Controls
- Third-party / vendor risk assessment program
Third-party and vendor risk assessment program for evaluating operational, compliance, and security risks.
- Data protection impact assessment (DPIA) process
Data protection impact assessment process to systematically evaluate privacy and data-protection risks.
- Incident response plan
Incident response plan to document procedures for managing and mitigating security and compliance incidents.
- Data classification policy
Data classification policy to identify and categorize information assets by risk level and sensitivity.
- Anti-money-laundering (AML) program
Anti-money-laundering program incorporating risk-based due diligence and transaction monitoring.
- Know Your Customer (KYC) program
Know Your Customer program to assess and document customer and counterparty risk profiles.
- Antitrust / competition-law compliance program
Antitrust and competition-law compliance program addressing market-conduct and pricing-practice risks.
- Transaction monitoring program
Transaction monitoring program to identify and escalate suspicious activity patterns and compliance breaches.
Regulations
- EU Network and Information Security Directive (NIS2)
EU Network and Information Security Directive 2 requiring organizations to conduct and document cybersecurity risk assessments.
- General Data Protection Regulation
GDPR mandates data protection impact assessments (DPIAs) for high-risk processing activities.
This is based on ClearLaunch's regulatory data, not legal advice. Verify with counsel for your specific situation.