Submit CV Hire Talent

Compliance & Regulatory · CCO Executive Search

Compliance leaders your regulator will trust — and your business will follow.

Specialist compliance recruitment and executive search for Chief Compliance Officers, regulatory, risk, financial-crime and data-privacy leadership — for regulated companies and the compliance practices of law firms, across the United States and internationally.

Hire a compliance leader Explore a confidential move
01 The mandate

A hire the regulator is, in effect, also making.

When you appoint a Chief Compliance Officer, you are not just filling a seat on the org chart. You are naming the person who will speak for your business to the people who can fine it, restrict it, or shut it down.

That is a different kind of search. The strongest compliance leaders are rarely on the market — they are quietly employed, trusted by a board, and approached only discreetly. They cannot be found by reposting a job to a list. They have to be mapped, understood, and persuaded.

And the bar is now external. The U.S. Department of Justice's Evaluation of Corporate Compliance Programs sets out, in writing, what a credible programme looks like — a CCO with real authority, independence, resources and a direct line to the board — and the 2015 Yates Memo made the people behind it personally accountable. We read that regime, not just the résumé, because in this market the wrong hire carries genuine regulatory, reputational and personal-liability risk.

See how our data-led methodology works →

02 The standard

What regulators now expect of the person you appoint.

The modern compliance function was built by Sarbanes-Oxley (2002) and Dodd-Frank (2010), and is now judged against the DOJ's published criteria. We scope every CCO search against the same standard a prosecutor would apply.

2023/24
DOJ's revised Evaluation of Corporate Compliance Programs (ECCP) — the standard prosecutors use to test whether a programme is real, including the CCO's authority, independence and resources.
U.S. Dept. of Justice, ECCP
2015
The Yates Memo put individual accountability at the centre of corporate enforcement — sharpening the personal-liability exposure that a Chief Compliance Officer now carries.
U.S. DOJ, Yates Memorandum
Board
Direct reporting line to the board or audit committee that the ECCP treats as a marker of genuine compliance independence — and that we pressure-test before any search begins.
U.S. DOJ, ECCP
CCEP
The Certified Compliance & Ethics Professional credential from SCCE — one signal, among many, of a professionalised compliance leader we read alongside lived regulatory experience.
Society of Corporate Compliance & Ethics

Sources: U.S. Department of Justice, Evaluation of Corporate Compliance Programs (updated 2023/2024) and the 2015 Yates Memorandum; the Society of Corporate Compliance & Ethics (SCCE). Figures describe regulatory frameworks and credentials, not Sartori & Partners placement metrics.

03 Roles we place

The compliance and regulatory leadership map.

From the Chief Compliance Officer who owns the programme to the financial-crime and privacy leaders beneath them, we recruit across the full regulatory function.

01

Chief Compliance Officer (CCO)

The compliance leader who owns the programme, answers to the board, and stands in front of a regulator. We run CCO searches for regulated companies and for the compliance practices of law firms.

02

Regulatory & Government Affairs Counsel

Lawyers who read the rulebook before it is written — handling examinations, enforcement, rulemaking and the regulators themselves across sector-specific regimes.

03

Financial Crime, AML & Sanctions

BSA/AML officers, sanctions and OFAC leads, KYC and transaction-monitoring heads, and financial-crime counsel for banks, fintechs and payments businesses.

04

Risk & Internal Audit Leadership

Chief Risk Officers, heads of operational and conduct risk, and internal-audit leaders who pair quantitative judgment with a working knowledge of the law.

05

Data Privacy & Information Governance

Chief Privacy Officers, Data Protection Officers and privacy counsel fluent in GDPR, CCPA/CPRA and the widening patchwork of state and cross-border data law.

06

Ethics, Conduct & ESG

Heads of ethics and business conduct, and the compliance leaders now asked to own ESG disclosure, anti-bribery and supply-chain regulatory obligations.

Hiring across the wider legal department too? See in-house & general counsel recruiting and legal operations recruitment, or start from the legal talent acquisition hub for companies.

04 Sectors

Where compliance is a board-level concern.

The regulatory regime — not the job title — defines the brief. We scope every search around the specific regulators and rules the role must answer to.

Banking & Capital Markets

BSA/AML, sanctions, conduct, and SEC/FINRA-facing compliance for banks, broker-dealers, asset managers and market infrastructure — the function Sarbanes-Oxley and Dodd-Frank rebuilt.

Fintech, Payments & Crypto

Money-transmission licensing, consumer-finance, and the crypto-and-payments compliance leaders who build a programme while the rules are still moving.

Healthcare & Life Sciences

HIPAA, anti-kickback, Sunshine Act, FDA and pharmacovigilance compliance for providers, payers, device and biopharma companies.

Energy & Industrials

FERC, environmental, trade and anti-corruption compliance for energy, utilities, manufacturing and critical-infrastructure businesses.

Technology & Data

Privacy, content, AI-governance and cross-border data-transfer leadership for platforms, SaaS and data-intensive businesses.

Law Firm Compliance Practices

The regulatory, white-collar and investigations partners and senior associates who advise the regulated companies above.

05 How we assess

We test for regulatory credibility, not exposure.

Many compliance CVs describe proximity to a regulator. We establish ownership — what the candidate actually led, decided, and was accountable for — and benchmark it against the DOJ ECCP's test for authority, resources and independence.

Anyone senior enough for this work has the right words. The difference between a good and a costly hire is whether the experience behind those words is real, whether it matches the programme you actually have, and whether the role you are offering gives a strong leader the standing the DOJ expects them to have. Four questions decide it.

Our methodology

  • 01

    Regulatory credibility, not just a CV

    We test whether a candidate has genuinely owned a regulatory relationship — led an examination, responded to an enforcement action, sat across the table from the FCA, SEC, OCC or DOJ — rather than supported from a distance.

  • 02

    Programme-build vs. programme-run

    A leader who stood up a compliance function from nothing is a different hire from one who optimised a mature one. We match the candidate's proven mode to where your programme actually is — and to what the DOJ's ECCP expects a programme to demonstrate.

  • 03

    Authority, resources and independence

    The ECCP asks prosecutors to test whether compliance has real authority, adequate resources and a seat with the seniority the role demands. We assess the candidate against the same standard — and tell you where your structure would undercut them before you hire.

  • 04

    The reporting line and the board relationship

    Where the role reports — to the GC, the CEO, or directly to the board and audit committee — changes the brief and the candidate. Since the Yates Memo sharpened personal accountability, the strongest leaders ask about that line first; we pressure-test the structure with you before we approach the market.

06 Why a specialist

A small market, scrutinised, with no room for a wrong hire.

None of the firms we benchmark lead with compliance. We do — because it is where specialist judgment matters most and a generalist search firm is least equipped to help.

A generalist sees a title. We read the regime.

Compliance titles travel badly. A “Head of Compliance” at a payments startup and at a global bank are not interchangeable, and a sanctions specialist is not automatically a privacy one. We know which AML lead can also carry sanctions, which regulatory counsel has genuinely owned a board relationship, and which CCO is ready to step up rather than across.

The best candidates never see the advert.

The compliance leaders worth hiring are trusted, busy and quietly employed. They are reached through a mapped, discreet approach — not a job board. We start from the whole market, supported by our proprietary market-intelligence engine, then apply the judgment that data cannot.

One sector, both sides of the table.

We work only in the legal and compliance market, for the companies that hire and the leaders who move — including compliance officers and CCOs considering a move, for whom the hiring company pays our fee. That dual view is how we read whether a hire is genuinely portable, and whether a candidate is genuinely ready.

Planning the function before the hire? Read our guide to compliance & regulatory talent acquisition.

Common questions about compliance recruitment

What compliance roles do you recruit for?

We focus on senior compliance, regulatory and risk leadership: Chief Compliance Officers, deputy and divisional CCOs, regulatory and government-affairs counsel, BSA/AML and sanctions officers, Chief Risk and internal-audit leaders, Chief Privacy Officers and Data Protection Officers, and heads of ethics, conduct and ESG. We place these roles both inside regulated companies and within the compliance, regulatory and white-collar practices of law firms.

Which sectors do you cover?

Regulated industries where compliance is a board-level concern: banking and capital markets, fintech, payments and crypto, healthcare and life sciences, energy and industrials, and technology and data. The regulatory regime — BSA/AML, SEC/FINRA, HIPAA, FERC, GDPR/CCPA — shapes the brief far more than the job title, which is why we scope every search around the specific regulators and rules the role must answer to.

Do you place a first Chief Compliance Officer for a scaling company?

Yes. Standing up a compliance function for the first time — often because a licence, an investor, a regulator or an enforcement action demands it — is a distinct kind of hire. The candidate must be comfortable building a programme from a blank page rather than inheriting one, and able to demonstrate the authority, resources and independence the DOJ's Evaluation of Corporate Compliance Programs expects a credible function to have. We weight programme-build experience accordingly and help founders and GCs scope a role that fits the stage of the business, not an oversized big-company template.

How do you assess regulatory credibility?

We test for ownership, not exposure. The questions are whether the candidate has personally led an examination, managed a consent order or remediation, responded to an enforcement matter, and built a working relationship with the relevant regulator — rather than supporting those events at a distance. We benchmark the brief against the DOJ ECCP's expectations on authority, resources and reporting line, read credentials such as SCCE's CCEP alongside lived experience rather than in place of it, and take references from people who have seen the candidate operate under regulatory pressure.

How are compliance leaders compensated, and can you benchmark a package?

Compensation for CCOs and senior compliance leaders varies widely by sector, company size and regulatory exposure — a bank's financial-crime lead, a healthcare CCO and a fintech's first compliance head sit on very different curves, and the personal-liability profile that the Yates Memo sharpened now factors into the package. We benchmark each search against published market data, including BarkerGilmore's compliance and legal compensation studies, and against what we see live in the market, so the offer is competitive for the seniority and risk the role actually carries. We give you a defensible range rather than a single figure pulled out of the air.

Why use a specialist rather than a generalist executive search firm?

Compliance is a small, scrutinised market where the strongest leaders rarely apply to advertised roles, and where the wrong hire carries genuine regulatory and personal-liability risk. A generalist sees a title; a legal-and-compliance specialist reads the regime. We know which AML lead can also handle sanctions, which privacy counsel has carried a global programme, and which CCO is ready to own the board relationship — and we map the whole market rather than working a rented list.

Do you work on retained or contingency terms?

Senior compliance leadership — CCO, CRO and equivalent board-facing roles — is typically a retained, confidential search, which is how we run the most sensitive mandates. For other regulatory and risk roles we discuss the engagement model that fits the seniority, confidentiality and timeline of the hire. We are transparent about scope and fees before any search begins.

Can you run a confidential compliance search?

Yes, and most senior compliance searches are confidential by necessity — a regulated business rarely wants the market to know its compliance leadership is changing, and the strongest candidates are quietly employed elsewhere. We approach passive candidates discreetly and protect the identity of both sides until each is ready to proceed.

Build your compliance function

The right compliance leader begins with a confidential conversation.

Whether you are hiring a first Chief Compliance Officer, replacing one quietly, or strengthening a regulatory and risk team, we listen first. No obligation, complete discretion.

Hire a compliance leader Submit your CV confidentially

[email protected]