Compliance

We help companies structure , strengthen, and maintain effective compliance programs aligned with applicable legislation and best market practices. Our solutions include:

Maturity Diagnosis

A comprehensive assessment of the Compliance function, grounded in its core pillars, resulting in a tailored action plan

Risk Mapping and Assessment

Identifying risks through a Compliance lens and defining appropriate mitigation strategies.

Implementation of Compliance Programs

Development, review, and updating of communication policies, procedures, and strategies.

Compliance Assurance and Due Diligence

Compliance testing and counterparty assessments conducted through a risk-based approach.

Training and Development

Customized training plans –delivered in-person or remotely – tailored to the company’s industry and organizational profile

Preparation for Certifications

Support for initiatives such as Pró-Ética and ISO 37001 pre-audits.

Compliance as a Service ( CaaS )

Continuous support for the operation of the Compliance function.

Internal Investigations

Responsibility, care, respect, expertise, and use of technology.

Sufficient resources to conduct behavioral investigations, as well as those related to corporate fraud or any procedural non-compliance.

Conducting investigations in a discreet, respectful, and human-centered manner, supported by specialists in human behavior and workplace conduct.

Investigative methodology with strict attention to the chain of custody and procedures for generating and preserving legally admissible evidence – ensuring traceability and security in the execution and management of activities related to evidence production in internal investigations of potential violations of the Code of Conduct, Internal Policies, applicable laws, or business regulations.

Ethics Line PMO As a Service
Management of the ethics hotline, along with mentoring on the key stages of internal investigations.
Review of performance indicators, complaint SLAs, and the communication and engagement plan for the reporting channel.
Evaluation of the channel governance, dissemination strategies, and engagement levels in alignment with the compliance program’s communication and training plan. Support in reviewing or implementing a consequences matrix.

Support and execution of all stages of internal investigation processes.
Full support across all phases of internal investigations: screening, preliminary analysis of reports, request for essential documents and information, planning of stages and investigation strategy (Planning Memo), document review, preparation of interview scripts, and conducting of both exploratory and confrontational interviews. Final reporting includes recommended mitigation measures and identification of incidental findings requiring attention.

Anti-Money Laundering – AML

Markets and financial systems across the globe are becoming increasingly interconnected, within a highly complex and demanding regulatory landscape. Our Anti-Money Laundering (AML) process review provides clients with a precise diagnosis of their current state and delivers an actionable plan to address any identified gaps.

AML Process Review

• Transaction monitoring: tool analysis, evaluation of monitoring parameters, and alert management.
• Internal reporting process for Suspicious Activity Reports (SAR).
• Regulatory reporting process for SAR.
• ICU – Internal Control Unit: process definition and governance.
• MLRO (Money Laundering Reporting Officer): definition, roles, and conflicts of interest.

Risks and Internal Controls

• Review and implementation of controls
• Development and review of strategic and operational risk matrices and associated controls.
• ITGC (Information Technology General Controls)
• SoX
  • Development, review, and optimization of risks and control matrices.
  • Development, review, and optimization of test plans.
  • Development of a remediation plan to address and resolve control weaknesses classified as Significant Deficiencies or Material Weaknesses.

Data Protection | LGPD*

• Assessment and compliance: scenario mapping and full-scope consulting, conducting the entire end-to-end process.
• Training Courses: comprehensive programs for managers and employees on Data Protection and LGPD compliance.
• Training and support for LGPD Self-Compliance: methodology-based approach with online course and technical assistance.
• Educational content and playful materials: animated comics and printed magazines designed to promote awareness and understanding of Data Protection and LGPD.
• Virtual Assistant (AI): a virtual agent with access to an extensive knowledge base on LGPD-related topics, powered by public data sources and user interactions in a secure environment. Developed and owned by a partner, the assistant is capable of answering any questions regarding the Brazilian General Data Protection Law (LGPD).

* In partnership with a consulting firm specialized in the subject.

ESG

• ESG Assessment to identify the company’s maturity level across key themes and pillars – including Climate Change, Environmental
• Management, Health & Safety, Diversity & Inclusion, Corporate Governance, and Communication.
• Materiality study based on risk analysis and engagement with key stakeholders.
• Development of the ESG Program, including objectives, identification of key processes, KPIs, and action plans.
• Integrating ESG into the Compliance Program.
• ESG management in the supply chain.