11. 05. 2026

How do we define what we need in a Head of Risk & Compliance if we don’t have internal expertise?

The short answer
 The central issue is alignment between what the firm says it needs, what the role actually requires and what the market can supply. For a UK law firm, especially in an SRA regulated environment, the strongest answer starts with role clarity. Define the risk problem, the authority needed, the support available and the level of judgement required before approaching the market.

 Why the mandate matters
 Senior law firm risk appointments are rarely standard appointments. The same title can mean different things across firms, depending on governance, reporting lines, office holder responsibility, client profile, partner behaviour and the maturity of the existing Risk & Compliance function. In relation to how do we define what we need in a head of risk & compliance if we don’t have internal expertise, the problem is rarely just candidate availability. It is usually a combination of unclear scope, internal assumptions and a market that reads detail closely. Strong candidates want to know whether the role is properly supported, whether the firm understands the responsibility and whether the title matches the work.

 A vague role can still attract applicants, but it will not reliably attract the right people. The market is especially unforgiving where the role carries partner contact, AML or conflicts judgement, office holder exposure, claims sensitivity, privacy incidents or senior reporting. In those situations, the brief must show that the firm has thought beyond the job title.

 What the firm should clarify
 The firm should clarify the practical work before deciding the person specification. That means defining the reporting line, salary range, working pattern, current team structure, systems, decision rights and escalation route. It should also separate what is essential on day one from what can be developed over time.

 Useful questions include: what decisions will this person make independently; what must be escalated; who will back the role when there is pressure; what does success look like after six and twelve months; and what support exists beneath or around the role. These points are not administrative details. They determine whether the role is credible.

 How to make the role credible
 The practical route is to make the role more precise rather than more inflated. Use plain language. Explain the actual risk environment, the level of complexity, the volume of work and the areas where the firm is still improving. Candidates do not need the firm to pretend everything is perfect. They need confidence that the mandate is real.

 Where the candidate pool is narrow, widen it intelligently. Consider adjacent experience where training is possible. Keep strict requirements where judgement, accountability or technical risk is high. Move quickly once credible candidates are engaged, because delay can make the role look internally underprioritised.

 Bottom line
 How do we define what we need in a Head of Risk & Compliance if we don’t have internal expertise should be approached as a role design and market alignment question, not just a vacancy to fill. The firms that hire best define the work clearly, price the role realistically, explain the authority attached to it and run a decisive process. For AJ Fox Compliance clients, this is where specialist market insight can materially reduce wasted time, weak shortlists and avoidable attrition.

Meet Our Recruiter

Adam Spencer
Adam Spencer
Director
+44 7432 562414
+44 207 117 2542
adamspencer@ajfoxcompliance.com

Recent Posts

11. 05. 2026
How do we define what we need in a Head of Risk & Compliance if we don’t have internal expertise?
08. 03. 2026
A Day in the Life of an AML Officer, Claire Kelly, Dentons
06. 10. 2025
A Day in the Life of a Senior Client Intake Assistant, Maelo Manning, Burges Salmon
29. 09. 2025
A Day in the Life of a Risk & Compliance Specialist, Lili Lengyel, Top US Law Firm