-
Privacy and Data Protection
Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.
-
Governance, Risk and Compliance (GRC)
While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.
-
ISO 27001 and ISO 27701
Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.
-
SOC 1,2,3
As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.
-
Incident Response
Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.
-
Hacking Services
At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.
-
Cyber Health Check
Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.
-
Dark Web Threat Intelligence
We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.
-
Digital forensics and electronic discovery
We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.
-
Insolvency
If you're facing a time of personal or corporate financial crisis you need advice from someone who listens, who understands your specific issues and deals with them in a supportive and sensitive manner.
-
Crisis stabilisation and turnaround
In periods of financial distress, management teams often face considerable challenges, with many directors having little or no experience of similar conditions.
-
Operational and financial restructuring
Companies challenged by underperformance often need support in identifying options for financial or operational restructuring. Tapping this type of advice helps them create a stable platform for business turnaround.
-
Accelerated M & A
Even fundamentally sound businesses run into difficulties. Cash flow can come under pressure from the loss of a big client, or a dip in performance can threaten a breach of banking covenants if there is insufficient headroom.
-
Indirect Tax
Our experienced VAT specialists are available to assist companies and entrepreneurs of all industries and sizes in meeting their obligations.
-
Direct Tax
We can help you ensure a bespoke balance between tax compliance and effective tax planning for your special circumstances.
-
Ημερίδα Γνωριμίας με την Grant Thornton Κύπρου
Σας προσκαλούμε σε μια μοναδική ευκαιρία να γνωρίσετε την Grant Thornton Κύπρου! Την Τρίτη, 5 Νοεμβρίου 2024, θα έχετε τη δυνατότητα να συναντήσετε την ομάδα μας, να ενημερωθείτε για επαγγελματικές ευκαιρίες και να εξερευνήσετε πιστοποιήσεις όπως ACCA.
-
Life at Grant Thornton
At Grant Thornton Cyprus, we are taking a holistic approach and reimagining the way we work, continually assessing it and making necessary changes to better support our people.
-
In the community
Unlocking the potential for growth in our local communities.
-
Diversity and inclusion
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton Cyprus is the opportunity to work on cross-border projects all over the world.
-
Learning and development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day.
-
Our values
We are a values-driven organisation and we have more than 56,000 people in over 140 countries who are passionately committed to these values.
More and more ML/TF failures are being revealed around the world, the environment is becoming increasingly fragile and competition is ever increasing, with countries, regulators and organisational leaders finding it difficult to keep up. Compliance departments become busier by the minute facing emerging risks, new regulatory requirements, and organisational leaders as well as clients, viewing them as a ‘snoops’ and as an ever-increasing cost.
We are in the heart of a digital era where we are expected to keep up with constant developments such as blockchain technology, electronic identification of clients, stricter sanctions and so many other tasks being added to the ‘To Do’ list of those who are responsible for the compliance requirements implementation.
The big question after all, is whether regulation and relevant requirements are there to punish us and make our lives difficult. Surely not! Regulations are there to protect us; to help us mitigate the risks of failure and manage upcoming challenges. As the American business magnate Warren Buffet noted, ‘it is only when the tide goes out do you discover who's been swimming naked’.
So, organisations across the world, which are the ‘obliged entities ‘and especially in Europe following the EU AML regulations, must ensure that adequate policies, controls, and procedures are in place to mitigate and effectively manage the risks of ML/TF. What we should realise is that, just by having a compliance department does not mean we are in compliance! If we think that compliance is expensive, just imagine what the cost of non-compliance could be, thinking of penalties, and the impact on reputation and even stakeholder morale.
Let’s consider what any obliged entity could do to enhance its compliance culture, allowing it to effectively manage the ML/TF risks and challenges.
- Tone at the top
People tend to do what they see, so management must lead by example. A vital part of the ML/TF prevention and detection program is the expressed commitment of the board and senior management.
Needless to say that, a strong compliance culture is being observed by its outcome, rather than by any individual component; and this needs commitment by the people at the top.
Although it is not an easy task, it has been proven that the following have enhanced the tone at the top:
- The culture should be founded on integrity and honesty.
- The people at the top should be alert and should ensure that individuals in the organisation know exactly what is expected of them.
- Management should show through its actions that non-compliance behaviours are and will not be tolerated, by setting a clear risk appetite and laying out its tolerance in the documented policies.
- Management should create an environment where people feel safe to challenge any decisions or speak up if they think something is not correct or appropriate. In other words, organisations must encourage their employees to share any concerns relating to ML/TF risks. Recent whistleblowing regulations enhance this point of view even further.
Let’s forget about implementing a checklist of initiatives, but rather focus on fostering a compliance culture with people at the top acting as role models.
- Understand the policies in place
Do we really read and understand the written and documented policies of our organisation? Most of the organisations believe that by having their policies available on their site/platform or even as hard copies in their offices, employees read and understand them.
We need to have in mind that reading is not the task, understanding the purpose and content of the policy is key for the successful implementation success.
Applying controls in the organisation that will make employees responsible and accountable of what they read; and such controls can be:
- An annual written and signed acknowledgement by all employees that they have read and fully understood and committed to the policies.
- Face to face or group meetings to discuss the key areas of the policies, as well as discuss any concerns that may arise.
- Set key expectations from employees regarding these policies and make clear what are the focus areas of each policy.
- Give case studies and practical examples for each key area of these policies.
- Resources
Having the necessary resources in place to support the compliance and regulatory requirements is probably the most fundamental part of compliance and probably the strongest tool to meet any challenges. It is a vital safeguard any organisation should have in the fight against compliance risks and failures.
Such resources could include risk assessment and forensic tools, access to databases for performing background and sanctions searches as well as any solution to facilitate the compliance requirements such as electronic identification and the use of artificial intelligence.
Moreover, related to this, any organisation has to reward and commend its people for showing a compliance attitude and following the policies and procedures related to the proper use of the resources.
- Education and training
In addition to being a further tool for ensuring that policies have been fully understood, education and training is key for keeping people’s understanding and knowledge up to date and for keeping them engaged and committed.
Trainings can be external or internal, through webinars, organisation-wide emails or formal training programs.
Education programs and trainings vary across industries, organisations or even countries, however, our experience has taught us that there is a common ground on which education and training should be based on:
- The training efforts should be positive and non-accusatory, the main goal is to make people interested in compliance.
- It should be specific to the organisations’ ML/TF risks and if possible, to each department’s/individual’s responsibilities and abilities within the organisation.
- Trainings should be frequent and where necessary. Organisations must have in mind that employees should absorb and apply the information provided and thus, the trainings should be an ongoing process that begins at the time of hire. Finally, refresher trainings are good to be provided at least annually so as to keep the program active in their minds.
- Design the trainings based on the realities of the organisation and not on general information. Try to address the actual concerns and provide practical knowledge and ideas on how to apply it effectively.
- Effective Corporate Governance
If one ever asks me what contributes more to the prevention and management of the ML/TF risks, I will say the effective Corporate Governance; even more than having a perfect AML/CFT policy in place.
People come first, and they are the driving force of any organisation!
Tone at the top, as mentioned above, must be supported by a strong effective Corporate Governance.
Competence, experience and commitment should be the core of any board member and of any person holding a key position within any organisation.
Effective Corporate Governance is one which ensures that no significant decisions, especially those related to ML/TF prevention, are taken by only one person or a small group of persons, but rather there is always influence, input and approval of other key parties and personnel within the organisation.
Accountability, transparency, fairness, and responsibility seem to be the key characteristics of an effective Corporate Governance. To make sure that these characteristics are there, try to ask yourself how well your organisation is doing with the following:
- Who has the ownership of a task and who is doing what?
- Are there clear reporting lines?
- Do we have the necessary resources to respond to our regulatory requirements and are they being used properly?
- Is all information provided on a need to know basis?
- Is there a free communication between the management and the employees?
- Are the fundamental corporate changes being communicated to where they should be?
- Is the conflict-of-interest management procedure adequate and effective?
And although the list is non-exhaustive, a good thing to remember is that, an effective Corporate Governance is fluid and agile; it is the one that is aligned with the common best practices!
As a concluding remark, we need to have in mind that the identification, assessment and management of ML/TF risks is a continuing effort with ups and downs, it is a marathon.
To face the challenges, it is not enough to write down what should be done, but rather you need to understand the rules, their content and purpose. This must start from the people at the top who will inspire the entire organisation and create the conditions for the ongoing flow of information and knowledge. Continue building on a strong agile Corporate Governance within your organisation; it is the one which will support all these efforts to eventually foster an appropriate compliance culture!
At Grant Thornton Cyprus we support a number of organisations in their efforts to build a strong tone at the top, enhance their compliance culture and avoid the impact of non-compliance, we do this through compliance trainings, design of appropriate policies and procedures, independent assessments and internal audits.