Governance, Risk & Compliance

Business risks take many forms. Knowing and controlling them is what allows companies to protect their competitive advantatges and keep moving forward on a solid foundation.

We help you manage risks in a sustainable way without losing focus on value

Costly controls, bureaucratic procedures and "cosmetic compliance" make risk control difficult and ineffective. Having internal audits is no longer enough and only impacts the organization's financial and accounting information.


Managing risks efficiently makes it possible to maximize the value of the organization identify internal and external risks, have contingency and alert mechanisms and increase the value of processes by applying efficient controls and continuous improvement.


The previous practices materialize through the adoption and compliance of different internal regulations, which are designed and implemented by adapting them to the nature of each business or obliged entity. Some examples of internal regulations that could be considered as Compliance policies could be a Money Laundering and Terrorist Financing Prevention manual, a protocol against sexual and gender-based harassment or a data protection manual from personal character, among others.


Our GRC team can help you with:

Anti-Money Laundering/ Combating the Financing of Terrorism (AML/CFT)
  • Adequacy of Law14/2017 on AML/CFT for obliged entities
  • Implementation of AML/CFT measures for obliged entities
  • Conducting audits in the field of AML/CFT
  • Action plans to implement AML/CFT recommendations
  • External expert reports on AML/CFT issues
  • Conducting Individual Risk Assessments (ERI)
  • Advice to OCIC and the Representative to UIFAND
  • Advising on the approach and drafting of suspicious transaction reports
  • Training in the field of AML/CFT
Brochure AML/CFT
Personal Data Protection (LQPD)
  • Adequacy of Law 29/2021 (LQPD) on Data Protection for obliged subjects
  • Implementation of LQPD measures for obliged entities
  • Carrying out LQPD reviews and assessments
  • Action plans to implement LQPD recommendations
  • Recurrent advice on LQPD issues
  • Outsourcing the Data Protection Officer (DPD)
  • Recurrent support to the DPD
  • Video surveillance advice: advice on obtaining and maintaining authorizations for the installation of video surveillance systems
  • Training in the field of LQPD


Brochure LQPD

Equility Plans 

In the framework of the ratification that the Principality of Andorra carried out in the Council of Europe, the European Convention on Human Rights and the European Social Charter, which oblige the State to protect human rights, prohibit discrimination by reason of sex and to guarantee equal opportunities, Law 6/2022, of March 31, is born, for the effective application of the right to equal treatment and opportunities and to non-discrimination between women and men.


Among other measures, Law 6/2022 establishes the obligation to implement Equality Plans in companies with 50 or more employees, as well as in Public Administrations, autonomous bodies, companies and public bodies linked or dependent on them.


From the GRC department of Crowe Andorra, we offer an advisory service in the implementation of Equality Plans for the obliged subjects


- Newsletter equility plans (I)

- Newsletter equility plans (II)

Need our help?

Can't find the services you need? Then you will find our data. Do not hesitate to contact us.
Antoni Bisbal
Antoni Bisbal
Managing Partner
Crowe Andorra
Vladimir Fernandez
Vladimir Fernández
Managing Partner
Crowe Andorra
Luis Hernandez
Luis Hernández
Manager Advisory
Crowe Andorra