One of the central objectives of BaFin’s regulatory requirements is to ensure effective risk management. Satisfying the increasing number of requirements means more personnel expenditure and organizational and technological effort.

The 3 lines-of-defense model has established itself as a means to identify and manage risks. We specialize in consulting and support services relating to the 1st and 2nd Lines of Defense.

Based on “Guidance on the 8th EU Company Law Directive”, FERMA / ECIIA (2010), extended by usd AG


We advise you on the initial introduction of an ISMS and support you in the implementation of concrete measures.

  • Definition of the relevant ISMS processes on the basis of best practices, adapted to your company.

  • Support of 1st and 2nd lines of defense, e.g. with creating guidelines or selecting measures

  • Verification that defined requirements have been implemented

  • Identification of improvement potentials and implementation of measures for continuous improvement of the ISMS


The impact a new project will have on information security must be considered as early as possible.

Ensuring information security while selecting, prioritizing and planning projects

Project management with a special focus on information security

Working on concrete work packages that are part of the project


The flood of regulations in the IT and cyber security environment of the financial industry will not let up. With the KAIT, the BaFin has now announced its newest set of regulations.

Dr. Christian Schwartz, our expert for information security in the banking and finance sector, will be happy to help you prepare for the new requirements stipulated by KAIT.