MKS Advogados

Menu
Menu
← Go Back

Risk Management Policy

This Policy defines the principles, scope, and internal responsibilities that govern risk management
at MKS Law. It sets internal expectations for how risk related matters are identified, assessed,
handled, and escalated. All provisions apply across operational areas, without exemptions based
on role, hierarchy, or function. Risk management is treated as a governance duty connected to
institutional integrity and operational continuity.

Structure

This Policy is organized into sections that address core elements of risk management within the
firm, including definitions, responsibilities, and minimum handling standards. The structure supports
consistent application under the firm’s internal governance and supervision. This Policy applies in
full and is not subject to selective application.

Introduction and Objectives

Risk management at MKS Law supports internal decision making, operational continuity, and legal
compliance. The objective is to identify relevant exposure in a timely manner and ensure that
material issues are addressed before escalation. This Policy sets a baseline for consistent handling
of risk related matters across teams and functions.

Scope and Definitions

This Policy applies to all areas, activities, and individuals operating under or on behalf of MKS Law.
Risk is defined as any condition, event, conduct, or decision that may create legal, financial,
operational, ethical, or reputational exposure for the firm. Where interpretation is unclear, the matter
must be escalated for internal guidance rather than resolved individually.

Governance and Oversight

Risk management is a shared duty across all roles and levels. Each professional must identify and
escalate risk related matters within their scope of work and follow internal direction once issued.
Firm leadership provides oversight and determines handling decisions for material exposure,
including mitigation measures where required. When tasks are assigned, the assigned individual is
responsible for execution and timely escalation, and the supervising person is accountable for
oversight and final handling decisions.

Risk Identification

Risk identification consists of recognizing and escalating potential exposure connected to the firm’s
activities, matters, and operational decisions, including interactions with third parties. When
potential exposure is identified, it must be flagged promptly and must not be handled informally.
Matters that may create material exposure must be escalated for internal review.

Risk Assessment and Handling

Where potential exposure is identified, it must be assessed to support internal decision making on
priority and handling. Assessment must consider the nature of the matter, the potential impact, the
likelihood, and the information available at the time. Where the level of exposure cannot be
determined with reasonable confidence, the matter must be escalated for internal guidance.

Mitigation Measures

Where mitigation is required, the matter must be escalated to firm leadership for direction on
appropriate handling, and any direction issued must be applied. Mitigation may include adjustments
to how the matter is handled or additional review steps, as appropriate to the specific exposure. Any
remaining exposure must be considered in subsequent handling and escalation decisions.

Escalation and Communication

Risk related matters must be communicated through appropriate internal channels when identified
or when conditions change materially. Communications must be factual and aligned with what can
be substantiated at the time of disclosure. Failure to escalate known material exposure may be
treated as non compliance with internal expectations.

Integration with Compliance and Information Protection

Risk management is applied in connection with the firm’s compliance obligations and internal
standards. Where exposure relates to AML, CFT, sanctions, ABAC, data protection, confidentiality,
or professional conduct requirements, it must be handled through escalation and internal review
consistent with this Policy. Information protection and data handling related exposure must be
treated as operational risk and handled under the applicable internal requirements.

Review and Update

This Policy is reviewed as needed and whenever legal, institutional, or operational developments
require revision. Updates take effect upon approval and fully replace prior versions. Historical
versions are retained for reference and accountability, and the version in force must be applied
across the firm