Introduction
Few executive hires carry as much regulatory, legal, and reputational weight as the Chief Legal & Compliance Officer in financial services. This role spans legal risk, enterprise compliance, and board-level governance — in an industry where a single enforcement action can cost millions and redirect a firm's strategy entirely.
The challenge isn't just finding someone qualified. The CLCO role demands a rare combination of legal expertise, compliance program leadership, and C-suite credibility — most strong candidates are already in senior positions and won't respond to a job posting.
The talent pool is also narrower than it appears. Only about 12% of the roughly 418,000 compliance officers in the U.S. work in finance and insurance, and confidentiality requirements add another layer of complexity to an already difficult search.
Getting this hire right requires a structured approach. This guide covers what the CLCO role actually involves, how it differs from a CCO or General Counsel, what qualifications matter most, and how to run a search that surfaces the right candidates.
TL;DR
- The CLCO combines legal strategy and compliance program oversight — broader than either a GC or CCO alone
- Direct regulatory experience (OCC, FDIC, SEC, FINRA, CFPB) is non-negotiable depending on the firm's charter
- The combined title fits mid-market banks, fintechs, and specialty lenders best; larger firms typically split the roles
- Qualified candidates are almost always passive — executive search methodology, not job postings, is the right approach
- The two costliest mistakes: treating this as a legal-only hire and skipping regulatory background verification
What Does a Chief Legal & Compliance Officer Do in Financial Services?
The CLCO title reflects a deliberate structural choice: combining legal counsel and compliance program leadership under one executive. In financial services, where regulatory risk and legal risk are rarely separable, this structure reduces friction and sharpens accountability. The role reports to the CEO and/or board, with direct access to the audit or risk committee at most firms.
Regulatory and Legal Responsibilities
On the compliance side, the CLCO owns the firm's Compliance Management System (CMS), which the OCC's Comptroller's Handbook defines as encompassing board and management oversight, written policies and procedures, training, monitoring, and consumer complaint response. The CLCO also manages BSA/AML programs, ensures compliance with key frameworks (Dodd-Frank, Bank Secrecy Act, CFPB regulations), and serves as the primary liaison during regulatory examinations or enforcement actions.
On the legal side, responsibilities include:
- Advising the board and executive team on legal risk exposure
- Managing litigation, contracts, and outside counsel relationships
- Guiding product launches, M&A transactions, and licensing decisions
- Providing regulatory interpretation for novel business initiatives
Strategic Role in the C-Suite
The tactical responsibilities above tell only part of the story. Deloitte's "Four Faces of the Chief Legal Officer" framework maps how high-performing CLOs operate across four distinct modes:
| Face | What It Means in Financial Services |
|---|---|
| Strategist | Aligns legal and compliance strategy with the firm's growth objectives and market expansion plans |
| Catalyst | Sets the compliance culture tone and helps the firm move faster by solving legal and regulatory constraints |
| Guardian | Manages risk, navigates regulatory complexity, and protects the firm from enforcement exposure |
| Operator | Builds the legal and compliance function — talent, technology, processes, and budget |
Deloitte's research shows that CEOs and boards expect CLOs to spend 60-70% of their time in the Strategist and Catalyst roles. In practice, most new CLOs spend that same proportion as Guardians and Operators — focused on managing risk rather than shaping strategy. For financial services firms running a CLCO search, this gap is the hiring brief: the candidate needs demonstrated ability to operate at the strategic level, not just deep regulatory expertise.
The Combined Role: CLCO vs. CCO vs. General Counsel
The CLCO title means different things at different firms. Before structuring or filling this role, it helps to understand exactly where General Counsel, CCO, and CLCO responsibilities diverge — and where combining them introduces regulatory exposure.
| Role | Core Accountability | Reports To | Owns Compliance Program? |
|---|---|---|---|
| General Counsel | Contracts, litigation, regulatory matters (legal lens), outside counsel management | CEO | No |
| Chief Compliance Officer | Enterprise-wide compliance program, compliance risk identification and mitigation | Board or CEO (independent of legal) | Yes |
| CLCO | Both functions combined under one executive | Board or CEO | Yes (with structural caveats) |
Regulatory guidance has consistently reinforced the CCO's independence from the legal function. The DOJ's 2024 guidance on corporate compliance programs instructs prosecutors to evaluate whether compliance is housed "within the legal department, under a business function, or as an independent function reporting to the CEO and/or board."
Prosecutors are also directed to assess the stature, compensation, and resources of the compliance function relative to other units — a direct signal that structural independence carries weight in enforcement decisions.
Former SEC Commissioner Aguilar noted that many enforcement actions against CCOs targeted individuals who "wore more than one hat" — serving simultaneously as GC, CEO, or CFO. Over an 11-year period, only 8 cases targeted CCO-only roles, while dual-hat CCOs faced substantially higher enforcement exposure.
When to Combine vs. Separate
The decision should be driven by firm size and regulatory complexity:
- Combine (CLCO model): Mid-market banks, community banks, fintechs, and specialty lenders where a unified function consolidates oversight under one budget and reporting line — and where the candidate pool realistically supports one senior leader covering both
- Separate (CCO + GC): Larger banks, public companies, and institutions subject to multiple regulatory regimes where compliance independence must be structurally demonstrable
If combining, the firm must document the structural rationale, ensure the CLCO has direct board access, and build governance safeguards that demonstrate compliance independence from revenue-generating business lines — as required by the Federal Reserve's SR 08-8 guidance.
Key Qualifications to Look for in a Financial Services CLCO
Education and Credentials
A J.D. remains the standard baseline. Legal training is essential for managing the legal risk exposure that comes with the combined role — overseeing outside counsel, advising on contracts and litigation, and interpreting regulatory requirements all require legal grounding that compliance-only backgrounds don't fully cover.
That said, some effective CLCOs come from senior compliance backgrounds without a J.D., particularly in fintech, where the compliance function may be more complex than the legal function at the pre-license or growth stage. Candidates from this background are worth considering when the firm's primary complexity sits on the compliance side and legal support can be supplemented through outside counsel.
Additional credentials worth noting:
- CRCM (Certified Regulatory Compliance Manager): The American Bankers Association's recognized standard for compliance professionals in financial services
- CAMS: The global benchmark for AML expertise, and highly relevant for institutions with significant BSA/AML exposure
- An MBA adds value for candidates carrying significant strategic and business advisory responsibility alongside the legal and compliance mandate
Credentials supplement — they don't substitute for — a proven track record of building and managing a compliance function under regulatory scrutiny.
Experience and Regulatory Track Record
The experience profile that separates strong CLCO candidates from technically qualified ones is more specific than most job descriptions capture. Look for:
- 15-20 years of progressively senior legal and/or compliance experience in banking, capital markets, fintech, or consumer lending
- Direct regulatory relationship management with OCC, FDIC, Federal Reserve, SEC, FINRA, or CFPB — depending on the firm's charter and product set
- Demonstrated record of building or restructuring a Compliance Management System at a regulated institution
Enforcement and examination history is the most overlooked differentiator in this search. Candidates who have navigated regulatory examinations, consent orders, Matters Requiring Attention (MRAs), or formal enforcement actions bring credibility that can't be replicated in theory. They've sat across the table from regulators, managed remediation under scrutiny, and know how compliance failures actually unfold.
Generic legal executive searches routinely miss this. A candidate with exceptional corporate legal credentials who has never managed a regulatory examination is a very different hire than one who has shepherded a bank through an OCC consent order.
On the leadership side, the CLCO must communicate complex regulatory risk to non-legal board members, build credibility with business line leaders who may resist compliance requirements, and set a compliance culture the organization actually follows.
Boards increasingly expect this role to go beyond blocking risk. The most effective CLCOs position compliance as a competitive differentiator — not a cost center — which requires both business acumen and regulatory authority.
How to Run a CLCO Executive Search in Financial Services
Why Executive Search Is the Right Methodology
The most qualified CLCO candidates are employed, compensated well, and not browsing job boards. A public posting signals to the market — including regulators, counterparties, and competitors — that a firm has a leadership gap in its legal and compliance function. For a role this sensitive, that signal carries real cost.
Executive search methodology solves both problems: it reaches passive candidates through direct, confidential outreach, and it keeps the search contained until the firm is ready to communicate a hire.
The Search Process
A well-structured CLCO search moves through five stages:
- Role scoping and success profile development — Align the board, CEO, and key stakeholders on what the role truly requires before launching. This step is where most searches fail or succeed. A misaligned success profile produces a misaligned hire.
- Candidate mapping and targeted outreach — Identify and approach qualified candidates across banking, fintech, and (where appropriate) regulatory agency backgrounds. This requires genuine market relationships, not database queries.
- Structured interview and assessment — Evaluate candidates against the success profile, with specific attention to compliance program depth, regulatory experience, and board-level communication ability.
- Reference and regulatory background verification — See the due diligence section below. This step is not optional.
- Offer management and transition support — Compensation benchmarking, counter-offer preparation, and onboarding coordination reduce the risk of losing a candidate after acceptance.
Working with a Specialist
Effective CLCO searches require a firm with direct relationships in the compliance and legal space — not one that runs keyword queries against a database and waits for responses.
Wayoh places compliance, risk, and legal professionals across banks, fintechs, and specialty lenders through direct personal outreach built over more than a decade. With 500+ placements in regulated financial services and coverage across major U.S. markets including New York, California, and Florida, the firm maintains an established network of senior candidates who won't surface through standard sourcing. For confidential searches, Wayoh uses staged disclosure and controlled outreach to protect client stability throughout the process.
Common Mistakes Financial Services Firms Make When Hiring a CLCO
Treating It as a Legal Hire Only
Hiring committees dominated by business line leaders frequently underweight compliance depth. The result: an exceptional lawyer who has never built a compliance management system, managed a regulatory examination, or led a BSA/AML program. That executive defaults entirely to the GC function, leaving the compliance program structurally weak and under-resourced. That's precisely the condition regulators flag in examinations.
When scoping the role, assign equal weight to compliance program leadership experience. If the shortlist is full of strong lawyers with thin compliance backgrounds, the success profile needs revisiting before candidates advance further.
Skipping Stakeholder Alignment Before Launch
Rushed searches skip thorough role-scoping and produce job descriptions that either mirror the outgoing leader's weaknesses or over-list requirements that don't reflect the firm's actual stage and needs. Before launching, the board and CEO must agree on:
- Whether the combined CLCO structure is right for this stage
- The balance of legal vs. compliance emphasis in the role
- Reporting structure and board access expectations
- The non-negotiables vs. the nice-to-haves
Searches launched without this consensus routinely stall at the offer stage — when misaligned expectations surface too late to fix cleanly.
Failing to Verify Regulatory Standing
Standard background checks will not surface prior regulatory history. CLCO candidates in financial services may have prior enforcement actions, sanctions, or formal supervisory concerns that only appear in specialized databases.
Before extending any offer, run checks across all six individual-level regulatory databases:
| Database | Agency | What It Covers |
|---|---|---|
| BrokerCheck | FINRA | 10-year employment history, disciplinary actions, customer disputes |
| SALI | SEC | Court judgments and Commission orders including industry bars |
| Enforcement Actions Search | OCC | Actions against bank officers, directors, and institution-affiliated parties |
| ED&O | FDIC | FDIC enforcement decisions and orders against individuals |
| Enforcement Actions | CFPB | Civil and administrative actions including named individuals |
| Enforcement Actions | Federal Reserve | Actions against parties subject to Federal Reserve supervision |
Beyond the databases, run regulatory reference calls with former regulators or examiners who have direct knowledge of the candidate's conduct during examinations or enforcement proceedings. These conversations surface context that no database captures.
Frequently Asked Questions
What does a Chief Legal & Compliance Officer do?
The CLCO is the senior executive responsible for the firm's legal function and enterprise compliance program. This includes overseeing regulatory risk management, advising the board on legal exposure, managing the compliance management system, and leading regulatory examinations — reporting to the CEO and/or board.
Is a Chief Legal Officer higher than General Counsel?
The CLO title signals a broader C-suite role — with greater emphasis on governance, enterprise strategy, and board-level engagement. In many firms the titles are used interchangeably, and the real difference lies in scope: whether the executive owns enterprise-wide compliance and reports to the board, or primarily manages the legal function.
Does a Chief Legal & Compliance Officer have to be a lawyer?
Most financial services firms prefer a licensed attorney given the legal risk exposure the role carries. Some CLCOs come from senior compliance backgrounds without a J.D. — a path more common in fintech — but legal training remains the strongest baseline for the full scope of the combined role.
What is the difference between a Chief Compliance Officer and a Chief Legal & Compliance Officer?
A CCO focuses exclusively on the compliance program and maintains independence from legal counsel per regulatory guidance. The CLCO combines both functions under one executive — a structure more common at mid-market banks and fintechs where a unified approach is operationally practical, but one that requires careful governance to preserve compliance independence.
How long does a CLCO executive search typically take in financial services?
Most searches run 8–16 weeks from role scoping to accepted offer, with specialized profiles — BSA/AML depth, OCC-regulated institutions, post-enforcement remediation — pushing toward the longer end. Early stakeholder alignment and a clear success profile are the most reliable ways to compress that timeline.
