SOX Compliance

The policies, procedures, and controls organisations implement to ensure they do not engage in prohibited transactions with sanctioned countries, entities, or individuals. Sanctions regimes are administered by bodies including OFAC (US), OFSI (UK), and the EU Council, and violations can result in severe criminal penalties, asset freezes, and reputational damage.

A chronological record of system activities, transactions, or document changes that provides a verifiable history of who did what, when, and why. Audit trails are essential for regulatory compliance, fraud detection, and internal controls, and are required by standards including SOX, GDPR, and ISO 27001.

The body of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML compliance requires financial institutions to implement customer due diligence, transaction monitoring, suspicious activity reporting, and record-keeping.

The policies, procedures, and mechanisms established by an organisation to ensure the reliability of financial reporting, effectiveness of operations, and compliance with applicable laws and regulations. The COSO framework provides the most widely adopted internal controls standard, defining five components: control environment, risk assessment, control activities, information and communication, and monitoring.

Legal safeguards that protect individuals who report illegal, unethical, or dangerous activities within organisations from retaliation, including dismissal, demotion, or harassment. In the EU, the Whistleblower Protection Directive (2019/1937) requires companies with 50+ employees to establish internal reporting channels, while the UK's Public Interest Disclosure Act 1998 provides employment tribunal remedies.

A valuation methodology that estimates a company's value by comparing it to similar publicly traded companies using financial ratios such as EV/Revenue or EV/EBITDA. Comps provide a market-based reference point but may undervalue intangible-heavy businesses if peers are not well matched.

Government regulations that restrict the transfer of specified goods, software, technology, and technical data across national borders for reasons of national security, foreign policy, or non-proliferation. Export controls in the UK are administered under the Export Control Act 2002, while the US uses the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR).

An international regulatory framework developed by the Basel Committee on Banking Supervision that sets minimum capital requirements, leverage ratios, and liquidity standards for banks. Basel III was introduced in response to the 2008 financial crisis and requires banks to hold higher-quality capital (primarily Common Equity Tier 1) against risk-weighted assets, including operational risk and market risk.