Regulatory

Winterhawk offers a wide range of compliance and regulatory consulting services, across multiple industry sectors. Whatever enterprise systems your organisation may be running (Microsoft, Workday, Infor, Oracle, SAP etc.), our consultants have a wealth of experience and bespoke regulatory content to help you navigate every challenge.

The Sarbanes–Oxley Act of 2002 enacted July 30, 2002, also known as Sarbanes–Oxley or SOX, is a United States law. It contains eleven sections, created following a number of corporate and accounting scandals, including Worldcom & Enron. The bill covers responsibilities of a public corporation’s board of directors, add criminal penalties for certain misconduct.

Whether you need support for the Sarbanes-Oxley Act (SOX) of 2002 or a country variants we’ve a wealth of experience in implementing, streaming and automating SOX controls to alleviate effort and spend.

Examples include:

  • I-SOX
  • C-SOX
  • German Corporate Governance Code 2002
  • Code Tabaksblat
  • Loi sur la Sécurité Financière
  • Corporate Law Economic Reform Program Act 2004
  • Disposizioni per la tutela del risparmio e la disciplina dei mercati finanziari
  • J-SOX
  • TC-SOX 11

Winterhawk’s Data Privacy Consultants  have created a framework for Sarbanes Oxley covering both Section 302 (corporate responsibility for financial reports) and Section 404 (management assessment of internal controls) with over 100 controls.

General Data Protection Regulation (GDPR) – prior to 25 May 2018, digital and technological advancements had outgrown the legislation in place for data protection; furthermore, the requirements varied from one country to another. The need to synchronise data privacy laws and bring them into the 21st century was clear, and plans to do so under the General Data Protection Regulation (GDPR) began. The reform is the most significant change to data privacy in Europe in over 20 years. It replaces the Data Protection Directive and is designed to harmonise data privacy regulations across Europe, to protect and empower all EU citizens’ data privacy and to reshape the approach to data privacy in organisations across the region.

Winterhawk offers a range of services to assist with your compliance.

  • Data Privacy and Protection Education & Training
  • GDPR Audit Assessment 
  • GDPR and Data Privacy Compliance Service
  • GDPR Compliance & Digital Transformation Solutions

Winterhawk’s Data Privacy Consultants have also compiled a best practice GDPR governance framework, based on 13 overarching governance processes, with activities that organisations are required to perform to demonstrate effective GDPR compliance. Over 140 controls.

The California Consumer Privacy Act (CCPA) bill was passed on June 28, 2018, and became effective on January 1, 2020.

The California Consumer Privacy Act (CCPA) enhances privacy rights for residents of California and applies any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:

  • Has annual gross revenues in excess of $25 million;
  • Buys, receives, or sells the personal information of 50,000 or more consumers or households; or
  • Earns more than half of its annual revenue from selling consumers’ personal information.

Very similar to the European GDPR, CCPA aims to protect personal information in a number of categories, and people are entitled to know  what personal data is being collected about them, whether their personal data is sold or disclosed and to whom (and be able to say “no” to such a sale), have access to their personal data upon request, and be able to request deletion and correction.

Winterhawk offers a range of services to assist with your compliance.

  • Data Privacy and Protection Education & Training
  • CCPA Audit Assessment 
  • CCPA and Data Privacy Compliance Service
  • CCPA Compliance & Digital Transformation Solutions

Our best practice framework for Foreign Corrupt Practices Act (FCPA) contains: Conduct a Baseline Risk Assessment, Assign Managerial and Governance Responsibility, Corporate Policies, Communication to and Training, Certifications of Compliance, Intermediary and M&A Due Diligence Checklists, Contract Provisions for Third Parties, Reporting Mechanisms for Anti-Corruption Violations, Periodic Compliance Reviews, Internal Investigation Procedures. Over 100 controls across 11 categories.

Cyber Security Risks

Cyber Security is about protecting the devices we use, and the services we access, from attacks designed to extract data or hold data for ransom. It’s also about preventing unauthorised access and visibility to the vast amounts of personal information we store. As data volumes have grown, and with computing technology now firmly part of both our working and personal lives, the challenges grow exponentially year-on-year to protect ourselves and our organisations. Winterhawk has developed a best practice library split across 27 different risk categories. 450+ cybersecurity risks.

Illegal Payments

Anti-Bribery – covering compliance with global and regional laws, regulations and professional standards (suspected wrongdoing, clients or third parties, facilitation payments, entertainment, donations, sponsorships, insider trading and accounting controls). Over 50 controls.

Anti-Money Laundering  (AML) – Identity verifications, watchlist screening / sanctions checks, Policies, Controls, Procedures, Awareness & Training, Record Keeping, Risk Assessment, Client due diligence (CDD), Supervision, Monitoring. 46 controls across 8 risk sections.

Other areas of experience:

  • Financial Close & Consolidation
  • Hazardous Waste
  • Health & Safety (Safety, Occupational Health)
  • HIPAA (healthcare)
  • HR
  • Human Rights (Compliance, Ethical Business, Equal Opportunities, Resettlement & Land Compensation, Encroachment, Damage)
  • ISO 31000, ISO 27001, ISO 27002, ISO 9001, ISO 22301
  • ITAR

 

  • Local Buying & Vendor management (Equipment, Security, Assessments)
  • NIST Cybersecurity Framework COBIT
  • Order to Cash
  • Procure to Pay
  • Tax Management (Relationships with Authorities, Compliance, Audits)
  • Third Party Outsourcing (SSAE16)
  • Travel & Expense

Get in touch

Drop us a line to discuss how Winterhawk can support your compliance and regulatory needs.