Governance, Risk & Compliance

The current and upcoming regulatory and (supervisory) legal developments further increase the pressure on financial services and real asset-environment companies. This makes it increasingly difficult to meet the substantial requirements in the areas of governance (corporate management and supervision), risk management and compliance. The rapid advancement in digital transformation requires an ever-greater technological expertise. The risk to misinterpret the effects, may result in reactive decisions with only isolated measures.

(Further) advancement of governance structures

Written guidelines are expected from all companies in the financial services and real asset-environment areas and will be subject to internal and external audits and demanded by administrations and investors. It must include organizational structures, responsibilities, and job descriptions. In addition, procedures, processes, and inspections are to be documented. Superior hierarchy topics such as risk management, money laundering, compliance or emergency measures must be recorded in guidelines and manuals and updated regularly.

In the past regulatory and supervisory requirements were often implemented alongside the actual production process, this is no longer an option today. Operational excellence is no longer a “nice to have”, but rather a strategic structural and procedural organizational necessity for companies to operate successfully in the long term. The focus hereby is on creating transparency, increasing synergies and efficiencies as well as reducing costs. This needs to be guaranteed through a company-wide roll-out of a central Business Process Management (BPM) including all business units. Our agile BPM initiative is a success-factor in creating and further developing the company-wide fundamentals (process models) that serve as a starting point for process analysis and improvement. In addition, we identify process ratios to measure the success of the methods (quality, time, etc.) and detect spheres of activity. Recorded processes and inspections may be transferred into selected process management tools and/or documented in a user-friendly and regulatory-compliant written order, if so desired.

Our successful BPM methodology increases process transparency and efficiency due to uniform and practice-proven modelling standards. These are also applied to the documented processes and control landscape at the management, business, and support levels. This approach also ensures the much-needed transparency.

The headline „Regulatory Technology“ incorporates digitalization into our clients’ regulatory strategy, we hereby advice on workflow-based or technical solutions. A thorough investigation on how regulatory and supervisory requirements can be mapped into IT systems supports our strategy to increase efficiency and effectivity in the areas of review, implementation, and documentation. In addition, compliance processes are automated, it also makes them more precise, consistent, less prone to errors and it enforces agility in adapting to constant change in requirements.

We unite all areas of governance, risk management and compliance into a meaningful framework of written guidelines and support your business processes with our proven BPM initiative. We hereby integrate your structural and procedural organization as well as your risk and compliance management into the internal control system as far as possible.

Structure & Optimization Risk Management

The special focus of our clients in the financial services and real asset environment regarding risk management is not only at the company level, but the risks of the portfolio/investment fund level must also be included in any consideration (client risk is our risk). The hallmark of a targeted risk management system is to take advantage of arising opportunities and at the same time only take risks if they are economically and socially justifiable. Suitable management of these risks is of the utmost importance for the sustainable development of the company as well as one of the central requirements for shareholders, partners, investors, lenders and employees for the company and its management. The framework for this is mandated by regulatory and (supervisory) legal regulations.

We have supported numerous companies across all asset-classes in setting up the licensed surrounding and optimizing a risk management system at both company and portfolio level. For tailored solutions we either use our VIVACIS-Toolset or software and provider solutions identified in a selection process.

Analysis & Implementation Compliance

The regulatory and (supervisory) legal regulations for our clients in Financial Services and Real Asset are diverse and subject to regular updates and changes. In addition, there are numerous voluntary codes of conduct that especially institutional investors are expected to comply with. To avoid over boarding processes and duplications, the goal in the implementation of compliance standards is always the efficient integration into the day-to-day business.

VIVACIS has in-depth and proven know-how in the implementation of compliance standards. To identify areas of action, a GAP analysis helps to compare the respective regulatory requirements (TARGET) with the current implementation status. At the same time, regulatory leeway and investor-driven requirements need to be used appropriately to avoid inefficiencies and duplications. Subsequently, we support our clients with the implementation of the identified GAPs. In doing so, we adapt our project approach entirely to the needs of our clients – whether classic or agile. Our VIVACIS consultants are certified Professional SCRUM-Masters and/or Product Owners.


(Further) development of governance structures

  • Set-up/maintenance of written guidelines
  • Business process and ICS management
  • RegTech

Structure & Optimization Risk Management

  • Strategy
  • Toolset (incl. documentation)
  • Reporting

Analysis & Implementation Compliance

  • ESG
  • BSI IT basic protection
  • (KA)MaRisk
  • Anti-Money-Laundering Law
  • WpHG/ MaComp/ MiFID II
  • KWG
  • Basel II/ III/ IV
  • Solvency II
  • Circular letters for depositary
  • Voluntary industry standards (including BVI Code of Conduct, Corporate Governance Code, INREV, Value Management)
  • and others

Take-over of non-core activities

  • Money laundering and compliance officer (incl. whistleblower function)
  • Data protection officer
  • Consultant for Information Security
  • Consultant for Risk Management