Chief Risk and Compliance Officer (CRCO)

Background

As NGP approaches go-live operations, the CRCO will be responsible for the company’s ability to identify, assess, and manage enterprise-wide risks effectively, while ensuring full compliance with all applicable regulatory requirements.

Position: Chief Risk and Compliance Officer (CRCO)

Purpose: The CRCO is the senior executive responsible for the company’s overall risk exposure and compliance with regulatory, scheme, and operational requirements. The CRCO provides strategic leadership across enterprise risk management (ERM), compliance management, governance, and reporting, and serves as a key advisor to the Board and executive leadership on the risk appetite, control environment, and the integrity and enforceability of the scheme rulebook.
The CRCO is a member of NGP’s Executive Management Team (EMT).

Reporting line: Reports to the CEO NGP.

Core responsibilities

The core responsibilities of the CRCO are as follows:

• Scheme rulebook compliance: Design and implement scheme compliance program to monitor and ensure rulebook compliance by direct and indirect participants.
• Policy, standards, and frameworks: Define and maintain enterprise-wide policies, standards, and frameworks that set acceptable risk levels, mitigation strategies, and compliance management practices; ensure alignment to the company’s strategy, products, and operating model.
• Enterprise risk management (ERM): Establish and operate the ERM program, including risk identification, assessment, measurement, monitoring, reporting, and escalation; maintain the risk taxonomy, methodology, and risk register.
• Risk appetite and governance: Develop and maintain risk appetite statements, limits, KRIs, and escalation thresholds; support Board and executive committees in reviewing and approving risk appetite and material risk decisions.
• Operational and payments risk: Oversee risk management for payments operations, including fraud and financial crime risk interfaces, third-party/outsourcing risk, technology and cyber risk coordination, resilience, settlement and liquidity-related risks (as applicable), and key change initiatives.
• Compliance management: Build and lead a compliance management system covering regulatory obligations, scheme obligations, internal policies, monitoring/testing, issue management, training, and reporting; maintain an obligations register and compliance plan.
• Regulatory engagement: Serve as a senior point of contact for regulators and relevant authorities (as applicable), coordinating examinations, information requests, remediation commitments, and ongoing supervisory communications.
• Advisory to product and business: Provide pragmatic, risk-based guidance to support product design, pricing, partnerships, and go-to-market decisions, ensuring risks are understood, documented, and controlled before launch.
• Governance and reporting: Produce high-quality risk and compliance reporting for management and the Board, including risk profile, incidents, breaches, control effectiveness, audit findings, remediation status, and emerging risks.
• Incident and breach management: Lead or oversee response governance for significant operational incidents, regulatory breaches, and scheme breaches; ensure timely containment, root-cause analysis, remediation, and lessons learned.
• Control environment and assurance: Set expectations for internal controls, partner with Internal Audit (where applicable), and coordinate second-line oversight of control testing, assurance activities, and management action plans.
• Third-party and participant oversight: Define due diligence, onboarding, monitoring, and enforcement standards for third parties and scheme participants; support rule enforcement actions and disciplinary processes consistent with the rulebook and governance framework.
• People leadership: Build, lead, and develop a high-performing risk and compliance function; establish clear operating rhythms, talent plans, and a culture of accountability and integrity.

Essential Qualifications and experience

• Degree in business, finance, law, risk management, or a related discipline (advanced degree preferred).
• 15+ years of progressive experience in risk management and/or compliance within payments, banking, fintech, card schemes, or other regulated financial services.
• Demonstrated leadership of ERM programs, compliance management systems, and governance/reporting at an enterprise level.
• Strong familiarity with payments ecosystem risks (e.g., scheme operations, participant/member models, fraud and financial crime interfaces, chargebacks/disputes, resilience, third-party dependencies, data and cybersecurity considerations).
• Proven ability to engage with regulators and senior stakeholders, including Boards and executive committees.
• Experience designing and governing policy frameworks, risk appetite, issue management, and remediation programs.
• Professional certifications preferred (e.g., CRCM, CAMS, CIPP, CPA, CFA, FRM, PRM, ISO 27001-related credentials) depending on business needs.
• Startup mindset: comfort with ambiguity, pragmatism, and operating without large support structures.
• Appreciation of the venture-building and/or supporting company new set-ups and adaptable throughout various growth stages.
• Fluent in English (written and verbal).

Desired Qualifications

Executive Influence & Strategic Leadership:

• Ability to lead executive-level engagements and high-stakes negotiations.
• Strategic breadth and leadership depth.
• High emotional intelligence and political sensitivity across competitive and complex markets.
• International experience, especially in Asia, and intercultural adaptability.

Leadership and Relationship Management:

• Strong communication, people management, and interpersonal skills.
• Ability to build and maintain strong business relationships and foster stakeholder engagement.
• Proven leadership capability with experience managing diverse teams.
• Ability to influence and persuade senior stakeholders in complex environments.

Risk Strategy Formulation and Execution:

• Ability to develop and implement risk and compliance strategies and partnership arrangements.
• Skilled at translating risk and compliance objectives into actionable plans and measurable outcomes.
• Familiarity with agile and adaptive work practices.

Understanding of Business, Public Sector, and Industry Processes:

• Commitment to organisational excellence, integrity, and ethics.
• Ability to navigate multi-stakeholder environments and maintain positive working relationships.
• Diplomatic with sound judgment and cultural sensitivity.

International Experience

• Exposure to cross-border business environments, ideally with Asia experience and intercultural adaptability.