Governance Risk Management & Compliance (GRC)

With the advent of new technology like blockchain and increased globalisation, the need for stricter risk management and compliance has never been more critical. Throughout the European Union, countries are heavily penalising companies and service providers which do not have effective risk management and compliance practices in place, and Malta is no exception. At Lex Group, we understand the burden which this may place upon you, and seek to lessen the weight from your shoulders through our array of services in this area which include:

  • The drafting of Customer Due Diligence and Know-Your-Customer forms which are required to be filled in when onboarding a client;
  • Aid in relation to the drafting of any policies having as their subject-matter any of the following: Risk, Compliance, General Data Protection Regulation, and other Legal matters;
  • Preparation and compilation of training material focused on Anti-Money Laundering policies and procedures and/or Financial Crime Compliance;
  • Formulation of gap reports;
  • Designation and the carrying out of adequate risk assessments;
  • Staff training where required;
  • Assistance in the application for a bank account application process, which given the increased risk management and compliance procedures, may not be an easy process for a client;
  • Real time support, when required;
  • Any other ancillary services, as may be required.

By keeping ourselves up to date on the latest risk management and compliance legal obligations, we strive to ensure that our clients’ policies in this respect remain in line with the law, which in turn aids them to build up an excellent reputation of the manner in which they conduct their business. A sound legal infrastructure in this regard can also protect both a natural person (i.e. an individual) or a legal person (i.e. an entity) or any of its directors from any possible personal liability.

Regulatory Compliance 

A critical area that any business needs to take care of is the so-called ‘regulatory compliance’, which is a collective general term that seeks to incorporate compliance with the latest laws enacted. The legal world is a dynamic one, with new legal acts and legal notices being enacted almost daily, making it difficult for businesses to keep track of the latest developments. Moreover, the ‘complex’ manner in which laws are drafted may make it hard and time-consuming for an individual to understand what he needs to do to comply with the law.

At Lex Group we understand the problem that regulatory compliance may present to or clients and we seek to address it by offering the following:

  • formulation or review of the client’s business existing policies and procedure & advice on how to optimize them;
  • drafting of new essential policies, procedures and how to execute them;
  • advice on the implementation of any mandatory changes to comply with the applicable rules and legislation;
  • offering ad-hoc support to a client’s MLRO and compliance team with any matter, particularly with the submission of regulatory reporting and ever-changing legal framework;
  • on-site visitation followed with a detailed gap-analysis and action plan;
  • Designing and assisting external clients in the carrying out of a risk assessment and formulating and rolling out of remediation exercises, with post implementation testing; and
  • Delivering presentations and training to the respective teams.

Most importantly, at Lex Group we also offer advice on main regulatory issues like Anti-Money Laundering Compliance legislation, a key legal area that requires compliance in order to ascertain the success of our clients. Another fundamental legislation is the General Data Protection Regulation (GDPR), an EU Regulation which has as its objective the protection of personal data of all individuals across the EU. In this respect, we offer:

  1. An IT and Legal GAP analysis of your system;
  2. Drafting/Reviewal of privacy policies and privacy notices;
  3. Drafting/Reviewal of GDPR processor Agreements;
  4. Drafting/Reviewal of employment agreements to be GDPR compliant;
  5. Training on the critical elements of GDPR;
  6. The drafting of any other GDPR-related polices/agreements required by law in order for your system to be compliant with data protection regulations. 

Non-compliance to the said laws could lead to the imposition of hefty penalties and to damage of the client’s reputation. We not only understand this factor, but also ensure that every measure advised to clients to be integrated within their business practice is implemented in the most efficient manner, with no or minimum disruption to the client’s course of doing business.   

Go back to Services