Value propositions compliance
CCO, CFO/CEO, Legal counsel, Audit committee, CIO, CRO
Your questions & needs
- Your cost of compliance is too high.
- You are at risk to get fined.
- How do you increase value to your boards?
- Where do you find compliance staff?
- How to get true compliance experts?
- You are in need of a ad-interim CCO.
- Increased pressure on compliance.
- You need an assessment on the quality of your compliance function.
- Improvement in compliance is needed (for auditors, banks, regulator, owner).
- The control environment is complex.
- You need a vision and an action plan to align all governance bodies.
- How to improve the job-satisfaction of your staff and increase retention?
- How to work together with internal control, risk management, and internal audit?
- How to automate your compliance processes and reporting.
- Your IT reveals compliance issues, eg SAP/Oracle security, IT-controls, Identity Access Management, or authorisations.
- How to drive a compliance program, including benefit tracking, project management, quality assurance, and training.
Technology, specialist consulting & managed services
Our propositions
Strategy, governance and structure
- Strategic consulting (workshops or coaching) to define ‘what’ you want/need to realise to be effective (vision, added value, planning, maturity plateaus), resulting in a concrete compliance program (‘how’).
- Consulting to define effective integrated governance (lines of defense, stakeholders, communication).
- Co-source or fully outsource your compliance function.
Policies & processes
- Hands-on consulting to build your methodology, risk universe, controls treatment & testing, policies and procedures based on your vision, charter, strategy, and plan.
- High quality specialist on expert areas, regulations and compliance topics (eg, export controls, ESG, SOx).
- Repetitive compliance work (eg, KYC, CDD, monitoring, reporting) as managed service. Provide flexible Dutch and English speaking compliance staff at your location, out of our service centres, or hybrid.
People
- Training and or control awareness, soft controls, and integrity controls.
- Ad-interim compliance Directors and compliance specialists.
Technology
- Help to select technology to improve compliance quality and lower costs often with content and frameworks included.
- Automate your (SAP) compliance (authorisations, security, data).
- Implement compliance software; agile, in-time, and at a fixed price.
Our solutions for the compliance function
Compliance Technology
- Best practice compliance software to document and automate your compliance processes from policies, risks, controls, compliance reviews, and reporting activities.
- Fixed prices compliance software implementation.
- Optimisation of usage.
- Application security,
- API integration with GRC, risk management & internal audit software.
Compliance Consulting
- Compliance specialists to assess, improve, and embed compliance functions.
- Both strategic and hands-on operation consulting.
- Real-time compliance reporting & assurance (to all stakeholders).
- Improve compliance via maturity modelling.
- Improve tone-at-the-top, culture, integrity, committed leadership (all with maximum usage of soft controls).
- continuous process improvement as a capability build within the organisation.
Managed Services
- For clients who aim to outsource their compliance function, we provide remote compliance managed services with local representation (feet-on-the-ground).
- From Suriname for transaction & reporting oriented repetitive compliance work.
- From South Africa for (SAP) security, IAM, active directory and authorisations.
- All with global and local (your region) specialists for specific areas, regulations or topics.
Flexible compliance specialists pool
- A pool of compliance experts from all around the world, including our service centres to support our clients in their operations (all lines of defense) or change projects.
- Focus to provide resource availability plus flexibility.
- All our specialists are trained in our software solutions.
- Both repetitive work as high value consulting.
(Banking) Compliance
- For financial institutes we provide operational (1’st line) and 2’nd/3’rd line managed services from Suriname.
- 1’st line operational support to realise best practice banking compliance. This includes client onboarding, risk profiling, KYC/CDD analysis, UBO-analysis, FATCA/PEP CRS/GDPR/AVG, World-check, BKR, OFAC, Enhanced and event driven DD, and black list management.
- 2’nd line is compliance auditing / monitoring to guide and review process execution.
- 3’rd line to provide independent assurance to board and stakeholders.
Your value
Happy staff
- We focus on your repetitive work,
- Provide staff availability and flexibility (up- and downgrading).
- Resulting in increased job satisfaction for your staff.
- High staff retention.
- Focused knowledge transfer.
Increase effectiveness
- Technology forces effective and efficient process execution.
- Experience experts for strategic and operational (hands-on) advise.
- Effectiveness, efficiency and quality improvement is included in our managed services.
Reliability & trust
- We meet your objectives and requirements.
- Our repository of automated controls and application security provides reliability.
- Reliability and continuous insight for all stakeholders creates transparency and trust.
Cost efficient savings
- Efficient process execution with technology and well-educated staff.
- One-time-right quality consulting (less hours, higher value) at competitive prices.
- Managed services reduce 30% costs (compared to European standards).
High Quality
- With our technology resulting in high quality process execution.
- Best in class consulting including content (frameworks).
- Embedding new way-of-working (make it stick).
- High quality managed services seamlessly integrated in your process.
Added value
- We make you best-in-class for you to add value.
- Full project support.
- Building your capabilities to continuously improvement.
- Quality assurance over the transition is included in our managed services.
Client experiences compliance
reach new heights with our world class technology software
meet all compliance regulations
continuous dialogue with all your stakeholders inside and outside your organisation
company wide dashboards providing real-time insight
Full transparency towards all stakeholders
Compliance technology (and Regtech)
Technology solution categories
Together with our technology vendors, we help our clients to select, implement, enhance & protect their compliance technology solutions.
We support in:
- Building the compliance technology vision and plan.
- Align with other governance bodies and implement software solutions.
- Select the right technology from requirement analysis, RFI, RFP to contracting.
- Providing demo’s and realising sandboxes to give you an understanding of the functionalities.
- Set-up and (fully) execute the technology plan.
- Do the market inquiry and provide reference clients (visits).
- Technical realisation of the software (on-premise of together with the vendor in the cloud).
- Customise the compliance software.
- Implement your way-of-working, organisation structure, policies, processes, risks, controls and report in the software.
- Provide and implement content and frameworks.
- Train you staff in the usage of the software.
- Implement capabilities for you to continuously improve.
- Integrating technology solutions (API connectivity).
- Securing your compliance software and data.
RegTech software applications are plotted in the picture to the right (with an indication in percentages of different type of software)
Top compliance technology partners
Risk & compliance
CERRIX is the best value for money full GRC suite from The Netherlands. Strong at financial institutes because of embedded form functionalities to realise KYC/CDD compliance. Best in class to design business process, linked risk & controls, and action tracking. ISQM functionalities are built in to support external auditors to implement their quality system and thus become compliant.
Transaction monitoring
Pathlock’s access orchestration solution supports Zero Trust application compliance with a cloud based loss prevention control platform. Pathlock manages all aspects of access governance in a single platform, including user provisioning and temporary elevation, ongoing User Access Reviews, internal control testing, continuous transaction monitoring, and audit preparation
SAP GRC solution
Soterion has built a business-centric agile GRC solution on top of SAP that enhances accountability of SAP related risk & compliance. The solution has extensive functionalities to analyse user rights, improve compliance and stay compliant. Soterion is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience; both on premise, in the cloud or as a managed service.
Audit & controls
World’s leading (internall) audit and assurance expert solution with over 25 years dedication to auditors. Is used by banks for 2’nd line compliance monitoring departments with a similar methodology as internal audit. TeamMate has more than 3,000 customers in over 150 countries. Among their customers are 30% of Fortune 1000, 40% of Fortune 100, the top 5 Global Audit Firms, and more than 1,000 Public Sector Agencies.
GRC solution
WolterKluwers’ Enablon provides the Mercedes amongst GRC-solutions. Besides the full GRC-suite, the solutions manages safety and environmental performance (ESG and HSE). Enablon’s solutions are used in more than 160 countries by the world’s leading companies. Enterprises have chosen Enablon solutions to enhance the management and reporting of nonfinancial performance.
Compliance consulting
Assess and position
- Strategic compliance direction and capability assessment, including management of the function, ‘tone-at-the-top’, commitment, capabilities, vision, strategy, continuous improvement.
- Effectiveness of governance (positioning, alignment with other lines-of-defense, and reporting lines).
- Your capabilities to prevent, detect, and respond.
- Compliance function maturity (scans).
- Your process to independently do internal investigations.
- Compliance risk assessment methodology.
- Compliance technology positioning and assessments (regtech, GRC software, and tooling related to sanctions & embargoes, TPDD, GEH, S&D).
- Operational compliance capability assessments, including policies, risk and control treatment, methodology, plans, handbook, dashboards, and reporting obligations.
- IT compliance, including ERM (SAP) authorisations and security.
- Content and frameworks reviews.
- (Financial sector) compliance monitoring (2.5 line of defense).
- Compliance staff quality and requirement assessments.
Improve
- Provide ad-interim Compliance Officers.
- Specialist consulting on topics and regulations (eg, export controls, trading compliance, integrity & soft controls).
- Board Audit Committee and Supervisory Board consulting.
- Risk & compliance (awareness) training & ongoing counselling.
- Executing compliance testing and independent investigations.
- Strategic improvement program using maturity modelling and our vision towards the compliance function of the future where the focus changes from testing to continuous insight providing trust to boards, stakeholders, and society.
- Value improvement, and (integrated) governance.
- Technology selection & implementation and usage improvement.
- Operational process improvement, code of conduct, risk treatments, policy compliance check, systematic case tracking, sanctions and disciplinary measures, self-disclosure / reporting obligations.
- Compliance framework and content provision.
- SAP authorisations & security compliance.
- Continuous transaction monitoring.
Embed
- We support to make all improvements stick by guiding your staff through all changes and periodically monitor the execution of your new way-of-working.
- Embed learned skills and realise a culture of continuous improvement.
For those clients who don’t have the right capabilities, or just want to outsource their compliance function, we provide managed compliance services. This includes embedding the new way-of-working over your organisation and BR1GHT.
Compliance managed services
For those clients who don’t have the right capabilities, not enough staff members, want to make fast quality improvement steps or just have the strategy to outsource, we provide managed compliance services out of:
- Suriname. Both ‘high value’ consulting plus repetitive compliance activities with a focus on energy trading, financial institutions and external auditors (ISQM). Our services include controls effectiveness testing, pre-accumulating compliance files, compliance testing, transaction & reporting oriented work, project management office activities, and so on. Read more for details related to banking compliance.
- South Africa. IT-compliance, including (SAP) authorisations, application security, automated controls testing and identify & access management. We also run specific data-analytics or process mining programs. All our teams are skilled in the latest technology.
- We provide both co-sourcing and full outsourcing. The biggest difference is that with co-sourcing our teams work fully under our client’s management supervision, in their IT-environment, and in their risk & quality management systems. With full-outsourcing, all risk & quality requirements are clear and written down in a service level agreement and we agreed that we can fully comply with them.
- Teams in Suriname and South Africa always work together with local BR1GHT people at your location. These local ‘linking pins’ make sure that we always understand your needs and if issues pop-up, we can immediately solve them. They are responsible for the seamless integration of our and our client’s staff.
- We have our proven methodology for onboarding to guarantee a controlled transition called ‘the 12-successfactors of change management’.
Flexible compliance specialists pool
(Banking) Compliance
Our compliance managed services supporting your business operations
- Client onboarding (establish risk profile, KYC/CDD analysis)
- Corporate structure charting, UBO analysis
- FATCA, PEP, CRS, GDPR/AVG analysis
- World Check, BKR, OFAC, FATF, EU, UN, Google checks
- Periodic Revisions of Client Files (risk rating/client profiling)
- Enhanced DD, Event driven DD, escalation & Investigation special cases
- Internal Blacklist Management
- Transaction Monitoring (AML, WFT, CFT) alerts and follow-up.
- Compliance Reporting (all, including FIU/AFM (unusual transactions reporting).
- Digitalization projects (e.g client file digitalization).
- Provide assurance towards 2’nd line/3’rd line facilitate reviews/audits.
- Support 2’nd/3’rd line with flexible compliance / audit resources (representation).
- Project support to implement control & assurance
Our compliance managed services supporting your 2’nd and 3’rd lines of defense
- Provide specialists to 2’nd line risk assessment, including technology to make risks visual and ‘living’.
- Specialist pool of compliance auditors / review specialists for the compliance function.
- Support in training, compliance awareness, ethics and integrity as baseline.
- Provide specialist auditors for compliance or audit function.
- Provide RegTech tooling and realise a strategic plan to incorporate a company–wide IT-landscape where controls monitoring is driving strategy execution, operational excellence and trust.
- AD/IAM & application controls continuous monitoring platform as managed services.
- Support in building dashboard and continuous stakeholder communications to realise trust.
Compliance news
14 SAP S/4 HANA and Rise authorization migration pitfalls and recommendations
At BR1GHT, we recognize that more and more clients tend to move towards SAP S/4HANA. This transition is more than a technological upgrade; it’s an opportunity to optimize your operations, align with compliance standards, and enhance your business value. Within this...
Outlining the Essential Components for Effective GRC – The GRC Pyramid
In this insightful podcast, Meindert Keuning (BR1GHT) and Emile Steyn (Soterion), guided by host Dudley Cartwright, discuss the critical components of effective Governance, Risk, and Compliance (GRC). Using the GRC Pyramid as a framework, they explore how...
Simplifying SAP S/4HANA Migration: Insights and Solutions from BR1GHT, Soterion, and PwC
Migrating to SAP S/4HANA is a critical step for organizations looking to modernize their ERP systems, optimize business processes, and embrace digital transformation. However, this transition brings unique challenges, especially in managing SAP security and...
SAP Security & GRC Trends Report
In a recent podcast Meindert Keuning (BR1GHT) and Emile Steyn (Soterion) tackled one of the most pressing issues facing businesses today: the critical shortage of skilled SAP security professionals. The discussion provided actionable insights into how organizations...
Downloads
Vision paper
The digital transformation is reshaping organisations with an increasing pace. Digital solutions using RPA, IoT and mobile are being implemented in the business to save costs, improve business processes or to build client intimacy. But what are the risks of these new digital solutions, how do you control them and what does digital mean for your control environment? In a series of publications, we will dive deeper into these questions and take you with us in our Digital Control journey Towards Continuous Monitoring.
In this publication you will read all about:
- What are the risks of new digital solutions, such as RPA, ML, IA,
- The need to continuous monitoring,
- Wat is continuous monitoring,
- How 2’nd and 3’rd Lines of Defence can use continuous monitoring,
- How to use continuous monitoring to provide assurance,
- Upskilling risk and internal audit specialists.
If you would like to know more about continuous monitoring, please contact us. We can provide you with concrete examples of implementations.
