Risk Transformation
Risk frameworks only work when they change how the institution runs.

Risk & Compliance
Regulatory change is complete when the obligation runs as a working, evidenced control.
Regulatory change creates risk when obligations are not translated into ownership, controls, data, reporting and evidence inside the business.
Capmark helps institutions take regulatory obligations from gap analysis to implemented control. We build the obligation register, control inventory, data lineage, reporting process and evidence pack beneath the rule, then stay with the work through design, build, testing and implementation.
Where regimes overlap, we rationalise requirements into a single owned control inventory rather than parallel programmes. The people who scope the obligation stay with the work until the change is operating and evidenced.
We map obligations to the processes, systems, data, controls and owners they affect. The output is a practical delivery baseline: what must change, who owns it, what evidence is needed and which deadlines matter.
We design and implement the controls that discharge the obligation, including ownership, operating procedure, testing approach, evidence standard and reporting route. Controls are built to operate in the business, not sit in policy.
We build the data model, lineage, reconciliations and controls behind regulatory reporting. Data remediation is scoped into the programme from the start, so reports can be traced from source system to submission.
We map overlapping obligations into a single control inventory. Each control has an owner, evidence standard, test approach and the rule references it supports, reducing duplicated control work across regimes.
We sequence delivery by materiality, deadline and implementation risk. Each tranche closes with evidence that shows what changed, how it was tested and where the control now operates.
A Senior Practitioner leads from day one. The first weeks establish the obligation baseline: what the rule requires, which controls address it today, where evidence is thin and which data gaps block compliance.
We then sequence delivery with compliance, risk, technology and business owners, closing each tranche with evidence structured around the regulator’s assessment criteria.
Engagements range from focused gap analysis to full regulatory-change delivery ownership.
Scoped by regime and complexity, sequenced as a structured delivery programme. Resilience delivery (service mapping, impact tolerances, recovery) sits under Operations & Performance.
Establish the current state, the constraints, the risks and the value at stake.
Shape the target model and the business case with the executives who own the outcome.
Stand up the team, the plan and the governance around the outcome.
Design, build and test the change, with the business alongside.
Cutover, hypercare and handover, so the business runs it under its own control.
The same five stages on every engagement, led by senior practitioners end to end. How we work
6+ regulatory regimes
Delivered
Basel III/IV, MiFID II, EMIR, MAR, Dodd-Frank, APRA CPS/APS standards
0 repeat findings
Where remediation evidence was accepted
on prudential and conduct programmes where Capmark led the implementation
Client result

Capital Markets · Surveillance
A Leading Global Investment Bank · Trade Surveillance
We helped take market-abuse surveillance from risk assessment and vendor selection through to live platforms across exchange-traded and OTC flow, aligned to market-abuse and market-integrity obligations, with tuning to reduce false positives.
Read the case study
Insights
Get in touch
Tell us what needs to change and where the pressure or risk is showing.