Senior regulatory and technology risk expertise. Delivered directly.

Ristec advises FINMA-supervised banks and independent asset managers on regulatory compliance, technology risk, and governance. A senior practitioner leads and performs every engagement, bringing large-firm expertise with the agility of a boutique advisory.

Request a conversation

Risk-focused. Pragmatic by design.


Large-firm expertise without large-firm complexity
Experience built in demanding financial services environments, delivered through a leaner advisory model.
Direct access and continuity
Clients work directly with the practitioner responsible for the engagement, from first discussion to final deliverable.
Clear direction
Turning complex regulatory expectations into clear, proportionate outputs.

Regulatory complexity is increasing faster than institutional capacity.

Category 3 to 5 banks and independent asset managers carry the same regulatory expectations as far larger institutions: ICT governance, cybersecurity, operational resilience, outsourcing, data protection, and increasingly the governance of AI. What they do not carry is the internal capacity to absorb them.

In practice, ownership, evidence, and governance responsibilities remain fragmented across teams, spreadsheets, and manually repeated regulatory work. Supervisory reviews and audit findings arrive faster than the framework matures.

Ristec fills that structural gap: a senior practitioner who knows what the examiner will ask, structures the response before it is needed, and leaves the institution with something it can maintain.

The issue is not regulation volume.

The issue is whether obligations can be translated into clear ownership, evidence, controls, and management decisions.

Four engagements. Enter where the need is.

Each engagement answers one question an institution actually asks. None is a prerequisite for another, and scope is agreed before work begins.

01
Assess
Regulatory Readiness and Risk Review
FINMA Circ. 2023/01 · DORA · nDSG
"Where do we stand, before the regulator or the auditor asks?"
A structured assessment of the institution's compliance posture, with proportionality correctly applied for category 3 to 5 institutions. Every observation referenced to its specific margin number or article, prioritised by exposure, and summarised for the board.
02
Respond
Findings Remediation
FINMA · Internal and external audit
"We have findings. They need to be closed properly, with evidence."
Structured remediation of regulatory findings, audit observations, and control failures. Each finding receives an owner, a deadline, an evidence requirement, and a closure criterion traceable to the original expectation. Work can begin within days of instruction, aligned to the deadlines already set.
03
Build
Governance and Documentation Build
FINMA · nDSG · ISO 27001
"We know the gaps. We need the framework and the documents, written for our institution."
Governance structure, risk taxonomy, control library, and the policy and procedure suite, including cyber incident response with the FINMA 24h/72h notification workflow. Written for the institution's actual systems and teams, and built for a compliance function to maintain.
04
Strengthen
Ongoing Governance Support
Regulatory monitoring · Board reporting
"We need senior expertise on an ongoing basis. A full-time hire is not justified."
A senior practitioner on retainer: regulatory monitoring with impact stated plainly, board reporting kept credible, the framework and documentation kept current, and the institution prepared before the supervisory review is announced, not after.

Four commitments on every engagement.

Direct execution.
The practitioner you meet leads and performs every engagement from the first conversation to the final deliverable.
Traceable conclusions.
Each observation is supported by the applicable regulatory requirement.
Independent judgement.
Ristec structures the methodology; decisions remain with the institution. Recommendations are objective, proportionate and aligned with the institution's context.
Swiss delivery.
Client documentation and work products are handled on Swiss infrastructure. A contractual commitment and an architectural constraint, not a feature added later.

Every service reflects work that has been performed, not described.

Ghita Bellal, founder of Ristec

A practice built on direct regulatory and operational experience.

Ristec is founded by a practitioner with fifteen years of experience in technology risk, cybersecurity, and regulatory compliance within Swiss and international financial services environments, built in Big Four practices in Paris and Geneva. The practice exists to bring that experience directly to the institutions that need it, without the overhead or the distance of a large firm.

Regulatory depth
Direct experience in FINMA-supervised environments at the highest tier.
Mandates have included leading technology risk and cyber regulatory reviews for category 1 banking institutions under FINMA Circular 2023/01, covering cybersecurity governance, critical data risk, operational resilience, and outsourcing risk. Regulatory IT audit experience extends across international banking and asset management environments under ISAE 3000, ISAE 3402, and national supervisory frameworks.
Institutional breadth
Board and senior management advisory across regulated environments.
Experience built within complex, internationally regulated organisations, advising senior management and board-level committees on operational, technology, and information security risk.
Professional standing
CISSP and CCSP certified. Four working languages.
Holds the CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional), international certifications in information and cloud security. Working languages: French, English, Italian, and Spanish.

Ready to understand where you stand?

Request a conversation

Start with a conversation.

An initial discussion focuses on your institution, its current obligations, and the areas where regulatory or operational visibility may be limited. It carries no commitment, and you will receive a response within two business days.

Location
Geneva, Switzerland
Languages
French · English · Italian · Spanish