Risk management and compliance outsourcing

We provide you with competent responsible persons, including deputies, who ensure that your business activities comply with applicable laws and regulations.

Based on our experience from a wide range of outsourcing and audit mandates, we support you with pragmatic and proven solutions.

• Assumption of the compliance function as well as the internal DDA functions (Sorgfaltspflichtbeauftragter and Untersuchungsbeauftragter)
• Standard activities of the internal functions of the Sorgfaltspflichtbeauftragter and Untersuchungsbeauftragter
• Contact point vis-à-vis the supervisory authority (FMA, FIU)
• Second-line review / plausibility checks for all new onboarding cases (in particular completeness checks, review of KYC content and risk classifications)
• Second-line compliance controls in accordance with the ICS control plan and with respect to compliance with internal policies and procedures
• Regular meetings to review business relationships and transactions
• Periodic checks of client relationships
• Support with suspicious activity reports and preparation / quality assurance of suspicious activity reports to the FIU (including documentation / escalation)
• Drafting and updating the internal rules and procedures required to implement AML/CFT requirements
• Updating internal policies and contractual documentation in response to regulatory changes
• Monitoring the cross-border risk framework, including forms and controls, and use of required cross-border country manuals
• Ad hoc advisory support on all regulatory questions and compliance-relevant topics

In practice, even after a licence has been granted, questions often arise as to the appropriate design and documentation of risk management and the internal control system (ICS). We support you in implementing and further developing these requirements. Upon request, we assume selected tasks of the risk management function (second line) under an outsourcing arrangement, perform risk-based controls, and identify specific improvement opportunities.

• Assumption/support of the risk management function (second line) in line with applicable organisational requirements (including principles, processes, reporting)
• Contact point vis-à-vis the FMA for risk/governance matters (coordination, enquiries, follow-ups)
• Ad hoc advisory support on enterprise-wide risk management (risk governance, risk appetite, emerging risks, measures)
• Review and monitoring of ICS/control documentation (completeness, up-to-dateness, traceability, audit trail)
• Second-line risk controls in accordance with the ICS/control plan (sampling, effectiveness testing, follow-ups)
• Maintenance of the risk & control matrix and preparation/further development of the control plan including tracking of measures
• Liaison with the audit firm in the context of supervisory / sector-specific audits
• Support in preparing for and accompanying audits
• Monitoring / further development of the cross-border risk framework
• Support in ensuring compliance with relevant conduct of business, organisational and due diligence obligations under applicable EEA/special regime requirements

We take over periodic risk and compliance reporting to executive management and—where applicable—to the governing body/board of directors, and we present the results in the respective meetings.

In the AML/CFT area, we support the preparation and ongoing updating of the institution-specific risk assessment under due diligence law (including documentation, measures and follow-up), as well as the derivation of risk-based control and monitoring measures.

We review drafts of external supervisory notifications/reports (e.g., to the FMA, including documentation in the context of audits), discuss them with you, and support alignment with the audit firm and other stakeholders.

We provide you with simple, proven solutions and templates for day-to-day compliance requirements, tailored to Liechtenstein supervisory and due diligence law as well as the applicable EEA requirements.

For the execution and tracking of controls, we can also offer you a suitable software solution. This triggers control tasks automatically and provides dashboards with an overview of open and completed tasks (web-based, accessible via a standard web browser). Hosting location, data storage and access rights are contractually designed to be compatible with regulatory and data protection requirements.

Our compliance templates include, inter alia, sets of contracts and documentation, sets of internal policies, as well as governance and control frameworks, including:

• Contract sets (including client segmentation, risk/suitability profile, required client information and information documents)
• Policy sets / organisation manual (organisational structure and processes, internal reporting, compliance and risk management principles, conflicts of interest policy, complaint processes)
• Business plans / licensing and organisational documentation (in particular for asset management entities)
• ICS and risk framework (risk and control matrix, control plan, documentation and reporting templates)
• AML/CFT templates under Liechtenstein due diligence law (KYC checklists, risk classification, periodic updating, documentation of beneficial owners using the forms provided for in the SPV)
• Cross-border templates (e.g., process/control building blocks and a country manual structure to embed cross-border risks into risk management)

Our trainings are tailored to your business model, your processes and your employees’ level of knowledge. They cover the regulatory requirements that are relevant under the legal framework and your internal policies, and they support consistent implementation across the organisation.

We deliberately focus on personal, interactive formats (on-site or virtual) with practical examples from your day-to-day business, case studies, Q&A sequences and concrete “do’s & don’ts”, so that the content is not only understood but can be applied confidently in daily operations.

Upon request, we provide supporting materials (quick guides, checklists, templates) and document training content and participation as a basis for your internal evidence and control system.