The role of the Money Laundering Reporting Officer (MLRO) is a mandatory position in all firms in the Financial Services Industry. This reflects the statutory objective that the Regulator(s) have for ensuring that firms behave with “Integrity”, particularly relating to financial crime prevention. The MLRO therefore plays a significant role in assisting Senior management to ensure that systems and controls relating to anti-money laundering (AML) and countering the risk of terrorist financing (CTF) are appropriate and effective. This course provides practical advice and guidance on the responsibilities of the MLRO, what is expected by the Regulators, both of the Senior Management and the MLRO, and how those responsibilities can be achieved. It should be noted that attendance at this course does assume a good knowledge of the UK’s AML/CTF regulations.
We can help assess your company’s readiness to comply with California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and other privacy requirements and help implement best practices for achieving broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps relative to the requirements of the privacy frameworks, and assist with building a practical action plan to address deficiencies.
In response to the rapid uptick in breaches involving personal data, the public’s expectations of privacy are evolving. More privacy regulations are coming into effect at the local, national, international, and sectoral levels. In addition to the EU’s GDPR, various other privacy laws were passed including the CCPA, CPRA, Brazil’s General Data Privacy Law, and India’s Personal Data Protection Bill. As these privacy regulations come into effect, companies are quickly recognizing that effective privacy management is not just a key compliance activity but also a key factor in business enablement in the digital economy.
We can assist with assessing your company's compliance with relevant privacy regulations. Through the implementation of best practices, we can help your company achieve broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps, provide recommendations on addressing those gaps, and support the implementation of your privacy requirements.
Our service includes:
- Personal data discovery exercise
- Personal data risk assessment
- Data processor/collector (vendor) risk assessments
- Review of data and cybersecurity governance program
- Review of incident response procedures and published privacy notice(s)
- Review or development of a Record of Processing activity
- Data processor inventory
- Privacy training (in-person or online)
- Readiness assessment for portfolio companies
- Privacy program and governance development assistance
- Data processor (vendor) risk assessments
We can assist with assessing your company’s compliance with the EU's General Data Protection Regulation ("GDPR") requirements. The regulation, which entered into force on 25 May 2018, applies to EU-established organisations that process personal data, as well as organizations located outside of the EU that process EU residents’ personal data in connection with the offering of goods and services or that monitor the behaviour of EU residents.
We can assess your company’s compliance with CCPA and CPRA requirements and provide recommendations to address deficiencies.
- Health Insurance Portability and Accountability Act (HIPAA)
- Brazil's Lei Geral de Proteção de Dados (LGPD)
- Gramm-Leach-Bliley Act (GLBA)
- State-specific breach notification laws
- National privacy laws around the globe
Our web-based training course provides businesses of all sizes with an effective and comprehensive review of GDPR requirements. The course is designed to ensure your staff gain a broad understanding of their role in meeting GDPR requirements.
We offer two types of GDPR training: one designed for all business, and one designed for private equity/venture capital/credit fund managers.
We can help determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. Our vendor management platform includes a GDPR-specific due diligence questionnaire that can be administered as a standalone questionnaire at a reduced rate, or as part of the standard ACA Aponix vendor DDQ.
Privacy regulation FAQs
The People’s Republic of China (PRC) has passed robust data privacy regulation that governs data security and personal information processing. This FAQ addresses questions firms may have about the nature of this legislation and its requirements.
The Personal Information Protection Law of the People's Republic of China is scheduled to go into effect on November 1, 2021. This new law affects all companies and other entities, both inside and outside of China, engaged with personal information about individuals residing in China.
ACA’s Spring 2021 Virtual Conference was an opportunity for the regulatory compliance, performance, and cybersecurity community to come together and discuss the many changes of the past year and what the future of GRC looks like moving forward.
- GIPS Standards
- Regulatory Technology
The Virginia Senate has unanimously passed the Virginia Consumer Data Protection Act (VCDPA) and once approved by the governor, the law is set to go into effect on January 1, 2023. This data privacy law would grant privacy rights and consumer protection to Virginia residents. Learn how to prepare for these new protections.
Learn more about the California Privacy Rights Act (CPRA), which amends the existing California Consumer Privacy Act (CCPA).
U.S. companies are finding themselves on uncertain terrain as they struggle to understand the implications of the recent EU decision to strike down the Privacy Shield agreement Get ACA's guidance on what steps to take to reduce risk in data transfers.
The merger will bring together two of the industry’s most well-respected GRC solutions providers. ACA and Foreside together will be positioned to transform the future of GRC, creating a world-class platform for the financial services industry.
Michael Borts has joined the firm as Chief Technology Officer (CTO) to lead ACA’s technology development, vision, and strategy. In his role, he will oversee all product development for ACA’s award-winning ComplianceAlpha® regulatory technology platform and technology enablement at the firm.
The acquisition of Catelas further enhances the holistic surveillance capabilities of ACA’s RegTech platform. Catelas’ patented technology automates the mapping of how people connect and form groups within a firm, isolates collusion risk, and detects high-risk behaviors.
Our speakers will discuss how to tailor your spending and prioritize your budget to meet the needs of your firm and regulatory requirements.
The ever-increasing focus by the Regulators on the accountability of senior management, particularly when things go wrong, emphasises how important it is for individuals in senior positions to have a clear understanding of what is expected of them. This succinct course is designed to assist Senior Managers to have a full understanding of what they need to do to achieve compliance with the rules under the obligations created by the Senior Managers and Certification Regime (SMCR).