Compliance
Compliance Policy
Sterling is a well run business with a strong culture of compliance and a mature approach to GRC led from the top down. Sterling is governed by a board of directors, including two Non-Executive Directors, with deep experience of governance and risk best practice. Sterling has an established risk register to form the basis of the risk assessment process.
Leadership-endorsed risk management fosters a responsible corporate culture to GRC Risk assessment forms the basis for effective internal controls and compliance program. Our approach involves:
- Documented policies, guidelines and procedures ensure protocols are followed and enforced
- Structured dissemination of laws, regulations, corporate policies and prohibited conduct
- Well-defined monitoring, auditing and reporting with commitment to remediation
- All identified risks are graded based on risk type, impact and likelihood of occurrence
- Changes to policies and internal controls are actioned via the risk register
- Risk register is reviewed during monthly board and management meetings
- Full range of policies to ensure internal staff aware of requirements
- Policies and procedures are reviewed annually and updated based on regulatory and market changes
- All new staff inducted and trained on key policies
- Existing staff retrained as policies change / at regular intervals
- Sterling Partners managed through on-going Accreditation process
- Internal and external training to ensure policies are understood and followed
- Use both face-to-face and e-learning training as appropriate
- Training officer responsible for roll out and tracking of results
- Recently rolled out Cyber Security and Data Protection training to ensure market best practice
- Risk register and compliance is reviewed and updated during monthly board and management meetings
- Regular audits are conducted on partners as part of Partner Accreditation to ensure partner compliance
- Compliance officer leads regular and random internal audits
- CEO takes responsibility for addressing identified issues with Board oversight.