Learn More about Governance

Risk Management Governance

Alter Domus has a strong risk management structure comprised of both oversight and local compliance functions.  At a governance level the Audit and Risk Committee (“ARC”), is comprised of two representatives from the Group’s original founders and one representative of our private equity partner, Permira. The group Chief Risk and Compliance Officer (“CRCO”) acts as Secretary and the CEO, CFO and group general counsel are permanent invitees. The ARC is responsible for providing the board with independent, objective advice on the adequacy of management's arrangements with respect to the following aspects of the management of the Group:

  • External audit;
  • Financial Statements and public accountability reporting;
  • Risk management and control;
  • Fraud;
  • Compliance.

The ARC is also responsible for the internal audit function acting as third line of defence and relies upon certified internal auditors and a robust audit plans to meet its obligations.   The Internal Auditor reports directly to the CFO and have an open channel of communication with the Chairman of the ARC. Key findings, weaknesses, risk management issues and internal control deficiencies are reported to the Board. The Group Executive Board (“GEB”) is responsible for the implementation of corrective measures required.

Alter Domus had also created a Group Operational Risk Committee (‘ORC’) which is a sub-committee of the GEB. This Committee is led by our group CRCO with committees established in each region to oversee its risk framework, policies, assess and report upon risk, compliance, to adopt a strong risk culture, support the ORC charter locally,  and to manage in accordance to the risk appetite of the group.

In addition to the ORC, Alter Domus has a dedicated Client Acceptance Committee (“CAC”) composed of business professionals and Compliance Officers. This Committee has the full responsibility to accept or reject clients according to a strong procedure put in place, in order to always protect Alter Domus and its current client database interests and reputation. This CAC is fully independent and does not need to obtain the approval of any other Committee to accept or reject business. In addition to this CAC, any high risk must be pre-approved by the CRCO.


Our Compliance teams provide deep regulatory expertise to clients and to our business operations teams. We take pride in ensuring we work with reputable businesses and establish strong partnerships with our clients to meet expectations, integrate regulatory requirements during the client acceptance and onboarding phases, providing confidence in executing well-established policies such as anti -money laundering checks and balances and KYC (Know Your Customer) reviews.  We work with prospects and clients to establish customized and well- defined risk mitigation practices.

Quality Assurance

Alter Domus has an independent Quality Assurance (“QA”) Team that reports directly to the Group General Counsel.  QA works closely with Compliance, Legal and the business to proactively support our clients in executing and delivering upon our services, to strengthen processes with a focus on data quality, standardization, and centralization. 

The primary role of QA is performance of independent reviews to ensure proper onboarding of clients, management of necessary changes, and offboarding are performed in accordance with legal agreements, policies and procedures.  Results are provided to the business upon completion of reviews and management reports are circulated on a monthly basis. QA also provides guidance and recommendations for process improvement and training support to the business to ensure high quality standards of performance are maintained.

Business Continuity Management

Alter Domus' Business Continuity Management system is compliant and certified to ISO 22301:2019, the highest business continuity industry standard. This management system is designed to evaluate holistic threats, provide a framework to build and sustain organizational resilience, and support this capability through effective responses designed to safeguard stakeholder, brand, and reputation. Business Continuity Management provides oversight to support large scale infrastructure change impacting operations, anticipate material issues. and manage business disruption.

A business continuity management steering committee includes critical roles including: the Chief Risk Officer, Chief Information Security Officer, the Chief Technology or designated Global Head of IT Operations, Chief Operations Officer or designate, the CHRO or designate, and the Global Head of Business Continuity. The committee is charged with business continuity oversight for Alter Domus.

Information Security

Alter Domus understands the responsibility of managing client data and is committed to keeping that data secure. This starts by adopting the internationally recognized cybersecurity framework; ISO 27001. This framework guides the team in creating strategies, policies, and internal controls that adhere to best practices, applicable laws, and regulations. To ensure the proper governance and industry standard protections are met, regular audits are performed by the company’s Internal Audit team and third party providers. 

These audits not only review our internal and external protections, but the maturity of the company’s Information Security Management System.

The Alter Domus Information Security team’s key deliverables are:

  • Support the development and continued improvement of the Information Security Management System (ISMS) in accordance with best practice standards; most notably the ISO 27001 framework
  • Identify, assess, and address information security risks throughout the company by following the ISO27005 framework
  • Create, maintain, and enforce policies and procedures designed to keep client and employee data safe
  • Develop and promote an information security awareness training program and encourage secure work practices
  • Support management’s strategic initiatives using a risk based approach to limit the company’s exposure to vulnerabilities
  • Collaborate with industry peers on threat intelligence and lessons learned to promote cybersecurity awareness


Alter Domus has a global in-house legal team to provide general legal support and transaction specific risk and structuring advice. |Regionally located teams negotiates and documents corporate, client and vendor transactions collaborating across geographies as needed to share information and support our clients and businesses with best in class expertise.

Data Protection

Within Alter Domus, the Group Data Protection Officer (DPO) and Data Protection Team is responsible for:

  • Monitoring an Alter Domus’ data protection compliance and assessing incidents and breaches;
  • Informing and advising Alter Domus on its data protection obligations;
  • Leading the data protection impact assessments process and monitoring their application and maintenance; and
  • Acting as a contact point for data subjects and the relevant supervisory authorities.

Alter Domus is committed to protecting the confidential and personal data of our clients and employees and manages global data protection according to the NIST Privacy Framework, applying NIST best practices while observing differing local laws and regulations with regard to the protection of personal data.

< Back to our Environmental, Social and Governance Practices