CRCO Recruitment

Chief Risk and Compliance Officer Recruitment

FD Capital recruits Chief Risk and Compliance Officers (CRCOs) for FCA-regulated businesses — the senior appointment that combines risk management and compliance leadership in a single role. The CRCO model is the right governance structure for many smaller and mid-size regulated businesses where the volume and complexity of risk and compliance work does not yet justify separate Chief Risk Officer and Chief Compliance Officer appointments, but where the Board, the FCA and the firm’s senior management need a credible, experienced professional with accountability for both functions. Adrian Lawrence FCA, founder of FD Capital and a Fellow of the ICAEW, leads FD Capital’s FCA regulated firms practice. Our CRCO candidates hold SMCR Senior Manager experience, have direct FCA supervisory engagement track records, and understand the specific demands of operating both the risk and compliance functions under regulatory scrutiny.

Call 020 3287 9501 or email recruitment@fdcapital.co.uk. Shortlists typically delivered within three to seven working days.

What Is a Chief Risk and Compliance Officer?

A Chief Risk and Compliance Officer holds accountability for both the risk management framework and the regulatory compliance programme of an FCA-regulated firm — functions that in larger, more complex businesses are typically led by separate senior executives (a Chief Risk Officer and a Chief Compliance Officer). In many regulated businesses — particularly those below approximately £200m AUM, GWP or revenue — combining both functions under one senior appointment is the right structural choice, providing consistent governance oversight while managing the cost of the senior leadership team proportionately.

The CRCO reports to the CEO or Board and typically attends both the Audit and Risk Committee and the Board in that capacity. In firms where both functions are combined, the CRCO’s Statement of Responsibilities under SMCR may cover prescribed responsibilities from both the risk function (aligned to SMF4 in dual-regulated firms) and the compliance function (aligned to the Compliance Oversight prescribed responsibility in solo-regulated firms). The SMCR structure of combined roles needs to be designed carefully to ensure the designated responsibilities are clearly allocated and defensible under FCA scrutiny — an area where FD Capital can advise alongside the placement process.

CRCO vs Separate CRO and CCO — When to Combine the Functions

The decision to appoint a combined CRCO rather than separate CRO and CCO depends primarily on the size, complexity and regulatory status of the firm. The indicators that a combined appointment is appropriate include: a risk and compliance function of fewer than five or six staff in total; risk and compliance workloads that are each manageable at a senior level across two to three days per week; a regulatory capital framework (ICARA, Solvency II, Basel) that does not require dedicated full-time risk leadership; and a conduct risk and FCA supervisory relationship that does not require a full-time compliance function at director level.

When these conditions are met, the combined CRCO role avoids the coordination overhead, potential gap in accountability and additional cost of two separate senior appointments, while providing the Board with a single clear point of accountability for the firm’s entire second-line risk and compliance function. As the firm grows and the complexity of both functions increases, the natural evolution is to split the role — typically promoting or recruiting a separate CCO first, as compliance workload often scales faster than pure risk management workload in growth-stage FCA-regulated businesses.

For firms that have already split the functions or where the complexity justifies separate appointments, see our dedicated Chief Risk Officer Recruitment and Chief Compliance Officer Recruitment pages.

CRCO Responsibilities in FCA-Regulated Businesses

Risk management framework

The CRCO owns the enterprise risk management framework — risk appetite statement, risk register, key risk indicator reporting, control self-assessment, risk event logging and Risk Committee reporting. In firms subject to the IFPR (Investment Firms Prudential Regime), the CRCO leads the Internal Capital Adequacy and Risk Assessment (ICARA) process, ensuring the firm’s capital and liquidity requirements are quantified, documented and defensible under FCA review. In insurance businesses, the CRCO oversees the Solvency II risk framework including the Own Risk and Solvency Assessment (ORSA). The FCA’s Systems and Controls sourcebook (SYSC) sets out the regulatory expectations for risk management that the CRCO is responsible for meeting.

Regulatory compliance programme

The CRCO manages the firm’s regulatory compliance obligations — monitoring the regulatory horizon, assessing the impact of new FCA and PRA rules, maintaining the compliance monitoring programme, overseeing the firm’s response to FCA supervisory engagement, and ensuring the management information presented to the Board and Risk and Compliance Committee accurately reflects the firm’s compliance position. Consumer Duty — the FCA’s most significant conduct intervention in recent years — requires ongoing monitoring of consumer outcomes, a governance structure with clear accountability, and regular Board reporting on outcome measurement. The CRCO typically owns the Consumer Duty implementation and monitoring framework. See our Consumer Duty Recruitment page for more detail on this specific area.

SMCR governance

The CRCO manages the firm’s SMCR governance obligations — maintaining the Responsibilities Map, managing Senior Manager approvals and notifications to the FCA, overseeing the Certified Persons regime, and ensuring the firm’s conduct rules training and attestation process is documented and up to date. In combined risk and compliance roles, the CRCO’s own Statement of Responsibilities must reflect their accountability for both functions clearly — FD Capital verifies that SMCR documentation is sound for every CRCO we place.

Financial crime and AML oversight

In many smaller regulated businesses, financial crime prevention — anti-money laundering, sanctions compliance and fraud prevention — sits within the CRCO’s remit alongside the risk and compliance functions. Where the CRCO also holds the MLRO designation, their responsibilities extend to the Suspicious Activity Reporting regime and the firm’s direct relationship with the National Crime Agency. FD Capital’s network includes senior professionals who have held both CRCO and MLRO responsibilities simultaneously. See our MLRO Recruitment page for the standalone MLRO profile.

FCA supervisory relationship

The CRCO manages the firm’s FCA supervisory relationship — preparing responses to FCA information requests, co-ordinating regulatory visits, and representing the firm in supervisory engagement on risk and compliance matters. A CRCO with a strong prior FCA supervisory relationship and a clean regulatory record is a material advantage for smaller regulated businesses whose FCA supervisory contact is forming a view of the firm’s governance quality.

Sectors Where the CRCO Model Is Most Common

Wealth management and investment firms

FCA-authorised investment managers, discretionary wealth managers and financial advisers below approximately £500m AUM typically benefit from a combined CRCO appointment. The ICARA obligation, the FCA’s investment firm supervisory engagement and the Consumer Duty requirements all demand senior governance attention, but at a scale where a combined role is proportionate and cost-effective.

Consumer credit and fintech

Consumer credit lenders, credit brokers, buy-now-pay-later businesses and fintech platforms regulated under the Consumer Credit Act and the FCA’s consumer credit sourcebook typically operate with a combined risk and compliance function at the senior level. The FCA’s Consumer Duty regime has significantly increased the compliance workload for consumer-facing businesses — making the CRCO appointment a higher-profile and more technically demanding role than it was prior to 2023.

Payments and e-money institutions

FCA-authorised payment institutions and e-money institutions face a specific risk and compliance landscape — operational resilience, PSD2 compliance, safeguarding requirements and increasingly the FCA’s payments supervision regime. The CRCO in a payments business typically combines oversight of the firm’s operational risk framework with management of its PSD2 compliance programme, its safeguarding audit, and its FCA regulatory relationship.

Insurance intermediaries and MGAs

FCA-regulated insurance brokers, intermediaries and managing general agents frequently combine risk and compliance oversight at the senior level. The CRCO in an MGA oversees the firm’s conduct risk framework under IDD, its SMCR governance, its bordereaux reporting controls and its delegated authority compliance — a genuinely broad remit that requires both risk and compliance expertise in a single individual.

CRCO Salary Guide UK 2026

The CRCO salary typically reflects a modest premium over a standalone CCO appointment at the same firm size, given the additional risk management accountability. For standalone role benchmarks see our CRO Recruitment and CCO Recruitment pages.

Related FCA Cluster Recruitment Services

Businesses considering a CRCO appointment may also be interested in: Chief Risk Officer Recruitment | CCO Recruitment | Risk and Compliance Recruitment | SMCR Compliance Recruitment | MLRO Recruitment | Consumer Duty Recruitment | Financial Crime Recruitment | Head of Regulatory Reporting | Section 166 Review | FCA Regulated Firms Recruitment