Amstelveen Amstelveen

Risk Transformation

We are a highly experienced team that works alongside your leaders to diagnose maturity, uplift culture and capability and embed practical frameworks, controls and GRC tooling.

We have a broad range of capabilities aligned to our Risk Transformation services

  • Risk maturity assessment and benchmarking
  • Risk and compliance operating model design
  • Risk culture assessment and uplift
  • Risk and compliance capability assessment and uplift
  • Risk strategy, frameworks, policies and standards design and implementation
  • Risk profiling and control design, uplift and optimisation
  • Compliance obligations mapping and control design
  • Risk system design, implementation, enhancement and independent review
  • Risk reporting, insights and dashboard design

“One of our core capabilities is to assist our clients to uplift their risk and compliance ecosystems. Our services are modular and can be phased to match your timelines and capacity. “

Our key differentiators

One of our core capabilities is to assist our clients to uplift their risk and compliance ecosystems. We do this to enable their organisations to make better, risk‑informed decisions.

Senior experts, hands‑on

We have real specialists delivering the work, not overseeing it.

Clear, practical insights

We simplify complex risk matters into actionable business activities.

Structured, risk‑led approach

We align activity with strategy, maturity expectations and regulatory standards.

Depth across non‑financial risk

We have a depth of specialists across technology, resilience, data, AI, transformation and more.

Risk System specialists

Our core technology capability has enabled us to become implementation partners for all leading Risk System platforms in Australia and New Zealand.

Flexible delivery

We are able to tailor our support to the client context; from advisor roles to execution

Our service offering

We help clients to design, lead and execute major risk and compliance transformation programs

Program Governance and Management

We set up, led and managed a range of
risk transformation programs. Our recent projects
include setting up and running a $100M risk and
compliance uplift program for one of Australia’s
largest insurers, and managing an operational risk
and compliance risk maturity uplift program for one
of Australia’s largest banks.

Governance, Reporting and Frameworks

We define and implement Three Lines of Defence
models, build key risk strategies, policies,
frameworks and standards, deliver data‑driven
reporting and dashboards, and develop SME
specific artefacts, such as information security,
privacy and cyber policies.

Assurance and Control Transformation

We design and develop risk and control frameworks
and libraries aligned to regulatory obligations,
internal policies, and industry standards. We also
perform control assessments, and delivery and
delivered risk assessments.

Risk Culture and Organisational Capability

We uplift and embed organisational roles and
responsibilities, deliver risk culture assessments and
uplift initiatives using analytics, review and uplift risk
capacity and capability, and provide training
supported by comprehensive risk education
curriculums.

Risk Systems, Data and Reporting

We identify, select, implement and maintain leading
risk system platforms, including ServiceNow,
ReadiNow, Protecht, Bwise, OpenPages and
Archer. We support all aspects of the
implementation and maintenance lifecycle,
including requirements specification, testing, data
migration, reporting build and remediation.

Organisational Change Management

We assist in planning and leading change
management efforts across risk transformation
programs, to support adoption and enhance
capability across the Three Lines of Defence. We
design change plans, draft and deliver
communications and change activities, and
execute capability uplift programs.

FEATURED STORY

Six Months of CPS 230: What does the next phase of resilience look like?

As APRA sharpens its focus on operational risk and organisations continuously embed regulatory requirements, the evolving business continuity landscape has exposed key areas where organisations can evolve to build true operational resilience.

Read more
Our Experience

Our Experience

Major Australian General and Liability Insurer

Risk Transformation Program Leadership

Amstelveen was responsible for setting up, leading and staffing a $100M risk maturity uplift program for one of Australia’s largest insurers. This program was initiated to address the recommendations of the 2019 Financial Services Royal Commission, as well as 2018 APRA Prudential and CPS 220 Reviews. The program scope included uplift of all elements of the risk and compliance ecosystem such as governance, processes, analytics, reporting, systems, and training. This also included members of the team supporting the development of a centralised controls library, and improving risk profiling and obligations management capabilities.

Read more Show less

Big 4 Australian Bank

Risk Remediation Program Execution

Amstelveen was responsible for leading the Risk Remediation program within the Technology and Operations Division of one of Australia’s largest retail banks. The program included the execution of uplift plans across areas including IT service continuity, IT asset management, information security, and IT risk governance and reporting. The program was under considerable regulatory scrutiny and carried high reputational implications for the Group Executive and the Board of Directors.

Read more Show less

Major Liability Insurer

Review of 3LoD Operating Model

Amstelveen was engaged by a Major Australian Liability Insurer to support the review of a Three Lines of Defence Operating Model. This engagement involved the review of key risk and compliance artefacts (Risk Appetite Statement, Frameworks, Policies, Standards and Processes), team structures and resourcing, and supporting technology. Our team identified a series of recommendations to improve the management of risk and compliance. We were subsequently engaged to review progress against our initial recommendations and changes to the effectiveness of risk and compliance management practices at the client organisation.

Read more Show less

Global Financial Services Institution

Operational Risk Transformation (NFRe Program)

Amstelveen was engaged to support a large financial services organisation in the delivery of a multi‑year Non‑Financial Risk (NFRe) transformation program, established to uplift operational risk maturity, frameworks, systems and governance across the enterprise. Our team provided specialist resources across program governance, operational risk framework uplift, risk systems implementation and organisational change management. This included providing PMO and program management support, contributing to the establishment of core governance and control mechanisms, coordinating delivery across multiple workstreams, and developing reporting and materials for senior management, the Board, Internal Audit and regulators. Amstelveen also provided subject matter expertise across key operational risk initiatives, supporting the uplift of risk and control assessments, issue and incident management, material risk governance, integrated assurance, data risk and risk reporting frameworks. In parallel, we supported multiple GRC system uplifts, including requirements definition, testing and data migration activities, ensuring alignment between updated policies, risk frameworks and technology solutions. Change management support was embedded throughout the program, including the development of communications, training materials, process guides, stakeholder workshops and senior stakeholder engagement.

Read more Show less

Big 4 Australian Bank

Financial Advice Remediation Program

Amstelveen supported a major Australian bank in the establishment and delivery of a multi‑year Financial Advice Remediation Program within its Wealth Management business. The program was initiated in response to an Enforceable Undertaking and was subject to a high level of regulatory, public and Board scrutiny. Our team supported the program setup and delivery through the establishment of the Program Management Office, provision of delivery advice, completion of point‑in‑time program reviews, and preparation of governance and assurance reporting for the Executive Steering Committee, Board and APRA. This included supporting clear program governance arrangements, delivery oversight and transparent reporting throughout the remediation lifecycle. Amstelveen also supported the establishment of a Line 1 Risk function to provide business oversight of operational risks associated with remediation activities. This included working closely with Legal and Security functions to assess the effectiveness of remediation processes, perform risk‑in‑change assessments, and conduct vendor risk assessments to protect customer data. Outputs from this work informed independent expert reviews and provided additional assurance over the design and operation of the remediation program.

Read more Show less

We help clients to design, lead and execute major risk and compliance transformation programs

Get in touch for any questions, or if you’d like to discuss working together

Talk to us today