Value propositions compliance
Chief Compliance Office, CFO/CEO, Legal counsel, Audit committee, CIO, CRO
Your questions & Needs
- Your cost of compliance is too high.
- How do you improve value to your management and supervisory board?
- Where do you get compliance staff?
- How do you get true compliance experts on specific areas and regulations?
- You are in need of a ad-interim CCO or temporarily specialist functions.
- You are expecting increasing pressure on compliance.
- You require an assessment on the quality of your compliance function.
- External stakeholders require improvement (financial auditors, banks, regulator).
- The control environment is complex and you need a vision and an action plan to align all governance bodies.
- How do you improve the job-satisfaction of your staff and increase retention?
- How do you work together with risk management and internal audit?
- How do you automate your compliance processes and reporting.
- Your information technology and application systems reveal IT-compliance issues, for example in your SAP/Oracle security, IT-controls environment, Identity Access Management, authorisations.
- You need to start a compliance program and you need to manage this, including benefit tracking, project management, quality assurance, and training.
Technology, specialist consulting & managed services
Our solutions to bring value
- Help you select technology solutions to improve compliance quality and lower costs.
- Automate your (SAP) compliance (authorisations, security, data).
- Implement compliance software; agile, in-time, and at a fixed price.
- Ad-interim compliance directors / CCO.
- Flexible Dutch and English speaking audit staff at your location, hybrid, or out of our service centres in Suriname and South Africa with feet-on-the-ground in your region.
- Specialists to build your compliance vision, set-up your charter, strategy and plan, methodology, and handbooks, define your risk universe, controls treatment & testing.
- Repetitive compliance work enabling your staff to focus on ‘high quality’ added value activities (results in job satisfaction and retention).
- High quality specialist on expert areas, regulations and compliance topics (eg, export controls, ESG, SOx).
- Content & framework provisioning.
- Strategic consulting to realise added value and an effective governance.
- Building your vision towards real-time compliance.
- Co-source or fully outsource your compliance function.
- We support you in all aspects to improve compliance, including training and or control awareness.
Our solutions for the compliance function
Our best practice compliance software helps you to document and automate your compliance processes, risks, controls, compliance reviews, and reporting activities. Our services include:
- Compliance & regtech software selection, and implementation.
- Optimisation of the usage of your technology.
- Compliance application security.
- Compliance software integration with GRC, risk management & internal audit software (API-connectivity).
- Managed application services.
- Full partnership to develop with you your future compliance software landscape.
Our compliance specialist consultants help organisations to assess te compliance functions, improve towards best practice, and embed the new way-of-working at clients. Besides this, our services include:
- Real-time compliance reporting & assurance, integrated with all stakeholders, including Supervisory Board and outside the organisation towards all stakeholders.
- Robust Compliance Governance & “Tone from the Top” – Corporate culture & integrity – committed leadership with maximum usage of soft controls.
- Continuous process improvement as a capability build within the organisation.
Compliance Managed Service
For those organisations who want to outsource their ‘way-of-working’, we provide remote compliance managed services with local representation (feet-on-the-ground):
- out of Suriname for transaction & reporting oriented repetitive compliance work.
- out of South Africa for (SAP) authorisations, security, IAM.
- global and local (your region) specialist for specific compliance areas, regulations or topics to temporarily work in your compliance department or participate in your change/improvement programs.
(Banking) Compliance Monitoring
Never ever get fined for neglection. For financial institutes we provide technology solutions in combination with compliance managed services to:
- Compliance auditing / monitoring to provide comfort to the board and regulators.
- Operations support to realise best practice banking compliance.
- Third line support to get compliance assurance.
Our services include (not limited to) client onboarding, establishing risk profiles, KYC/CDD analysis, UBO-analysis, FATCA/PEP CRS/GDPR/AVG, Woldcheck, BKR, OFAC, Enhanced and event driven DD, black list management, reporting.
reach new heights with our world class technology partners
continuous dialogue with all your stakeholder inside and outside your organisation, your supervisory board and society in general
company wide dashboard providing real-time insight
Full transparency towards all stakeholders
Compliance technology (and Regtech)
Technology solution categories
Together with our technology vendors, we help our clients to select, implement, enhance & protect their compliance technology solutions.
We support in:
- Building the compliance technology vision (in line with other governance bodies and technologies).
- Setting-up and the execution of the technology plan.
- Aligning technology with processes & people capabilities.
- Integrating technology solutions.
- Securing Regtech.
RegTech software applications are plotted in the picture to the right (with an indication in percentages of different type of software)
Top compliance technology partners
World’s leading (internall) audit and assurance expert solution with over 25 years dedication to auditors. Is used by banks for transaction monitoring (audits). TeamMate has more than 3,000 customers in over 150 countries. Among their customers are 30% of Fortune 1000, 40% of Fortune 100, the top 5 Global Audit Firms, and more than 1,000 Public Sector Agencies.
Pathlock’s access orchestration solution supports Zero Trust application compliance with a cloud based loss prevention control platform. Pathlock manages all aspects of access governance in a single platform, including user provisioning and temporary elevation, ongoing User Access Reviews, internal control testing, continuous transaction monitoring, and audit preparation
SAP GRC solution
Soterion has built a business-centric agile GRC solution on top of SAP that enhances accountability of SAP related risk & compliance. The solution has extensive functionalities to analyse user rights, improve compliance and stay compliant. Soterion is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience; both on premise, in the cloud or as a managed service.
(banking) Compliance Software
CERRIX is the best value for money full GRC suite from The Netherlands. Strong at financial institutes because of embedded form functionalities to realise KYC/CDD compliance. Best in class to design business process, linked risk & controls, and action tracking. ISQM functionalities are built in to support external auditors to implement their quality system and thus become compliant.
WolterKluwers’ Enablon provides the Mercedes amongst GRC-solutions. Besides the full GRC-suite, the solutions manages safety and environmental performance (ESG and HSE). Enablon’s solutions are used in more than 160 countries by the world’s leading companies. Enterprises have chosen Enablon solutions to enhance the management and reporting of nonfinancial performance.
‘High value’ compliance specialist consulting
- Provide compliance capabilities to prevent, detect, and respond.
- Compliance function maturity scans.
- Independent internal investigations.
- Compliance risk assessment methodology (part risk management).
- Compliance technology assessments (regtech), including GRC technology, and tooling related to sanctions & embargoes, TPDD, GEH and S&D).
- Strategic compliance function assessments, including management of the function, ‘tone-at-the-top’, commitment, capabilities, level added value, vision, strategy, level of continuous improvement, and governance (positioning, alignment with other lines-of-defense, and reporting lines).
- Operational compliance function assessments, including cost/benefit analysis, policies, risk appetite, methodology, plans, handbook reviews, dashboards, general way-of-working, and reporting obligations.
- IT compliance, including ERM (SAP) authorisations and security, and frameworks reviews.
- Compliance content effectiness.
- (Banking) compliance assessments (part of the 2.5 line of defense).
- Compliance staff quality and requirement assessments.
- Provide ad-interim Compliance Officer services.
- Supervisory board consulting.
- Risk & compliance (awareness) training & ongoing counseling.
- Integrity & Soft Controls
- Executing compliance testing.
- Strategic improvement program using maturity modelling and our vision towards the compliance function of the future where the focus changes from testing to continuous insight and providing trust to boards, stakeholders, and society. This includes value improvement, and governance.
- RegTech selection & implementation and improve the usages.
- Integrated Control Vision & technology embedding
- Operational process improvement, code of conduct, risk appetite, credit file review & completion, financial modelling, ratio analysis, (credit) policy compliance check, systematic case tracking, sanctions and disciplinary measures, self-disclosure / reporting obligations.
- Compliance content provision (together with partners)
- ERM & compliance framework design and embedding into business processes/controls.
- SAP authorisations & security compliance.
- Compliance content provisioning (with partners).
- Continuous transaction monitoring.
- Make all improvements to best practice stick. Gy guiding your staff through all changes and periodically monitor the execution of your new way-of-working.
- Embed newly learned skills and realise a culture of continuous improvement.
For those clients who don’t have the right capabilities, we provide managed compliance services. This includes embedding the new way-of-working over your organisation and BR1GHT.
Compliance managed services
Repetitive compliance out of Suriname and South Africa
For those clients who don’t have the right capabilities, not enough staff members, want to make fast quality improvement step or just have the strategy to outsource, we provide managed compliance services out of:
- Suriname. All repetitive compliance activities with a focus on energy trading, financial institutes and external auditors (ISQM). Our services include controls effectiveness testing, pre-accumulating compliance files, running specific data-analytics or process mining programs, compliance testing, transaction & reporting oriented work, project management office activities, and so on. We have a detailed service catelogue available on request. Our services include support in communication, to your board and directors and with you stakeholders, such as regulatory bodies or external financial auditor. Read more for details related to banking compliance.
- South Africa. IT-compliance, including (SAP) authorisations, application security, automated controls testing and identify & access management. All our teams are skilled in the latest technology.
Two outsourcing models
We provide both co-sourcing and full outsourcing. The biggest difference is that with co-sourcing our teams work fully under our client’s management supervision, in their IT-environment, and in their risk & quality management systems. With BR1GHT you get a remote team, but fully available for you, and only for you. This option is the preferred one in those situations where you cannot rely on third parties to enforce your risk & quality standards (which is the case for most of the external audit firms) or where you have not yet documented your risk & quality requirements. This option is the lowest price option where you take specific responsibilities upon yourself, including training of our people in your way-of-working.
With full-outsourcing, all risk & quality requirements are clear and written down in a service level agreement and we agreed that we can fully comply with them. We take over your responsibility to manage our teams and all outsourced tasks. We have our own risk & quality system, which meets your requirements and we train our people. For some clients who don’t have any compliance environment operational, it might be a good investment to directly go for our full-outsourcing opting and thus gain the maximum benefits from our knowledge and capabilities. We then make sure we realise that your staff is trained and that all pre-conditions for an effective compliance is met (policies, procedures etc.). Although we guarantee a 20% cost reduction against European fees, this is still a slightly more expensive option then co-sourcing.
For a detailed description of the two outsourcing models, we refer to our managed services page.
Seamlessly work together
You work with our specialists out or Suriname and South Africa together with local people at your location. If relevant, we can combine the above with a global sourcing model, where we include experts from other countries to be an integral part of your delivery team. As a pre-condition for success, for our Dutch clients, in Suriname everyone speaks perfect Dutch and for our international clients, all BR1GHT specialists speak perfect English. We have experiences to make our way-of-working seamlessly integrated with your way-of-working. If needed, we can bridge any cultural distances with specific coaching models, however, most of our employees have studied or worked in Western-European or American contexts.
While we focus on your repetitive transactional compliance work and reporting requirements, you can focus on new ways to add value to your business, through a strong focus on insights & actions, but also the usage of new technologies, data-analytics, and so on. Being you partner and given our technology focus, we will help you to realise your digital goals.
Our compliance managed services supporting your business operations
- Client onboarding (establish risk profile, KYC/CDD analysis)
- Corporate structure charting, UBO analysis
- FATCA, PEP, CRS, GDPR/AVG analysis
- World Check, BKR, OFAC, FATF, EU, UN, Google checks
- Periodic Revisions of Client Files (risk rating/client profiling)
- Enhanced DD, Event driven DD, escalation & Investigation special cases
- Internal Blacklist Management
- Transaction Monitoring (AML, WFT, CFT) alerts and follow-up.
- Compliance Reporting (all, including FIU/AFM (unusual transactions reporting).
- Digitalization projects (e.g client file digitalization).
- Provide assurance towards 2’nd line/3’rd line facilitate reviews/audits.
- Support 2’nd/3’rd line with flexible compliance / audit resources (representation).
- Project support to implement control & assurance
Our compliance managed services supporting your 2’nd and 3’rd lines of defense
- Provide specialists to 2’nd line risk assessment, including technology to make risks visual and ‘living’.
- Specialist pool of compliance auditors / review specialists for the compliance function.
- Support in training, compliance awareness and integrity as baseline.
- Provide specialist auditors for compliance or audit function.
- Provide RegTech tooling and realise a strategic plan to incorporate a company–wide IT-landscape where controls monitoring is driving strategy execution, operational excellence and trust.
- AD/IAM & application controls continuous monitoring platform as managed services.
- Support in building dashboard and continuous stakeholder communications to realise trust.
The digital transformation is reshaping organisations with an increasing pace. Digital solutions using RPA, IoT and mobile are being implemented in the business to save costs, improve business processes or to build client intimacy. But what are the risks of these new digital solutions, how do you control them and what does digital mean for your control environment? In a series of publications, we will dive deeper into these questions and take you with us in our Digital Control journey Towards Continuous Monitoring.
In this publication you will read all about:
- What are the risks of new digital solutions, such as RPA, ML, IA,
- The need to continuous monitoring,
- Wat is continuous monitoring,
- How 2’nd and 3’rd Lines of Defence can use continuous monitoring,
- How to use continuous monitoring to provide assurance,
- Upskilling risk and internal audit specialists.
If you would like to know more about continuous monitoring, please contact us. We can provide you with concrete examples of implementations.
Want to learn more?
Find out what our compliance solutions can mean for you.
Please contact us if we made you curious.
Thank you so much for you interest in us!