Regulatory Change Delivery
Regulatory change arrives as legal text, but it has to become ownership, controls, data, reporting and evidence inside the business.

Risk & Compliance
Know what each critical service depends on, and prove it can recover.
Operational resilience starts with the services customers and markets depend on: paying benefits, clearing payments, settling trades, serving members, processing claims, or scheduling and delivering energy.
Capmark helps institutions map those services end to end across process, people, systems, data and suppliers. We set impact tolerances, design and run scenario tests, identify single points of failure, and turn findings into remediation with owners, dates and evidence.
The underlying questions are consistent across regimes: what matters most, what does it depend on, how much disruption can it tolerate, and can the institution recover within that tolerance.
We map each critical service across process, people, systems, data and suppliers to the depth where single points of failure become visible. The map is designed to stay current after we leave.
We set impact tolerances with the business, then test against realistic disruption scenarios: loss of a system, site, data feed, supplier or operational team. Findings become a remediation plan, and the next test proves whether the fix worked.
We assess readiness against the regime that applies, close gaps and build the evidence required by boards and supervisors. The work is structured around critical services, dependencies, tolerances, testing, remediation and third-party risk.
We map suppliers and sub-suppliers to the services they support, assess material arrangements and test whether contracts, controls and exit plans reflect the institution’s dependency on each provider.
We assess concentration across cloud platforms, market infrastructure, software vendors and outsourced service providers. Mitigations include substitutability assessments, tested exit plans and recovery designs that do not assume the provider is available.
We build reporting that shows what has been mapped, what has been tested, what remains open and who owns it. Evidence is produced by the mapping, testing and remediation work itself.
A Principal leads from day one. The first weeks map one critical service end to end, exposing dependencies, single points of failure and the first priorities for testing and remediation.
From there, we run working sessions with operations, risk, technology and supplier owners, build the remediation plan and produce reporting the board can use.
Engagements range from a single-regime readiness assessment to full resilience and third-party risk programme ownership.
Establish the current state, the constraints, the risks and the value at stake.
Shape the target model and the business case with the executives who own the outcome.
Stand up the team, the plan and the governance around the outcome.
Design, build and test the change, with the business alongside.
Cutover, hypercare and handover, so the business runs it under its own control.
The same five stages on every engagement, led by senior practitioners end to end. How we work
Client result

Capital Markets · Operating Model
Global Investment Bank · Markets Front Office & Operations
We helped redesign the Markets front office and operations operating model — moving trade capture into the front office with clean segregation of duties, standing up nine shared services and centres of excellence across client operations, trade control, margin and collateral, prime and agency derivatives, financing and treasury operations, and moving 100+ roles to lower-cost locations.
Read the case study
Insights
Get in touch
Tell us what needs to change and where the pressure or risk is showing.