays out with quiet regularity. The newly appointed compliance lead inherits not only the role but the assumptions embedded within it: the workarounds that became standard procedure, the audit preparation rituals that substitute for genuine readiness, and the risk tolerances that were quietly accepted years ago without ever being formally reviewed.

How Normalisation Compounds Over Time

Regulatory non-conformances rarely arrive fully formed. They tend to accumulate gradually, each small deviation from best practice becoming slightly more entrenched as years pass. A reporting shortcut introduced during a busy period becomes the default method. A training module that never quite addressed a specific hazard scenario gets renewed year after year because no one questions whether it was ever adequate.

For an employee who has operated within this environment throughout their career, these accumulated compromises are simply the background noise of the job. They are not experienced as failures because they have never been identified as such. When that employee ascends to a leadership position, they do not deliberately perpetuate poor practice — they are genuinely unaware that what they are perpetuating is poor practice at all.

This is the compliance inheritance paradox in its most precise form. The very experience that qualifies someone for promotion becomes the mechanism through which historic deficiencies are protected from scrutiny.

The Filtering Effect on External Perspectives

The problem is compounded by what happens when fresh regulatory thinking does enter the organisation. Newly hired team members, external consultants, or updated regulatory guidance may all signal that certain established practices require revision. In environments where the compliance lead has been shaped by those same practices, these signals are frequently filtered out.

This is not necessarily a conscious process. It manifests instead as institutional scepticism: the sense that outsiders do not fully understand the operational realities of the business, that regulators are being impractical, or that the company's approach has always worked well enough. Each of these responses may contain a grain of operational truth, but collectively they function as a barrier against the critical reassessment that compliance leadership genuinely requires.

UK enforcement bodies, including the Health and Safety Executive and the Financial Conduct Authority, have become increasingly sophisticated in their ability to distinguish between organisations that are genuinely compliant and those that have simply developed effective audit presentation skills. The gap between those two states is precisely where internally promoted leaders, operating on inherited assumptions, are most exposed.

Practical Frameworks for Breaking Institutional Blind Spots

None of this argues against internal promotion as a principle. Career development pathways matter enormously for workforce retention and organisational morale. The solution lies not in bypassing internal candidates but in structuring their transition to leadership in ways that deliberately surface and examine inherited assumptions.

Structured regulatory gap reviews at the point of appointment. When an internal candidate takes on a compliance role, their first formal deliverable should be an independent review of current practices against current regulatory standards — not against the organisation's own historic benchmarks. This review is most effective when conducted with external technical support, providing the incoming leader with an objective baseline rather than a continuation of their predecessor's framework.

Mandatory external reference points during the first twelve months. Newly appointed compliance leads should be required to engage with regulatory guidance, industry working groups, or professional development programmes that expose them to practice standards beyond their own organisation. This is not a remedial measure; it is a structural corrective that any responsible succession plan should incorporate.

Peer challenge mechanisms within leadership teams. Organisations that create formal space for compliance decisions to be questioned by colleagues from adjacent functions — operations, legal, finance — reduce the risk of any single individual's inherited assumptions going unchallenged. This works most effectively when the challenge process is normalised as standard governance rather than presented as oversight of the compliance function specifically.

Documented assumption registers. Encouraging newly promoted compliance leads to explicitly document the assumptions underlying their inherited procedures — rather than simply continuing those procedures — creates a visible record that can be reviewed against regulatory developments as they occur. This practice transforms implicit institutional knowledge into something that can be interrogated and, where necessary, revised.

Supporting Internal Talent Without Entrenching Legacy Risk

Organisations that handle this well tend to share a common characteristic: they treat the transition into compliance leadership as a distinct professional development event rather than a straightforward continuation of an existing role. The skills required to perform effectively within a compliance function are not identical to those required to lead it critically.

Investing in structured transition support — whether through technical training, mentoring from external compliance professionals, or facilitated regulatory reviews — signals to internally promoted candidates that the organisation values both their experience and their continued development. It also creates the conditions under which those candidates are most likely to succeed in genuinely protecting the business from regulatory exposure.

The alternative — appointing trusted long-servers and assuming their accumulated experience is sufficient preparation — is a risk management decision dressed up as a reward. For UK businesses operating in an increasingly active enforcement environment, it is a risk that deserves considerably more scrutiny than most succession plans currently provide.