The Chief Compliance Officer (CCO) leads CNB’s enterprise compliance program, ensuring that the bank operates in full alignment with applicable laws, regulations, and supervisory expectations. Reporting to the Chief Risk & Legal Officer (CRLO), the CCO provides independent oversight of compliance risks, fosters a culture of compliance across all business units, and partners with leadership to embed compliance into strategy, product development, operations, and client service.
The Chief Compliance Officer (CCO) is responsible for leading CNB’s enterprise-wide compliance program to ensure adherence to all applicable federal and state laws, regulations, and internal policies. This position oversees the bank’s Compliance Management System (CMS), provides strategic compliance direction, and serves as a key advisor to executive management and the Board. As the senior compliance leader, the CCO partners with business lines, risk functions, and control groups to ensure that compliance risks are identified, assessed, monitored, and mitigated in alignment with the bank’s strategic objectives and OCC expectations. The CCO also serves as the principal point of contact with regulators and examiners on compliance-related matters, ensuring transparent communication, timely remediation of findings, and a sustainable culture of compliance across the enterprise.
This role requires a proactive, enterprise-minded leader with deep expertise in U.S. banking laws and regulations, a track record of regulatory engagement, and the ability to foster collaboration while maintaining independence. The CCO has a sense of urgency and works as a team in providing “Best in Class Client Experience.” This position follows established guidelines and procedures to support operational effectiveness.
Principal Duties & Responsibilities:
Regulatory Oversight & Program Leadership
- Build and oversee a robust compliance management system (CMS) consistent with OCC guidance, FFIEC handbooks, and interagency expectations. The CMS is a programmatic framework and the set of governance, policies, processes, risk assessments, monitoring, training, and reporting that demonstrates the bank manages regulatory compliance risk systematically.
- Ensure adherence to consumer compliance regulations, privacy laws, payments and deposit regulations and insider/affiliate rules.
- Supports the bank’s engagement with regulators, including exam management, responses, and remediation of findings.
- Establish policies, standards, and training that integrate regulatory compliance obligations into daily operations and client interactions
- Provide strategic direction to compliance staff and ensure accountability for regulatory responsibilities across business units.
Governance & Reporting
- Report regularly to the CRLO and provide independent reporting to the Management & Board Risk Committees.
- Track and manage regulatory issues, including compliance-related MRAs and MRIAs, ensuring timely & sustainable closure.
- Develop compliance KPIs, KRIs, and dashboards to give management and the Board visibility into regulatory compliance trends.
- Align regulatory compliance oversight with Enterprise Risk Management (ERM) frameworks.
Regulatory Change Management
- Lead the bank’s regulatory change management process by proactively identifying, assessing, and implementing new or amended laws, regulations, and supervisory guidance.
- Conduct impact analyses and coordinate with appropriate units to ensure timely adoption of required changes.
- Ensure appropriate units update impacted policies, procedures, and controls to reflect regulatory changes and that staff are trained accordingly.
Advisory & Business Partnership
- Advise business line leaders on regulatory impacts, emerging risks, and new product launches.
- Partner with sales, operations, IT/digital, and product teams to review and approve initiatives from a compliance perspective.
- Provide subject matter expertise in fair lending, payments compliance, and third-party risk.
Culture & Training
- Drive a culture of compliance accountability across the three lines of defense, in partnership with Partners with the Talent, Development & Culture Department.
- Lead the design and execution of role-based compliance training to improve frontline awareness.
- Promote early identification, escalation, and resolution of compliance issues.
Disclosure Management
- Oversee the creation, review, and maintenance of customer disclosures across all products and services, ensuring accuracy, clarity, and consistency with applicable laws, regulations, and OCC/CFPB expectations.
- Implement controls to confirm disclosures are delivered timely and correctly through all channels (digital, print, verbal scripts) and conduct periodic monitoring and testing to ensure ongoing compliance with regulatory changes.
Third-Party Risk Management (2LoD)
- Provide second line of defense oversight for the bank’s Third-Party Risk Management (TPRM) program in alignment with 2023 Interagency TPRM Guidance.
- Review due diligence, risk assessments, and ongoing monitoring of vendors and fintech partners from a compliance perspective
- Partner with the first line TPRM to appropriately escalate third-party compliance risks to management and Board.
Record Retention & Information Governance
- Oversee compliance with legal and regulatory record retention requirements across business units.
- Ensure that recordkeeping practices support audit trails, OCC/CFPB exam readiness, and litigation or enforcement defense.
- Partner with ERM, IT, Legal, and Operations to maintain secure, accessible, and compliant retention systems.
Privacy & Data Protection
- Serve as the compliance lead for GLBA/Reg P and applicable federal/state privacy laws, including emerging data protection regulations.
- Oversee policies and procedures related to customer information sharing, data security, and client rights.
- Collaborate with IT, CSRM, Consumer & Business (TM)Digital Banking, Operational Risk Management, and Legal to ensure appropriate controls are in place for client data, vendors, and third-party partners .
Integration of Regulatory Compliance with GRC Systems
- Laws, Rules and Regulations (LRR): Partner with ERM to design and implement a methodology to identify regulations applicable to CNB’s products and services, and identify control objectives needed to be embedded into operational procedures to ensure compliance with regulations
- Collaborate with ERM in the implementation and improvement of GRC platforms to ensure Compliance risk assessments and Quality Assurance processes are aligned with Enterprise Risk Management methodologies, and compliance control testing results are integrated into the RCSA process so that risk and control profiles for each RAU provide management with complete picture of the risk and compliance posture for each unit, and control deficiencies are identified and escalated using a consistent approach aligned with the Enterprise Issues Management Policy.