Consultant Login

 Compliance and Legal Accountability Policy

Introduction

Humanics Global Advisors (HGA) is firmly committed to full compliance with all applicable laws and highest ethical standards in every jurisdiction where we operate. This Compliance and Legal Accountability Policy outlines HGA’s dedication to adhering to international, U.S., EU, and local regulations, including laws on anti-corruption, export controls, sanctions, anti-money laundering, and data privacy. In addition, HGA aligns its practices with the ethics and procurement guidelines of major international development organizations (e.g. the World Bank, United Nations, and regional development banks) to meet donor expectations in consulting projects. This Policy applies to all HGA personnel, independent consultants engaged through HGA, and users of HGA’s digital platform. It is a public statement of HGA’s values and standards, and it serves as internal guidance to ensure legal compliance and ethical conduct across all HGA activities. All HGA staff, consultants, and platform users are expected to understand and abide by the principles set forth in this Policy. Violation of these standards is not tolerated and may result in disciplinary action, contract termination, or other appropriate measures.

Roles and Responsibilities

HGA Staff: All employees and officers of HGA must lead by example in upholding this Policy. Specific staff roles on HGA’s digital platform include finance and project management positions (e.g. Receivables Officer, Payables Officer, Business Developer) as well as technical management (System Manager). Each such role carries particular compliance duties: finance officers are responsible for transparent financial transactions (inbound and outbound payments), business developers oversee project listings and communications ethically, and system managers maintain platform integrity and security[1][2]. HGA staff are expected to perform their duties in strict compliance with applicable laws and HGA’s ethical standards, ensuring that all platform operations and consulting engagements meet legal and donor requirements.

Independent Consultants: Consultants engaged via HGA (typically under the HGA Consultant Contract) are required to follow all provisions of this Policy and the ethical commitments in their contracts. Consultants must maintain accurate qualifications in HGA’s platform, execute their assignments with integrity, and safeguard any confidential information they access. They are responsible for keeping their profiles and credentials up to date, applying only to suitable projects, and delivering work to the highest professional standards[3]. Consultants must manage project funds responsibly and ensure all project-related financial transactions are transparent and timely[4]. By contract, each consultant agrees to comply with all laws applicable to their services – including anti-corruption statutes, labor laws, and donor rules – and to conduct services with a high standard of integrity[5]. Consultants are also obligated to report any potential conflicts of interest or legal issues to HGA and to cooperate with any compliance due diligence or monitoring.

Platform Users (Client Organizations and Others): External organizations or individuals using HGA’s digital platform (for example, client agencies listing projects or donor-funded project units seeking consultants) are expected to use the platform in a manner consistent with legal and ethical norms. Such users should only post legitimate consulting opportunities and must refrain from any attempt to engage in prohibited practices (such as solicitation of bribes or sharing of illicit content) through the platform. Client organizations that use HGA’s platform to manage projects are responsible for their own compliance with procurement rules and should align with the platform’s standards of transparency and fairness. HGA does not permit use of the platform for any transactions or communications that would violate sanctions, anti-fraud policies, or data protection laws. All platform users are required to agree to HGA’s terms of service and privacy policies, which reflect the commitments in this Policy, including proper handling of information and adherence to all relevant laws. HGA reserves the right to monitor platform activity and suspend or remove users for non-compliance.

Management and Compliance Oversight: Ultimate responsibility for enforcement of this Policy lies with HGA’s leadership. HGA’s management will ensure that this Policy is disseminated, understood, and implemented throughout the organization and platform. The management (or a designated Compliance Officer) will oversee compliance training, updates to the Policy, and internal controls to monitor adherence. HGA implements internal processes (such as automated screening and periodic audits described below) to verify that staff, consultants, and users remain in compliance. All HGA personnel and consultants have a duty to report any suspected violations of this Policy or applicable law to management promptly. HGA will treat such reports seriously and protect whistleblowers from retaliation. When compliance questions or challenges arise, HGA staff and consultants should seek guidance from management to ensure decisions are consistent with this Policy.

Anti-Corruption Compliance

HGA enforces a zero-tolerance policy for corruption, bribery, and fraud. All HGA employees, consultants, and partners must comply with anti-corruption laws in all jurisdictions where we operate, including the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010, among others[5]. HGA strictly prohibits offering, giving, soliciting, or receiving any bribe, kickback, improper payment or anything of value to influence a decision or secure an unfair business advantage. This prohibition extends to dealings with government officials as well as private sector counterparties. Facilitating payments (small unofficial payments to expedite routine actions) are also prohibited under HGA policy, as they are illegal under many anti-corruption laws. All business hospitality, gifts, or charitable contributions on behalf of HGA must be reasonable, transparent, and approved according to HGA’s guidelines to ensure they cannot be construed as bribes.

HGA personnel and consultants are expected to conduct all services with the highest standard of integrity and ethical behavior[5]. We emphasize honesty and fairness in all interactions. Any form of fraudulent misrepresentation, extortion, or embezzlement is strictly forbidden. Consultants and staff must accurately record all transactions and expenses in project accounts. Falsifying records or misusing funds is grounds for immediate termination and possible legal action. HGA provides training and guidance on ethical standards so that everyone understands how to recognize and avoid corrupt practices. If any employee or consultant is ever approached with a corrupt proposal or suspects corruption in an HGA project, they must report it immediately to HGA management. HGA will investigate all such reports and cooperate with law enforcement or donor investigations as appropriate.

Additionally, HGA’s commitment to anti-corruption aligns with international donor standards. For example, in World Bank-financed projects, consultants are required to observe the “highest standard of ethics” as per World Bank guidelines[6]. HGA embraces these standards and requires our team to reject and report any fraudulent, corrupt, collusive, coercive, or obstructive practices, as defined by the World Bank or other relevant donors[7]. Engaging in such prohibited conduct is not only against HGA policy but may also result in severe sanctions by donors or legal authorities. HGA will fully cooperate with donor institutions in preventing and addressing corruption, including enforcing any debarments or disciplinary measures that donors impose. By integrating these stringent anti-corruption principles into our operations, HGA ensures that our work is carried out ethically and that we maintain the trust of clients, donors, and partners.

Export Controls and Sanctions Adherence

HGA complies with all applicable export control and trade sanctions laws of the United States, the European Union, the United Nations, and any other jurisdictions relevant to our work[8]. This includes, but is not limited to, the regulations administered by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the U.S. Department of Commerce’s Export Administration Regulations (EAR)[9]. If our consulting services ever involve defense-related articles or data, we will also abide by the U.S. Department of State’s International Traffic in Arms Regulations (ITAR)[10] and comparable regimes. All HGA staff and consultants are expected to be aware of these restrictions and to conduct their activities in a manner that does not violate export or sanctions laws.

No Business in Sanctioned Regions or with Prohibited Parties: HGA will not engage in business or consulting assignments in any country or region that is subject to comprehensive sanctions or embargoes, unless specifically authorized by the relevant government authorities[11]. Currently, this includes (for example) Cuba, Iran, North Korea, Syria, and the Crimea/Donetsk/Luhansk regions of Ukraine, among others under U.S./EU/UN embargo[11]. Furthermore, HGA will not participate in transactions with any individual or entity that is designated on applicable sanctions lists (such as OFAC’s Specially Designated Nationals list, the U.S. Commerce Department’s Denied Persons List, or equivalent EU/UN lists)[11]. All HGA personnel and consultants must screen potential counterparties and projects for sanctions risks. HGA maintains procedures to conduct sanctions checks (Know Your Customer vetting, described below) before onboarding new clients, consultants, or partners, and periodically during engagements[12]. Each party engaged by HGA represents that it is not owned or controlled by any sanctioned persons and is not itself on any prohibited parties list[11]. If at any point HGA discovers a sanctions compliance issue (for instance, a consultant being added to a sanctions list or a new embargo affecting a project location), HGA will take immediate action, including possible suspension of the engagement, to remain in compliance[13].

Export Controls and Licensing: HGA ensures that any transfer of goods, software, technology, or information across borders as part of our projects complies with export control laws[14]. HGA and its consultants shall not export, re-export, or transfer controlled items or sensitive technical information to any prohibited destination or party without obtaining required governmental authorizations in advance[14]. If a consulting Work Order involves technical data or software that is subject to export licensing (for example, encryption technology or defense-related technical data), HGA will identify these requirements and secure the necessary export licenses or exemptions before sharing the information with any foreign person[14]. Similarly, if project travel or work is proposed in a country under partial sanctions or other trade restrictions, HGA will review the compliance requirements and obtain any needed approvals or licenses before proceeding[15]. All HGA staff and consultants must cooperate in this process by providing accurate information about the nature of goods/technology and the parties involved. Any delays in obtaining export licenses will be treated as legitimate project delays (force majeure) rather than an excuse for non-compliance[16]. HGA also implements technical controls on its digital platform to prevent unauthorized access to controlled information (for example, restricting download of sensitive files to authorized users/countries).

Through these measures, HGA maintains rigorous adherence to sanctions and export laws. We regularly update our sanctions compliance protocols in line with changes in law. HGA provides training to staff and consultants on recognizing export-controlled information and the importance of sanctions compliance. By actively screening transactions and disallowing any business in sanctioned regions or with banned parties, HGA protects itself and its clients from severe legal penalties and upholds the legal order established by the international community.

Anti-Money Laundering (AML) and KYC Procedures

HGA is committed to preventing money laundering and terrorist financing in all aspects of our operations. We comply with all applicable anti-money laundering (AML) laws and regulations, including the U.S. Bank Secrecy Act and USA PATRIOT Act requirements, as well as analogous laws in the jurisdictions where we operate. HGA’s policy is to “know our customer” and partners – we perform due diligence on clients, consultants, and significant counterparties to verify their identity, background, and the legitimacy of funds or payments involved in our projects. This Know Your Customer (KYC) due diligence is conducted for all new consultants joining our platform and for client organizations, especially those in higher-risk jurisdictions or industries. We require each consultant or vendor to provide truthful information and documentation as needed to satisfy our KYC checks (e.g. proof of identity, business registration, certifications of no criminal activity)[17]. All information gathered is handled confidentially and in line with data protection laws.

HGA strictly prohibits any dealings or transactions that facilitate illicit activities. We will not knowingly engage with any individual or entity that is involved with terrorism, narcotics trafficking, or other criminal enterprises[18]. Both HGA and our consultants affirm that no funds paid or received under any consulting agreement will be used for unlawful purposes or diverted to sanctioned or terrorist-linked individuals[18]. We maintain controls to detect and reject any payments that appear suspicious or originate from sanctioned institutions. For example, HGA’s Receivables Officer monitors incoming payments and will flag any irregular funding sources or requests for payment to third parties. Our Payables Officer ensures that outgoing payments to consultants or vendors are made only to verified accounts belonging to the rightful payee, and will not execute payments to banks or countries under sanctions[1]. All financial transactions on the HGA platform are recorded with transparency and are subject to audit trails[4] to assist in AML monitoring.

As part of our AML program, HGA conducts periodic screenings of our consultants, staff, and relevant counterparties against international sanctions and criminal watchlists[12]. We utilize compliance database checks (e.g. lists of terrorists, money launderers, debarred parties) to ensure ongoing compliance. Consultants and other partners are expected to cooperate fully by providing any additional information needed to complete these checks[12] – for instance, date of birth or company registration numbers to accurately distinguish identities. If any red flag arises (such as a name match on a sanctions list), HGA will investigate further and, if confirmed, will take appropriate action, which may include refusing or terminating the engagement[13]. HGA also complies with any donor-required vetting protocols for projects: for example, when working on U.S. or UN-funded projects, we submit key personnel for vetting through anti-terrorism databases as required by those donors. We flow down AML and sanctions compliance clauses into our consultant agreements and subcontractor contracts, ensuring all parties involved in HGA assignments are bound to these commitments[19].

To support these efforts, HGA provides training to our team on AML red flags and KYC best practices. We encourage a proactive approach: if any staff or consultant suspects that a project or payment may involve illicit funds or a sanctioned party, they must report it immediately. HGA will promptly report any confirmed illicit activity to the appropriate authorities (such as FinCEN in the U.S. or relevant financial intelligence units) as required by law. By diligently implementing KYC and AML procedures, HGA maintains the integrity of our operations and contributes to global efforts against financial crime.

Data Privacy and Protection

HGA highly values data privacy and is committed to protecting the personal information of our consultants, staff, clients, and platform users. We adhere to all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), wherever those laws apply to our activities[20]. Even in regions where specific privacy laws are still evolving, HGA chooses to adopt global best practices for data privacy and confidentiality[21][22]. We have implemented strong technical and organizational measures to safeguard personal data and other sensitive information entrusted to us, in line with industry standards for information security.

Personal Data Use and Consent: HGA collects and uses personal data only for legitimate business purposes related to our consulting platform and services – such as identifying qualified experts, submitting proposals, administering contracts, and complying with legal requirements[23]. We are transparent about the data we collect and how it is used. Our Privacy Policy (available to all platform users) clearly outlines what personal information we gather, how we process it, and the rights of data subjects to access or delete their data[24]. In compliance with GDPR, individuals have the right to request access to the personal data HGA holds about them and to request correction or deletion of that data, subject to certain exceptions. HGA’s platform includes features to facilitate these rights (for example, users can view and update their profile information, and can contact us to request account deletion)[24]. We obtain consent where required before collecting or sharing personal data, and we honor opt-out requests for any communications. HGA does not sell personal data to third parties. We only share personal data with third parties in limited circumstances: when necessary for the performance of a consulting engagement (e.g. sharing a consultant’s CV with a client who is considering them for a project)[25], or when required by law or with the individual’s consent. Any transfer of personal data across international borders (for instance, between the EU and the U.S.) is done in accordance with applicable data transfer mechanisms and safeguards[21][26].

Confidential Information and Secure Handling: In the course of our work, HGA and its consultants often have access to confidential information – including HGA’s own business information, client data, and project deliverables. HGA recognizes a duty to protect all such Confidential Information with utmost care. Both HGA and our consultants are bound by confidentiality obligations (as detailed in our contracts) not to disclose or misuse any non-public information obtained through HGA engagements[27][28]. Consultants must treat client materials, data, and reports as confidential and use them only for the purposes of the assignment[27]. Likewise, HGA will not disclose any consultant’s proprietary information or personal data except as needed for project purposes and with appropriate safeguards[28]. We require any subcontractors or partners who might receive confidential information to agree in writing to confidentiality and compliance protections equivalent to those we uphold[19]. Confidential information is to be maintained securely indefinitely or as long as required by client contracts – even after a project ends, there is an ongoing obligation not to reveal sensitive data[29][30].

On the HGA digital platform, we have implemented robust security controls to protect data at all times. All data transmissions through our platform are encrypted using strong SSL/TLS protocols, and sensitive data stored in our databases is encrypted at rest (e.g. using AES encryption standards)[31]. Access to data is governed by strict role-based access control: users of the platform (Consultants, Client Organizations, and HGA Staff with specific roles) can only access the information and functions necessary for their role[32]. For example, a consultant can see their own profile and relevant project information, but not the private data of other consultants; HGA financial officers can see necessary payment information but cannot access areas unrelated to their duties. All user accounts are protected by multi-factor authentication (MFA) for login, adding an extra layer of security beyond passwords[32]. We enforce strong password policies and periodic password updates to reduce risk of unauthorized access[33][34]. The platform also logs and monitors document access and unusual user activities to detect any unauthorized attempts to access data[35]. HGA’s System Manager is tasked with continuously monitoring system security and addressing any potential vulnerabilities or breaches[36]. We regularly update our software with security patches and conduct security testing to ensure our defenses remain effective[37][38].

Data Breaches and Incident Response: Despite preventive measures, if a data breach or security incident occurs, HGA is prepared with a defined incident response plan[39]. We continuously monitor the platform for any signs of intrusion or suspicious activity, aided by automated security tools and intrusion detection systems[40]. If an incident is detected, we will act quickly to contain and mitigate it, and we will notify any affected parties and regulators as required by law. Both HGA and consultants are obligated to inform each other immediately upon discovering any breach involving the other’s data[41][42] so that we can coordinate an effective response. We also maintain a disaster recovery and business continuity plan, including regular data backups and secure off-site storage, to ensure we can recover critical data in case of a major system failure[43]. Our disaster recovery procedures are tested periodically to confirm their effectiveness[44]. These efforts in data privacy and security reflect HGA’s dedication to protecting the trust that our consultants and clients place in us. We not only comply with legal requirements, but strive to be a leader in secure and ethical handling of information on our digital consulting platform.

Donor Standards Compliance

When undertaking donor-funded consulting projects, HGA commits to meet or exceed the ethical and compliance standards set by the funding agency. We recognize that organizations such as the World Bank, United Nations, U.S. Agency for International Development (USAID), and other multilateral or bilateral donors have stringent guidelines for contractors and consultants. HGA has integrated these guidelines into our own policies to ensure full alignment. In practice, this means that for any project financed or governed by a donor institution, HGA and its consultants will strictly adhere to all donor rules on integrity, transparency, and accountability[45]. Key aspects of our donor standards compliance include:

  • Highest Ethical Standards: HGA requires all personnel to observe the highest standard of ethics as mandated by donor policies. For example, World Bank guidelines for consultants demand maintaining integrity and honesty in executing contracts[6]. We incorporate this mandate by prohibiting any form of fraud, corruption, collusion, coercion, or obstruction in relation to donor projects[7]. These terms carry the same definitions as in the donor’s guidelines, and engaging in any such misconduct will result in immediate disciplinary action by HGA (and may lead to further sanctions such as donor debarment or legal prosecution).
  • Eligibility and Debarment Checks: HGA will not engage, or continue to engage, any consultant, subcontractor, or partner who is debarred, suspended, or otherwise declared ineligible by a major donor organization[46]. Before assigning personnel to a donor-funded project, HGA verifies that none of the team members are on the World Bank’s or other relevant donor’s list of ineligible firms/individuals. Each HGA consultant must represent that neither they nor their principals (owners or key associates) are currently debarred by any international financial institution[46]. If HGA itself were ever to be debarred (which we actively work to prevent through compliance), we would disclose this to clients and refrain from pursuing opportunities where we are ineligible. We are committed to cooperating with any donor inquiries about our eligibility and to maintaining a record free of unethical conduct.
  • Conflict of Interest Avoidance: HGA and its consultants will avoid all conflicts of interest in our assignments and will strictly follow donor rules for identifying and handling potential conflicts[47]. A conflict of interest may arise, for example, if an HGA consultant had prior involvement in preparing a project that HGA is now bidding on, or if a staff member has a financial interest in an entity that could benefit from the project. We require all consultants to promptly disclose to HGA any situation that could be perceived as a conflict of interest[47]. HGA, in turn, will disclose these to the donor and take appropriate action (such as removing the conflicted individual from the project or obtaining donor clearance) in accordance with donor regulations. Our Consultant Contract obligates consultants to avoid conflicts and to report them, mirroring donor requirements. By proactively managing conflicts of interest, HGA ensures fairness in procurement and upholds donor confidence in the consulting process.
  • Procurement Integrity and Guidelines: HGA abides by the specific procurement rules of each donor agency for consultant selection and project execution. For World Bank-financed projects, we comply with the applicable World Bank Procurement/Consultant Guidelines (e.g., we honor advertising requirements, shortlisting procedures, and evaluation criteria as set by the client and Bank)[45]. We ensure that any “fraud and corruption” clauses in donor contracts are passed through to our consultants and subcontractors, so they are equally bound. HGA treats the donor’s standard bidding documents, codes of conduct, and contract conditions as extensions of this Policy. Any required flow-down provisions from donor contracts – for instance, anti-corruption covenants, audit rights, or limitations on fees – are incorporated by reference into our agreements with consultants[48]. This means HGA’s consultants are contractually obligated to comply with donor-imposed requirements just as HGA is. We also align our internal procedures (such as documentation and archiving of project records) with donor expectations, so that we can readily facilitate donor audits or inquiries.
  • Vetting and Due Diligence: Many donors require additional vetting or certifications from consulting firms and individuals. HGA fully cooperates with all such requirements. For example, if a USAID project requires key individuals to sign an anti-terrorism certification or complete a background check, HGA will ensure those are completed. If the United Nations or an MDB requires a disclosure of agents or commission fees, HGA will comply and expects consultants to assist in making any necessary disclosures. Our consultants must also agree to provide any written compliance certifications needed by a donor, such as certifying that they have not been convicted of fraud or that they have not engaged in sanctionable practices[49]. HGA will support our consultants in understanding these documents, but it is mandatory that they be truthful and timely in any such certifications. In addition, HGA may be required to attend donor-provided training sessions or briefings on ethics and compliance, and we treat these as priority – consultants are expected to attend any donor-mandated ethics orientation or similar program as a condition of participating in the project[49].
  • Alignment with Multilateral Standards: Beyond specific project rules, HGA’s culture and policies are shaped by the broader standards promoted by organizations like the World Bank Group’s Integrity Vice Presidency and the UN Office of Internal Oversight. We endorse principles such as transparency, accountability, and fairness in all project phases. HGA management stays updated on changes to donor policies and periodically reviews this Policy to ensure consistency with the latest guidelines (e.g., if the World Bank updates its anti-corruption framework or if new MDB sanctions are introduced). Our commitment is not only to follow the letter of donor requirements but the spirit as well – i.e., to help foster development outcomes free from corruption or misconduct.

In summary, HGA’s Donor Standards Compliance ensures that when we work on projects funded by international donors or development banks, both HGA and our consultants honor all ethical, legal, and procedural obligations of those donors. This alignment protects HGA and our clients from the severe consequences of non-compliance, and it demonstrates to all stakeholders (donors, clients, beneficiaries) that HGA is a trustworthy and responsible partner in international development efforts.

Monitoring, Training, and Enforcement

HGA understands that having policies is not enough – active monitoring, regular training, and strong enforcement are critical to an effective compliance program. HGA therefore maintains a robust system of oversight to ensure ongoing adherence to this Policy and to continuously improve our compliance practices.

Training and Awareness: All HGA employees and independent consultants are provided with a copy of this Compliance and Legal Accountability Policy and must acknowledge their understanding of it. HGA conducts periodic training sessions covering key compliance topics such as anti-corruption practices, identifying bribery risks, sanctions awareness, data protection responsibilities, and use of the digital platform securely. We also include donor-specific compliance training when relevant (e.g. briefing a project team on the client’s code of conduct or anti-fraud requirements). The HGA digital platform itself includes user education features – for example, we provide reminders and guidance on secure behavior (like prompts about phishing awareness and account security)[50]. Regular security and ethics awareness training is provided to all platform users, emphasizing best practices for data protection and how to recognize and report suspicious activities[50]. As policies or laws change, HGA updates all stakeholders through policy revision notices, and we require additional training or acknowledgments to ensure everyone remains up-to-date[51].

Continuous Compliance Monitoring: HGA employs both automated tools and managerial oversight to monitor compliance. Our System Manager continuously monitors the platform’s security logs and access records to detect any anomalies or unauthorized behavior[36][52]. The platform has built-in analytics to track user activities; for instance, abnormal downloading of data or multiple failed login attempts trigger alerts for investigation. On the financial side, our Receivables and Payables Officers track transactions through the system’s dashboards[1], ensuring that payments correspond to approved invoices and flagging any irregular financial flows. We also utilize compliance software to scan our transactions and counterparties against updated sanctions and watchlists (as noted in the AML section). HGA’s management reviews compliance reports regularly and holds meetings to address any issues or red flags. For donor-funded projects, we often have to submit periodic reports or certifications to the donor regarding compliance – HGA takes these reporting obligations seriously and treats them as an opportunity to double-check our internal adherence.

Periodic Audits and Reviews: To maintain accountability, HGA conducts regular audits of our compliance systems and practices. We arrange for internal audits as well as independent external audits to evaluate areas such as financial controls, data security, and regulatory compliance[53]. These audits occur on a scheduled basis (at least annually) and additionally on an ad hoc basis if any significant compliance incident occurs. For example, an internal audit may review a sample of projects to ensure that all required anti-corruption due diligence steps were taken, or test our data privacy controls for effectiveness. We also commission IT security assessments, including penetration testing and vulnerability scans of the HGA platform, to identify and address any weaknesses[53]. Findings from audits are documented and reported to HGA leadership, along with corrective action plans for any issues identified. HGA is committed to implementing improvements promptly. Audit logs and records are maintained to provide evidence of compliance to clients or regulators upon request. Additionally, HGA welcomes donor audits or monitoring missions on projects and cooperates fully to provide access to records and personnel as needed. We view audits and compliance reviews as a positive tool to strengthen our processes and demonstrate accountability[54].

Reporting and Incident Response: HGA has established clear channels for reporting compliance concerns or violations. As mentioned, employees and consultants are required to report any suspected misconduct, whether it involves HGA personnel, consultants, or even client representatives. Reports can be made to HGA’s senior management or a designated Compliance Officer. We treat all such reports confidentially and investigate them impartially. Retaliation against anyone who raises a concern in good faith is strictly prohibited. If a violation of this Policy or any law is confirmed (for example, evidence of bribery, unauthorized data disclosure, or other misconduct), HGA will take decisive action. This may include internal disciplinary measures (up to termination of employment or consulting agreements) and, if appropriate, self-reporting to authorities or donors. HGA’s response plan for serious incidents (like a data breach or discovery of corruption) may involve assembling a task force, containing any damage, notifying affected parties (clients, donors, data subjects), and reviewing how to prevent similar issues in the future. We also have a well-defined incident response plan for cybersecurity events[39], which includes technical steps and communications strategies in case of a breach. Regular drills are conducted to ensure our team is prepared to respond effectively[39].

Accountability and Continuous Improvement: Compliance is a continuous journey, and HGA is dedicated to learning and adapting. We monitor evolving laws (e.g., new data protection regulations or updates to sanction lists) and update our Policy and procedures accordingly[54]. HGA’s leadership regularly reviews the overall effectiveness of this Compliance and Legal Accountability Policy. This includes assessing whether additional policies or resources are needed, or if further training should be implemented in certain areas. We also pay attention to feedback from our staff, consultants, and clients. For instance, if a consultant identifies an area of ambiguity in our policy or a challenge in implementation, we will consider that input to clarify and strengthen our guidelines. The digital platform’s design is also subject to continuous improvement for compliance: new features might be added to enhance transparency or control (for example, improved audit trail functions or easier reporting tools for concerns)[55]. By fostering a culture of openness and continuous improvement, HGA ensures that compliance is not seen as a static checklist but as an integral part of our organizational culture and daily operations.

Enforcement Actions: Ultimately, this Policy will be enforced consistently at all levels of HGA. Failure to comply has serious implications. Any HGA employee found to have violated laws or this Policy will face appropriate disciplinary action, which could include termination and referral to law enforcement. Consultants who breach their compliance obligations may be removed from projects, have their contracts terminated, or be disqualified from future opportunities with HGA. In cases of legal violations, HGA will not shield individuals from the consequences; rather, we will cooperate with investigations and take remedial steps as required. We also expect our partner organizations and platform users to uphold these standards – significant violations by a client or other external party may result in HGA severing the business relationship. Our commitment to enforcement is communicated clearly to all involved, underscoring that no contract, fee, or opportunity is worth compromising our legal and ethical standards.

  • Official Email Use: HGA provides corporate email accounts to employees and certain contractors. These accounts (typically ending in an HGA domain) should be used for all HGA-related correspondence. Using official email ensures that communications are secured, archived, and accessible for compliance as needed. Do not use personal email addresses (Gmail, Yahoo, etc.) for business matters involving Confidential Information. If a consultant or partner does not have an HGA-issued email, they should take care to use their business-affiliated email (if any) and to implement security measures (like strong passwords and enabling encryption options) on their email accounts. Never configure an HGA email account to auto-forward to a personal account, as this could result in HGA losing control over the data. HGA’s IT team may actively block automatic forwarding rules to external domains for security.
  • Email Confidentiality Notices: HGA email signatures may include a confidentiality notice. While such notices themselves do not guarantee protection, they serve to remind recipients that the content may be confidential. Users should still use discretion — do not assume that adding a disclaimer allows free sharing of sensitive info. Always verify recipients before sending: double-check email addresses, especially when sending to mailing lists or external domains, to avoid misdirected emails. If you realize you sent an email with Confidential Information to the wrong party, notify HGA Security immediately (so we can attempt remediation) and inform your supervisor; do not just recall the message and ignore the incident.
  • Secure Email Practices: Use the email encryption features available. For highly sensitive information, HGA can provide encrypted email solutions or you can encrypt attachments as noted in Section 5. If you need to send a password or access token to someone, never send it in the same email as the link or file it protects. Consider using a phone call or an SMS for the password, or sending it in a separate email if absolutely necessary (and in that case, mention it vaguely, e.g., “The password is the project code plus 99” rather than writing it explicitly).
  • Avoid Unapproved Communication Channels: Do not use messaging apps (WhatsApp, WeChat, Telegram, etc.) or social media to conduct official HGA business or to share Confidential Information, unless HGA has expressly approved a channel as secure and necessary. While we recognize that consultants and team members may sometimes communicate through convenient channels, any substantive transfer of documents or discussions of sensitive details should be moved to official channels (email, Platform messaging, or a recorded call). If you do use a messaging app for a quick discussion (e.g. to arrange a meeting), avoid detailed confidential specifics and ensure that the app has end-to-end encryption and that you are messaging the correct person. In no case should you create group chats or forums on external apps to discuss HGA projects without management approval.
  • Document Management Systems: HGA may utilize secure document management systems (such as an internal SharePoint site, Google Workspace/Drive with enterprise controls, or other cloud collaboration tools) for storing and collaborating on documents outside of the main Platform. When using any such system, follow the access permissions as configured – do not attempt to broaden access to documents unless it is for authorized colleagues. For instance, if a folder is shared with only your project team, do not re-share individual files from it to people outside the team without permission. If you need to collaborate with someone new, ask the document owner or IT admin to grant proper access rather than sharing copies. Always prefer to use links with access control (where the recipient must log in) over sending file attachments, since links can be centrally revoked if needed. Ensure that any sync clients (like OneDrive, Google Drive backup, etc.) on your device are themselves secured (the device is not shared, and has a login).
  • Local Storage and Backups: Avoid storing HGA Confidential Information on the local hard drive of personal computers or unencrypted USB drives. If you must do so (for example, working offline on a document), ensure your device is encrypted (see Section 8 on Device Security) and move the file back to the secure server or Platform as soon as feasible, then wipe the local copy. Do not leave copies in “Downloads” folders or recycle bins. If you back up data, use only IT-approved backup solutions – never back up HGA data to personal backup services. Note that HGA’s IT department performs regular backups of central systems[21], so there is rarely a need for users to create their own separate backups of emails or shared drive content. If you are worried about preserving something, contact IT rather than saving extra copies.
  • Printing and Physical Documents: Only print confidential documents if absolutely necessary. Collect printouts immediately from printers, and use secure print functions (where you enter a code at the printer to release the job) if available, especially for printers in shared offices. Be mindful of printer logs and output trays – leaving a confidential report on a printer could expose it. If you prepare physical reports or binders for a client, clearly mark them “CONFIDENTIAL” and seal them during transit. Keep a record of how many copies exist and retrieve them at the end of the meeting if possible. Physical documents should be returned to HGA for secure storage or shredding when no longer needed (see Section 9 on Destruction).
  • Email and Data Retention: While Section 9 details retention, note that email servers and document systems often auto-archive or delete older items as per policy. Users should not attempt to circumvent these retention settings by storing data offline or in personal locations. If something needs to be retained longer for legal reasons, notify management – don’t just squirrel away a copy. Conversely, do not delete or purge business emails and files in an attempt to hide them; records must be kept in compliance with retention rules and potential legal holds. If you receive a notice to preserve documents (for litigation or investigation), strictly follow it.

In essence, treat email and document systems as an extension of HGA’s controlled environment. Be disciplined in how you share and store files. When in doubt, consult IT or a manager about the proper way to handle a particular communication or document. By using only approved channels and being careful with how we disseminate information, we reduce the risk of a confidentiality breach.

Conclusion

This Compliance and Legal Accountability Policy embodies HGA’s commitment to ethical conduct, legal compliance, and responsible business practices. The Policy is approved by HGA’s leadership and is effective immediately for all HGA operations. It will be reviewed and updated periodically to remain aligned with current laws, donor requirements, and best practices in our industry. By adhering to this Policy, HGA and its network of professionals protect our collective reputation, build trust with clients and donors, and contribute to positive development outcomes around the world. All stakeholders are encouraged to familiarize themselves with these standards and to engage with HGA management if any questions or clarifications arise. Together, we will uphold the highest levels of compliance and accountability in all that we do, ensuring that Humanics Global Advisors continues to be a respected and compliant leader in international consulting services.

[1] [2] [3] [4] [24] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [43] [44] [50] [51] [52] [53] [54] [55] HGA_Digital_Platform_Technical_Specifications.pdf

file://file-LERZnDM52Sh8kLN2RatZB5

[5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [25] [26] [27] [28] [29] [30] [41] [42] [45] [46] [47] [48] [49] HGA_Consultant_Contract_Template.docx

file://file-GA7v2hdnXhXEYmWj3q3gXG