skip to Main Content


La Meer Inc.

La Meer Inc. is a Silicon Valley organization that offers the GRACE suite of web-based solutions

  • Operational Risk
  • Compliance Management
  • Client Compliance
  • Client Management
  • IT Risk
  • Vendor Risk
  • Operational Due Diligence

La Meer solutions are built for Financial Markets by  professionals with 150+ years of experience building technology for Finance.

Get In Touch

Phone: +1(408) 740 7205
Address: 111 W. Saint John Street, Suite 430 San Jose, CA 95113, USA
+1 (408) 740 7205
Address Cybersecurity, Data Privacy, Business Continuity, IT and Vendor Risks in a Unified way with GRACE
Use and Implement best practices from frameworks like NIST, ISO and COBIT

CyberSecurity - Biggest Risk Plaguing Financial Markets

IT systems have become the backbone of all operations in companies and hold the repository of all critical information about customers including their names, addresses , SSN, phone nos, emails, bank accounts etc.

A single hack into the systems can yield the bad elements access to this very important information that can be misused blatantly.  Outsourcing of processing, client Information in multiple systems and lack of protection,

Misuse of client information for target marketing and other activities have taken away control of client information from the clients and have put them in the hands organizations that could sell the information without the consent of the client

Having such large scale personal information has created huge vulnerabilities to cyber attacks and  compromise of critical client information.

Client Data Protection - Top of Regulator's Mind

Regulators have responded by defining rules and examination priorities around cyber security and privacy and protection of client data as their highest priority. Large fines for violations have been defined by Regulations like GDPR, California Privacy Act, Canadian PIPEDA, Cayman Privacy Act and others to ensure that businesses are obligated to protect client information.

Regulators expect organizations to keep track of all the client data whether they be within the organization or with outsourced entities, ensure protection of this data against security violations and misuse. They also expect you to take client’s consent and establish the lawful basis for the collection and use of the data.

Regulators expect you build a central repository of client information that is being managed across the organization, identify the security management in place and ensure that client consent of information is being taken

GRACE Can Help You Track and Manage

GRACE IT Risk management has been specifically built to help you address the GDPR,California Consumer Privacy Act requirements. Other Data Privacy regulations that are likely to be passed in the future are likely to have similar provisions.

GRACE helps you set up Policies and Procedures for managing your IT systems and processes.  GRACE helps you collect information on client data and the processes in place in IT systems for  Client Consent, Lawful use of data, Data Security  in place for the data and how the “Right to be Forgotten” are being addressed.GRACE helps you gather information from data processor / vendor security management processes through surveys and forms, automatically risk score findings and identify risks of non-compliance ,risk score them and help you manage their mitigation.

GRACE can help you keep track of Breach information, conduct incident management and reporting to authorities and ensure future incidents could be prevented

GRACE Modules to Address GDPR, CCPA , Canadian PIPEDA and Other Data Privacy Regulations
Protect your client data comprehensively whether it is within your organization or with vendors

California Consumer Privacy Act (CCPA) Expectations

The California Consumer Privacy Act (CCPA), was unanimously passed by California lawmakers and signed into law by the Governor on June 28th, 2018 and has to be implemented by all organizations that provide services to California Consumers by Jan 1 2020.

It gives California consumers unprecedented personal data protections and possibly sets the tone for similar legislation in other states.

It offers new and wide ranging privacy rights for California residents, including a right to be informed about personal data collected by a business and rights to access and delete that information, a right to prevent personal information from being sold to third parties, and a right to data portability. The law applies to all businesses that collect or use this personal information, not just those companies in California. The California Attorney General may bring actions for civil penalties of up to $7,500 per violation and there is a limited private right of action for individual victims of data breaches for penalties ranging between $100-750 per violation.

Companies are mandated to develop and implement data policies, procedures and data governance processes to address 

  • The Right to Know, through a general privacy policy and with more specifics available upon request.
  • What personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold
  • The Right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in)
  • The Right to have a business delete their personal information, with some exceptions
  • The Right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.

Click here to Read Detailed Expectations of California Consumer Privacy Act

GDPR Expectations

The European Union’s General Data Protection Regulation (GDPR) comes into force on May 25, 2018 and is one of the most significant overhaul to data protection laws in a generation. It applies to organizations worldwide that offer goods or services to individuals in the EU, and the penalties for non-compliance are severe.

Article 5 of the GDPR sets out seven key principles which lie at the heart of the general data protection regime

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3.  Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

The financial penalties for failing to comply with the GDPR are clearly defined: for each instance of noncompliance, up to 20 million Euros or 4 % of worldwide annual turnover (revenue), whichever is higher.

Companies are mandated to develop and implement data governance, protection and privacy of client information including where data is managed by outsourced third parties. All breaches have to be reported within to the regulators within 72 hours.

Click here to Read Detailed Expectations of GDPR

GRACE Modules to Address GDPR, CCPA and Other Data Privacy Regulations
Protect your client data comprehensively whether it is within your organization or with vendors

Manage IT Policies and Procedures

  • GRACE Helps you create comprehensive Policies and Procedures  for IT Risk identification and management for all the lines of Businesses of the organization.
  • Manage detailed reviews and comments by all related departments including legal, compliance, client management and other groups on how client management is gathered and being managed.
  • Ensure all comments are incorporated and release the policy or procedure

Manage Inventory of IT Assets

  • GRACE Helps you Build the Repository of all your IT Assets including infrastructure and application systems, their location, the client data they store, the security on that data, the users who have access to it, and the processes in place for security management.    The inventory would also include systems that are managed by outsourced vendors.
  • Standardized questionnaires and surveys can be created to keep this data updated.
  • Roles and responsibilities for managing the data can also be assigned

Manage Vendors and Third Party Information

  • GRACE Helps you create and manage your vendor Database of vendor locations, contact persons, SLAs and Contract documents. You can conduct vendor due diligences and Risk Assessments to identify security management risks in their processes and manage and monitor their mitigation.
  • Vendor Risk Profile can be generated based on the no of risks seen so organization can take early corrective action. Periodic Monitoring Calendar and follow up items and recording of findings identify issues early and show trends
  • Vendor Dashboard helps you monitor issues and risks and view trends

Client Consent Information Management

  • All systems that process client information should have consent from the client for the legal purpose of using the data as well their consent to share the data with other third parties where needed.
  • Clients also have the right to request to be forgotten. Organizations have to provide functions for the client data to be removed from all of their systems on such requests
  • Tracking of consent as well as the requests are an important part of the requirements of GDPR. Data from the systems and the vendors can be gathered on GRACE to monitor the status of client consent management

Online Attestation

  • All staff can be sent standard templates for attestation periodically, to remind them to follow the Privacy Procedures.
  • Staff will receive alerts from the system and will get their particular forms and can attest them online. Reminders will be sent if they are not attested within the given timeline.
  • Attestation dashboard will provide information
  • Ensure that all staff are sent the latest IT management policy / procedures for them to read and attest online.This ensures that the latest procedures for ensuring IT security are well understood by staff. Periodic attestation can help staff be reminded of the correct procedures for IT management.
  • GRACE can set up Attestation templates, as well as Attestation calendars for the staff / groups of staff can be included. Emails can be received to alert  them about the attestation. and reminders can be sent.
  • Attestation dashboard will allow the organization to see how many people are pending attestation and ensure all of them go thru the attestation process.

Conduct IT Risk Assessments

  • GRACE can help you set up and use standardized checklists for periodic risk assessments for IT Risk within the organization as well as  within vendor organizations. You can set up Calendars for assessments and receive alerts . You can send out Risk Assessment Questionnaires Online and use Survey like function to collect information from within the organization as well as from vendors.
  • On site inspection can also be conducted using the risk questionaires. Findings from risk assessments will allow organizations identify risks, classify them, score them and manage their mitigation by assigning responsibilities.Findings from Risk Assessments could also refine policies and procedures and lead to enhanced training, re-attestation and other processes as mitigation.
  • The Risk assessment dashboard that can help track status of assessments, findings and mitigation task status

Conduct Controls Monitoring

  • Set up and Assign Responsibilities for IT Controls Monitoring
  • Receive Controls Monitoring Reports Online
  • Monitor Issues reported by Controls Monitoring and identify issues early.

Map IT Processes to IT Standard Frameworks

  • GRACE offers IT Frameworks information from NIST, ITIL, COBIT to allow organizations to benchmark their controls against the expectations of the frameworks

Incident Management

  • Forms are available for Online reporting of Incidents as soon as they happen. This enables the organization to react quickly to any breaches and other incidents and contain the damage.
  • Incident management includes various tasks that have to be undertaken to intimate various entities, assess the damage and take quick corrective action for client management. Incident reporting to authorities is also part of the process.
  • GRACE provides functions for status reporting and monitoring of various tasks needed for incident management to bring it to closure.
  • The Incident Dashboard is a powerful tool to see the frequency of incidents, severity and understand your vulnerabilities across internal systems and vendor systems and prevent future happenings

Online Training

  • Periodic training of staff is an important component of implementing Data Privacy within the organization
  • GRACE provides functions for setting up Online training material and allows staff to undertake online training
  • Training dashboard will allow the organization to monitor that all staff have undergone the various mandated training for their roles.


  • GRACE offers multiple dashboard that are specialized for each area including Policy and Procedure Dashboard,  Risk Assessment Dashboard, IT Risk Dashboard, Incident Dashboard, Attestation Dashboard, Training Dashboard  etc. Access Rights can be turned on or off to each of the dashboards
  • Each dashboard will present the overall information, charts, trends, reports and queries and will allow Slice and dice & deep drill down on all information gathered and status of approval.Issues, risk and mitigation management and trends with graphics and reports will enable action to be taken.Reports can be queried for user defined criteria, printed and exported to Excel / PDF formats
The Great Value You Get from Using GRACE IT Risk Management
Manage your Data Privacy and IT Risk management comprehensively

Keeps track of your infrastructure

Keeps track of your IT Infrastructure and the cybersecurity protection in place for your client data

Ensure Policies are being followed

Ensures IT Policies and Procedures are in place and your staff knows about the procedures to be followed

Manage the risks with your Outsourced Vendors

Keeps track of your outsourced vendors to ensure that they have cybersecurity protections in place for your data

Identify Vulnerabilities Early

Helps you conduct periodic risk assessments to ensure Privacy of Customer Information and identify vulnerabilities early

Ensure Security, Business Continuity / Disaster Recovery processes

Helps ensure Business Continuity / Disaster Recovery processes within and across your vendors so you are not left vulnerable

Manage Incidents as soon as they happen

Helps you track and manage incidents to take corrective action and prevent future events

Easy integration

Integrates easily with tools to help you manage your infrastructure safely

Helps you manage your Regulatory Examination

Helps you manage books and records for regulatory examinations

Risk Management becomes online and real time

With an integrated web based access anytime anywhere, so risks can be addressed as quickly as they happen to reduce the costs of mitigation

Regulatory examinations can be handled with confidence

Centralized and visible risk management processes means regulatory examinations can be handled with confidence

Organization Ownership of Data

Organizations suffer when key risk and compliance staff leaves. The information is scattered if maintained solely by individuals and are lying on disks in various forms. GRACE becomes the single central repository of documents, data and processes enabling continuity even when key people leave the organization

Easy to Integrate and Customize

GRACE offers easy integration with organizational source systems to enhance the functionality and extend it at low costs. This is a great benefit for end users who can bring in all the relevant data into a single system through automated process allowing them to focus on risk management and compliance instead of data gathering

Enormous Cost Savings

Enormous costs savings in early mitigation, avoids regulatory fines, legal costs, reputation risks and empowers the organization in its ability to manage risks.

Latest News

Laxmi Ramanath La Meer Inc. CEO Nominated as Finalist by

La Meer Inc. is Proud to announce that our CEO Laxmi Ramanath has been nominated…

La Meer Inc. CEO Laxmi Ramanath will be discussing Getting Started with Enterprise Risk Management with emphasis on CyberSecurity Data Privacy and Data Protection

La Meer Inc. CEO Laxmi Ramanath will be on the Panel discussing Getting Started with…

SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors All language from the Press Release Washington D.C., March 21, 2022 The Securities and…

SEC Proposes Cybersecurity Management Rules for Investment Advisers and Funds

Complete Source of information : All Language quoted and attributed to the article On…

Annual Eversheds Sutherland Analysis of FINRA Disciplinary Actions Shows Huge Surge in Financial Sanctions

All information Quoted from the article March 8, 2022 Eversheds Sutherland has completed its annual study…

Meet us at the Global Regtech Summit on Oct 14th in London La Meer Inc. a Regtech100 Company will be joining the Global Financial Community and…

Laxmi Ramanath speaking at the PRMIA webinar on Risk Management of Climate risk and ESG

Laxmi Ramanath CEO of La Meer Inc. will be speaking at the PRMIA webinar on…

La Meer Awarded the Luminaries Class of 2021 in the Executive Leader – Products, Programs and Services Category by Think Advisor magazine

La Meer Inc. is proud to announce ThinkAdvisor magazine has awarded us the Luminaries Class of 2021 in…

La Meer announced Winner of A-team Innovation Award 2021 for “Most Innovative Supply Chain Risk Management/ Know your Vendor Initiative”

Angela Wilbraham, CEO of the A-Team Group, who hosted the A-Team Innovation Awards 2021, commented…

SEC Division of Examinations Announces 2021 Examination Priorities

Source All content is copyrighted to SEC's article. The Securities and Exchange Commission’s Division…

FINRA Risk and Examination Alert
FINRA’s Examination and Risk Monitoring Program 2021

FINRA released its 2021 Report on FINRA’s Examination and Risk Monitoring Program on Feb 10th…

La Meer Webinar video on “Impacts of Reg BI on Advisors” in the Finlocity’s Reg BI Online Summit

La Meer Inc.  sponsored a panel discussion on Dec 10th 2020 on "Impacts of Reg…

La Meer Inc. Recognized in the 2021 RegTech100 as a Leader in Regulatory Compliance for Client Management, Compliance, Data Privacy and GRC

RegTech100 honors La Meer Inc. and its innovative GRACE cloud platform for enabling financial firms…

La Meer’s GRACE listed in Celent’s Reg BI Day 2″ Report

Celent recently published their "Reg BI Day 2" report and have included La Meer Inc.'s…

PRESS RELEASE: Silicon Valley CA based La Meer Inc. offers full solution for Regulation Best Interest compliance

Executive Summary Sunnyvale CA – July 23rd, 2020  Silicon Valley, CA based financial technology firm…

La Meer Inc. nominated as Best Overall ESG Technology Provider for GRACE ESG solutions

Thank you RegTech Insight, from A-Team Group for including La Meer Inc. in the Best Overall ESG Technology provider…

SEC Proposed Cybersecurity Rules First Quarter 2022 (Quoted from this link) Key Rules in discussion by SEC Cybersecurity Risk Management, Strategy,…

Back To Top