Legal Compliance

GRATA International provides comprehensive legal support in compliance and regulatory matters.

Our Compliance Department brings together experts with extensive experience in corporate governance, anti-corruption, AML/CFT, data protection, and risk management. The team advises clients on implementing effective compliance systems, conducting internal investigations, and ensuring adherence to both local and international regulations.

Through deep understanding of business processes and regulatory frameworks, our specialists help organizations prevent risks, maintain transparency, and strengthen their reputation for integrity.

The professionalism of GRATA International’s compliance experts has been repeatedly acknowledged by international legal directories and clients for their high standards of ethics and reliability.

Services:

We are delighted to propose our clients with the following services under the Legal Compliance Practice:

(A) Legal Compliance Assessment

LCA, generally, includes the following:

• Identifying main regulatory framework applicable to the company and analysis of the obligatory requirements;
• Review of current policies and procedures adopted in the company;
• Review of the main contracts related to main activity of the company;
• Review of public sources and media for the information on the activity of the company;
• Interviewing key personnel on how policies, procedures and operations of the company actually are followed and comply with regulatory framework;
• Identifying risks and gaps;
• Preparation of the mitigation measures list and recommendations.

LCA may be applied to overall business conduct of the company and to its individual business units or transactions.  

(B) External Legal Compliance Investigation

External Legal Compliance Investigations, includes the following:

• conflict check, key questions, jurisdictions, timeline;
• evidence preservation & e-discovery: legal holds, chain-of-custody;
• document review, emails/chats, witness interviews.
• legal/regulatory analysis of Kazakhstan/EAEU and cross-border risks (AML/KYC, sanctions, antitrust);
• incident response & enforcement, whistleblowing, investigation triggers, discipline matrix;
• counterparty due diligence & fund-flow tracing;
• interim flags, final findings memo, risk map, action plan; dispute-readiness.

(C) Internal Policies

Internal Policies, includes the following:

• inventory of existing rules, gap analysis vs. law/standards (Kazakhstan/EAEU, sectoral);
• policy hierarchy, ownership, approval and review cycles;
• drafting & localization of templates, defined scope, roles, sanctions;
• SOPs, checklists, segregation of duties, escalation paths;
• training & communications, onboarding/refreshers, knowledge checks, manager toolkits;
• legal audits/spot checks, corrective actions, version control;
• third-party & contracts, including supplier code, compliance clauses, audit/termination rights.
• drafting policies, procedures, contracts, templates (RU/KZ/EN) with clear roles and controls;
• legal alignment & localization in accordance with Kazakhstan/EAEU law, sector standards, cross-border consistency;
• rollout plan, training, communications, metrics and continuous improvement.

(D) Implementation of Compliance Procedures in a Company

• determining the roles/ownership (RACI), delegated authorities, budget, approval matrix;
• risk-to-control mapping, process flows, handoffs, escalation paths;
• legal alignment & localization in accordance Kazakhstan/EAEU requirements, RU/KZ/EN templates, definitions, sanctions scale;
• registers, checklists/forms, workflow approvals (gifts, conflicts, antitrust vetting), hotline & case management, recordkeeping;
• third-party onboarding such as KYC/AML/sanctions, competition clauses, audit/termination rights;
• monitoring & reporting, KPIs/KRIs, dashboards, spot checks/internal audits, root-cause corrective actions;
• incident & whistleblowing, including intake, triage, investigation playbooks, confidentiality, non-retaliation.
• continuous improvement & governance, including version control, change requests, periodic reviews, management reporting.