“Compliance is obligatory.
Painful invoices are not. Not even for Top-tier work.”
The Ratiofy Principle
Discuss Your Mission
Our Core Services.
If you are working with us, that already means that you are in good company. We take and suggest actions with your best interest in mind. “Squeezing the client” is not what we do like many other advisory firms. We guarantee that you will feel the difference.
CISO / ICT Risk Control Function as a Service
- ● Fulfill the mandatory ICT Risk Control Function for AIFMs, ManCos, and PSFs.
- ● Execution of recurring ICT controls and validation of control objectives.
- ● Direct reporting to Authorized Management and the Board of Directors.
Discuss Your Mission
Third-Party Monitoring.
- ● Continuous monitoring of critical and important ICT outsourcing arrangements.
- ● Alignment with CSSF 22/806 and DORA Register of Information requirements.
- ● SLA validation, risk assessments, and exit strategy documentation.
Discuss Your Mission
RFP & Tool Selection.
- ● Creation of highly specific Request for Proposals (RFPs) for GRC tools and Core Banking Systems.
- ● Vendor evaluation based on Luxembourg regulatory constraints and data residency.
- ● Functional gap analysis between your business needs and vendor capabilities.
Discuss Your Mission
Gap Assessments.
- ● Comprehensive reviews against EU Regulations (such as DORA, NIS2, EU AI Act), CSSF Circulars and CAA Requirements.
- ● Development of pragmatic, prioritized action plans to close identified gaps.
- ● Information Security Policy creation in alignment with ISO 27001 standards.
Discuss Your Mission
Business Continuity.
- ● Execution of Business Impact Analyses (BIA) directly mapped to critical processes.
- ● Drafting and stress-testing Business Continuity (BCP) and Disaster Recovery Plans (DRP).
- ● Crisis Management Team structuring, coaching, and scenario simulations.
Discuss Your Mission
Emerging Tech Regulations.
- ● Strategic compliance mapping for the EU AI Act and the EU Data Act.
- ● Cyber Resilience Act alignment for critical digital infrastructure.
- ● Translating novel EU directives into actionable, proportionate corporate governance.
Discuss Your Mission
The Framework Services Agreement.
A flexible contracting model (FSA) designed for long-term, dynamic partnership.
Dedicated Capacity
Secure a guaranteed minimum volume of advisory days per year. This ensures you have priority access to our execution capability when strict regulatory deadlines approach.
Total Flexibility
Dynamically allocate your prepaid days. Shift focus from Annual Risk Assessments to specific staff awareness training (our “Menu” options) based on immediate business needs.
Predictable Costs
Eliminate the friction of ad-hoc contracting. Lock in highly preferential rates for the year, with zero administrative overhead fees applied to the mission.
Discuss Your Mission
Zero ramp-up time.
The standard model wastes a month on discovery. We eliminate this inefficiency. We understand your business, regulatory (such as CSSF, EU, CAA) expectations, and the market practices. We can help you from Day 1.
A bit about the Founder
65+
Luxembourg Entities
Direct experience across IFMs (AIFMs, ManCos), Banks/Credit Institutions, PFS/PSF, Investment Firms, PIs/EMIs for Advisory and Audit.
20yrs
Global Experience
Includes 5+ years at the ECB in Frankfurt and 5 years at Oracle. Top-tier institutional standards.
Started the career as out and out technical person and spent a good part of the career as a coder / developer.
100%
Regulatory Focus
Expertise in DORA, NIS2, EU AI Act, EU Data Act, Cyber Resilience Act, Market Abuse Regulation (MAR), PSD2, GDPR, CSSF Circulars (such as CSSF 25/882, CSSF 25/883, CSSF 20/750 (25/881 and 25/880), CSSF 24/847, CSSF 21/769, CSSF 18/698 among others.
No learning on the job.
Execution Framework.
Standard methodology for our recurring Advisory Missions.
| Phase | Objective | Key Deliverables |
|---|---|---|
| Step 1 | Review & Assess | Analysis of current ICT environment, mapping of business processes to assets, and identification of regulatory gaps. |
| Step 2 | Implementation | Drafting specific Policies and Procedures (e.g., Incident Management, BCP/DR) aligned with CSSF expectations. |
| Step 3 | Ongoing Execution | Operating as the external CISO. Regular third-party monitoring, SLA checks, and recurring control validation. |
| Step 4 | Reporting & Training | Mandatory board reporting, submission of the annual ICT Risk Assessment, and staff security awareness training. |
| Step 5 | Strategy & Tools | Drafting RFPs for necessary system upgrades (Core Banking, GRC) and establishing the target operating model. |
Discuss Your Mission
Commitment to Value.
Premium partnership, entirely transparent.
1 No Administrative Fees
Standard admin fees (typically 5%) are waived. Local travel is included.
2 100% Money Back
Full guarantee within 30 days of the delivery of work if you are not satisfied.
3 25% Cashback with Ratiofy.Lu Tools, Packages and Utilities.
Utilize Ratiofy compliance tools and templates up to 25% of the advisory fee value.
Direct access.
Subject to availability.