Regulatory & Compliance

A successful business cannot be built without a well-defined business strategy. Furthermore, a well-defined strategy is only as good as the plan put in place to operationalize it. We recognize that every business is unique and therefore requires a customized strategic roadmap.

Consulting

Regulatory & Compliance

At ThoughtStorm we follow a consistent three –step process (Discover, Research, Propose). This involves using a combination of tools and frameworks to examine a business using both internal and external perspectives.

Compliant or Irrelevant

Compliance services provided by TSI assists organizations in adapting to a changing regulatory environment. We provide three levels of engagement:

  • Strategy level – to help organizations anticipate and adapt to regulatory change.
  • Operational efficiency level – to achieve a cost-effective balance between compliance and risk.
  • Remediation level – in response to enforcement.

Take the Complexity out of Compliance

Common compliance challenges that organizations may face are:

  • Keeping up with regulatory change
  • Demonstrating continuous transparency and accountability
  • Advancements in the technology and environment
  • Lack of knowledge and cultural barriers
  • Ensuring compliance of supply chain and third parties
  • Data breaches and cyber attacks

At TSI, we overcome these challenges by building strong and adaptable foundations, encouraging a security and compliance aware business culture, adding new technologies, making security and data protection a priority etc.

Navigate the Regulatory Environment with Confidence

At TSI, we aim to deliver Compliance-as-a-service to our clients and they benefit from:

  • In-depth technical knowledge and skills across a variety of disciplines, enabling professionals to look at each situation objectively, identify its unique opportunities and challenges, and devise an approach that addresses those opportunities and challenges as quickly and efficiently as possible.
  • Industry- and sector-specific knowledge and understanding
  • Finely honed risk methodologies and tools, developed according to relevant industry standards and in consultation with appropriate authorities, to provide clients with leading practices and the most advanced thinking in the field
OSHA

Occupational Safety and Health Administration

Jurisdiction: USA

Category:  Health & Safety

OSHA’s mission is to “assure safe and healthy working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance”. The agency is also charged with enforcing a variety of whistleblower statutes and regulations.

HIPPA

Health Insurance Portability and Accountability Act

Jurisdiction: Global

Category:  Health & Safety

Brief description- HIPPA was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

EU GDPR

European Union General Data Protection Regulation

Jurisdiction: Europe & International

Category:  Data Privacy

The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

PDPA

Personal Data protection act

Jurisdiction: Singapore

Category:  Data Privacy

The Personal Data Protection Act 2012 (the “Act”) sets out the law on data protection in Singapore. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices. The PDPC publishes a comprehensive set of guidelines. The guidelines provide guidance on how the PDPC interprets the Act. They are advisory in nature and are not legally binding.

COPPA

Children’s Online Privacy Protection Act

Jurisdiction: USA

Category:  Data Privacy

Brief description- The act applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age including children outside the U.S., if the company is U.S.-based. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator must protect children’s privacy and safety online including restrictions on the marketing of those under 13.

PIPEDA

Personal Information Protection and Electronic Documents Act)

Jurisdiction: Canada

Category:  Data Privacy

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce.

Dodd Frank Act

Jurisdiction: USA

Category:  Finance

The Dodd-Frank Wall Street Reform and Consumer Protection Act is a massive piece of financial reform legislation passed during the Obama administration in 2010 as a response to the financial crisis of 2008. Under Dodd-Frank, the Financial Stability Oversight Council and Orderly Liquidation Authority monitor the financial stability of major financial firms whose failure could have a serious negative impact on the U.S. economy. The law also provides for liquidations or restructurings, established to assist with the dismantling of financial companies that have been placed in receivership and prevent tax dollars from being used to prop up such firms.

SOX

Sarbanes-Oxley Act

Jurisdiction: USA

Category:  Finance

The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations. Also known as the SOX Act of 2002 and the Corporate Responsibility Act of 2002, it mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers.

EMIR

European Market Infrastructure Regulation

Jurisdiction: Europe

Category:  Finance

The European Market Infrastructure Regulation (EMIR) is a body of legislation for over-the-counter (OTC) derivatives, central counterparties and trade repositories. EMIR was introduced by the European Union (EU) as implementation of the G20 commitment to reduce systemic, counterparty and operational risk, and increase transparency in the OTC derivatives market. It was also designed as a preventative measure to avoid fallout during possible future financial crises similar to the collapse that followed the Lehman Brothers bankruptcy in 2008.

MIFID

Markets in Financial Instruments Directive

Jurisdiction: Europe

Category:  Finance

The Markets in Financial Instruments Directive (MiFID) is a European regulation that increases the transparency across the European Union’s financial markets and standardizes the regulatory disclosures required for firms operating in the European Union. MiFID implemented new measures, such as pre- and post-trade transparency requirements, and set out the standards of conduct to be followed by financial firms. MiFID has a defined scope that primarily focuses on stocks.

PCMLTFA

Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Jurisdiction: Canada

Category:  Finance

PCMLTFA combats the laundering of proceeds of crime and the financing of terrorist activities in Canada and was established by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The aim of this act is to implement specific measures to detect and deter money laundering and the financing of terrorist activities and to facilitate the investigation and prosecution of money laundering offences and terrorist activity financing offences. It also established record keeping and client identification requirements.

COBIT

Control Objectives for Information and Related Technologies

Jurisdiction: International

Category:  IT Management & Governance

COBIT is a framework created by the ISACA for IT governance and management. It was designed to be a supportive tool for managers—and allows bridging the crucial gap between technical issues, business risks, and control requirements. COBIT is a thoroughly recognized guideline that can be applied to any organization in any industry. Overall, COBIT ensures quality, control, and reliability of information systems in an organization, which is also the most important aspect of every modern business.

We give you complete control of your shipments

A Smart Urban Mobility Platform

In the days before the Internet, selling a business was a slow but straightforward process: The buyer…

A Smart Urban Mobility Platform

In the days before the Internet, selling a business was a slow but straightforward process: The buyer…

A Smart Urban Mobility Platform

In the days before the Internet, selling a business was a slow but straightforward process: The buyer…