Why Every Compliance Should Think Like an Entrepreneur

“How can we get business to listen to compliance?”

This is the most common question I’ve heard at every compliance conference I’ve attended over the past decade. It signifies a persistent and ongoing tension between business functions and the compliance, risk, and legal teams. The simple answer is, “just build relationships.” However, saying that is like telling a sad person to “just be happy.” It oversimplifies complex dynamics. Building relationships is far more complex than handing out fake smiles and having nice dinners together. It involves developing trust, taking into account the nature of the relationship, power dynamics, and personal and professional boundaries.

One year ago, I launched Pragmax Consulting to solve the very compliance challenges I once faced as a practitioner. Among them:

• Compliance is perceived as a cost;

• Because of this perception, many businesses undervalue the function;

• As a result, compliance teams are often under-resourced; and

• All of this creates friction between business teams and compliance.

Now, having been on both sides, first as a compliance officer, and now as a founder, I want to share the lessons I’ve learned over the past year as an entrepreneur that compliance practitioners can use. After all, we often say that to fight financial crime, we must enter criminal minds. Not to imply business is criminal, but to be an effective compliance practitioner, you do have to enter business minds.

The Mistakes that I’ve Made

The wonderful thing about entrepreneurship is that it is a sandbox. Entrepreneurs are free to turn their visions into reality. The tricky part is that there is no single way to do business right. You can read 100 books by Warren Buffet, Robert Kiyosaki or James M. Sweeney about wealth and business codes, but if you do not relate to their backgrounds, their experiences may not even be relevant to you. Because no playbook perfectly mirrors your individual experience, entrepreneurs are bound to make mistakes. I’ve made several mistakes, but each one came with a lesson that compliance practitioners might actually find useful.

Mistake 1: Chasing Profit

The first mistake I made was having the mindset that owning a business meant I had to chase profit. It sounds counterintuitive to question this since businesses are inherently for profit. When I first launched, I accepted every meeting invitation and explored all possible collaborations, thinking I should not miss potential opportunities; I was chasing ‘profit’ as much as possible. However, when I reviewed my activities over the last 12 months, I noticed all successful clients and meaningful stakeholders simply made straightforward requests for services or well-prepared collaboration proposals. In contrast, those who approached me with certain red flags typically wanted either a free lunch or inside information:

• Praising and admiring my work but unable to specify any of it;

• Initially very friendly, but completely cold after obtaining the information they wanted;

• Talking broadly about vision without anything practical to offer; and

• Wanting to meet without giving details about why.

By chasing opportunities and profit blindly, I failed to conduct proper due diligence before giving people my time. This made me realise real profit means recognising that different types and stages of businesses require different profit strategies. For a startup like mine, time is far more valuable, and “chasing profit” by accepting meetings with every Tom, Dick, and Harry was not strategic. Now, I’ve learned to conduct due diligence on clients and stakeholders to check if they’re worth my time. Why? Because I realised that time is one of the most valuable resources at this stage of the business, and every hour spent on low-commitment prospects is an hour taken away from serving serious clients who are ready to move forward.

In compliance, for the function to be practically effective, an uncompromising pursuit of “full compliance,” can actually be counterproductive. Compliance professionals must operate within the risk appetite of the business while adhering to laws and regulations. In many real-world compliance applications, compliance practitioners must work with business functions to risk tolerance levels. Compliance controls must be designed to address a business’ risk exposure, while taking into account business implications. For example, if a business conducts enhanced due diligence on every customer, regardless of risk, it would significantly delay customer onboarding, frustrates sales teams, and results in lost revenue. Although compliance must remain independent, compliance without practicality renders it ineffective. 

Mistake 2: Competency Alone Means Good Business

When I first launched, I assumed my competency alone would be enough to add value to other businesses. On top of my professional certifications, I had given workshops attended by representatives from the World Bank, Financial Action Task Force (FATF), and other global regulators on digital asset compliance. I entered the business feeling confident about my competence. However, I was immediately humbled when most potential clients I met were completely indifferent to those credentials. In fact, I faced more rejections in business than when I applied for jobs.

Over time, I realised that in business, it’s not just about providing the best services. You need to connect your product with your clients effectively. In short, you need to sell, which is a completely different skill from product and/or service creation. Beyond credibility, you need to focus on relationship-building, negotiation skills, brand connection, and, importantly, making customers feel happy about the process. A successful restaurant does not only sell good food; it also provides great customer service from start to finish.

In compliance, the delivery of content is equally as important as the content itself. Numerous factors must be considered when delivering recommendations. 

• First, you need to know your stakeholders. Stakeholders vary widely not just by functions, but by seniority, personality, cognitive style, and even cultural dimensions. Each type of stakeholder processes and responds to information differently. 

• Second, understand what they actually want. Figure out what they want by focusing on understanding their pain points. 

• Third, craft the right message tailored to their context. In my opinion, compliance messages should be framed in a way that activates action, not through guilt or resistance.

• Fourth, deliver it well. It is important to understand power dynamics and adjust your delivery accordingly. How you are perceived as the messenger is just as important; especially in terms of credibility, integrity, and relatability. 

As a practical application of the above: when presenting compliance information to the Board of Directors and Senior Management, you should focus on strategic aspects, as their priorities are typically profit, reputation, and growth. Conversely, lower-level management requires more practical compliance applications, as they are focused on creating a more efficient working environment for themselves.

Mistake 3: Doing it All Alone

Initially, I was confident I could handle everything myself: internal frameworks, lead generation, building my website from scratch, social media content, finance, and accounting. For the first few months, I did most tasks alone until I realised I spent too much time building various things and could not focus effectively. I learned a lot but at the cost of slowing down my business.

That’s when I learned the importance of collaboration and delegation. I began working with qualified professionals in areas I lacked experience in such as digital media and marketing. For instance, the MoonCast podcast I co-hosted with Sanad Karkar, JD, LL.M., not only expanded my audience but also helped position my brand at the intersection of compliance, technology and law. The strategic collaborations definitely amplified my visibility. Additionally, when I finally outsourced administrative tasks, I finally had more time to refine my services and deliver value to my clients.

The same applies in compliance. Although compliance should remain independent, it should not operate in isolation. Compliance practitioners need to collaborate with stakeholders for their functions to be effective. After all, you need others to implement your recommendations. Recommendations remain merely on paper if you fail to focus on partnerships, collaboration, and delegation.

Mistake 4: Treating Business like a Baby

I’ve often expressed my passion for compliance, especially how I enjoy being innovative and creative while solving compliance problems others find boring. This passion inspired me to start Pragmax Consulting. However, I treated my business as if it were my baby, causing my life to revolve around it completely. I repeated mistakes from my practitioner days; working around the clock and neglecting my physical and mental health. I experienced burnout, isolation, and took things personally when outcomes were not as intended.

Eventually, I realised my business is merely a vehicle to help others while generating revenue. Honestly, that’s exactly what a job should be to anyone. Compliance roles are just jobs. I failed to acknowledge that beyond my business, my well-being is also an asset. If my well-being fails, everything else follows. A lot of compliance practitioners are in the field because they are passionate about them. Yet, compliance practitioners are likely among the most under-resourced and neglected professionals. One mistake I regretted in both roles was prioritising my job and business over myself. After I stopped treating my business and job like a baby, my well-being improved dramatically, my creative output increased, my confidence grew, I could accomplish more with less stress, and I became significantly happier.

New Skills Unlocked during My Time as an

Entrepreneur

Switching from a salaried Compliance Officer to an entrepreneur taught me valuable new skills that can significantly strengthen compliance practitioners, that I would love to share:

Skill 1: Data is King

Understanding that data is money is not only the best thing in business, but the most important part. Data is King. Data is money. Data is everything. I learned earlier that to launch a business, you need a vision with data. So, before launching, I conducted a business survey to gauge what people really wanted. I learned valuable insights rather than relying solely on my perception of industry needs. That decision gave me a deeper understanding of what was missing in the market, including data showing that the majority of professionals today value practicality in compliance. This helps me tailor my services more effectively to meet my clients’ needs. Furthermore, realising that most successful businesses consistently seek reviews and feedback, I now do the same. Data is key to knowing where your business is headed.

The same applies to compliance professionals. Gathering both internal and external data is crucial for compliance professionals to make decisions. One of the most painful observations I’ve made is that many compliance professionals make decisions based on perception rather than data. This often stems from cognitive bias; especially when dealing with emerging sectors. For example, when digital assets were first introduced, instead of understanding the mechanics and studying real data, many dismissed the sector entirely based on adverse news headlines. While it’s true that criminal activities exist in the digital asset space, Bank Negara Malaysia (BNM)’s National Risk Assessment 2020–2023 actually rated the banking sector as having the highest ML/TF risk. Meanwhile, the digital asset ML/TF risk levels are actually rated as lower (with TF risk rated as Medium instead of Medium-High). This is not a criticism of the banking industry; that risk level is expected given the industry’s exposure, transaction volume, and access to the broader financial system. My point is this: when faced with unfamiliar territory, many compliance professionals instinctively rely on sensationalised narratives, rather than assessing the facts objectively including how the blockchain mechanics improve the tracing of TF activities.

Another important data gathering exercise compliance professionals should practice is collecting the data of stakeholders’ business and operational pain points. While you are the subject matter expert in compliance, you are not the subject matter expert of other business functions. How can you give valuable compliance recommendations without fully understanding business and operational pain points? Getting input from other stakeholders, even when they are uncomfortable, can provide a more objective and comprehensive understanding of the situation, thus strengthening your compliance solutions.

Skill 2: Confidence is Acquired Through Experimentation, Not Achievements

Earlier, I mentioned that I was competent and had achieved a lot prior to becoming an entrepreneur. This was not meant as bragging but to highlight that none of those achievements helped me with my confidence. Before becoming a business owner, I chased achievements at the expense of my well-being. Yet, I remained insecure and timid, hiding my insecurities behind a fake smile. I was bitter towards confident people whom I deemed less competent, constantly wondering how they could possess confidence while I did not. In fact, I was actually plagued by arrogance in the disguise of insecurities. I was not confident.

Taking the plunge into entrepreneurship, trying completely different things, experimenting through podcasts, meeting new people, writing articles, creating social media content, attending networking events despite being socially awkward in them, and failing multiple times; these experiences are why I am much more confident today. Experimentation allowed me to learn more about myself, discover what works and what does not. It became a training ground to teach myself that failure is not the end of the world, and any initial success is simply a bonus to be grateful for. I’ve learned that confidence is not fearing failure, while still having the judgment not to act recklessly.

The same principle applies to compliance professionals. Whether providing recommendations or trying to improve compliance culture, you can only go so far by repeating the same approach. If your message is not landing, try something different. Experiment with how you present ideas, how you engage teams, and how you frame compliance as something relevant and valuable. Creativity is not a weakness in this field. It is a strength that can set you apart. Of course, it is important to make calculated experiments as a compliance professional. But if an experiment fails, keep in mind that it only means you are one step closer to finding the right solution.

Skill 3: Self-Advocacy and Visibility

Despite my warm and friendly disposition, I am actually introverted. I love my time alone, and genuinely get anxious and stressed out in large social situations such as a networking event or conference. When I was a compliance practitioner, I could easily avoid that by simply not participating in them as much, but as a business owner, I have no option but to remain visible in the industry to stay in business. Visibility reminds people of my existence, not merely to remain relevant but to ensure food stays on the table. Because it is a necessity to me now, I learned to push myself to self-advocate in a refined way. Of course, in doing so, I used to always worry if I came across as arrogant, as I never liked to feel one-uppity. But at the same time, without promotion people cannot magically know what I can offer. So I practiced to advocate myself in a refined way. Initially, I listed all my achievements, but over time, I learned to keep them succinct. It took practice, but it was worth the effort. Visibility means staying present in this field, both online and in real life, not out of vanity but because it is part of keeping the business alive.

The same is true for compliance roles. As the so-called ‘contrarians’ of the business, you are likely required to work twice as hard to advocate and promote the value of your function. Furthermore, there is a common misconception that compliance function performance cannot be directly tied to business revenue or cost savings. For example, if you are responsible for ensuring your business’ license application gets approved by the regulator, that is a direct relationship between your function and the business’ revenue. Additionally, the compliance team’s visibility with other stakeholders is of utmost importance. The days of compliance officers staying visible purely to monitor non-compliance are over. You need to remain visible so others can approach you proactively when they have questions, and demonstrate how your knowledge can help them. Sometimes, non-compliance is as a result of ignorance, not wilful action. 

Skill 4: Authenticity is Your Strength

The last skill, and personally my favourite, is the ability to incorporate your authenticity into your role. I truly acknowledge that I can now fully embrace my authenticity due to the privilege of owning my own business. In the past, I had to sanitise my appearance, presentation style, and creativity to fit in. Today, however, I can freely act on my vision; compliance allows for creativity, and compliance can be fun. I choose to stay away from what I perceive to be an archaic view of compliance, which is that making it fun takes away from its credibility. In fact, I believe making it fun actually encourages learning and keeps people motivated. When I recall how I got into learning about financial crime, I think about the famous TV show Breaking Bad rather than any criminal law classes I may have attended prior to that. The show was for entertainment, but the creators did research real-world money laundering methods and consulted with legal and law enforcement professionals to illustrate money laundering tactics like structuring, smurfing, and shell companies. The truth is, most people already perceive compliance as a dull, boring profession. Ask yourself if you truly enjoy scrambling at the end of the year to complete compliance e-learning training courses.

On the contrary, I personally find that placing too much emphasis on maintaining a polished corporate image can sometimes come across as less authentic. When someone is not comfortable expressing their intellectual strengths in a more creative or human way, it may give the impression that they are relying more on surface-level projection than substantive capability. In my experience, and to my surprise, my content, articles, and podcasts are received far better when I incorporate parts of my authentic self such as pop culture references and memes, even if they go against the corporate norms. At this age, it should be increasingly obvious that credibility should be strongly tied to integrity rather than a corporate shine.

Conclusion

Changing my career from Compliance Officer to business owner has completely transformed the way I view compliance. It is not just about following rules and regulations. Compliance is about smart, strategic planning. Over the past 12 months with Pragmax Consulting, I’ve learned so much, and I’m genuinely grateful to everyone who has supported me: whether as clients, collaborators, or those who engage with my content.

I started this business to help compliance practitioners overcome the same challenges I once faced, and I intend to keep doing that with your continued support.

Thank you, and happy one-year anniversary to Pragmax Consulting.

Learn More About Us

Pragmax Consulting

Pragmax Consulting is a compliance, risk, and governance consulting firm with a diverse clientele, including a Fortune 500 asset management firm, a global fintech leader in digital payments across international markets, statutory bodies, and various virtual asset management companies.

Website: https://www.pragmaxconsulting.com