Who we are
NomoRisk is a consultancy firm specialised in developing and implementing enterprise-wide Governance, Risk & Compliance systems (EGRC) and information security solutions including business continuity programs. The company’s decade-long experience in designing and operating similar corporate governance, risk management, information security and compliance systems and processes for various financial institutions provides the knowledge required to satisfy corresponding management needs and regulatory requirements.
The ancient Greek word “Nómos” stands for Law or Legal Order, while “Nomós” relates to an area or location. Modern use of the word relates to the general term of order, in the sense of a set of principles for society to function without chaos. NomoRisk supports institutions establish the right principles in their area of business – an enterprise-wide system encompassing Governance, Risk Management, Compliance (EGRC) and Information Security. Such system (and subsystems) must be taylored to fit the individual institution and its owners’ and managers’ needs, and comply with social and regulatory standards.
Our vision is characterised by the ambition to deliver first class solutions to our clients, which provide them with the requested level of transparency, order and efficiency. We see this an important basis to support the successful development of our client’s business.
We are guided by the highest standards used in the financial industry and want to enable smaller and medium-sized institutions to apply them according to their individual requirements. We do not only see us as pure consultants, but would generally assume responsibility by supporting the implementation of the solutions agreed with our clients.
Our consultants have the necessary expertise and many years of experience in the areas of corporate governance, risk management, information security, internal audit / internal control, compliance and prevention of money laundering and other types of fraud.
Based on our experience, we can help you develop and implement the optimal training programs (face to face, webinars, e-learning, hybrid) for your institution in the areas of governance, risk management, compliance, money laundering, anti-fraud, information security and contingency management.
The development and further development of risk management systems is our core competence. Our advantage over other consulting boutiques is our broad competence in all relevant sub-areas as well as overarching organisational aspects. This experience allows us to develop solutions that actually work and fit smoothly into your existing organisation. Moreover, since our experts have worked for various financial service providers in the respective areas themselves, we also know, in contrast to the so-called senior advisors of the usual suspects among the big consulting firms, how risk management processes should be developed and implemented in accordance with the relevant business processes, so that an efficient and effective overall bank management is achieved.
In addition to the technical adequacy of our solutions and its smooth integration and coordination with existing structures, we also pay attention to developing your organisation’s risk culture. We are happy to carry out an assessment on this particular topic, as well as on all other areas of risk management, which will show what improvements should be looked at. Of course, we are also at your disposal for the quickest possible implementation of recommendations on already identified shortcomings
We can analyse your lending process and the process for counterparty risk management following a method we have developed on the basis of related Basle and other recommendation papers.
Thereby we can highlight room for improvement and devise related recommendations in the areas of process efficiency, adequacy of controls and compliance with regulations and best practice.
The first-hand experience of our experts allows us to support you in all related process steps starting with the analysis of credit risks and risk classification, the decision-taking process and disbursement and includes loan portfolio management, intensified management and management of problem loans, too.
Of course, we will then help you implement agreed recommendations, developing new strategies, policies, procedures and tools and we can develop and execute related training programs.
We support you in revising your market risk management systems to implement them as efficiently and as effectively as possible, and in accordance with all respective regulatory requirements.
Our experience in creating processes and tools for managing interest rate and currency risks is a guarantee that we will meet both your internal goals and all external requirements when revising your strategies, policies, work instructions, reports or tools.
If you are not fully satisfied with the liquidity management of your company, we offer our support in revising appropriate policies, process descriptions, control and monitoring with the help of appropriate tools and key indicators, as well as building meaningful and appropriate emergency funding plans. This gives you the required overview of your liquidity situation at all times, which allows you to ensure all short-term payment and long-term financing needs and at the same time to use surplus liquidity profitably without taking undesirable risks.
With many years of experience in the development and implementation of optimally integrated ORM systems in several institutions, NomoRisk offers you the opportunity to find the best possible solution for managing Operational Risk your company. We are, of course, also happy to plan the development and implementation of individual components of an operational risk management system or support you in their execution – be that in carrying out risk assessments, defining meaningful risk indicators, establishing an efficient and effective new product process or designing a system for managing risk events.
In addition, we offer tailor-made consulting services for individual areas of Operational Risk such as fraud risk management, compliance risk, process risks, model risks, etc.
According to related definitions (IPSF, NGFS, ECB, EBA), the scope of sustainability risk covers unexpected events or conditions in the areas of environment, social affairs or corporate governance. These can take the form of physical risks (heat waves and droughts, floods, storms, sea level rise, loss of biodiversity, …) or transition risks (unexpected cost related to changes to achieve the United Nations Sustainable Development Goals) and can have a significant negative impact on a company’s assets, its financial position or results or its reputation. Financial institutions will, in any case, be hit more or less hard by one of these risks: either through transition costs, if the governments of the countries with the greatest influence will begin to pursue the UN’s sustainability goals seriously – or by physical costs, if not. Responsible banks should therefore not only complement their risk management system in order to achieve regulatory compliance, but should also do so because these risks are essential – not only for the bank’s bottom line, but for our entire society.
Please contact us if we can help you adapt your risk management system to adequately address sustainability risks.
Together with Risk Management, a solid corporate governance system is prerequisite for long-term sustainable development of an enterprise.
Our Service for You:
NomoRisk can help you examine and, if necessary, optimise the governance structures of your company according to management’s ideas, taking into account in particular the role and functionality of the areas of internal audit, compliance and risk management and in accordance with the relevant regulatory expectations and legal requirements.
For this purpose, we have developed a unique governance assessment system in which we have integrated all relevant requirements and practical experience. With this, we can provide you in just a few days with a structured overview of possible weaknesses and show which measures are suitable to improve the structure and management of your company precisely.
Compliance & AML
When developing compliance and anti-money laundering solutions, we are guided by the relevant regulatory requirements, which we align with the business requirements of our customers.
In doing so, we take into account not only strategic coordination with other business areas (especially, but not only risk management, internal audit and fraud prevention) to avoid redundancies, but all common areas of work such as regulatory and legal requirements management, complaint management, whistleblowing, reporting, training, outsourcing management, etc.
In the field of money laundering prevention, we cover not only the relevant minimum requirements such as the definition of functional requirements, the selection of suitable software providers, the integration and calibration of monitoring systems, the definition of guidelines and work instructions, the implementation of AML risk assessments, the development and implementation of training programmes and the continuous development of existing systems, but also the use of these systems in connection with other requirements, such as to fight fraud or identify customer behavior and business opportunities.
Our Service for You:
If there are open requests or audit findings regarding the current state of your information security system, we are at your disposal to define and implement the next steps for further improvement, taking into account relevant guidelines (DORA, BAIT, VAIT, KAIT, EBA ICT Guidelines, etc.). We support you in protection needs analyses, business impact analyses, the definition of protective measures and the implementation of all requirements in the form of guidelines, work instructions, tools and reporting tools.
In addition, we offer the implementation of an independent external review of the current structure and process organization of your internal audit function. We will assess its compliance with common standards (e. g. IPPF) as well as both its efficiency and effectiveness and make appropriate recommendations for further improvement, such as process adjustments, better consideration of underlying risks, improvements of document management, appropriate training measures, continuous quality assurance or optimising cooperation with management or other control functions in the wider sense, such as compliance and risk management.
Due to the corresponding regulatory requirements in the area of outsourcing, which have grown considerably in scope in recent years (and are likely to continue growing), this topic has also gained significant popularity in the boardroom. Depending on the institution’s current approach, significant further developments in this area are required, often also in connection with the requirements for a comprehensive and risk-oriented management of information and communication systems (as per, for example, BAIT or DORA).
Our expertise can help you develop and implement appropriate improvements to your entire outsourcing process and the associated organisational standards in an appropriate and strategic way. Of course, we also develop tailor-made training solutions for your company in this area. Depending on your regulatory situation, we focus on the requirements of either the MaRisk or the EBA Guidelines, without neglecting the required consideration of all pertinent regulations.
Management & Team
NomoRisk was founded by Stephan Hartenstein, who is the sole owner and managing director of the company. Prior to NomoRisk, Mr. Hartenstein was responsible for operational risk management, fraud prevention, information security and contingency planning at ProCredit Holding AG, a global microfinance institution. From 1999 to 2008 he was COO at J.P. Morgan Asset Management in Frankfurt am Main, where he headed the areas of risk management, audit, tax, finance, law and compliance as well as client services. Mr. Hartenstein is a graduate economist at Goethe University Frankfurt.
The employees of NomoRisk are consultants and senior consultants who have been working in the financial industry for several years and have extensive experience in the consulting services offered.
Please understand that for competitive reasons we do not present our employees here. Of course, we will make our employee profiles directly available to you as and when appropriate.
Previous Project Assignments
More than 50 successfully conducted training programs worldwide.
Over 55 successfully conducted consultancy projects worldwide.
Tel.: +49 (0)69 1755 4020-0
Fax: +49 (0)69 1755 4020-9
Tel.: +49 (0)69 1755 4020-0
Risk Management, Risk Culture, Corporate Governance, Information Security, Emergency Planning, Business Continuity, Compliance, AML, MaRisk, EBA Guidelines, BAIT, KAIT, VAIT, Outsourcing, ECRG, Audit, Regulatory review, Training, e-Learning, Sustainability Risk, Banks, Asset Management, Insurers – We are happy to help!