Skip to Content
Nemu Inc.
Compliance Management📜 Compliance Governance and Oversight

📜 Compliance Governance and Oversight

1. Purpose

This document describes Nemu Inc.’s organizational structures and oversight mechanisms for managing compliance with legal, regulatory, and contractual obligations.

2. Governance Structure

Compliance responsibilities are integrated into existing roles:

  • Executive Leadership:
    • Owns overall accountability for compliance posture.
  • Security/Privacy Lead:
    • Coordinates security and privacy-related compliance activities.
  • Legal/External Counsel (where engaged):
    • Advises on contractual terms and data protection agreements.
  • Engineering and Operations:
    • Implement and maintain technical controls required by compliance obligations.

3. Policies and Standards

Nemu Inc. maintains policies and standards that address:

  • Information security.
  • Privacy and data protection.
  • Access control and endpoint security.
  • Incident response and operational resilience.

These documents are version-controlled and reviewed periodically.

4. Oversight and Reporting

  • Compliance topics may be discussed in leadership or operational meetings.
  • Findings from risk assessments, incidents, and customer audits are tracked and addressed.
  • Customers may receive copies of relevant policies or third-party audit reports where applicable.

5. Audit Evidence

  • Policy and procedure documents (this repository).
  • Records of reviews or updates to policies.
  • Examples of responses to customer security or privacy assessments.

6. Antitrust and Anti‑Competitive Practices

Nemu Inc. maintains internal guidelines that prohibit anti‑competitive behavior, collusion, market manipulation, or unfair business restrictions. These expectations are included within our Code of Conduct and reviewed during policy updates.

7. Internal Compliance & Ethics Program

Nemu Inc. maintains a lightweight but documented internal compliance and ethics framework, covering security, privacy, legal expectations, and acceptable business conduct.

7.1 Standards of Conduct

Standards of conduct emphasizing integrity, confidentiality, respectful behavior, and ethical responsibilities are shared with all staff. Contractors and third‑party service providers are required to adhere to equivalent standards via contractual agreements.

7.2 Whistleblowing / Reporting Concerns

Nemu Inc. provides dedicated communication channels for reporting compliance issues, concerns, or suspected violations. Reports can be made confidentially to leadership or through designated compliance email channels.

7.3 Annual Employee Training

Employees receive onboarding and periodic refresher training regarding insider information, confidentiality, acceptable use, conflicts of interest, and ethics‑related duties. Annual acknowledgment is required for key policies.

8. Fraud Prevention

Policies and procedures are in place to detect and reduce the risk of internal and external fraud, including separation of duties, audit logging, and financial control reviews.

8.1 Protection of Business Records

Business records are protected according to contractual, regulatory, and legal requirements. Access controls, encryption, retention schedules, and secure storage are applied.

9. eDiscovery & Legal Holds

Nemu Inc. maintains processes for applying litigation holds and preserving required records even when retention schedules conflict. Such holds override deletion policies until clearance is granted by legal counsel.

10. Sanctions & Restricted Activity Compliance

Nemu Inc. restricts transactions involving sanctioned countries and complies with export‑control requirements. Automated regional blocking is implemented where applicable.

10.1 – Sanctions Screening (OFAC, etc.)

Where relevant, screening of customers, partners, or third‑party entities against sanctions and restricted‑party lists (e.g., OFAC) is performed as part of onboarding workflows or contractual review.

11 – Consumer Protection Compliance

The company maintains policies ensuring compliance with consumer protection laws applicable to our service regions, including clear communication of terms and responsible handling of user data.

11.1 – Review of Customer Communications

Processes exist to review support templates, email messaging, and customer‑facing communications to identify potential compliance or misrepresentation issues.

11.2 – UDAAP Compliance

Policies and procedures are maintained to prevent unfair, deceptive, or abusive acts or practices. All customer‑facing materials are reviewed for clarity, accuracy, and fairness.

12. Regulatory Training

Teams with access to sensitive systems or data receive periodic training related to applicable regulatory requirements, including security, privacy, and data handling obligations.

Internal and external reporting obligations to applicable government bodies are maintained as required by law. Records are preserved following statutory requirements.

14. Anti‑Money Laundering (AML)

For applicable workflows, Nemu Inc. maintains policies to detect and prevent money laundering risks, including customer verification requirements where relevant.

15. Social Media Conduct

A documented set of guidelines governs employee and corporate use of social media, ensuring protection of confidential information and appropriate brand representation.

16 Post‑Relationship Risk Management

Policies exist to manage risks related to data retention, destruction, access removal, and system disconnection once a relationship with a customer, vendor, or partner has ended. These include secure account termination, access revocation, and validated data deletion procedures.

17 Legal & Regulatory Compliance

17.1 Compliance Policies and Procedures

Nemu Inc. maintains documented policies and procedures to ensure compliance with all applicable legislative, regulatory, and contractual requirements. These documents are version-controlled, periodically reviewed, and integrated into daily operational workflows.

17.2 Regulatory Change Management

A documented process exists to identify, assess, and implement regulatory or contractual changes that may impact service delivery. Regulatory updates are monitored through legal counsel, industry resources, customer assessments, and vendor notifications. Identified changes are reviewed by leadership and relevant teams, with updates incorporated into policies, engineering, and operational processes.

17.3 Customer-Facing Web Services

Nemu Inc. maintains public-facing and authenticated websites used for delivering product information, providing support, managing user accounts, and enabling platform functionality.

17.4 Handling Customer Inquiries & Complaints

A documented support and communication workflow exists for receiving and responding to customer inquiries, complaints, and requests. Channels include email support, internal ticketing workflows, and platform contact mechanisms. All requests are tracked through resolution according to defined response procedures.

17.5 Handling External Inquiries (Associations & Government Bodies)

Nemu Inc. follows documented procedures for receiving and responding to inquiries from business associations, regulatory entities, and government agencies (e.g., BBB, chambers of commerce, state attorneys general). Such requests are escalated to leadership and legal counsel and tracked until completed.

17.6 Anti‑Bribery & Anti‑Corruption Controls

Policies within the Compliance & Ethics framework prohibit bribery, corruption, facilitation payments, and other improper or unfair business practices. These standards apply to all employees, contractors, and third‑party relationships.

17.7 Due Diligence for Third & Fourth Parties

Nemu Inc. conducts due diligence as part of onboarding third‑ and fourth‑party service providers. Screening includes contractual review, sanctions checks (e.g., OFAC), evaluation of security posture, and verification of ethical business practices, all aligned with Anti‑Bribery and Anti‑Corruption policies.

17.8 Anti‑Bribery & Anti‑Corruption Violation Reporting (Whistleblowing)

Nemu Inc. maintains documented mechanisms for reporting suspected violations of Anti‑Bribery and Anti‑Corruption policies. These include confidential whistleblowing channels that allow employees, contractors, and partners to report concerns without retaliation. Reported issues are reviewed by leadership and, where necessary, legal counsel, with follow‑up actions documented and tracked through resolution.

18. Compliance Mapping

  • SOC 2: CC1.2, CC1.3
  • ISO 27001:2013: A.5.1.1, A.18.1.1

Contact: support@mynemu.com
© 2025 Nemu Inc.. All rights reserved.

Last updated on
Compliance ManagementCybersecurity Incident Management