Hold tight Hi there!

Advisory

Regulatory Readiness

What we do.

Our Regulatory Readiness Assessments combine a structured regulatory analysis with practical advice. We translate supervisory expectations into clear, actionable steps - balancing rigour with realism. Our methodology is structured around five clear and pragmatic steps: 

Robert Dreyer - MSc RO
E: robert@riskboutique.nl T: +31 (6) 40 88 37 01

Baseline Readiness Scan

Conducting a holistic assessment of your control environment against the relevant frameworks and guidance. 

This typically includes: 

  • Mapping obligations from DORA, NIS2, DNB Good Practices, DigiD, and other national or European requirements to your current processes and policies 
  • Assessing maturity across governance, risk, IT, outsourcing, and incident response domains 
  • Identifying where your controls are proportionate - and where complexity can be reduced

The outcome: a transparent baseline that distinguishes genuine compliance gaps from cosmetic documentation issues.

Gap Analysis & Action Planning

Next, we develop a pragmatic improvement roadmap. 

Each identified gap is prioritised according to its impact, urgency, and ease of implementation. 

Our focus is not on creating more controls, but on strengthening the most important ones. 

Where appropriate, we suggest smart control substitutions: efficient ways to meet supervisory expectations without unnecessary overheads. 

The Policy House

A solid compliance foundation starts with a coherent Policy House. 

We help our clients to design, structure, and align their governance documentation, including policies and procedures, to standards and guidelines. 

Our policy house approach ensures every document has a clear owner, purpose, as well as a traceability link to regulatory requirements. 

We can draft or refine policies covering ICT risk, outsourcing, data management, operational resilience, and incident reporting, all of which are written in plain, audit-proof language. 

Board & Regulator Readiness

We prepare board-level reports and management briefings that demonstrate your progress, residual risks, and next steps. 

 We also support clients during supervisory dialogues - such as inquiries from the AFM or DNB - by helping management to explain their regulatory position confidently and credibly. 

 Our advisors are adept at translating complex technical topics into concise, defensible narratives that demonstrate both control and intent. 

Continuous Monitoring

Regulation doesn't pause, and neither should readiness. 

We design lightweight monitoring routines, such as regulatory trackers, self-assessment checklists, and dashboards, to keep your compliance sustainable and future-proof. 

This ensures that regulatory awareness becomes a living part of your governance rhythm, rather than a one-off exercise. 

Robert Dreyer - MSc RO
E: robert@riskboutique.nl T: +31 (6) 40 88 37 01

Regulatory Readiness
as a Service 

Regulatory readiness does not end when a policy is written or a gap analysis is complete. Supervisors expect ongoing, demonstrable control - not one-off compliance projects. 

Non-Financial Risk as a Service provides organisations with continuous, proportionate support to keep their regulatory readiness alive and auditable. We operate as an extension of your second line, ensuring that risks are managed and documented in a way that meets regulatory expectations without adding unnecessary overhead. 

Our network of experienced consultants brings together expertise in regulation, IT, and risk from leading financial institutions, auditing firms, and fintechs.

We have supported readiness programmes for DORA, NIS2, DNB Good Practices, and DigiD compliance across banks, insurers, payment service providers, and critical (semi-)public entities. 

Because we operate as an independent boutique, we bring flexibility and candour - ensuring your readiness programme delivers results that are both compliant and credible.

What you gain.

Clarity in complexity. You will have a clear understanding of how regulations such as DORA, NIS2, and the DNB Good Practices apply to your organisation.

Efficiency through proportionality: you focus on what truly drives compliance, rather than bureaucratic excess.

Audit-ready governance: your Policy House and documentation are coherent, consistent, and robust in the face of regulatory scrutiny.

Confidence with supervisors: you can face AFM or DNB questions with well-structured evidence, a clear rationale, and a visible command of your environment.