Risk and Compliance
The current business environment, constantly changing, requires thinking about risks and compliance differently. Adopting an innovative approach to improving your business processes, both at corporate governance and risk management and compliance, enables you to ensure a constant commitment to continuous improvement.
This design and organizational proactivity ensure improved business performance, anticipating and reducing risks, promoting an internal control environment that maximizes opportunities, and contributing to better financial performance.
At Moneris we use our solid knowledge in organizational processes, in view of the efficiency and effectiveness of key operations in your business, as well as to improve financial performance and cash flowmanagement.
We also aim to maximize the return on investment in any operation or process, ensuring the necessary and appropriate advice that creates value for shareholders and other stakeholders.
"We are prepared to accompany your company in defining specific models and processes for the areas of risk and compliance, in all its components and dimensions"
Risk and Compliance Services
We believe that defining a structured and transparent Governance policy is an indispensable tool for promoting the economic efficiency, sustainable growth and financial stability of an organization. Therefore, we share a vision of self-regulation, which aims to promote the dissemination of good practices of society through:
- Risk strategy and performance alignment.
- Internal risk management and compliancepolicies, processes and workflows.
- Definition and support in the implementation of risk management committee.
- Creation, implementation and maintenance of management programs that facilitate governance and proactive risk management.
- Identification, evaluation and management of appetite and risk tolerance.
- Reformulation and realignment of policies in the context of risk management, internal audit and compliance.
- Definition and design of processes and competencies for the compliance function.
- Definition and design of operational workflows, from risk management to reporting to competent authorities.
The Legislative Framework on Money Laundering and terrorist financing, as well as the new registration scheme for the beneficial owner, have practical implications and adaptations to be taken into account.
More extensive and complex, the legislation now in place establishes new measures to combat money laundering and terrorist financing introduces new concepts to facilitate understanding of the applicable regulatory controls, extends the scope entities subject to the measures imposed and legitimises access to anti-money laundering information by the tax authorities.
In this dossier, our expert consultants accompany organisations in the following specific obligations:
- establishment of formal procurement, treatment and archival systems and processes, including information on analysis and decision-making with regard to the examination of potential suspicions;
- establishing mechanisms to regularly test their quality, adequacy and effectiveness, including through an independent audit function, where applicable;
- Identification, evaluation, definition and adoption of concrete risk control procedures for money laundering and terrorist financing inherent in the organisation’s specific operational reality;
- Creation of a specific channel, independent and anonymous, that allows employees to report any violations and risk situations(whistleblowing);
- Implementation of tools or information systems necessary for effective risk management, in particular in the context of the identification and monitoring of customers and operations and to enable timely detection of risk events;
- Framework of reporting obligations under the Beneficial Owner;
- Application of the concept of Politically Exposed Persons;
- Reduction in writing of all risk management policies, as well as their review and periodic updating;
- Making diagnoses, definition and implementation of anti-fraud and anti-corruption programs;
- Design, implementation and optimization of reporting systems and processes to the authorities;
- Assessment of the risks of money laundering and definition of control mechanisms to be established.
In addition to facilitating authorities’ access to tax information, legislation on the prevention and repression of money laundering and terrorist financing provides for significant fines, forcing organisations to structure and improve internal processes and procedures, promoting a comprehensive and specialised risk management culture.
In the areas of Risk Management and Compliance there are numerous challenges in which Moneris can be an added value, accompanying its clients in the indispensable definition of new internal control policies and procedures and in the adoption of risk management practices:
- Ethics and conduct.
- Interpretation and understanding of industry regulatory requirements.
- Evaluation, design, construction, implementation and monitoring of complianceprograms.
- Review of the effectiveness of compliancemanagement policies, structure, controls and processes.
- Realization of diagnosis, development and implementation of internal control systems.
- Selection and implementation of compliance and reporting software.
- Development and implementation of training programs.
In a scenario of constant change, increasingly complex, to reach their potential organizations must bet on continuous improvement and challenge their business processes at all times.
To help organizations meet this challenge, we apply multidisciplinary teams in the analysis of their business, helping our customers react quickly to opportunities and threats, offering a perspective aimed at continuousimprovement of performance, allowing you to leverage your competitive advantages.
We are specialists in strategic business definition, optimization of customer relationship models, supply and product analysis, business and procedural transformation, as well as operational and economic and financial analysis.
We consider that the operational and organizational model is a competitive advantage available to management, given the numerous challenges that an organization can face:
- Change in strategy, which can be caused by changes in value proposition, customer changes and sales or segmentation and product strategies, new regulatory and capital requirements, global expansion and growth in emerging markets, or even management and acquisition or merger processes.
- Change in your performance, which can be an indicator of lack of coordination and/or organizational integration, lack of accountability, slow decision making and responsiveness, destructive internal conflict, implementation of new systems/ processes, or changes in technological strategy.
- Need to reduce costs, from waste and inefficient allocation of resources, or through downsizing, rightsizing, streamlining and outsourcing.
Continuous improvement, that is, uninterrupted demand for better and better results, is a growing practice in organizations from all sectors of activity, as it is guarantor of a correct and timely adaptation to the challenges and changes that the market requires.
We believe that the implementation of the Internal Audit minimizes risks and improves the decision-making process, providing decision makers with an impartial assessment of the activities analyzed, with objective recommendations and comments.
Our team brings together skills in project management, process improvement and control audits, with the objective of developing with customers various scopes of operation:
- Definition of methodologies and implementation of solutions.
- Optimization of controls.
- Diagnosis, definition and implementation of the internal audit function.
- Outsourcing of the internal audit function.
- Definition and implementation of internal audit methodologies.
- Development and implementation of training programs in internal audit.
- Selection and implementation of internal audit software (remote or continuous).
- Performance assessment and results obtained by internal audit teams.
- Optimization of existing controls and/or setting new controls.
Moneris has brought together a set of experts and partners with experience and know-how in the area of Privacy and Data Protection to make this complex process simpler by supporting your organization across the procedural line with a key package in hand.
Our multidisciplinary team, composed of the procedural, legal and technological aspects, proposes to support your company throughout the procedural line, with a set of solutions, summarized here in four phases of project:
1. Diagnosis & Gap Analysis
The audit for analyzing the impact and gaps in GDPR compliance should be based on two key-focus vectors. In a first line of work to be developed is a phase of survey, analysis and evaluation, to which a second phase of implementation and implementation reinforcement should be followed.
In the first phase of analysis, it is essential to know the organization, its information flows, and existing tools, in order to identify the information repositories covered and the security controls applied to them.
After collection and analysis, there will be identification of any gaps in compliance with privacy requirements in 4 distinct steps:
- Organizational context – at this stage the external and internal context of the organization is analyzed in relation to the protection of personal data.
- Mapping information – at this stage all the organization’s business processes, as well as their computer applications and business support data repositories, in order to identify areas of collection, processing and safeguarding of personal data.
- Privacy Impact Assessment – at this stage, business processes and their support systems are analyzed to validate compliance with privacy principles.
- Gap Analysis and Warnings – at this stage the organization’s exposure areas are the greatest risk of non-compliance, with risk mitigation actions proposed.
2. Remediation plan
The Gap Analysis report should include detailed timing of the implementation phase, depending on the identified findings and gaps, namely:
- Measures and recommendations, timed and planned, for elimination and mitigation of risk, classified by its criticality and urgency, aligned with the organization’s information security policy, but also of its business models, culture organisational organisational and budgetary availability.
- Recommendation of Governance policies for the organization, from the outset Codes of Conduct, training plans, monitoring structure and support to the Data Protection Officer, including function profile, definition of support tools and training.
- Suggestion of implementation of the necessary contractual and documentary processes, depending on the recommended measures for risk elimination and mitigation, and the legal and regulatory requirements identified in the audit process.
3. Implementation Project
Support and monitoring in the implementation of actions aimed at compliance with the GDPR includes:
- Definition and writing of internal privacy policies.
- Formalization of Governanceissues.
(policy and procedure manuals, action codes, statutes, etc.).
- Definition of consent mechanisms.
- Review of contracts with subcontractors.
- Monitoring systems and controls.
- Definition of dpo responsibilities and functions.
Monitoring and monitoring compliance with the GDPR is essential to ensure a continuous mechanism for managing and improving processes:
- Exercise of the external DPO function.
- Regular audits on compliance with GDPR provisions
- Assess impact of new types of data processing.
- Regularly test and identify intrusion and data access vulnerabilities, which allow you to measure prevention mechanisms.
Information is currently one of the largest resources of organizations, as it supports a wide diversity of processes and is transversal to all functional and strategic areas of a company.
Quality certification in Information Security Management Systems – ISO 27001 guarantees its customers, prospects,employees, suppliers, shareholders and stakeholders the integrity of their data and systems, as well as their commitment to information security.
Certification of your information system can also lead to new business opportunities with security-concerned customers, strengthen the notion of confidentiality throughout the workplace, and increase employee ethics. Certification also allows you to strengthen information security and reduce possible risks of fraud, loss of information and breach of confidentiality.
We have specialized teams in the area of processes, which will be able to monitor your organization in this and other demanding certification processes, which guarantee you:
- Demonstrating a commitment of the organization’s executives to information security.
- Increased reliability and security of information and systems in terms of confidentiality, availability and integrity.
- Making more efficient and risk-oriented investments, rather than trend-based investments only.
- The increase in the levels of sensitivity, participation and motivation of the organization’s employees towards Information Security.
- The continuous identification and referral of opportunities for improvement, this being a continuous process.
- Increased trust and satisfaction of customers and partners, providing greater potential for more business.
- The implementation of controls from the standard and risk analysis, improving the operational performance of organisations.
- The implementation of a management control system, increasing the effectiveness of the organization.
DIGITAL MOLDA FUTURE OF ACCOUNTANTS
In response to the challenge of digitization, which marks the current and is transversal to all activities, accounting reinforces its role in advising and managing the development of the business of those who, more than customers, are partners.
We have brought together a group of experts and partners with experience and know-how in the area of Privacy and Data Protection to make this complex process simpler by supporting your organization across the procedural line with a turnkey package, summarized here in four phases of design.