Governance, Risk & Compliance (GRC)
«It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently.»
The demands placed on executive bodies of financial institutions, but also on legal entities such as foundations or trusts, are constantly increasing. This is accompanied by increased regulatory and civil liability risks. These increased liability risks can only be countered by defining and implementing flawless governance processes. These governance processes include in particular
Definition of clear internal processes and responsibilities derived from the legal requirements in internal directives, in particular
- clear instructions to the various responsible parties
- Definition of controls (ICS) appropriate to the existing risks
- Ensuring adequate reporting to the highest bodies
Adequate training of staff, in particular
- "Commitment from the top"
- Training regarding legal requirements and internal directives
- ongoing notification of relevant changes
Proper decision-making by the bodies, in compliance with the Business Judgement Rule, in particular
- by the right body
- with adequate preparation
- Properly documented
«If you think compliance is expensive, try non‐ compliance.»
Former U.S. Deputy Attorney General Paul McNulty
Risk Management & Compliance
The aim of risk management is to identify and assess existing risks and to define measures to limit risks.
The aim of compliance is to prevent violations of regulatory obligations by providing employees with guidelines for action as well as by monitoring compliance. The type, frequency and scope of compliance-controls depend on the identified risks. This is the reason we regard risk management and compliance as complementary tasks.
A risk and compliance officer should neither be a fundamental "business inhibitor" nor a person “waving through” everything. However, he should draw attention to risks, suggest risk-reducing measures and assess the residual risk. It is up to the management level to decide whether the residual risk should be taken or not. The Risk and Compliance Officer thus becomes a valuable sparring partner for the management level. The performance of his role also crucially depends on the compliance culture lived by the company.
Compliance processes should not only be effective, but also efficient. Ultimately, it is a matter of making the best possible use of existing compliance resources in the interests of risk minimization.
"We've got the big picture and we'll get to the point".
Regulations are becoming increasingly detailed and difficult to oversee. Details are essential. It is equally important not to lose the view of the whole matter. Our many years of experience in managing financial institutions combined with our compliance expertise in Liechtenstein and Switzerland will help you not to lose the overview of the whole matter, despite the flood of details. This overview also ensures that we can quickly get to the important aspect of a problem analysis.
We tailor our services to your exact needs. Everything is possible, from coaching and consulting in individual cases to a complete outsourcing. We cover the entire spectrum of services for our customers.
Our services in the GRC area include in particular
- GRC check: Analysis of GRC processes, assessment of liability risks and development and implementation of risk-reducing measures
- Sparring partner for executives as well as risk and compliance managers, including coaching
- Setting up and operating suitable systems to identify and evaluate existing risks and define measures to limit these
- Ensure appropriate compliance organizations and processes, including internal control systems
- Development of a compliance culture
- Drafting internal guidelines
- Taking over regulatory risk and compliance functions
- Outsourcing of GRC tasks
- Preparation for regulatory controls
- Compliance support on a case-by-case basis, in particular with regard to obligations in the areas of prevention of money laundering, banking and asset management law, Insurance law, fund law (AIFM / UCITS), trust law, automatic exchange of information in tax matters (CRS / FATCA), data protection, in particular the General Data Protection Regulation (GDPR), Fintech / E-Money / Crypto-Currencies / Blockchain.