Risk and Compliance
Today’s constantly changing business environment requires thinking differently about risk and compliance.
Taking an innovative approach to improving your business processes, both corporate governance and risk management and compliance, ensures a constant commitment to continuous improvement.
This organisational design and proactivity ensures improved business performance by anticipating and mitigating risks, fostering an internal control environment that maximises opportunities, and contributing to better financial performance.
At Moneris we use our solid knowledge in organisational processes to ensure the efficiency and effectiveness of key business operations, as well as improving financial performance and cash flow management.
We are ready to assist your company in defining models and processes for the areas of risk and compliance, across all components and dimensions.
We also aim to maximise the return on investment in any operation or process by providing necessary and appropriate advice that creates value for shareholders and other stakeholders.
Risk and Compliance Components and dimensions
- Definition of the risk management and regulatory compliance framework.
- Identification, assessment and monitoring of the risk profile.
- risk risk.
- Implementation of risk management solutions.
- Diagnosis, definition and implementation of the risk management function.
- Characterisation and validation of the organisation’s risk profile.
- Definition and assessment of risk mitigation strategies.
- Development and implementation of risk monitoring and compliance processes.
- Definition of information technology support requirements for risk management and compliance processes.
- risk and compliance.
- Selection and implementation of software
- risk management.
- Design and implementation of loss quantification processes.
- Preparation and realization of management training
- risk and compliance.
Risk and Compliance Areas
- Corporate Governance
- Prevention and Repression of Money Laundering
- Process reengineering and continuous improvement
- Internal Audit
- Privacy and Data Protection (GDPR)
The Governance area, or Corporate Governance, is the set of processes, customs, policies, laws, regulations and institutions that regulate the way a company is run, managed or controlled.
One of the main concerns of this area is to ensure the support of the main actors – shareholders, senior management and board of directors – to codes of conduct and internal regulations, through mechanisms that try to reduce or eliminate conflicts of interest and bouts of fiduciary duty.
Thus, Corporate Governance is composed of the set of mechanisms and rules by which forms of control of the management of publicly traded companies are established, and which include instruments for monitoring and the possibility of accountability of managers for their decisions or management acts.
At Moneris we believe that the definition of a structured and transparent Governance policy is an unavoidable tool for promoting an organization’s economic efficiency, sustainable growth and financial stability.
Therefore, we share a vision of self-regulation, which aims to promote the dissemination of good practices of society through:
- Risk strategy and performance alignment.
- Internal risk management and compliance policies, processes and workflows
- Definition and support in the implementation of risk management committee.
- Creation, implementation and maintenance of management programs that facilitate governance and proactive risk management.
- Identification, evaluation and management of appetite and risk tolerance.
- Reformulation and realignment of policies in the context of risk management, internal audit and compliance.
- Definition and design of processes and competencies for the compliance function.
- Definition and design of operational workflows, from risk management to reporting to competent authorities.
The legislative framework on money laundering and terrorist financing, as well as the new beneficial ownership registration scheme, have practical implications and adaptations to be taken into account.
More extensive and complex, the legislation now in force establishes new measures to combat money laundering and terrorist financing, introduces new concepts to facilitate understanding of applicable regulatory commands, extends the scope of entities subject to the measures imposed and legitimises access to anti-money laundering information by tax authorities.
In this dossier, our expert consultants accompany organisations in the following specific obligations:
- establishment of formal procurement, treatment and archival systems and processes, including information on analysis and decision-making with regard to the examination of potential suspicions;
- establishing mechanisms to regularly test their quality, adequacy and effectiveness, including through an independent audit function, where applicable;
- Identification, evaluation, definition and adoption of concrete risk control procedures for money laundering and terrorist financing inherent in the organisation’s specific operational reality;
- Creation of a specific, independent and anonymous channel that allows employees to report possible violations and whistleblowing situations;
- Implementation of tools or information systems necessary for effective risk management, in particular in the context of the identification and monitoring of customers and operations and to enable timely detection of risk events;
Framework of reporting obligations under the Beneficial Owner;
- Application of the concept of Politically Exposed Persons;
- Reduction in writing of all risk management policies, as well as their review and periodic updating;
- Making diagnoses, definition and implementation of anti-fraud and anti-corruption programs;
- Design, implementation and optimization of reporting systems and processes to the authorities;
- Assessment of the risks of money laundering and definition of control mechanisms to be established.
In addition to facilitating authorities’ access to tax information, legislation on the prevention and repression of money laundering and terrorist financing provides for significant fines, forcing organisations to structure and improve internal processes and procedures, promoting a comprehensive and specialised risk management culture.
In the areas of Risk Management and Compliance there are numerous challenges in which Moneris can be an added value, accompanying its clients in the indispensable definition of new internal control policies and procedures and in the adoption of risk management practices:
- Compliance programs.
- Reporting solutions.
- Ethics and conduct.
- Interpretation and understanding of industry regulatory requirements.
- Evaluation, design, construction, implementation and monitoring of compliance programs.
- Review of the effectiveness of compliance policies, structure, controls and management processes.
- Realization of diagnosis, development and implementation of internal control systems.
- Selection and implementation of compliance and reporting software.
- Development and implementation of training programs.
The current business environment poses numerous challenges and opportunities for businesses and entrepreneurs.
In a scenario of constant change, increasingly complex, to reach their potential organizations must bet on continuous improvement and challenge their business processes at all times.
To help organizations meet this challenge, we apply multidisciplinary teams in the analysis of their business, helping our customers react quickly to opportunities and threats, offering a perspective that aims at continuous performance improvement, allowing to leverage their competitive advantages.
At Moneris we are specialists in strategic business definition, optimization of customer relationship models, analysis of offer and products, business and procedural transformation, as well as operational and economic and financial analysis.
We consider that the operational and organizational model is a competitive advantage available to management, given the numerous challenges that an organization can face:
- Change in strategy, which can be caused by changes in value proposition, customer changes and sales or segmentation and product strategies, new regulatory and capital requirements, global expansion and growth in emerging markets, or even management and acquisition or merger processes.
- Change in your performance, which can be an indicator of lack of coordination and/or organizational integration, lack of accountability, slow decision making and responsiveness, destructive internal conflict, implementation of new systems/ processes, or changes in technological strategy.
- Need to reduce costs, arising from waste and inefficient allocation of resources, or through downsizing, rightsizing, streamlining and outsourcing.
Continuous improvement, that is, the uninterrupted demand for increasingly better results, is a growing practice in organizations of all sectors of activity, as it guarantees a correct and timely adaptation to the challenges and changes that the market demands.
Surround yourself with the right professionals to reorganize your internal processes, with the most appropriate methodologies and organizational best practices.
The Internal Audit aims to add value and improve the operations and results of an organization, through the adoption of a systematic and disciplined approach to the evaluation, improving the effectiveness of risk management processes.
We believe that the implementation of the Internal Audit minimizes risks and improves the decision-making process, providing decision makers with an impartial assessment of the activities analyzed, with objective recommendations and comments.
Our team gathers skills in project management, process improvement and control audits, with the objective of developing several areas of activity with clients:
- Definition of methodologies and implementation of solutions.
- Optimization of controls.
- Diagnosis, definition and implementation of the internal audit function.
- Outsourcing of the internal audit function.
- Definition and implementation of internal audit methodologies.
- Development and implementation of training programs in internal audit.
- Selection and implementation of internal audit software (remote or continuous).
- Performance assessment and results obtained by internal audit teams.
- Optimization of existing controls and/or setting new controls.
In recent years, the European Union has begun the largest process of modernising the regulatory framework in the areas of Privacy and Data Protection.
With the General Data Protection Regulation (GDPR), in force since 2016 and with direct application since May 2018, the protection of natural persons with regard to the processing of personal data and the free movement of such data has been regulated.
New e-Privacy regulations are also under discussion, which updates existing legislation in accordance with the new challenges arising from constant digital developments and an exponential growth in new technologies in trade – Digital Single Market.
The new regulation is of some complexity, representing a challenge for all companies and organisations, public and private, who will have to implement control tools and specific procedures for the management and protection of customers and employees.
But conforming an organization to the GDPR can be much more than applying the new Privacy and Data Protection rules. However, adapting an organisation to the GDPR may involve much more than applying the new Privacy and Data Protection rules. With the right mindset and a tailor-made process, it is possible to move towards a consolidated view of risk management and the subsequent quality of internal processes; a view that we advocate for all organisations.
To support you in this aspiration, Moneris has brought together a group of experts and partners with experience and know-how in the Privacy and Data Protection area so as to make this complex process simpler, supporting your organisation throughout the entire procedure with a turnkey package, summarised here in four project phases.
Diagnosis & Gap Analysis
1 – Diagnosis & Gap Analysis
The audit for impact analysis and gaps in compliance with the GDPR should be based on two key focal vectors. The first line of work to be developed includes a survey, analysis and evaluation phase, followed by a second phase of execution and implementation enhancement.
In the first phase of analysis, it is essential to be familiar with the organisation, its information flows and existing tools in order to identify the repositories of information covered and the security controls applied to them.
Collection and analysis will be followed by identification of any gaps in meeting Privacy requirements, in 4 distinct steps:
in this phase, the organisation’s external and internal context in relation to personal data protection is analysed.
in this phase, all the organisation’s business processes are analysed, as well as the respective computer applications and business support data repositories, in order to identify areas for collecting, processing and safeguarding personal data.
Privacy Impact Assessment
in this phase, business processes and their support systems are analysed with a view to validating compliance with privacy principles.
Gap Analysis and Warnings
in this phase, the organisation’s areas of exposure to the highest risk of non-compliance are identified and risk mitigation actions are proposed.
2 – Remediation Plan
The Gap Analysis report should include detailed timing for the implementation phase, depending on the findings and gaps identified, namely:
Scheduled and planned measures and recommendations for risk elimination and mitigation, classified by their criticality and urgency, aligned with the organisation’s information security policy, but also with its business models, organisational culture and budgetary availability.
Governance policy recommendations for the organisation, including Codes of Conduct, training plans, follow-up structure and support for the Data Protection Officer, including role profile, definition of support tools and training.
Suggested implementation of necessary contractual and documentary processes, based on recommended risk elimination and mitigation measures, and legal and regulatory requirements identified in the audit process.
3 – Implementation Project
Support and follow-up in the implementation of actions towards compliance with the GDPR includes:
- Definition and drafting of internal privacy policies.
- Formalisation of Governance issues (policy and procedure manuals, action codes, articles, etc.).
- Definition of consent mechanisms.
- Revision of contracts with subcontractors.
- Monitoring and control systems.
- Definition of DPO responsibilities and roles.
4 – Ongoin
Follow-up and monitoring of GDPR compliance is critical in order to ensure a continuous process management and improvement mechanism:
- Exercise of external DPO function.
- Regular audits of GDPR compliance (compliance audit).
- Assess impact of new types of data processing.
- Regularly test and identify data access and intrusion vulnerabilities to gauge prevention mechanisms.