Regulatory Change Delivery
Regulatory change arrives as legal text, but it has to become ownership, controls, data, reporting and evidence inside the business.

Risk & Compliance
The measure of a risk framework is how it runs in the business.
Most institutions have the language of risk management: risk appetite, three lines, controls, committees and reporting. Fewer have the operating model that makes it work in practice.
Capmark helps institutions turn risk frameworks into how the business actually runs. We define decision rights, control ownership, committee governance, reporting lineage and GRC tooling, then deliver the change alongside first and second line.
The result is a risk model that can be operated, tested and evidenced by the institution after we leave.
We rebuild the cascade from board risk appetite to the limits, indicators and escalation paths used day to day. Each limit has an owner, breach route and link back to the appetite statement it tests.
We redesign risk governance so each committee has clear decisions, inputs, escalation routes and accountability. Accountability maps are built into the design, so ownership on paper matches decision-making in practice.
We rebuild the control library at a testable level: what each control does, who owns it, what evidence it produces and how it is tested. Where the uplift closes findings, closure evidence is built into delivery from the start.
We build board and committee reporting on defined data with lineage back to source. Reporting is designed so the number in the pack matches the number in the system, and the board can trace the basis for the view it receives.
We design the risk operating model first, then select, configure or improve the GRC platform around it. Risk assessments, issue management, control testing and reporting are moved out of spreadsheets and into workflows that produce evidence as they run.
A Senior Practitioner leads from day one. The first weeks map how risk actually runs today: where accountabilities sit, what committees decide, which controls are evidenced and where reporting breaks.
We then agree the target operating model with the CRO and deliver it into processes, platforms, governance forums and role definitions alongside first and second line.
Engagements range from a focused framework discovery to full risk operating-model delivery.
Engagements run from a six-week framework diagnostic to full operating-model delivery.
Establish the current state, the constraints, the risks and the value at stake.
Shape the target model and the business case with the executives who own the outcome.
Stand up the team, the plan and the governance around the outcome.
Design, build and test the change, with the business alongside.
Cutover, hypercare and handover, so the business runs it under its own control.
The same five stages on every engagement, led by senior practitioners end to end. How we work
Client result

Banking · Operating Model
A Global Corporate & Investment Bank · Client Onboarding & Credit Operating Model
We helped implement a single global client-onboarding and credit operating model across 38 countries, recalibrating 110 roles, rationalising technology and strengthening the process and control model across wholesale banking.
Read the case study
Insights
Get in touch
Tell us what needs to change and where the pressure or risk is showing.