Senior Associate Risk & Compliance at Stonehage Fleming

OVERALL, PURPOSE

• Deliver independent, risk-based monitoring and assurance over the firm’s compliance with FAIS, CISCA, FICA, POPIA and PAIA, and verify alignment to Group Risk & Compliance standards. The role executes thematic and routine reviews, issues clear remediation recommendations, tracks closure and produces high quality MI for management and governance forums. It also supports the FICA Section 42A Compliance Officer and MLRO with monitoring and reporting activities, in line with the RSA RMCP and Group frameworks.

PRINCIPAL ELEMENTS AND ACCOUNTABILITIES

• Compliance Monitoring Programme Management (Group‑aligned)
• Implement the Compliance Monitoring Programme (CMP): Ensure the effective 
• implementation of the compliance monitoring programme in conjunction with Group  monitoring teams, applying Group documentation and reporting standards. 
• Comprehensive coverage: Ensure the CMP covers applicable internal and external 
• requirements (Group policies/standards and RSA laws/regulations) and remains current with business risks and regulatory changes. 
• Timely, risk‑based testing: Ensure monitoring testing is conducted on time and on a risk‑based basis; maintain robust workpapers and evidence. 
• Change integration & CRA: Identify and incorporate changes to the CMP and feed into the Combined Risk Assessment (CRA) as appropriate when new/changed risks are identified. 
• Stakeholder engagement & remediation: Manage and proactively work with stakeholders on findings, providing sound advice on the nature and appropriateness of remediation actions, taking related risks into account.
• Escalation: Escalate higher‑risk findings to the Head of Risk & Compliance – RSA as they arise, in line with Group escalation protocols. 
• Closure tracking: Ensure remediation or follow‑up actions are monitored and closed within agreed timelines; minimise repeat findings. 
• Internal Audit: Work with Internal Audit regarding oversight/coordination of compliance 
• monitoring activities to avoid duplication and strengthen second/third‑line coverage. 
• Control effectiveness: Monitor the efficiency and consistency of compliance controls and assist with enhancement of procedures and controls, including drafting/refreshing local SOPs where needed. 
• FAIS (FSCA) – Conduct Themes
• Lead the monitoring activities in alignment with the Compliance Manual and associated  governance frameworks, ensuring consistent oversight and adherence to regulatory  standards.
• General Code of Conduct: Monitor TCF outcomes, disclosures, suitability & record of advice, complaints handling, advertising and conflicts. 
• Fit & Proper (BN 194/2017): Monitor competence, honesty/integrity, operational ability and financial soundness; maintain MI. 
• Regulator interface: Operate an effective second‑line monitoring function and compile  reports/returns requested by the FSCA.
• FICA (FIC) – RMCP Execution
• Test adherence to the RMCP across CDD/EDD, risk rating, sanctions screening and record keeping; recommend RMCP enhancements where gaps are found. 
• Support the S.42A Compliance Officer and MLRO with written updates to the governing body on AML/CFT monitoring progress.
• Verify quality and timeliness of reporting via goAML and evidence logs; maintain red‑flags library and training inputs. 
• POPIA & PAIA Monitoring
• Assess POPIA controls: lawful basis, purpose limitation, data minimisation, accuracy,  retention/destruction, cross‑border transfers, operator agreements/oversight, and security safeguards (tech/organisational).
• Breach readiness & notifications (s.22): Monitor and evidence timely, content‑complete  breach notifications to the Information Regulator and data subjects.
• PAIA s.51 manual & requests: Coordinate periodic review/publication of the Section 51 PAIA Manual.
• Reporting & Regulatory Submissions
• Group & management reporting: Assist with the preparation of compliance reports to  management, committees and Group governance (MI, heat‑maps, issue status, trends,  control effectiveness). 
• Regulatory reporting: Assist with the preparation of reports and regulatory submissions to authorities (FSCA/FIC/Information Regulator), ensuring quality, timeliness and auditability. 
• Ad hoc
• Undertake ad hoc responsibilities as needed to support the Risk & Compliance function in meeting its regulatory obligations and Group commitments, including providing direct support to the Head of Risk and Compliance, South Africa, on any risk and compliance matters as required.

QUALIFICATIONS AND EXPERIENCE

• Bachelor’s degree in law, Commerce, Risk or relevant qualification as per the FSCA’s approved qualifications list.
• Compliance Institute SA CPrac(SA) (or in progress) strongly preferred; CProf(SA)/AML or privacy certifications advantageous.
• RE1, RE3.
• 3–5+ years in a second‑line monitoring role within a South African Category 1 & 2 FSP,  including FAIS, CISCA, FICA and POPIA/PAIA.
• Preferred: investment related (Category II FSP) and fiduciary/trust experience (Category I FSP).
• Familiarity with the COFI Bill is advantageous.

COMPETENCIES, SKILLS AND BEHAVIOURS

• Integrity and independence; sound judgement; ability to prioritise by risk.
• Skilled in building constructive relationships and working collaboratively with individuals at all levels, consistently contributing to shared team outcomes.
• Ability to offer constructive challenge in a respectful and solution-oriented manner.
• Highly self-driven and capable of taking initiative, consistently applying a hands-on mindset to deliver results.
• Risk‑based monitoring methodologies; sampling/testing; persuasive report writing.
• MI tooling (Excel/Power BI) and case/issue trackers.