Chief Compliance Officer Job Description

Chief Compliance Officer (CCO) — role guide, job description template, FCA and SMCR context, salary benchmarks, and what to look for in the right appointment

The Chief Compliance Officer is the senior executive responsible for the organisation’s compliance framework — the policies, controls, monitoring, and governance that ensure the business operates within its legal, regulatory, and ethical obligations. In FCA-regulated firms, the CCO typically holds a Senior Management Function under the Senior Managers and Certification Regime, carrying direct personal accountability to the regulator for the compliance oversight of the firm. This guide covers what the CCO mandate involves across different business types and regulatory environments, how to write a job description that attracts the right candidate, the CCO vs CRO and General Counsel distinctions, and what competitive compensation looks like in 2026.

For our CCO and compliance leadership recruitment service, see executive recruitment. For related C-suite job description guides, see CFO job description and CEO job description.

What is a Chief Compliance Officer?

The Chief Compliance Officer is the most senior executive with specific accountability for the organisation’s compliance with its regulatory, legal, and ethical obligations. The CCO designs and maintains the compliance framework — the policies, procedures, monitoring programme, and governance structures that enable the business to identify, manage, and report compliance risk — and provides independent oversight of the first line of defence: the business units and functions that own compliance in their day-to-day operations.

The CCO sits in the second line of defence in the three-lines model — independent of the revenue-generating and operational functions whose conduct they oversee, but not so removed from the business that they cannot provide practical guidance and proportionate challenge. This independence is the defining characteristic of an effective compliance function. A CCO who is too embedded in the first line loses the objectivity to challenge it. A CCO who is too remote from it loses the commercial understanding to regulate it intelligently.

The CCO mandate varies significantly across sectors and business types. In FCA-regulated financial services firms — banks, insurers, investment managers, wealth managers, consumer credit firms, and others — the compliance function carries formal regulatory accountability under the Senior Managers and Certification Regime, and the CCO’s relationship with the FCA is an active and consequential part of the role. In pharmaceutical, healthcare, and life sciences businesses, the compliance function focuses on clinical trial regulation, product safety, and healthcare professional interactions under MHRA oversight. In technology businesses, compliance increasingly covers data protection, AI governance, and sector-specific regulations. In each context, the skills and experience required of the CCO differ meaningfully, and the job description must reflect the specific regulatory environment rather than a generic compliance framework.

The CCO in FCA-Regulated Firms — SMCR and Senior Management Functions

In firms regulated by the Financial Conduct Authority, the compliance function operates within the Senior Managers and Certification Regime — the regulatory framework that assigns individual accountability for the governance of regulated firms to named senior managers. The CCO in an FCA-regulated firm typically holds one or more of the following Senior Management Functions:

SMF16 — Compliance Oversight. The Compliance Oversight function carries personal accountability to the FCA for the firm’s compliance with FCA rules and guidance, and for the operation of the firm’s compliance monitoring programme. The SMF16 holder must be able to demonstrate to the regulator that they have the authority, resource, and independence to perform effective compliance oversight — and that the firm’s compliance framework is proportionate to the nature, scale, and complexity of its regulated activities. The FCA’s guidance on the Compliance function under SYSC 6 sets out the specific requirements that apply.

SMF17 — Money Laundering Reporting Officer (MLRO). In firms subject to the Money Laundering Regulations 2017, the MLRO carries specific statutory accountability for the firm’s anti-money laundering framework — the systems and controls that detect, prevent, and report suspected money laundering and terrorist financing. The MLRO is the Nominated Officer for the purposes of submitting Suspicious Activity Reports to the National Crime Agency. In smaller firms, the SMF16 and SMF17 functions are frequently held by the same person. In larger or more complex regulated firms, they are typically held separately by individuals with different specialist expertise.

Consumer Duty. Since July 2023, the FCA’s Consumer Duty has required all regulated firms to demonstrate that they deliver good outcomes for retail customers — across products and services, price and value, consumer understanding, and consumer support. The CCO plays a central role in Consumer Duty implementation and ongoing compliance, both in designing the firm’s Consumer Duty framework and in providing independent oversight of whether the firm is genuinely delivering the outcomes the Duty requires. The FCA has been explicit that Consumer Duty compliance is not a documentation exercise — it requires evidence of actual outcomes — and the CCO who cannot demonstrate this distinction in practice will face increasing regulatory scrutiny.

Core CCO Responsibilities

Compliance framework design and governance. The CCO designs and maintains the compliance framework — the policies, procedures, controls, and governance structures that enable the firm to identify, manage, and report compliance risk across its regulated activities. This includes the firm’s compliance policy suite, its regulatory permissions and approved persons registers, its conflicts of interest framework, and the governance processes through which compliance matters are escalated to the executive committee and board. A compliance framework that exists as a set of documents but is not embedded in the behaviour of the business is not a compliance framework — it is a liability.

Regulatory monitoring and horizon scanning. The CCO monitors the regulatory environment — tracking FCA policy consultations, Dear CEO letters, supervisory statements, enforcement actions against comparable firms, and the wider legislative and regulatory agenda that will affect the firm’s compliance obligations — and translates this monitoring into timely and actionable guidance for the business. The CCO who can identify a regulatory change that affects the firm’s business model six months before it takes effect gives the firm a material advantage over competitors who discover it at implementation. This requires genuine regulatory expertise and a maintained network across the regulatory and industry landscape.

Compliance monitoring and testing. The CCO runs the firm’s compliance monitoring programme — the systematic review of the firm’s regulated activities to verify that they are being conducted in accordance with the compliance framework and the FCA’s rules. This includes thematic reviews, transaction monitoring, customer file reviews, and the testing of key controls. The output of the monitoring programme — what is working, what is not, and what remediation is required — is one of the most important inputs to the board’s assessment of the firm’s compliance health and its regulatory risk exposure.

Regulatory relationship management. In FCA-regulated firms, the CCO manages the firm’s primary relationship with the regulator — acting as the principal point of contact for supervisory visits, regulatory information requests, and the ongoing supervisory dialogue that the FCA conducts with regulated firms. The quality of this relationship — and in particular the FCA’s confidence that the CCO is candid, competent, and in effective control of the firm’s compliance function — is one of the most important factors in determining how the regulator treats the firm when things go wrong. A CCO who has built credibility with the regulator is a material asset. One who has not is a liability that shows up at the worst possible moment.

Board and audit committee reporting. The CCO reports on compliance matters to the board and, where it exists, the audit and risk committee — providing a regular assessment of the firm’s compliance risk exposure, the performance of the compliance monitoring programme, regulatory developments of significance, and any material compliance issues or incidents. This reporting must be accurate, timely, and presented in terms that enable genuine board oversight rather than simply recording the compliance function’s activity. The CCO who sanitises their board reporting to manage internal relationships is not performing the role.

Compliance training and culture. The CCO is responsible for ensuring that all relevant staff understand their compliance obligations and have the training and guidance they need to meet them. This includes mandatory regulatory training, product and conduct training for front-line staff, and the cultural work that shapes how compliance is treated in the business — whether it is seen as a genuine obligation or a bureaucratic constraint to be minimised. The CCO who focuses only on the documentation of training completion rather than the quality of understanding it produces is measuring the wrong thing.

AML and financial crime compliance. In firms subject to the Money Laundering Regulations, the CCO — or a dedicated MLRO working alongside the CCO — is responsible for the firm’s anti-money laundering framework: customer due diligence, transaction monitoring, suspicious activity reporting, and the training and governance that ensure AML obligations are met across the firm’s operations. The regulatory and criminal consequences of AML failures — for the firm and for the individuals personally accountable — make this one of the highest-stakes elements of the compliance mandate.

CCO Job Description Template

Job title: Chief Compliance Officer (CCO) [include: and MLRO where applicable]

Reports to: Chief Executive Officer (CEO) [with a direct reporting line to the board or audit committee on compliance matters to preserve independence]

Senior Management Functions held: [Insert: SMF16 — Compliance Oversight; SMF17 — MLRO; as applicable to the firm’s FCA regulatory permissions]

Purpose of the role: The Chief Compliance Officer is responsible for the design, maintenance, and independent oversight of the firm’s compliance framework. The CCO ensures the firm meets its obligations under FCA rules and all applicable legislation, manages the firm’s relationship with its regulators, and provides the board with independent and accurate reporting on the firm’s compliance risk exposure and the performance of the compliance function. The CCO holds the compliance SMF under the Senior Managers and Certification Regime and carries direct personal accountability to the FCA for the compliance oversight of the firm.

Key accountabilities:

Design and maintain the compliance framework — policies, procedures, controls, and governance — proportionate to the nature, scale, and complexity of the firm’s regulated activities. Run the compliance monitoring programme, providing independent oversight of the first line and accurate reporting to the board on the firm’s compliance risk exposure. Manage the firm’s primary regulatory relationship, acting as the principal point of contact for FCA supervisory engagement. Monitor the regulatory environment and provide timely and actionable guidance to the business on regulatory changes that affect its activities. Own the firm’s Consumer Duty framework, ensuring the firm can evidence delivery of good outcomes for retail customers across all four outcome areas. Lead the firm’s AML framework — or work alongside a dedicated MLRO — ensuring customer due diligence, transaction monitoring, and suspicious activity reporting meet the requirements of the Money Laundering Regulations. Provide compliance training and guidance across the firm, ensuring all relevant staff understand and meet their compliance obligations. Report to the board and audit committee on compliance matters with the independence and candour the governance role requires.

Person specification — experience: Significant experience in a senior compliance leadership role in a comparable FCA-regulated environment, with direct regulatory interaction experience. Demonstrable track record of designing or substantially developing a compliance framework at comparable scale and complexity. Experience holding or preparing to hold a Senior Management Function under SMCR, with understanding of the personal accountability obligations this carries. [Insert: specific regulated activity experience — investment management, retail banking, consumer credit, insurance, wealth management — as applicable to the firm’s permissions.] Experience presenting compliance matters to a board or audit committee.

Person specification — skills and attributes: Regulatory depth — sufficient expertise in FCA rules, guidance, and supervisory expectations to engage credibly with the regulator and to make sound compliance judgements without external support on routine matters. Independence and personal authority — the ability to challenge the business, the CEO, and the board when the evidence requires it, without creating the adversarial dynamic that makes the compliance function ineffective. Commercial proportionality — the ability to apply compliance requirements in a way that manages risk without creating operational barriers that damage the firm’s competitiveness. Communication — the ability to translate regulatory complexity into clear and actionable guidance for a non-specialist business audience, and to report compliance risk accurately to the board. Integrity — the CCO is the firm’s regulatory conscience; the willingness to raise concerns and hold the line on compliance standards under commercial or executive pressure is the defining quality of the most effective CCO appointments.

CCO vs Chief Risk Officer vs General Counsel

The Chief Compliance Officer, Chief Risk Officer, and General Counsel carry related but distinct mandates that are frequently confused — particularly in smaller regulated firms where the functions may be combined or where the boundaries between them are not clearly defined.

The CCO is specifically accountable for regulatory compliance — ensuring the firm meets its obligations to the FCA and other regulators. The Chief Risk Officer is accountable for the firm’s broader risk management framework — financial risk, operational risk, credit risk, market risk — within which regulatory compliance risk sits as one element. In firms where both roles exist, the CCO and CRO need a clearly defined boundary and a working relationship that avoids both duplication and gaps. In smaller firms, the two functions are frequently combined under a single Chief Risk and Compliance Officer or Head of Risk and Compliance.

The General Counsel is the firm’s most senior lawyer, accountable for legal risk and the firm’s legal obligations — including contractual, litigation, employment, and corporate governance matters. The General Counsel’s remit overlaps with the CCO’s in areas where legal obligations and regulatory obligations intersect — data protection, financial crime, and certain conduct obligations — but the two roles carry different expertise and different accountability frameworks. In firms where both exist, clarity about who owns which obligations is essential to avoid the regulatory gaps that arise when each function assumes the other is covering a particular area.

CCO Salary — UK 2026 Benchmarks

CCO compensation in UK financial services varies significantly by firm size, regulatory complexity, and the seniority of the SMCR functions held. At smaller and boutique regulated firms, CCO base salaries typically range from £80,000 to £130,000. At mid-tier asset managers, wealth managers, and specialist lenders, base salaries of £130,000 to £220,000 are common. At large banks, insurers, and investment managers, CCO total packages — including substantial discretionary bonus — frequently exceed £300,000–£500,000. The personal accountability premium under SMCR — where the CCO carries direct regulatory risk that cannot be delegated — is a meaningful driver of the financial services compliance premium over CCO roles in non-regulated industries. Annual bonus at CCO level in financial services typically runs at 30–60% of base at mid-market scale, with the upper end of that range at larger and more profitable firms. Interim CCO and interim MLRO day rates range from £700 to £1,500 per day depending on the regulatory complexity of the mandate.

CCO Qualifications — What to Look For

There is no single standard qualification route to the CCO role. The International Compliance Association (ICA) and the Chartered Institute for Securities and Investment (CISI) both offer compliance qualifications that are widely held by compliance professionals in UK financial services. Legal qualifications — particularly where the CCO’s mandate has significant legal risk overlap — are increasingly common among senior CCO candidates. CAMS (Certified Anti-Money Laundering Specialist) qualification from ACAMS is the most widely recognised credential for MLRO-level AML expertise.

What distinguishes the strongest CCO candidates is not qualification level but the depth and relevance of their regulatory experience — specifically whether they have managed a supervisory visit or enforcement investigation, whether they have held an SMCR function with direct regulatory accountability, and whether they have built or rebuilt a compliance function rather than simply maintained one that was already operating effectively. These experiences test the judgement and authority the role demands in a way that managing a steady-state compliance function does not.