Consulting
Regulatory & Compliance
At ThoughtStorm we follow a consistent three –step process (Discover, Research, Propose). This involves using a combination of tools and frameworks to examine a business using both internal and external perspectives.
Compliant or Irrelevant
Compliance services provided by TSI assists organizations in adapting to a changing regulatory environment. We provide three levels of engagement:
- Strategy level – to help organizations anticipate and adapt to regulatory change.
- Operational efficiency level – to achieve a cost-effective balance between compliance and risk.
- Remediation level – in response to enforcement.

Take the Complexity out of Compliance
Common compliance challenges that organizations may face are:
- Keeping up with regulatory change
- Demonstrating continuous transparency and accountability
- Advancements in the technology and environment
- Lack of knowledge and cultural barriers
- Ensuring compliance of supply chain and third parties
- Data breaches and cyber attacks
At TSI, we overcome these challenges by building strong and adaptable foundations, encouraging a security and compliance aware business culture, adding new technologies, making security and data protection a priority etc.

Navigate the Regulatory Environment with Confidence
At TSI, we aim to deliver Compliance-as-a-service to our clients and they benefit from:
- In-depth technical knowledge and skills across a variety of disciplines, enabling professionals to look at each situation objectively, identify its unique opportunities and challenges, and devise an approach that addresses those opportunities and challenges as quickly and efficiently as possible.
- Industry- and sector-specific knowledge and understanding
- Finely honed risk methodologies and tools, developed according to relevant industry standards and in consultation with appropriate authorities, to provide clients with leading practices and the most advanced thinking in the field

OSHA
Occupational Safety and Health Administration
Jurisdiction: USA
Category: Health & Safety
OSHA’s mission is to “assure safe and healthy working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance”. The agency is also charged with enforcing a variety of whistleblower statutes and regulations.
HIPPA
Health Insurance Portability and Accountability Act
Jurisdiction: Global
Category: Health & Safety
Brief description- HIPPA was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.
EU GDPR
European Union General Data Protection Regulation
Jurisdiction: Europe & International
Category: Data Privacy
The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
PDPA
Personal Data protection act
Jurisdiction: Singapore
Category: Data Privacy
The Personal Data Protection Act 2012 (the “Act”) sets out the law on data protection in Singapore. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices. The PDPC publishes a comprehensive set of guidelines. The guidelines provide guidance on how the PDPC interprets the Act. They are advisory in nature and are not legally binding.
COPPA
Children’s Online Privacy Protection Act
Jurisdiction: USA
Category: Data Privacy
Brief description- The act applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age including children outside the U.S., if the company is U.S.-based. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator must protect children’s privacy and safety online including restrictions on the marketing of those under 13.
PIPEDA
Personal Information Protection and Electronic Documents Act)
Jurisdiction: Canada
Category: Data Privacy
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce.
Dodd Frank Act
Jurisdiction: USA
Category: Finance
The Dodd-Frank Wall Street Reform and Consumer Protection Act is a massive piece of financial reform legislation passed during the Obama administration in 2010 as a response to the financial crisis of 2008. Under Dodd-Frank, the Financial Stability Oversight Council and Orderly Liquidation Authority monitor the financial stability of major financial firms whose failure could have a serious negative impact on the U.S. economy. The law also provides for liquidations or restructurings, established to assist with the dismantling of financial companies that have been placed in receivership and prevent tax dollars from being used to prop up such firms.
SOX
Sarbanes-Oxley Act
Jurisdiction: USA
Category: Finance
The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations. Also known as the SOX Act of 2002 and the Corporate Responsibility Act of 2002, it mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers.
EMIR
European Market Infrastructure Regulation
Jurisdiction: Europe
Category: Finance
The European Market Infrastructure Regulation (EMIR) is a body of legislation for over-the-counter (OTC) derivatives, central counterparties and trade repositories. EMIR was introduced by the European Union (EU) as implementation of the G20 commitment to reduce systemic, counterparty and operational risk, and increase transparency in the OTC derivatives market. It was also designed as a preventative measure to avoid fallout during possible future financial crises similar to the collapse that followed the Lehman Brothers bankruptcy in 2008.
MIFID
Markets in Financial Instruments Directive
Jurisdiction: Europe
Category: Finance
The Markets in Financial Instruments Directive (MiFID) is a European regulation that increases the transparency across the European Union’s financial markets and standardizes the regulatory disclosures required for firms operating in the European Union. MiFID implemented new measures, such as pre- and post-trade transparency requirements, and set out the standards of conduct to be followed by financial firms. MiFID has a defined scope that primarily focuses on stocks.
PCMLTFA
Proceeds of Crime (Money Laundering) and Terrorist Financing Act
Jurisdiction: Canada
Category: Finance
PCMLTFA combats the laundering of proceeds of crime and the financing of terrorist activities in Canada and was established by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The aim of this act is to implement specific measures to detect and deter money laundering and the financing of terrorist activities and to facilitate the investigation and prosecution of money laundering offences and terrorist activity financing offences. It also established record keeping and client identification requirements.
COBIT
Control Objectives for Information and Related Technologies
Jurisdiction: International
Category: IT Management & Governance
COBIT is a framework created by the ISACA for IT governance and management. It was designed to be a supportive tool for managers—and allows bridging the crucial gap between technical issues, business risks, and control requirements. COBIT is a thoroughly recognized guideline that can be applied to any organization in any industry. Overall, COBIT ensures quality, control, and reliability of information systems in an organization, which is also the most important aspect of every modern business.
We give you complete control of your shipments
A Smart Urban Mobility Platform
In the days before the Internet, selling a business was a slow but straightforward process: The buyer…
A Smart Urban Mobility Platform
In the days before the Internet, selling a business was a slow but straightforward process: The buyer…
A Smart Urban Mobility Platform
In the days before the Internet, selling a business was a slow but straightforward process: The buyer…