Risk management

We have procedures and risk management standards in place across our global business to ensure that we comply with applicable regulations in all jurisdictions in which we operate. Our risk management standards - Global Practice Standards (GPS) - are designed to safeguard our business and that of our clients, and to ensure that our behavior conforms at all times with our business principles: Quality, Unity, Integrity.

Our GPS focus on regulatory risk in the following areas: bribery and corruption; ethical conflicts caused by directorships and other external appointments; breach of economic sanctions; discrimination; money laundering; insider trading and stock and share dealing; data privacy; information assurance; and cyber security.

GPS applies to everyone at Norton Rose Fulbright. As well as safeguarding our global practice and our reputation, GPS also constitutes good business practice and ethical personal and professional behavior. Our personnel are made aware of our policy through compulsory training. Compliance is monitored by our Global Head of Compliance and Global Audit Committee, and it is enforced by our Global Executive Committee.

Money laundering

Robust anti-money laundering regulations exist in many of the jurisdictions in which we have offices. Commonly known as ‘Know Your Client’ requirements, they require us to follow strict due diligence in screening clients, to identify who we are acting for and who is paying us. Norton Rose Fulbright is committed to maintaining, on an on-going basis, effective anti-money laundering policies which reflect best practice for a global legal practice.

Information security

We view the security of our information and that of our clients as a top priority. We operate best practice information security governance and we use multiple technical controls to detect and prevent cyber attack and data leakage. The efficacy of our information security is assessed, measured and reported on a continuous basis at executive level. This includes advanced penetration testing, vulnerability scanning and independent audit, as well as reports from our own internal teams.

The education of our people is an important part of our information security policy. We have in place a global practice standard, as well as training, for cyber security, which outlines our expectations of every person in the firm in the safeguarding of confidential information.

Our world

Our offer