Ramparts Legal and Professional Services
European Legal Services
Ramparts Overview Ramparts
is
a
European
business
group
with
regulated
legal
and
fiduciary
practices
based
in
Gibraltar
and
the
U.K.
Our team is qualified to provide legal advice on English, Gibraltar, and European law – we support clients in the finance, technology, media and entertainment sectors. We bring an international perspective and a multi-disciplinary approach to the services we provide. Our clients range from established FTSE-listed multinationals all the way through to SMEs, start-ups, and emerging entrepreneurs. Our approach ensures that the solutions we provide are as innovative as necessary to meet the objectives whilst being as simple as the commercial objectives permit. Our philosophy is to bring significant industry experience coupled with a flexible approach to problem-solving. Our expertise is in finance, technology (including distributed ledger and blockchain operations), media, and entertainment sectors; however the firm offers a full service practice including employment law, intellectual property law, regulatory law, data protection, tax law, consumer law, corporate law and transaction support. Ramparts works closely with TokenMarket, the Gibraltar Stock Exchange, the Gibraltar Blockchain Exchange, and its associates are involved in key industry associations like the Gibraltar Betting and Gaming Association and the Gibraltar E-Money Association.
2
Ramparts | Presentation
European Legal Services
Ramparts Overview The Ramparts Group Services:
Ramparts Law
Ramparts Legal Services Gibraltar
Ramparts Legal Services UK
Ramparts Corporate
Fiduciary Services
Compliance & Regulatory Audit Services
The slide deck is focused on our Compliance and Regulatory Audit Services. You can obtain information on our other services from: info@ramparts.eu or our website at www.ramparts.eu.
3
Ramparts | Presentation
Financial Services Gibraltar
Core Skills
Our Services
4
Ramparts | Presentation
A number of online industries are facing increasingly challenging market conditions. The digital evolution across the whole of the supply chain, changing consumer behaviours, political pressures, and more rigorous regulatory and licensing requirements are raising the barriers for participation in a number of industries.
Ramparts Compliance Services
Within regulated markets such as gaming, financial services, or newly regulated sectors such as some distributed ledger technology areas, the business needs to be aware of multiple regulations and legislation across an international marketplace as well as successfully monitor changes that can impact the business or its operations. Outside of external pressures, businesses need to ensure their systems and processes are strong and protected against the most cutting edge of attack vectors. The penalties and repercussions for non-compliance and/or negligence are becoming increasingly severe for both the business and its stakeholders and Directors.
5
Ramparts | Presentation
European Compliance Services
Ramparts Compliance Services A snapshot of 2018 enforcement highlights across Gaming, Payments, eMoney and Financial Services: 13 November 2018 – The Gambling Commission of Great Britain (UKGC) fined a casino operator £7,100,000 for breaches in statutory AML controls and licence conditions; • 13 November 2018 - Reports that 23 individuals have been banned from working in the UK financial services industry by the Financial Conduct Authority (FCA) in 2017/2018; • 6 November 2018 - A UK tribunal has upheld the FCA’s largest ever fine on an individual of £76,000,000 following an investigation into life insurance fraud; • 23 October 2018 - The UK Information Commissioner’s Office (ICO) fined a social network £500,000 for serious breaches of data protection law; • 1 October 2018 - The FCA announced that it had fined the banking arm of a large retailer £16,400,000 for its omissions and regulatory failures following a cyber-attack that occurred in 2016; • 20 September 2018 - The ICO issued a consumer credit reporting agency with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during a cyber attack; <cont.> •
6
Ramparts | Presentation
European Compliance Services
Ramparts Compliance Services • • •
3 May 2018 - Financial Crimes Enforcement Network (US Department of Treasury) levied a penalty of $8,000,000 for AML failures at a land based casino in California; 1 Feb 2018 – The UKGC reached a regulatory settlement of £5,000,000 with a tier 1 listed global sports, and casino brand for failures in AML controls; and 26 January 2018 - Client funds worth an estimated $533,000,000 were stolen in a hack against a large Japanese crypto exchange.
Ramparts’ Compliance services are designed to supplement and enhance our client’s existing payments, governance, KYC, information security, and data protection teams. We work closely with your resources on the ground to ensure that our clients have: • • • • •
7
A clear understanding of the risks that face your business. Enough short-term capacity to fulfil your regulatory duties; Cutting edge up-to-date knowledge regarding your obligations and duties; Alternate frame of reference for know-how and best practice; and Assurance for your board and stakeholders that legislative responsibilities are being managed.
Ramparts | Presentation
European Compliance Services
Ramparts Compliance Services Enterprise Risk Management (ERM) 1. 2. 3. 4.
Establishes Risk frameworks and culture Analyses and evaluates business risks Assessment of the regulatory and legislative environment Managing relationship with key stakeholders (regulators, industry associations, government and NGOs) 5. Provide appropriate risk management status and performance information to the Board
Audit & Assurance 1. Provides objective insight into the actions and objectives of other functions 2. Assesses efficiency of existing controls and processes 3. Establishes the audit framework 4. Organisational wide regulator certifications & audits 5. Vendor compliance management
8
Ramparts | Presentation
Governance & Operational Efficiency 1. Maps business processes and procedures 2. Analyses and evaluates business processes for efficiencies 3. Policy management and enforcement 4. Assesses â&#x20AC;&#x2DC;softerâ&#x20AC;&#x2122;/socio-economic business efficiencies such as environmental impacts 5. Preparing, managing, and reinforcing significant changes to the company culture or operations
European Compliance Services
Ramparts Compliance Services Anti-Money Laundering Training & Regulatory Guidance
Business Risk Frameworks & Response Plans
Policy Generation
Regulatory Assessments & Country Analysis
Supplier Licence Renewals & Supplier Assessments (RFx)
Customer / Player Lifecycle Audit & ‘Mystery Shoppers’
Enterprise Risk Management (ERM) Compliance Systems’ Assessments
Governance & Operational Efficiency
Customer / Player KYC & Verification
Regulatory Audit & Assurance
Security Testing & Auditing
9
PCI:DSS & ISO27001 Audits
Ramparts | Presentation
Acquisition Marketing & Advertising Assessments
Vulnerability Tests & Audits
Data Protection & Privacy Impact Assessments
Customer Interaction / Responsibility Analysis
Ramparts Enterprise Risk Management
Enterprise Risk Management is the area of analysing, assessing and quantifying risks that a business may face from time to time. It is essentially the strategy of how to manage risk and the strategy of risk management measures. By having a law firm within the Group, Ramparts Compliance Services are delivered with an understanding of the legislation and regulations that apply to our clients and furthermore we appreciate what businesses must do to adhere to these rules in the most effective way. This typically comes from sector specific licence requirements such as eGaming or financial services, risks associated with money laundering and financial crime, data protection, and information security requirements. Ramparts also has a number of associates that have relevant industry experience which provides Ramparts with unique insight into how our legal advice should be implemented into systems, policies and procedures.
10
Ramparts | Presentation
European Compliance Services
Ramparts Enterprise Risk Management Anti-Money Laundering Training & Regulatory Guidance • • • • • •
Introduction to money laundering requirements and regulations. Conduct annual AML/CTF training. Act as advisor and mentor to your Money Laundering Reporting Officer. Virtual AML/CTF Specialist. KYC/KYB and Source of Wealth checks and reports. Cryptocurrency wallet confidence scoring.
Policy Generation • •
11
Development of new policies. Maintenance of existing policies.
Ramparts | Presentation
European Compliance Services
Ramparts Enterprise Risk Management Business Risk Frameworks & Response Plans • • • • •
Executive risk-based methodology and framework / Audit risk modelling . Business risk profiling/assessments (journey, registers, controls, reporting). Third party risk assessment. Incident response / Business Continuity planning. Incident response / Business Continuity testing & training.
Regulatory Assessment & Country Analysis •
• 12
High-level regulatory market landscape reports on: • AML/CTF; • Payments; • DLT/Crypto; • Gaming. Market landscape report (Competitor/supplier/customer).
Ramparts | Presentation
European Compliance Services
Ramparts Enterprise Risk Management Compliance Systems’ Assessments • • • • • • • • •
13
Information security risk assessment. Strategic PCI compliance assessment & gap. Payment acceptance audit. Software licence audit review. Risk, Security and Compliance officer support (per 6 months). Virtual CISO (Chief Information Security Officer) (per 6 months). Security awareness (Inc. e-learning) training. Security design review. Compliance Process Analysis and Re-engineering.
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card AML Training and Regulatory Guidance Service
Price
Intro to money laundering requirements and regulations
£3,180
Conduct annual AML/CTF training (web/onsite to be further scoped)
£POA
Act as advisor and mentor to your Money Laundering Reporting Officer
£265/hour
Virtual AML/CTF Specialist (per 6 month)
£12,000
Policy Generation Service Small (<5 pages)
£788
Medium Policy (5-15 pages)
£1,238
Large Policy (15+ pages)
£2,250
Handbook/Complex Policy
£3,375
Maintenance of existing policies (price per policy) * Rate card prices are for guidance only. Actual costs may vary from client to client. * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
14
Price
Ramparts | Presentation
£POA
European Compliance Services
Ramparts Rate Card Business Risk Frameworks & Response Plans Service Executive risk-based methodology and framework Business risk profiling/assessments (journey, registers, controls, reporting) (price per operational unit)
£4,770
Third party risk assessment (per third party)
£1,800
Incident response / Business Continuity planning
£6,000
Incident response / Business Continuity testing & training
£1,800
Virtual Compliance Exec (per 6 months)
£15,000
* Rate card prices are for guidance only. Actual costs may vary from client to client. * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
15
Price
Ramparts | Presentation
£6,360
European Compliance Services
Ramparts Rate Card Regulatory Assessment & Country Analysis Service High-level regulatory market landscape report on AML/CTF (price per jurisdiction)
Price £2,650
High-level regulatory market landscape report on Payment Services (price per jurisdiction & function) £2,650 High-level regulatory market landscape report on DLT/Crypto (price per jurisdiction & function)
£2,650
High-level regulatory market landscape report on Gaming (price per jurisdiction & function)
£2,650
Market landscape report (Competitor/supplier/customer) (price per jurisdiction & function)
£3,710
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
16
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Compliance Systems Assessments Service Information security risk assessment
£9,000
Strategic PCI compliance assessment & gap
£POA
Payment acceptance audit
£POA
Software licence audit review
£POA
Virtual CISO (Chief Information Security Officer) (per 6 months)
£15,000
Security awareness (Inc. eLearning) training
£POA
Security design review
£POA
Compliance Process Analysis and Re-engineering
£POA
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
17
Price
Ramparts | Presentation
Ramparts Governance and Operational Efficiency services focus on ensuring the a risk based compliance approach is implemented into our clientsâ&#x20AC;&#x2122; businesses at a process and policy level. This typically means reviewing the efficiency of a businessesâ&#x20AC;&#x2122; compliance practices to ensure the is correctly utilising its inputs or/and resources as efficiently and effectively as possible.
Ramparts Governance & Operational Efficiency
18
Ramparts | Presentation
Our Governance and Operational Efficiency services will also help to identify both existing and latent risk that exists within the business once a risk management approach is active and implemented.
European Compliance Services
Ramparts Governance & Operational Efficiency Know your Customer (KYC) / Know you Business (KYB) & Verification • • • • •
19
Customer Due Diligence (“CDD”). Enhanced Customer Due Diligence (“ECDD”). Business Due Diligence (“BDD”). Enhanced Business Due Diligence (“EBDD”). Crypto Wallet Review.
Ramparts | Presentation
European Compliance Services
Ramparts Governance & Operational Efficiency Customer Lifecycle Audits & Mystery Shoppers • • •
External mystery shopping exercises on retail/online operations. Internal verification of controls and systems. Terms and conditions acceptance point review.
Customer Interaction / Responsibility Analysis • • •
20
Review of responsible gaming policies and procedures. Audit of stored customer interactions. Review of indirect social channel interactions.
Ramparts | Presentation
European Compliance Services
Ramparts Governance & Operational Efficiency Data Protection & Privacy Impact Assessments • GDPR readiness and privacy impact assessment. • Data discovery assessments. Acquisition Marketing & Advertising Assessments • • • •
Web portal review for protection of minor and vulnerable people. Review of advertising materials (per creative). Design of advertising review process. Virtual Responsible Gaming/Customer Services Executive (per 6 month).
Supplier Licence Renewals & Supplier Assessments (RFx) • • 21
Request for information (RFI), request for proposal (RFP), request for tender (RFT), and request for quotation (RFQ) shortlist project (price per project). Vendor shortlist workshops and reference verification project (price per vendor).
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Customer / Player KYC & Verification Due diligence check
Price per record
Volume discount ( >500 records)
£12
10%
Customer Due Diligence (“CDD”) • • • • • •
Personal information Source of funds Identity verification Proof of address Sanction/PEP screen Adverse media
Deliverables • • • •
Summary Report Individual Customer Reports & Associated Files EDD Risk Flagging Report Flagging persons that may require suspicious transaction reports (STR/SAR)
* Investigations based on customer data provided by the client * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
22
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Customer / Player KYC & Verification Due diligence check
Price per record
Volume discount ( >500 records)
Additional investigation & verification Inc.. source of wealth
£POA
10%
Cryptocurrency source of wealth investigation (where wealth is stated as being crypto related)
£POA
10%
Enhanced Customer Due Diligence (“ECDD”) • •
Deliverables • • • •
Summary Report Individual Customer Reports & Associated Files EDD Risk Flagging Report Flagging persons that may require suspicious transaction reports (STR/SAR)
* Investigations based on customer data provided by the client * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
23
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Business / KYB & Verification Due diligence check
Price per record
Volume discount ( >500 records)
£850
10%
Business Due Diligence (“BDD”) • • • • • •
Authorised representative / Director identify verification Shareholder identify verification Proof of address Certified company documents (Memorandum, articles & incorporation) Banking authorisation Adverse media screening
Deliverables • • • •
Business Report & Associated Files Summary Report of Shareholders EBDD Risk Flagging Report Flagging persons that may require suspicious transaction reports (STR/SAR)
* Investigations based on customer data provided by the client * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
24
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Business / KYB & Verification Due diligence check
Price per record
Volume discount ( > records)
£POA
10%
Enhanced Business Due Diligence (“EBDD”) • • • • •
Ultimate beneficial owner analysis Adverse media / PEP screening on shareholders and UBO Statement of financial health Statement of good standing Insolvency verification
Deliverables • • •
Business Report & Associated Files Summary Report of Shareholders Flagging persons that may require suspicious transaction reports (STR/SAR)
* Investigations based on customer data provided by the client * Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
25
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Customer Lifecycle Audits & Mystery Shoppers Service
Price
External mystery shopping exercises on retail/online operations (subject to wallet setup for 2 customers; price per product)
£6,400
Internal verification of controls and systems
£5,000
Terms and conditions acceptance point review
£1,500
Customer Interaction / Responsibility Analysis Service Review of responsible gaming policies and procedures
£4,500
Audit of stored customer interactions (price based on review of 20 customer accounts)
£8,500
Review of indirect social channel interactions
£2,250
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
26
Price
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Acquisition Marketing & Advertising Assessments Service Web portal review for protection of minor and vulnerable people Review of advertising materials (per creative) Design of advertising review process Virtual Responsible Gaming CS Exec (per 6 month)
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
27
Ramparts | Presentation
Price £2,000 £250 £4,000 £12,000
European Compliance Services
Ramparts Rate Card Supplier Licence Renewals & Supplier Assessments (RFx) Service
Price
Request for information (RFI), request for proposal (RFP), request for tender (RFT), and request for quotation (RFQ) shortlist project (price per project; limited to 3 vendors)
£6,000
Vendor shortlist workshops and reference verification project (price per vendor)
£2,250
Data Protection & Privacy Impact Assessments Service GDPR readiness and privacy impact assessment
£POA
Data discovery
£POA
Virtual Data Protection Officer (per 6 month)
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
28
Price
Ramparts | Presentation
£15,000
Internal and external business stakeholders must have certainty about their business and its day to day operations. Typical Auditors will focus on financial reports and preparation thereof. Outside of
Ramparts Regulatory Audit & Assurance
the financials there is a huge array of audit and assurance services required by businesses to fulfil their regulatory requirements; these include: information security; data protection; payments and financial services; and industry specific regulations like gaming or distributed ledger technology. Ramparts Regulatory Audit & Assurance services are there to ensure that owners, managements/executives, government bodies, regulators and other business stakeholders have sufficient information and credible independent reports to confirm compliance (or non-compliance as the case may be) to the businesses policies, frameworks or regulatory requirements. Our team have the expertise and resources to cover full-service audit services across the business providing assurance and clear transparent reporting from an independent standpoint.
29
Ramparts | Presentation
European Compliance Services
Ramparts Regulatory Audit & Assurance Security Testing and Auditing • • • • • • • • •
30
Internal infrastructure penetration testing. External infrastructure penetration testing. Web application penetration testing. Application penetration testing. Mobile application penetration testing. Social engineering. Red teaming. Firewall review. Code review.
Ramparts | Presentation
European Compliance Services
Ramparts Regulatory Audit & Assurance PCI:DSS & ISO27001 Audits • • • •
31
PCI DSS Audit for merchants processing less then 6 million payments. PCI DSS Audit (Report on Compliance) for merchants processing more than 6 million payments. Full ISO27001 Audit. ISO27001:Annex A Annual Audit.
Ramparts | Presentation
European Compliance Services
Ramparts Regulatory Audit & Assurance Vulnerability Tests and Audits • •
External / Offsite. Internal / Onsite.
Supplier Licence Renewals & Supplier Assessments (RFx) • Request for information (RFI), request for proposal (RFP), request for tender (RFT), and request for quotation (RFQ) projects. • Vendor workshops and reference verification.
32
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Security Testing & Auditing Service Internal infrastructure penetration testing
POA
External infrastructure penetration testing
POA
Web application penetration testing
POA
Application penetration testing
POA
Mobile application penetration testing
POA
Social engineering
POA
Red teaming
POA
Firewall review
POA
Code review
POA
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
33
Price
Ramparts | Presentation
European Compliance Services
Ramparts Rate Card Vulnerability Tests & Audits Service
Price
External / Offsite
POA
Internal / Onsite
POA
PCI:DSS & ISO27001 Audits Service PCI DSS Audit for merchants processing less then 6 million payments
POA
PCI DSS Audit (Report on Compliance) for merchants processing more than 6 million payments
POA
Full ISO27001 Audit
POA
ISO27001:Annex A Annual Audit
POA
* Non EU countries may need further scoping/costs * Some services will be undertaken by authorised service partners of Ramparts
34
Price
Ramparts | Presentation
Ramparts core focus is gaming/creative media, digital payments/electronic money, and distributed ledger/blockchain technology sectors. These industries have very specific regulatory requirements that apply to any business operating within either on a B2B or B2C model.
Ramparts Sector Specific Compliance Services
35
Ramparts | Presentation
If you are operating within these markets then Ramparts have specific compliance packages to cater for one-off compliance audits that provide your business and its stakeholders a good foundation platform from which to understand where the regulatory risks may be within your existing operations. As a specialist business group we engage with, and manage a range of the best third party providers and platforms to support your compliance needs across all our sectors.
European Compliance Services
Ramparts Gaming Risk & Audit Services Ramparts Gaming Risk and Audit Services will undertake a full audit of your gaming operation including: • • • • • • • • • •
36
Audits of your players and/or player segments for AML, KYC, RG and data protection documentation and compliance. Checklist of written policies and procedures. Checklist of internal training and key man skill/expertise suitability. Assessing Responsible Gaming (RG) interactions across your player engagement channels. Auditing compliance across the whole player lifecycle from ‘acquisition to churn’. Penetration and vulnerability testing of the production infrastructure. Payment and deposit tests using genuine funded accounts. Reviewing your live advertising and promotional content. Verification of your active policies and procedures. Traditional ISO/IEC 27001: 2013 and PCI DSS audits.
Ramparts | Presentation
European Compliance Services
Ramparts Payments/eMoney Risk & Audit Services Ramparts DLT Risk and Audit Services will undertake a full audit of your payments or e-money based operations including: • • • • • • • • •
37
Audits of your customers and/or player segments for AML, KYC, and data protection documentation and compliance. Checklist of written policies and procedures. Checklist of internal training and key man skill/expertise suitability. Review of your compliance with payment services and e-money Directives. Outsourced KYC and source of wealth process on all customers. Penetration and vulnerability testing of the production infrastructure. Reviewing your live advertising, promotional content and bounty procedures. Verification of your active policies and procedures. Traditional ISO/IEC 27001: 2013 and PCI DSS audits.
Ramparts | Presentation
European Compliance Services
Ramparts DLT Risk & Audit Services Ramparts DLT Risk and Audit Services will undertake a full audit of your DLT/blockchain based operation and token issuing activities including: • • • • • • • • • •
38
Audits of your customers and/or player segments for AML, KYC, RG and data protection documentation and compliance. Checklist of written policies and procedures. Checklist of internal training and key man skill/expertise suitability. Outsourced KYC and source of wealth process on all acquired token holders. Auditing compliance across the whole token issuance process. Penetration and vulnerability testing of the production infrastructure. Reviewing your live advertising, promotional content and bounty procedures. Verification of your active policies and procedures. Audit of smart contracts and token relevant software. Traditional ISO/IEC 27001: 2013 and PCI DSS audits.
Ramparts | Presentation
Legal & Professional Service
Contact: Gibraltar Office: 6.20 World Trade Center,6 Bayside Road, Gibraltar,GX11 1AA Phone: +350 200 68 450 UK Office: 2nd Floor, 3 Hardman Square, Spinningfields, Manchester, M3 3EB Phone: +44 (0)161 9149785 Website: www.ramparts.eu Email: info@ramparts.eu