Compliance Comes of Age in Turbulent Times

Leadership StrategiesSuccessionFinancial ServicesBoard and CEO AdvisoryLegal, Risk, and Compliance OfficersExecutive Search
min Report
December 18, 2019
14 min
Leadership StrategiesSuccessionFinancial ServicesBoard and CEO AdvisoryLegal, Risk, and Compliance OfficersExecutive Search
To better understand the changing compliance landscape, we analyzed the compliance function at 100 of the largest financial services firms. 

Compliance today 

To undertake our analysis, we have divided the financial services sector into three categories: banking, asset management and insurance. Due to the distinct nature of the operating principles and regulations impacting each subset, it makes sense to analyze them separately.


It is a complicated time to be in financial services, as regulations continue to grow in scope and complexity, with digital transformation being one of the single biggest contributors to regulatory change. International firms are subject to ever-evolving regulations set by more than 750 global regulatory bodies and governing businesses.1 As the sheer amount of financial data grows, so does the challenge of storing it securely and providing it to regulators at a moment’s notice.

Given these mounting pressures, it is no surprise that financial organizations around the world are continuing to increase their investment in the compliance function. In fact, one study found that 89 percent of respondents in banking, insurance and asset management planned to increase spending on compliance in 2019.2 This has given rise to the importance of the chief compliance officer as the leader of a function receiving increasing amounts of funding, scrutiny and focus.

Compliance function maturity—current state

Compliance ultimately sits underneath the general counsel in 30 percent of financial services firms (see Figure 1). Where compliance programs have been under heavier scrutiny for a longer period of time, legal and compliance issues are viewed as distinct, independent and complementary; it is therefore unsurprising to see that in banking it is extremely rare to find a general counsel with compliance oversight. While most of the time compliance leaders will hold a purely compliance remit, a quarter of the time something else (usually directly related) will be called out in their title, e.g., integrity, ethics, risk, financial security, regulatory affairs or privacy. For example, one client of Russell Reynolds Associates is evolving the compliance function into “compliance and corporate integrity,” given how important integrity is to both consumers and regulators. Companies are adding weight to the chief compliance officer role by pairing it with other significant corporate priorities.


In 2015, Russell Reynolds Associates found that 35 percent of companies had hired a new chief compliance officer in the previous three years and that 43 percent of hires were external. These high levels of turnover and external hires pointed toward a function in a state of flux. Fast-forward nearly five years and the same story stands: Thirty-nine percent (see Figure 2a) of the group studied are new to the role since 2017 and a steady 44 percent (see Figure 2b) of appointments have been external.

Below is a deeper look at specific industries that drills down into these trends further.




As the industry where chief compliance officers are most likely to sit on the executive committee (see Figure 1), banks are leading the way when it comes to setting the compliance standard. Banks have the highest rate of turnover, with 59 percent of banking chief compliance officers new to the role since 2017 (vs. 19 percent in insurance and 39 percent in asset management) (see Figure 2a). Interestingly, reflecting maturity of compliance leadership in banking, banks are promoting from within in 78 percent of cases (an increase from the 54 percent found in 2015) (see Figure 2b). This trend signals that banks have successfully met the challenge of developing richer internal compliance talent and shows a preference to promote an incumbent with prior knowledge of internal intricacies. On average, internal hires at banks spent 10 years at the organization prior to their promotion to chief compliance officer. Of those hired externally, three out of the seven came from other banks and one moved over from an asset manager (with the remaining three moving from a role in government, a role at a law firm and a role at a professional services firm).



Fifty percent of banking chief compliance officers held a compliance-focused role most recently (see Figure 3), showing it is still commonplace to see a preference for compliance veterans. Yet recent appointments reveal a rise in the number of general managers or business leaders appointed into the chief compliance officer role, with this profile accounting for a quarter of new hires since 2017 (and none previously). This shift goes hand in hand with the increasing focus on looking to banking chief compliance officers to drive cultural change, above and beyond simply managing the approach to regulation. It also underscores the importance of pairing compliance with an understanding of how the business operates so that it is no longer simply a theoretical exercise but is truly integrated.

There is also significant movement between functions, when internal hires alone are considered, 29 percent have moved over from roles in legal, finance or risk. No longer is legal the prominent training ground; a greater emphasis on process and operations controls as well as testing and assurance means finance executives are increasingly sought after as compliance leaders.

Key takeaways on banking Chief Compliance Officers: 

  • A large number sit on the executive committee (and resultingly frequently have board exposure), requiring a certain level of gravitas in incumbents
  • High turnover among the group in recent years is a sign of instability in the function
  • Increasing number of leaders with business backgrounds moving into chief compliance role

Asset managers

At asset managers, compliance reports into legal 27 percent of the time (vs. 5 percent at banks and 57 percent at insurance companies) (see Figure 1). Traditionally, legal and compliance remained closely aligned within asset management firms, given the strong focus on operational risk (while investment risk is typically handled by investment teams). This focus is similar to the compliance focus at banks. We expect the proportion with overlapping functions to reduce over time as asset managers continue to move closer to banks in terms of maturity.

Thirty-nine percent of asset managers have replaced their chief compliance officer since the start of 2017 (see Figure 2a). While external hires are high at at 58 percent (see Figure 2b), the proportion has fallen since our last study in 2015, when 63 percent of appointments were external, showing signs of improvement in terms of internal bench strength. On average, those internally promoted at asset managers spent only six years at the company prior to their appointment (vs. 10 and 14 years at banks and insurance companies, respectively). This is likely to increase as the bench strength of compliance talent at asset managers continues to improve. When asset managers do look externally, their preference is for an individual with industry-specific expertise, with asset managers hiring from direct competitors on two-thirds of occasions.


As is the case with banking, the majority of asset management chief compliance officers held a compliance role previously (60 percent), with a third of external hires moving over from the equivalent role elsewhere. The multifaceted “business” focus associated with banking chief compliance officers is less apparent among this group, with a more traditional compliance-focused route typically taken. The small proportion who held legal roles most recently is likely to be reflective of a shift away from legal in asset management compliance functions (as referenced previously in relation to banks).

Key takeaways on asset management Chief Compliance Officers:

  • Movement toward maturity of banks in terms of having a compliance function which sits independent of legal
  • Signs of slow improvement in terms of internal bench of compliance talent
  • Sector-specific experience prioritized in external hires (i.e., asset management experience)


Fifty-seven percent of insurance general counsels have compliance in their remit, reflecting that their regulators have not pressed for this separation. Just 19 percent of insurance chief compliance officers have turned over since 2017 (see Figure 2a)—a far lower level of turnover than in other financial services industries, suggesting stability and potentially a lack of change and innovation within compliance in the insurance sector. Fifty-nine percent of the group were appointed externally—a figure similar to asset managers—suggesting a limited  internal pool. When insurance chief compliance officers are promoted from within, it is, on average, after 14 years at the company. The longer pre-appointment tenure suggests that knowledge of the business and organization is prioritized over an outside perspective or experience leading the enterprise-wide compliance function.


As with the other two industries, the majority of insurance chief compliance officers were in a compliance role most recently. Interestingly, a prior role in legal is more common among this group. In insurance, lawyers bring significant strengths to the chief compliance officer role, particularly around regulatory advisory and depth of understanding of the legal and compliance risks germane to insurance. In contrast to banking and asset management, the move toward incorporating operational risk and controls to compliance has not yet taken place.

Key takeaways on Insurance Chief Compliance Officers: 

  • Function still largely integrated with legal and not experiencing high turnover or change
  • Most stability in terms of low turnover and more internal promotions of long-tenured executives
  • Legal backgrounds most common in this group, reflecting regulatory over operational priorities

A regional breakout 

There are notable differences between regions in terms of maturity of approach to compliance. While the United States has historically led the charge in terms of maturity of approach to compliance, the current government is attempting to relax regulations on business. Meanwhile, Europe has been setting the standard in recent years through high-profile regulatory reforms, most prominently GDPR and MiFID II, standards which are being adopted elsewhere. In the Southern Hemisphere, the recent Royal Commission in Australia has brought the country’s maturity in compliance more in line with the West. In Asia, which has historically lagged behind, there is a new push for higher ethical standards and board governance, which goes hand in hand with regulators in the region improving their capabilities.

The Asia region is hugely complex from a compliance standpoint. As the region associated with the fastest global growth, there has been a desire to do things differently there to continue to enable expansion. However, we are increasingly seeing a push from global organizations to clamp down on compliance at a local level in Asia in order to be able to communicate more effectively with the rest of the world.

While Asia is adopting new regulations coming from the West, each country is doing so in its own way. Although China has typically been the most resistant, the likes of Alibaba and Tencent—Chinese companies that want to expand internationally—are pushing for the country to adopt a privacy policy in line with GDPR to enable them to do so.

What’s next for the compliance function at financial services institutions?

1. Continued elevation of compliance. Taking compliance seriously needs to be driven from the top—it requires a cultural shift led by the leadership team. Boards need to view compliance as more than a “box-checking” activity and instead as one with meaningful impact on organizational culture. In this regard, we are increasingly seeing compliance sit on the executive committee—a promising sign that its status is being elevated.

2. Compliance functions will begin to shrink. Up until recently we have seen a huge increase in the number of compliance personnel that financial services institutions have been hiring. For example, Citi went from compliance, risk and other control functions accounting for 4 percent of employees in 2008 to accounting for 15 percent at the end of 2018.3 This is a trend we expect to see reverse in the future given the rise of reg-tech. We expect companies to increasingly outsource KYC, AML and other regulatory responsibilities or even partner with reg-tech institutions and, in doing so, reduce their need for personnel on the ground. Goldman is an example of a company leading the way in this regard. They have invested a large amount in technology (as the biggest investor in reg-tech globally4) and, as a result, their compliance function has shrunk significantly.

What’s next for financial services chief compliance officers?

1. More outsiders join the ranks. As the compliance function tackles a wider array of issues, we expect the talent pendulum to swing. Financial services firms will elevate more applicants with diverse experience—including consulting, accounting and business—to the chief compliance officer role.

2. Board-level exposure requires a new breed of compliance talent. As compliance leaders increasingly sit on the executive committee, leaders increasingly need board experience, board-level communication skills and exceptional judgment and influencing abilities.


This report is based on Russell Reynolds Associates’ analysis of the profiles and backgrounds of chief compliance officers working for the largest banks, asset management firms and insurance companies globally—with a spike in areas where regulatory pressures are greatest.

1. World Finance: Top 5 regulatory concerns currently facing financial institutions (2018).
2. Forbes: How the compliance function is evolving in 2018 (2018).
3. The Economist: The past decade has brought a compliance boom in banking (2019).
4. FinTech Global: The RegTech sector powers on with nearly $9bn raised since 2014 (2018).