Head of Compliance & Legal

Regulatory Compliance and Policy:

• Own ongoing FCA compliance obligations, including regulatory reporting, policy maintenance, and horizon scanning for relevant regulatory change.
• Lead the compliance and policy elements of ISO 27001 certification (already underway) and DIATF certification (to be initiated).
• Act as the company's lead on GDPR, UK data protection, international data transfers (SCCs, UK Addendum), and data processing agreements.
• Own AML/KYC policy and oversight and ongoing monitoring of the company's compliance framework.
• Manage the relationship with the existing fractional DPO, with a view to assuming the DPO role over time.
• Advise on Open Banking and Payment Services Regulations as they apply to business products.
• Draft and maintain external-facing policies, privacy notices, and regulatory documentation.
• Act as the primary point of contact for regulatory bodies (FCA, ICO) where required.
• Represent the business at external industry forums, working groups, and regulatory consultations, contributing to policy discussions and helping shape the design of regulation that affects the business.
Legal:
• Provide first-pass review of commercial contracts, supplier agreements, partnership terms, and customer-facing terms of service.
• Manage and instruct external solicitors where specialist advice is needed (e.g. employment law, complex commercial disputes), reducing unnecessary external spend.
• Advise the leadership team on legal risk across the business.
• Support fundraising processes from a legal/regulatory perspective where needed.
Governance and Risk:
• Develop and maintain the company's compliance monitoring programme.
• Report to the board on compliance risk, regulatory developments, and policy gaps.
• Contribute to the company's broader risk management and information security governance alongside the technical team.
  
  Qualified solicitor (England and Wales) with a background in financial services, fintech, or payments regulation.
• Strong working knowledge of UK GDPR, data protection law, and international data transfer mechanisms.
• Familiarity with AML/KYC frameworks and MLR obligations.
• Ability to operate independently, set your own priorities, and manage your own workload with minimal oversight.
• Comfortable working in a small startup environment where you will be the sole compliance and legal resource.
• Pragmatic approach - able to distinguish between what needs to be perfect and what needs to be done.
  
  Our client is an FCA-regulated financial data services firm, with an expanding team in London.
The balance of the role leans heavily towards regulatory compliance, data protection, and policy, with the remainder covering commercial legal work such as contract review, terms of service, and supplier agreements.