Regulatory Response & Privacy

Banking, Finance, and Insurance organisations are facing an unprecedented level of scrutiny and demand to meet conduct, regulatory, compliance and privacy requirements.

Mosaic has a deep understanding of financial services regulation and the strategy-first process of developing interpretative frameworks to derive policy, process and functional implementation plans.

Some of our work

Privacy by Design

Mosaic have worked with many customers both in the financial sector and wider to implement privacy considerations into their projects. Mosaic assisted one bank with all their technical projects including the use of technologies  such as data analytics, machine learning and artificial intelligence. Mosaic are also assisting in the development of a facial recognition solution for a non-financial client. A typical deliverable from a privacy by design engagement by Mosaic is a Privacy Impact Assessment (PIA).

Privacy Training

As an International Association of Privacy Professionals (IAPP) training partner Mosaic deliver Certified Information Privacy Technologist (CIPT) and Certified Information Privacy Manager (CIPM) courses. Mosaic has also developed bespoke training seminars for customers in scientific research and GDPR.


Mosaic assisted one of New Zealand’s largest banks with their interpretation and implementation of pragmatic solutions to support GDPR regulations. Specific deliverables included detailed impact assessments and data processing inventory. Mosaic has also worked with multiple SaaS providers to identify gaps in their GDPR compliance and work with them on a roadmap to increase their privacy maturity.

Climate Related Disclosure

Mosaic has a climate-related disclosure (CRD) team with experts able to support our financial services clients to meet their CRD obligations.

Understanding climate-related risks and opportunities is key for the financial sector to be able to manage and plan for a future, adjust strategy, and measure, and control the risks associated with climate change.

Our experienced consultants can assist clients with the implementation of CRD reporting process including maturity assessments from which to scope, map and prioritise their CRD response.

 With the emerging data needs, Mosaic can also help with the evaluation selection and procurement (ESP) process to identify and engage appropriate vendors as well as developing and implementing processes to facilitating automation and integration of new data and processes.


Mosaic has led or been engaged in numerous FSLAA compliance initiatives from initial programme set up, regulatory interpretation, project governance framework design and implementation of practical compliance measures. These initiatives have covered two major banks and two Wealth management clients with FUM in excess of $10b. Mosaic has also developed significant proprietary IP around the operationalisation of FSLAA compliance covering enterprise governance through to operational process.


Mosaic has provided subject matter expertise into a large bank compliance initiative, initially focussing on drafting obligations and ensuring these capture future state requirements and developing business and product impact assessments.
The work has then moved to workshopping impacts with the relevant business units, identifying gaps and remedial work in the context of an overarching set of policies. From there, and compliance plan and framework was developed and the required changes operationalised.


Mosaic has been involved in numerous initiatives across our banking and wealth management client base since 2012. These have covered initial interpretation and compliance change through to accommodation of periodic changes to the regulations. Mosaic staff have a deep understanding of AML/CFT and have predominantly engaged in a project management and senior analysis capacity.

US Qualifying intermediary

Us tax presents a complex range of potential outcomes for any financial services organisation. Mosaic have consulted on and executed practical solutions for a range of wealth management and banking clients since 2016. This includes client engagement, consultancy, project management, analysis and solution implementation.


A Mosaic team assisted one of New Zealand’s largest wealth managers and banks to accommodate CRS reporting requirements over a period of 12 months. Central to this engagement was ensuring that the existing FATCA reporting capability was not compromised and that the CRS requirements were correctly interpreted for each specific use case across the organisation. Interfaces to extract the relevant data were designed, built and tested to enable go-live.


Mosaic was engaged to assist one of New Zealand’s largest banks with the implementation of the Reserve Bank of New Zealand policy changes in relation to outsourcing of functions and services.

The programme of work included management of regulatory policy scope, remediation of existing bank outsourcing arrangements, embedding the RBNZ banking standards into the bank’s policies, processes, and controls, and ongoing governance

Like to know more?