Governance, Risk and Compliance

The Governance, Risk and Compliance (GRC) practice of  Braga Nascimento e Zilio has the expertise to offer solutions and legal advice in accordance with local and international laws.

There was a recent increase in demand for companies in Brazil, whether national or international, with the enactment of the new Anti-Bribery & Corruption Law in 2013 (Law 12.846/2013, or “AB&C”) and its regulation by the Decree 8.420/2015.

ompanies are requiring advice and verification of its compliance rules of their businesses practices, in order to avoid the severe penalties imposed by the new legislation.

However, not only the local legislation is relevant when it comes to  compliancepolicies, but also international regulations which, directly or indirectly, affect internal policies ??' especially for international companies.

Despite the profusion of compliance policies off-the-shelf which has happened recently, the GRC practice presents a more customized product in order to mitigate the vulnerabilities of the companies. Besides the local laws on this subject, a legal advice with international experience is essential in order to know the specificities of each business and, most importantly, to deliver tailor-made solutions.

The following table shows how compliance can cover far more than just compliance with Brazilian AB&C legislation:

GRC policies Acronym
Anti-Money Laundering Policies AML
Trade-Based Money Laundering TBML
Anti-Bribery and Corruption AB&C
Counter-Terrorism Financing CTF
Policies to prevent the violation of economic and international Sanctions AML/S

GRC policies                                                                            Acronym                 

Anti-Money Laundering Policies                                                   AML
Trade-Based Money Laundering                                                  TBML
Anti-Bribery and Corruption                                                      AB&C
Counter-Terrorism Financing                                                        CTF
Policies to prevent the violation of economic   
and international Sanctions                                                      AML/S

Today, financial companies and others such as real estate companies, brokerage firms, jewelry stores, art galleries, gambling, audit and accounting services should all have strong AML/CTF policies.
And not only for money laundering, but also for tax evasion, which is now required in compliance policies (e.g.: FATCA)

Companies which deal with international business or with several suppliers should be aware of the risk of sanctions evasion and proliferation of weapons of mass destruction (WMD) components.
For example, having good knowledge of the updated sanction rules of OFAC (U.S.), knowing how to review the lists of sanctions (especially the SDN), knowing the GAFI recommendations in proliferation are mandatory measures for compliance with these rules.
e.g.: The US has recently tightened its relations with Iran.

This is an area which affects all businesses, regardless of their activity.
A knowledge about the mismanagement of the FCPA (US), UKBA (UK) and POBO (HK ??' for business in Asia) is mandatory. These laws are extraterritorial and they affect companies everywhere, here in Brazil and in other countries.

The following areas should be stressed:
- Recruitment of staff (Hiring & Recruitment)
- Sponsorship of events and gifts (Gifts and Entertainment ??' G&E)
- Associated Parts (AP) and their businesses
- Charity and donations

It is important to emphasize that the legal advice is a part of the process. 
It does not end with the formulation and implementation of internal compliance policies since it also includes evaluating the risks involved with the execution of the implemented policies.
It is also necessary to give intensive and repetitive corporate trainings so that you can instill the philosophy within the company.
In order for that to happen, the delivery of corporate training by a certified instructor is crucial and part of the services of the GRC practice ??' it is where we differ from the others.

How do we achieve a “compliance culture”? 
- Everyone in the organization needs to know that they have an individual compliance responsibility
- They have to understand what is expected of them
- They need to want to be compliant

When is compliance training effective? 
The key objectives of compliance training are to:
- Ensure that employees are aware of their compliance responsibilities
- Mitigate the risk of compliance breaches
- Encourage a better workplace culture
- Remove legal liability from the organization in the event of wrongdoing
- Prevent the reputational risk.

A corporate training is not a lecture, lesson, or a conference by a lawyer who has had a participation with the formulation of compliance polices.
In fact, a true connection with the public, and knowledge of the company's activities is required, so that an awareness campaign can be built on the importance of each one as the company's first line of defense (1LOD).
In order for that to happen, we use techniques and methods learned from the main international corporate training coaches.
We use these techniques with our international customers and in many different cultures around the world.

We also have the Train-the-Trainer program, in which we, as master trainers, coach the company's internal trainers (lead trainers) in a process called ILT (instructor-led training), so that they can deliver the message “on the field” for the company. 
- The training of internal trainers is essential for companies that have a relevant territorial extent in order to directly reach the GRC values across the public (e.g.: banks, car dealerships, supermarkets, etc.).
- The master trainer can also deliver the content through VILT ??' Virtual Instructor-led Training, thus reducing the implementation costs.