Convincing concepts & implementation

Operating Model, Workflows & Outsourcing


ICS, Governance, Risk & Compliance


Regulatory Compliance


Organizational Effectiveness & Regulatory Compliance

We provide know-how and resources to improve organizational effectiveness and implement smart internal Governance, Risk & Compliance (GRC) and Internal Control Systems (ICS), define KRI, KPI and monitoring frameworks and establish adequate controlling and steering solutions in compliance with regulatory requirements. In addition, we assist our clients in achieving their internal control objectives by streamlining KRI and issue assessment, reporting and investigation activities.

Workflows, Organziational Structure & Outsourcing

  • Efficiency and effectiveness improvement – cost reduction, quality improvement, reduction of cycle times
  • Design & implementation of restructuring & reengineering concepts
  • Definition of functional and technical IT specifications
  • Design & implementation of outsourcing concepts, carve outs and greenfield start ups
  • Master Service Agreement - Design and negotiation support
  • Definition of service catalogue, service descriptions, service level agreements and operationalization of KPI

ICS, Governance, Risk & Compliance

  • Design & realization Target Operating Model
  • Design & implementation of regulatory compliant internal control systems
  • Realization of Governance, Risk & Compliance solutions
  • Definition of control framework, individual key controls and control criteria
  • Design & implementation of regulatory compliant outsourcing monitoring & provider management systems
  • Development of service provider- & outsourcing management
  • Design & implementation of risk, governance and compliance-workflows

Regulatory compliance

  • Preparation of regulatory compliance audits
  • Audit issue resolution
  • Proper conduct of the business organization in financial institutions (i.e. KWG § 25a und § 25c, GWG § 9, WpHG §33)
  • Outsourcing Controlling (i.e. EBA GL/2019/02, MaRisk AT9, KAGB § 36, VAG §32)
  • Internal control system acc. to MaRisk BT1
  • Information security acc. to EBA/GL/2019/04 (ICT & security risk management) & BAIT
  • Implementation of General Data Protection Regulation (GDPR)
  • Compliance with relevant audit standards such as IDW PS 260, 330, 951, 980 or ISAE 3402
  • Liquidity risk management requirements e.g. BCBS 239 and BCBS 248
  • Impact analysis and operational stabilization (i.e. MiFID, BCBS 239)