Risk evaluation process
RapidRatings operates a risk-based approach to its compliance and regulatory program by evaluating risks from a customer, product and geographical point of view. Our compliance program is strongly aligned with national and international laws (these are determined by jurisdictional presence of RapidRatings) such as anti-money laundering laws, anti-bribery laws, whistleblowing protection, code of conduct etc.
In terms of our efforts in managing our compliance program the following are some of the key policies and procedures we have in place to empower us to have a unified and clear compliance program. Our compliance program has senior management backing as any successful program needs to have this backing in order to foster a companywide compliance friendly culture.
- Code of Conduct
- Whistleblower Protection Policy
- Anti-Bribery and Corruption Policy
- Corporate Social responsibility Policy
- Employee Handbook
- Non-Disclosure Agreements/Confidentiality Agreements
- Vendor Management Policy
- Office Security-Clean Desk Policy-Green Office Policy
Frequently Asked Questions
Below are some commonly asked questions from our customers and third parties in relation to our legal and compliance approach.
Do employees and third parties enter an NDA before discussion or access is provided?
NDA/Confidentiality agreements are formal legal contracts between one or more parties and can take many forms. At RapidRatings, we have several different NDA/Confidentiality agreements in place to cater for a vast array of situations as no one situation is identical for example we have mutual NDAs in place as well as one sided NDAs and employment specific NDAs etc.
Are there backgrounds checks carried out on all employees and any third parties?
At RapidRatings, we carry out background checks on employees to confirm for example character references, previous employment history/education. We also carry out checks to ensure that any employee of RapidRatings has the legal right to work in a jurisdiction and reside in a jurisdiction that RapidRatings has a presence in. Additionally, depending on the role an employee is hired for we do engage in criminal background checks as required.
Are there restrictive covenants and confidentiality provisions with employment agreements and/or any third-party agreements?
It is generally accepted that while the employee remains employed with a business, he or she has a duty not to use any such confidential information for his/her own benefit or the benefit of a third party.
At RapidRatings, we have restrictive covenants and confidentiality provisions within our non-disclosure agreements with employees as well as within the employment contracts. This is needed to protect RapidRatings and our clients who trust us in providing a secure service and in our ability to have adequate legal protections in place through contractual provisions in preventing disclosure of information.
Is there a dedicated Ethics/Code of Conduct practice in place?
Within RapidRatings, we abide by our own internal Code of Conduct that has been set at internationally approved standards and this is practiced by all our employees throughout our offices. The following core values are essential to RapidRatings and RapidRatings’ business:
- Mutual Respect
- Customer Satisfaction
How does the organization view whistleblowers?
Ethical companies like RapidRatings make sure that they protect any whistleblower from unfair treatment and provides mechanisms to enable employees to speak out against anything that may be deemed unethical or illegal. Look for companies like RapidRatings who have dedicated corporate policies in place on the issue of protection “whistleblowers.” It’s important to ensure that such a policy is not stand alone as this takes away from the importance of such policy.
This policy is complimented by a corporate “Code of Conduct” and or corporate social responsibility. RapidRatings has all of these policies in place and in order to provide further support to this issue we have published our corporate social responsibility statement/policy on our website: https://www.rapidratings.com/corporate-social-responsibility-policy/
What type of security awareness training Is provided?
Companies like RapidRatings take security awareness training seriously by providing corporate security and data protection awareness training to all employees and more specific security training to employees in certain departments such as the client facing and IT teams. After all, these are the employees who most likely will be called upon when a security threat is identified.
What is the rate of compliance when it comes to training employees on issues such as information security and privacy?
We are delighted to state that we have obtained the golden standard when it comes to implementing a training program for RapidRatings’ employees in that we have obtained 100% compliance rate from all staff. All employees regardless of their position have completed and are regularly required to complete training on key areas of the business such as information security, data protection, employment obligations etc.
What level of involvement do senior management/representatives of the board of directors have regarding the organization’s compliance efforts?
RapidRatings has several internal committees that are responsible for different sectors of RapidRatings commercial, technology and compliance operations. These committees are independent of one another and meet up (whether in person or virtually) on a regular basis and at a minimum on a quarterly basis to ensure that all members are abreast of the current position of RapidRatings.
In addition, the committee's determine whether there needs to be any changes to RapidRatings policies and procedures. These committees therefore have an internal audit function which is necessary to ensure that any policies and procedures that RapidRatings implements does not become outdated and irrelevant to RapidRatings commercial operations.
At RapidRatings we know that any compliance/technical committee success depends on the commitment of senior management to the committee and this explains that members of such committees within RapidRatings include the CEO, CFO, CTO and another senior heads of departments.
Is there a regularly updated employee handbook in effect?
At a very minimum all policies, procedures and this includes employee handbooks of RapidRatings are viewed on an annual basis. Some policies and procedures are reviewed more regularly, and this is because of one or more triggering events taking place. Examples of trigger events include: changes in laws, changes in organization structure and change in technology etc.
What are the approaches taken by the organization to reduced risk associated with remote workers?
RapidRatings’ managers try to effectively manage their remote employees, the arrangement does raises concerns, including: loss of control, fear of productivity drops, and reduced security.
To address these issues, below are some of the practices utilized by RapidRatings in managing remote employees:
- Make Use of Technology
- Use Video-Conferencing
- Plan & Organize Ahead of Time
- Trust Employees
- Manage by Objectives
- Interact with staff on regular basis
Should you have any questions about our general compliance approach please do not hesitate to contact our legal department using firstname.lastname@example.org email address.