Director of Risk and Compliance Job Description

UK Director of Risk and Compliance Job Description

Comprehensive Reference Guide for the Director-Tier Risk and Compliance Role at UK SMEs and Mid-Market Firms Across Enterprise Risk Management, UK Regulatory Compliance Framework, FCA SMCR Intersection, Sector-Specific Compliance and Senior Consolidated Risk and Compliance Leadership

A UK Director of Risk and Compliance is the senior consolidated risk and compliance leader at a UK SME or mid-market firm with senior accountability for the firm’s enterprise risk management framework, UK regulatory compliance framework, sector-specific compliance framework, financial crime compliance framework where applicable, data protection compliance framework, anti-bribery and anti-corruption framework, sanctions compliance framework, modern slavery compliance framework, internal compliance monitoring framework, regulatory reporting framework, regulatory engagement at senior commercial tier, and the wider senior consolidated risk and compliance leadership dimensions. The Director of Risk and Compliance designation is the standard senior consolidated Director-tier risk and compliance leadership designation at UK SMEs and mid-market firms operating with combined risk and compliance function rather than separate senior risk leadership and senior compliance leadership designs. The Director of Risk and Compliance typically reports to the Chief Executive, Managing Director, Chief Operating Officer, or Chief Financial Officer at UK SMEs and mid-market firms — distinct from the Chief Compliance Officer (CCO) designation at C-Suite tier at UK scaling firms operating with senior C-Suite tier compliance leadership designs (see Chief Compliance Officer Job Description) and distinct from the Chief Risk Officer (CRO) designation at C-Suite tier at UK scaling firms operating with senior C-Suite tier risk leadership designs (see Chief Risk Officer Job Description).

This UK Director of Risk and Compliance job description reference covers the role specification at UK SMEs and mid-market firms, the principal UK regulatory framework applicable to senior consolidated risk and compliance leadership (ISO 31000 enterprise risk management framework, UK GDPR and Data Protection Act 2018, Bribery Act 2010 adequate procedures framework, UK Sanctions framework, Money Laundering Regulations 2017 where applicable, Modern Slavery Act 2015, FCA SMCR framework intersection at FCA-regulated firms), the principal UK firm sector scenarios for consolidated Director-tier risk and compliance leadership, the UK risk and compliance professional qualification framework (ICA, ACAMS, IRM, CISI, law qualifications), the senior commercial distinction between Director of Risk and Compliance, CCO, and CRO designations, the realistic compensation calibration by firm scale and sector, cross-portfolio architecture for senior FCA SMF holder appointments, and a sample Director of Risk and Compliance job description structure that UK SMEs and mid-market firms can adapt for senior recruitment. For broader UK risk and compliance recruitment service engagement see Compliance and Risk Recruitment.

The Director of Risk and Compliance Role at UK SMEs and Mid-Market Firms

The Director of Risk and Compliance at a UK SME or mid-market firm is the senior consolidated risk and compliance leader with senior accountability for the firm’s enterprise risk management framework, UK regulatory compliance framework, sector-specific compliance framework, financial crime compliance framework where applicable, data protection compliance framework, anti-bribery and anti-corruption framework, sanctions compliance framework where applicable, modern slavery compliance framework, internal compliance monitoring framework, regulatory reporting framework, regulatory engagement at senior commercial tier, and the wider senior consolidated risk and compliance leadership dimensions. The role typically reports to the Chief Executive, Managing Director, Chief Operating Officer, or Chief Financial Officer at UK SMEs and mid-market firms.

The senior Director of Risk and Compliance designation is most prevalent at the following UK firm scenarios.

UK FCA-regulated firms at SME and mid-market scale — UK FCA-authorised firms at SME and mid-market scale (typical revenue £5-100 million) frequently appoint Directors of Risk and Compliance with senior consolidated FCA-regulated risk and compliance scope. UK FCA-regulated firm Director of Risk and Compliance scope typically extends across FCA SMCR framework leadership at SMF16 Compliance Oversight designation, FCA SMF17 MLRO designation where combined at smaller UK FCA-regulated firms, FCA Conduct Rules framework leadership, FCA Financial Crime Guide framework leadership, FCA Operational Resilience framework intersection where applicable, FCA Consumer Duty framework intersection where applicable to retail-facing UK FCA-regulated firms, FCA-specific regulatory reporting framework, FCA supervisory engagement at senior commercial tier, and the wider senior consolidated FCA-regulated risk and compliance dimensions. Cross-portfolio: senior SMF16 / SMF17 / SMF4 (Chief Risk function) appointments at UK FCA-regulated firms at material seniority operate within FD Capital cross-portfolio senior commercial authority — see sister site FD Capital.

UK SMEs and mid-market commercial firms with consolidated R&C function — UK SMEs and UK mid-market commercial firms operating with consolidated risk and compliance function rather than separate senior risk and senior compliance designs frequently appoint Directors of Risk and Compliance as senior consolidated risk and compliance leaders. UK SME and mid-market commercial firm Director of Risk and Compliance scope typically extends across enterprise risk management framework leadership, UK regulatory compliance framework leadership across UK GDPR, Bribery Act 2010, Modern Slavery Act 2015, sector-specific compliance frameworks, internal compliance monitoring framework, and the wider senior consolidated risk and compliance dimensions specific to UK SME and mid-market commercial firm operations.

UK PE-backed firms with portfolio risk and compliance scope — UK PE-backed firms frequently appoint Directors of Risk and Compliance with PE-backed firm-specific senior consolidated risk and compliance scope including PE-backed firm enterprise risk framework leadership during PE hold periods, PE-backed firm regulatory compliance framework, M&A risk and compliance framework leadership during bolt-on acquisitions where applicable, post-acquisition compliance integration leadership where applicable, PE-backed firm exit-readiness compliance framework, and the wider senior consolidated risk and compliance dimensions specific to UK PE-backed firm operations.

UK manufacturing and industrial firms — UK manufacturing firms and UK industrial firms frequently appoint Directors of Risk and Compliance with manufacturing/industrial-specific senior consolidated risk and compliance scope including HASAWA 1974 framework leadership intersection with senior Technical Director leadership, environmental compliance framework leadership including environmental permitting framework, technical compliance framework intersection at sector-specific manufacturing compliance frameworks (CE/UKCA marking, sector-specific manufacturing regulatory frameworks), Modern Slavery Act 2015 manufacturing supply chain framework leadership, and the wider senior consolidated risk and compliance dimensions specific to UK manufacturing and industrial firm operations.

UK professional services firms — UK professional services firms frequently appoint Directors of Risk and Compliance with professional services-specific senior consolidated risk and compliance scope including professional indemnity (PI) risk framework leadership, professional services regulatory compliance framework (sector-specific regulatory bodies including SRA at UK legal services firms, ICAEW at UK accountancy firms operating with chartered firm framework, sector-specific professional services regulatory bodies), client conflict and confidentiality framework, professional services data protection framework, and the wider senior consolidated risk and compliance dimensions specific to UK professional services firm operations.

UK technology and digital firms — UK technology firms and UK digital firms frequently appoint Directors of Risk and Compliance with technology-specific senior consolidated risk and compliance scope including cyber risk framework leadership, UK GDPR and Data Protection Act 2018 framework leadership, Cyber Essentials and Cyber Essentials Plus framework where applicable, ISO 27001 framework where applicable, cyber incident response framework, Online Safety Act 2023 framework where applicable, Digital Markets Competition and Consumers Act 2024 framework where applicable, and the wider senior consolidated risk and compliance dimensions specific to UK technology and digital firm operations.

UK regulated sector firms — MHRA, HSE, sector-specific — UK firms operating in sector-specific regulated commercial sectors (UK pharmaceutical and medical device firms operating under MHRA framework, UK firms with material HSE-regulated dimensions, UK firms operating in selected regulated sectors) frequently appoint Directors of Risk and Compliance with sector-specific consolidated risk and compliance scope including sector-specific regulatory framework leadership, sector-specific regulatory engagement at senior commercial tier, sector-specific compliance reporting framework, and the wider senior consolidated risk and compliance dimensions specific to the firm’s regulated sector context.

UK public sector and mission-driven sector organisations — selected UK public sector organisations and UK mission-driven sector organisations (NHS organisations at SME and mid-market trust scale, UK universities at material trust scale, UK major charities, UK housing associations, UK MATs) appoint Directors of Risk and Compliance with senior consolidated risk and compliance scope specific to UK public sector and mission-driven sector frameworks. Selected UK public sector Director of Risk and Compliance appointments operate within sector-specific regulatory frameworks.

Director of Risk and Compliance vs CCO vs CRO — The Senior Distinctions

The senior distinction between Director of Risk and Compliance, Chief Compliance Officer (CCO), and Chief Risk Officer (CRO) designations operates principally across firm scale, senior tier within firm structure, and senior accountability scope dimensions specific to each designation.

Director of Risk and Compliance — senior consolidated Director-tier risk and compliance leader at UK SMEs and mid-market firms operating with combined risk and compliance function. Director of Risk and Compliance scope combines senior risk leadership and senior compliance leadership within one consolidated Director-tier designation, distinct from separate senior CCO and senior CRO designations at C-Suite tier.

Chief Compliance Officer (CCO) — senior C-Suite tier compliance leader at UK scaling firms, UK FTSE-listed firms, UK PE-backed firms operating at scale, and UK firms operating with senior C-Suite tier compliance leadership designs. CCO scope focuses specifically on senior compliance leadership at C-Suite tier distinct from senior risk leadership at the same firm. UK CCO designations operate predominantly at scaling and major UK firms with formal C-Suite tier organisational designs. For UK Chief Compliance Officer Job Description reference see Chief Compliance Officer Job Description.

Chief Risk Officer (CRO) — senior C-Suite tier risk leader at UK scaling firms, UK FTSE-listed firms, UK PE-backed firms operating at scale, and UK firms operating with senior C-Suite tier risk leadership designs. CRO scope focuses specifically on senior risk leadership at C-Suite tier distinct from senior compliance leadership at the same firm. UK CRO designations operate predominantly at scaling and major UK firms with formal C-Suite tier organisational designs. UK FCA-regulated banks and UK PRA-regulated insurers typically operate with formal CRO designation under SMCR SMF4 (Chief Risk function) framework. For UK Chief Risk Officer Job Description reference see Chief Risk Officer Job Description.

Senior tier within firm structure — Director of Risk and Compliance designation typically operates at senior director tier reporting to CEO/MD/COO/CFO. CCO and CRO designations typically operate at C-Suite tier reporting to Chief Executive Officer alongside other C-Suite leaders.

Compensation calibration distinction — UK Director of Risk and Compliance compensation typically operates in the £85,000-£250,000 range depending on firm scale and sector. UK CCO and CRO compensation typically operates in the £180,000-£500,000+ range reflecting C-Suite tier and senior commercial dimensions. UK FCA-regulated firm CRO compensation at major UK FCA-regulated firms operates with materially different senior commercial dimensions reflecting SMF4 designation and senior commercial dimensions specific to UK FCA-regulated bank and insurer CRO scope.

UK Regulatory Framework for Senior Consolidated Risk and Compliance Leadership

UK Director of Risk and Compliance regulatory scope operates within a UK regulatory framework that meaningfully shapes senior consolidated risk and compliance leadership accountability at UK firms.

ISO 31000 — Enterprise Risk Management framework — the international standard for enterprise risk management with associated senior Director of Risk and Compliance accountability for ISO 31000 framework application across the firm’s enterprise risk management dimensions. ISO 31000 framework dimensions include risk management principles framework, risk management framework architecture, risk assessment framework (risk identification, risk analysis, risk evaluation), risk treatment framework, monitoring and review framework, communication and consultation framework, and the wider enterprise risk management dimensions.

UK GDPR and Data Protection Act 2018 — the principal UK data protection framework with associated senior Director of Risk and Compliance accountability for data protection compliance framework application including data protection lawful bases framework, consent management framework, data subject rights framework, data retention framework, data security framework, data breach response framework, ICO regulatory engagement framework, and the wider data protection compliance dimensions.

Bribery Act 2010 — adequate procedures framework — the UK anti-bribery framework with associated senior Director of Risk and Compliance accountability for adequate procedures framework application across the firm’s commercial relationship dimensions, hospitality and gifts framework, third-party agent framework where applicable, partnership due diligence framework, and the wider Bribery Act 2010 framework dimensions.

UK Sanctions framework and OFSI compliance — UK firms operating with international dimensions operate under UK Sanctions framework administered by the Office of Financial Sanctions Implementation (OFSI) with associated senior Director of Risk and Compliance accountability for sanctions compliance framework, sanctioned country and sanctioned person screening framework, OFSI reporting framework where applicable, and the wider UK Sanctions framework dimensions.

Money Laundering Regulations 2017 (MLR 2017) — UK firms within scope of Money Laundering Regulations 2017 operate under MLR 2017 framework with associated senior Director of Risk and Compliance accountability for MLR 2017 framework application including customer due diligence framework, enhanced due diligence framework where applicable, ongoing monitoring framework, suspicious activity reporting framework, MLR 2017 record keeping framework, and the wider Money Laundering Regulations 2017 framework dimensions. MLRO designation framework intersection is particularly material at UK firms within scope of MLR 2017.

Modern Slavery Act 2015 — UK firms with annual turnover exceeding £36 million operate under Modern Slavery Act 2015 section 54 annual statement obligations with associated senior Director of Risk and Compliance accountability for modern slavery compliance framework, supply chain due diligence framework, modern slavery statement framework, and the wider Modern Slavery Act framework dimensions.

FCA Senior Managers and Certification Regime (SMCR) — at UK FCA-regulated firms, the FCA Senior Managers and Certification Regime with associated senior Director of Risk and Compliance accountability under SMCR framework. UK Director of Risk and Compliance SMCR designations typically include SMF16 Compliance Oversight at UK FCA-regulated firms requiring senior Compliance Officer designation, frequently combined with SMF17 MLRO at smaller UK FCA-regulated firms. UK Director of Risk and Compliance SMCR appointments require FCA pre-approval through Form A submission, fit-and-proper assessment, regulatory references from previous FCA-regulated firms, and ongoing personal regulatory accountability under SMCR Conduct Rules framework.

FCA Conduct Rules — at UK FCA-regulated firms, the FCA Conduct Rules framework with associated senior Director of Risk and Compliance accountability for Conduct Rules framework application across the firm. FCA Conduct Rules framework dimensions include Individual Conduct Rules framework, Senior Manager Conduct Rules framework, conduct rules training framework, conduct rules breach reporting framework, and the wider FCA Conduct Rules framework dimensions specific to UK FCA-regulated firms.

FCA Financial Crime Guide — at UK FCA-regulated firms, the FCA Financial Crime Guide framework with associated senior Director of Risk and Compliance accountability for financial crime framework including AML framework, CFT (counter financing of terrorism) framework, sanctions framework, fraud framework, market abuse framework where applicable, and the wider FCA Financial Crime Guide framework dimensions.

FCA Operational Resilience and Consumer Duty — at UK FCA-regulated firms, the FCA Operational Resilience framework introduced March 2022 and the FCA Consumer Duty framework introduced 31 July 2023 with associated senior Director of Risk and Compliance intersection accountability where applicable to the firm’s FCA-regulated commercial scope.

HASAWA 1974 and UK health and safety framework — at UK firms with material health and safety dimensions (manufacturing, construction, engineering services, chemical, selected adjacent firms), the Health and Safety at Work Act 1974 framework with associated senior Director of Risk and Compliance intersection accountability for health and safety framework application across the firm’s operations.

Sector-specific UK regulatory frameworks — UK Director of Risk and Compliance appointments at UK firms operating in regulated commercial sectors require familiarity with sector-specific UK regulatory framework dimensions including FCA framework at UK financial services firms, MHRA framework at UK pharmaceutical and medical device firms, HSE framework at UK firms with material technical health and safety dimensions, sector-specific regulatory bodies, and the wider sector-specific regulatory frameworks specific to the firm’s commercial sector.

Principal UK Director of Risk and Compliance Responsibilities

UK Director of Risk and Compliance responsibilities vary across UK firm sectors but typically extend across the following senior consolidated risk and compliance dimensions at most UK firms.

Senior consolidated risk and compliance strategy leadership — owning the firm’s senior consolidated risk and compliance strategy across enterprise risk management strategy, regulatory compliance strategy, financial crime compliance strategy where applicable, data protection compliance strategy, sector-specific compliance strategy, and the wider senior consolidated risk and compliance strategy dimensions specific to the firm.

Enterprise risk management framework leadership — leading the firm’s enterprise risk management framework across risk identification framework, risk assessment framework, risk treatment framework, risk monitoring framework, risk reporting framework, risk appetite framework, key risk indicator framework, and the wider enterprise risk management dimensions specific to UK firms.

UK regulatory compliance framework leadership — leading the firm’s UK regulatory compliance framework across UK GDPR framework leadership, Bribery Act 2010 framework leadership, UK Sanctions framework leadership, MLR 2017 framework leadership where applicable, Modern Slavery Act 2015 framework leadership, sector-specific regulatory framework leadership, and the wider UK regulatory compliance dimensions specific to UK firms.

FCA SMCR framework leadership at UK FCA-regulated firms — at UK FCA-regulated firms, leading the firm’s FCA SMCR framework application including SMCR senior manager framework, SMCR certification regime framework, SMCR Conduct Rules framework, FCA Form A senior manager pre-approval framework, FCA regulatory references framework, and the wider FCA SMCR framework dimensions specific to UK FCA-regulated firms.

Financial crime compliance framework leadership where applicable — at UK firms within scope of financial crime regulatory framework, leading the firm’s financial crime compliance framework including AML framework leadership, CFT framework leadership, sanctions framework leadership, fraud framework leadership, market abuse framework leadership where applicable, MLRO function leadership where designated, suspicious activity reporting framework, and the wider financial crime compliance dimensions.

Data protection compliance framework leadership — leading the firm’s data protection compliance framework including UK GDPR framework application, ICO regulatory engagement framework, Data Protection Officer (DPO) function leadership where applicable, data subject rights framework, data breach response framework, international data transfer framework where applicable, and the wider data protection compliance dimensions.

Internal compliance monitoring framework leadership — leading the firm’s internal compliance monitoring framework across compliance monitoring programme framework, compliance audit framework, compliance reporting framework to senior leadership and Board, compliance training framework, compliance policy framework, and the wider internal compliance monitoring dimensions specific to UK firms.

Regulatory engagement at senior commercial tier — leading the firm’s regulatory engagement at senior commercial tier across senior regulator engagement framework, regulatory submission framework, regulatory inspection and supervisory engagement where applicable, regulatory reporting framework, regulatory enforcement framework engagement where applicable, and the wider regulatory engagement dimensions specific to senior consolidated risk and compliance scope.

Senior risk and compliance team leadership — leading the firm’s senior risk and compliance team typically numbering 3-12+ senior risk and compliance direct reports at UK SME and mid-market firm scale (typically including Compliance Manager, Risk Manager, MLRO where designated separately, Data Protection Officer where designated separately, Compliance Monitoring Manager, and other senior risk and compliance team members specific to the firm’s structure).

Senior commercial leadership team and Board engagement — engaging at senior commercial leadership team and Board level on senior consolidated risk and compliance dimensions including senior risk and compliance reporting at senior leadership team and Board tier, senior risk and compliance strategic engagement at senior leadership team and Board tier, senior risk appetite engagement at Board tier, and the wider senior commercial leadership team and Board engagement dimensions specific to senior consolidated risk and compliance scope.

UK Director of Risk and Compliance Required Experience

UK Director of Risk and Compliance appointments typically require senior consolidated risk and compliance career experience across the following dimensions, with specific requirements varying by firm sector.

Senior consolidated risk and compliance leadership career background — typically 12-20+ years of senior risk and compliance career experience including prior Director of Risk and Compliance experience at peer UK SME or mid-market firms, prior senior risk or senior compliance leadership experience (Head of Compliance, Head of Risk, Senior Compliance Manager, Senior Risk Manager) at major UK firms with senior risk or compliance scope that meaningfully maps to consolidated Director-tier risk and compliance scope.

Sector-specific risk and compliance career background — UK Director of Risk and Compliance appointments typically require senior career background in the firm’s commercial sector or commercially adjacent sectors with senior risk and compliance dimensions that meaningfully map to the firm’s senior risk and compliance requirements. Sector-specific senior risk and compliance career background requirements operate with material variation across UK firm sectors — UK FCA-regulated firm Director of Risk and Compliance candidates typically come from FCA-regulated firm risk and compliance backgrounds; UK manufacturing Director of Risk and Compliance candidates typically come from manufacturing risk and compliance backgrounds; UK technology Director of Risk and Compliance candidates typically come from technology and cyber risk backgrounds.

FCA SMCR framework career background at UK FCA-regulated firms — UK Director of Risk and Compliance appointments at UK FCA-regulated firms typically require demonstrable FCA SMCR framework career background including prior FCA SMCR senior manager experience at SMF16 / SMF17 / other relevant SMF designations, FCA Form A senior manager pre-approval career background, FCA regulatory engagement career background, and the wider FCA SMCR framework career dimensions.

Senior risk and compliance team leadership career background — UK Director of Risk and Compliance appointments typically require demonstrable senior risk and compliance team leadership career background including prior senior risk and compliance team management of typically 3-12+ senior risk and compliance direct reports, prior senior risk and compliance recruitment of risk and compliance team members, and the wider senior risk and compliance team leadership career dimensions.

Senior regulatory engagement career background — UK Director of Risk and Compliance appointments typically require demonstrable senior regulatory engagement career background including prior senior regulator engagement at the principal UK regulators applicable to the firm’s commercial sector (FCA, ICO, HSE, MHRA, sector-specific regulators), prior senior regulatory submission career background, prior senior regulatory inspection and supervisory engagement career background where applicable, and the wider senior regulatory engagement career dimensions.

UK Director of Risk and Compliance Qualifications Framework

UK Director of Risk and Compliance appointments typically require senior risk and compliance professional qualification credentials across multiple recognised frameworks.

ICA — International Compliance Association — the principal UK risk and compliance professional qualification framework with ICA membership at International Diploma in Governance, Risk and Compliance tier operating as the standard senior UK consolidated risk and compliance professional credential. ICA International Diploma in Governance, Risk and Compliance is particularly material at UK senior Director of Risk and Compliance appointments where formal consolidated risk and compliance professional credentials are specified. Selected senior UK Director of Risk and Compliance appointments include preferences for ICA Fellow (FICA) status at the most senior tier.

ACAMS — Association of Certified Anti-Money Laundering Specialists — the principal AML professional qualification, with CAMS (Certified Anti-Money Laundering Specialist) credentials operating as the standard senior AML credential at UK Director of Risk and Compliance appointments at firms within scope of MLR 2017 framework. CAMS qualification is particularly material at UK Director of Risk and Compliance appointments at UK FCA-regulated firms and at UK firms within scope of MLR 2017 financial crime framework.

IRM — Institute of Risk Management — the principal UK risk management professional qualification framework with IRM membership at International Certificate, International Diploma, and IRM Fellow (FIRM) tier operating as standard senior UK risk management professional credentials at UK senior risk leadership appointments.

CISI — Chartered Institute for Securities & Investment — at UK FCA-regulated firms, CISI qualifications including CISI Diploma in Investment Compliance and CISI Diploma in Investment Operations are particularly material at UK senior Director of Risk and Compliance appointments at UK FCA-regulated firms operating with investment management or investment operations dimensions.

Law qualifications — UK senior Director of Risk and Compliance appointments at UK firms with material legal-regulatory dimensions frequently include law qualification preferences (LLB, qualified Solicitor or Barrister status) particularly at UK senior Director of Risk and Compliance appointments combining senior risk and compliance dimensions with senior legal dimensions.

Accountancy qualifications — UK senior Director of Risk and Compliance appointments at UK firms with material financial-regulatory dimensions frequently include preferences for senior accountancy qualifications (ICAEW Chartered Accountant ACA/FCA, ACCA Chartered Certified Accountant FCCA, CIMA Chartered Management Accountant FCMA, ICAS Chartered Accountant CA) particularly at UK senior Director of Risk and Compliance appointments combining senior risk and compliance dimensions with senior financial dimensions.

Educational background — UK Directors of Risk and Compliance typically hold undergraduate degrees in law, finance, business, or sector-relevant disciplines (most commonly from UK universities) with selected senior Director of Risk and Compliance candidates holding postgraduate qualifications (MBA, MA Risk Management, MSc Compliance, specialised risk and compliance qualifications).

UK Director of Risk and Compliance Compensation Calibration

UK Director of Risk and Compliance compensation varies materially with firm scale, sector, and senior accountability scope.

UK SME Director of Risk and Compliance (typical revenue £5-30 million) — typical UK base salary range £85,000-£130,000, with bonus typically 15-30% of base plus selected long-term incentive arrangements where applicable at PE-backed UK SME firms. Total compensation typically £100,000-£175,000 across cash and selected equity arrangements.

UK mid-market firm Director of Risk and Compliance (typical revenue £30-100 million) — typical UK base salary range £125,000-£200,000, with bonus typically 20-40% of base plus long-term incentive arrangements. Total compensation typically £150,000-£280,000 across cash and equity arrangements at UK mid-market firms.

UK FCA-regulated SME and mid-market firm Director of Risk and Compliance — typical UK base salary range £130,000-£220,000 reflecting senior commercial dimensions specific to UK FCA-regulated firm consolidated risk and compliance scope including SMF16 Compliance Oversight designation and frequently combined SMF17 MLRO designation at smaller UK FCA-regulated firms. Total compensation typically £160,000-£300,000 across cash and equity arrangements at UK FCA-regulated SME and mid-market firms, with selected major UK FCA-regulated firms operating at the upper end of the range reflecting senior FCA-regulated firm consolidated risk and compliance dimensions.

UK PE-backed firm Director of Risk and Compliance — typical UK base salary range £130,000-£200,000, with bonus typically 20-40% of base plus material sweet equity participation in the platform structure. Total cash compensation typically £160,000-£275,000 plus sweet equity that potentially adds material economic value at successful PE-firm exits across multi-year hold periods.

Cross-Portfolio Architecture for Senior FCA-Regulated Risk and Compliance Appointments

Senior FCA-regulated risk and compliance appointments at UK FCA-authorised firms operate across the Exec Capital portfolio with cross-portfolio architecture specific to senior FCA SMF holder appointments at UK FCA-regulated firms.

Senior CRO appointments at UK FCA-regulated banks and PRA-regulated insurers — senior CRO appointments at UK FCA-regulated banks and UK PRA-regulated insurers operating at SMF4 Chief Risk function designation at material seniority operate within FD Capital cross-portfolio senior commercial CRO authority — see sister site FD Capital. UK FCA-regulated bank and UK PRA-regulated insurer senior CRO appointments operate with senior commercial dimensions distinct from broader UK senior CRO appointments at scaling firms.

Senior CCO appointments at UK FCA-regulated firms at scale — senior CCO appointments at UK FCA-regulated firms at scale operating at SMF16 designation with senior commercial dimensions specific to scale UK FCA-regulated firm operations operate within FD Capital cross-portfolio senior commercial CCO authority — see sister site FD Capital.

Senior MLRO appointments at UK FCA-regulated firms with material AML scope — senior MLRO appointments at UK FCA-regulated firms with material AML scope and depth requirements operating at SMF17 designation operate within FD Capital cross-portfolio senior commercial MLRO authority — see sister site FD Capital. Part-time and fractional MLRO arrangements at UK firms within scope of MLR 2017 operate within Exec Capital — see Part-Time MLRO.

Director of Risk and Compliance appointments at UK SMEs and mid-market firms — senior consolidated Director of Risk and Compliance appointments at UK SMEs and mid-market firms (this page scope) operate within Exec Capital senior consolidated risk and compliance authority across UK SME and mid-market firm scenarios.

Sample UK Director of Risk and Compliance Job Description Structure

The following sample UK Director of Risk and Compliance job description structure can be adapted by UK SMEs and mid-market firms specifying senior consolidated Director of Risk and Compliance requirements internally and externally.

Position title — Director of Risk and Compliance [or alternative designation: Risk and Compliance Director, Head of Risk and Compliance, Director of Compliance and Risk at firms operating with selected designation alternatives].

Reporting line — Reports to [Chief Executive / Managing Director / Chief Operating Officer / Chief Financial Officer] with senior accountability to [Board where applicable, Risk and Compliance Committee where applicable, senior shareholders, PE Investment Director at PE-backed firms].

Senior direct reports — Risk and compliance team typically including [list senior direct reports — typically Compliance Manager, Risk Manager, MLRO where designated separately, Data Protection Officer where designated separately, Compliance Monitoring Manager, and other senior risk and compliance team members specific to the firm’s structure].

Role purpose — to lead [firm name] across [senior consolidated risk and compliance strategy leadership, enterprise risk management framework leadership, UK regulatory compliance framework leadership, FCA SMCR framework leadership where applicable at UK FCA-regulated firms, financial crime compliance framework leadership where applicable, data protection compliance framework leadership, internal compliance monitoring framework leadership, regulatory engagement at senior commercial tier, senior risk and compliance team leadership, senior commercial leadership team and Board engagement, and the wider senior consolidated risk and compliance dimensions specific to the firm].

Principal responsibilities — adapt the principal responsibilities section above to the specific senior consolidated risk and compliance dimensions of the firm.

Required experience — adapt the required experience section above to the specific senior career background requirements of the firm.

Required qualifications — typically specify any required or preferred professional qualifications including ICA International Diploma in Governance, Risk and Compliance, ACAMS CAMS at firms within scope of MLR 2017 financial crime framework, IRM credentials at firms with material risk management framework dimensions, CISI credentials at UK FCA-regulated firms, law qualifications where applicable, and accountancy qualifications where applicable.

Compensation framework — base salary range, bonus arrangements, long-term incentive participation where applicable, benefits framework including pension, and any sector-specific compensation arrangements.

Application process — application instructions, senior search firm engagement where applicable, FCA Form A senior manager pre-approval framework where applicable to UK FCA-regulated firms, regulatory references framework where applicable, interview process structure, senior reference and assessment requirements.

From Director of Risk and Compliance Job Description to Senior Search

The Director of Risk and Compliance job description is the principal artifact through which UK SMEs and mid-market firms specify the senior consolidated Director of Risk and Compliance role. The job description supports senior Director of Risk and Compliance recruitment by articulating the senior specifications externally to candidates, internally to the senior leadership team, and to senior search firms engaged on senior Director of Risk and Compliance recruitment mandates.

For broader UK senior risk and compliance recruitment service engagement, see Compliance and Risk Recruitment. For senior CCO senior search at UK scaling firms operating with C-Suite tier compliance leadership designs see Chief Compliance Officer Job Description. For senior CRO senior search at UK scaling firms operating with C-Suite tier risk leadership designs see Chief Risk Officer Job Description. For UK part-time and fractional MLRO arrangements at UK firms within scope of MLR 2017 see Part-Time MLRO. For senior FCA-regulated firm CFO and SMF appointments at material seniority see sister site FD Capital.

Senior UK Director of Risk and Compliance recruitment at Exec Capital follows a retained methodology calibrated to the specific dynamics of UK SME and mid-market firm Director of Risk and Compliance recruitment. Senior search engagement begins with structured brief development that articulates the firm scenario, sector context, regulatory framework requirements, FCA SMCR framework requirements where applicable, professional qualification requirements, and the senior commercial dimensions specific to the firm. Every senior Director of Risk and Compliance mandate at Exec Capital is led personally by Adrian Lawrence FCA.