- FOCUS TOPIC
FINMA has recently published their Risk Monitor 2025.
Here's What That Means for You.
1. Extension of Jurisdiction:
Accountability Doesn't Stop at Your Front Door
How we can help
We've helped banks (FINMA categories 2 to 5) to build and implement 3rd party risk management frameworks.
In this process, we develop the required regulatory evidence to help you achieve an audit-ready state.
The institutions that act before the auditor arrives have significantly more control over the outcome.
Want the Full Picture?
Download Our Report or Schedule a Call with us!
2. Supervisory Focus:
From Circulars to Consequences
How we can help
Our pragmatic approach includes pre-audit gap analysis, coached dry runs, and targeted mock interviews.
We identify and address your individual regulatory challenges and improve not only your operational resilience but systematically improve and mature your audit lifecycle.
3. Third-Party Risk:
From "Outsourcing" to "Supply Chain"
How we can help
We've built and operationalized TPRM frameworks for institutions from Category 3 to 5 banks to large financial services providers, with clear tasks, authorities, and responsibilities across all stakeholders.
4. Insider Threats:
Formally Elevated, Broader Than You Think
How we can help
Our Insider Threat and Risk Management (ITRM) framework, anchored in ASIS ESRM 2019, has helped a systemic bank close its regulatory findings and receive formal approval from the regulator's appointed auditors.
All our Frameworks are based on industry standards and best practices, fully customizable to your needs and preferences.
5. Cyber & ICT Risks:
The Trend Is Upward
How we can help
From vulnerability management roadmaps to threat-led tabletop exercises, we combine deep technical expertise with regulatory fluency to deliver proportionate, business-sensitive solutions.
Let's Talk About Your FINMA Readiness
Whether you're preparing for an audit, closing findings, or proactively assessing your position against the Risk Monitor:
We're ready when you are.
Download our full FINMA Risk Monitor 2025 Report:
Or, get in touch with our experts now to learn more:
Meet the Team
André Bussmann
andre.bussmann@pragmatica.ch
Mehr erfahren
Beratungsschwerpunkte / Expertise
- Projekt- und Programm Management für Business und IT
- Business und IT Transformations- und Change-Management
- Beratung und Implementierung regulatorischer Anforderungen für Banken und Versicherungen
- Spezielle Fachgebiete sind Operational Resilience/BCM, Information/Cyber Security, GRC (Governance, Risk & Compliance) und Data Privacy (GDPR & CH DSG)
Relevante Berufserfahrung, Abschlüsse und Ausbildungen
- > 25 Jahre Projekt- und Programm Management nationale und internationale Projekte in der Finanzdienstleistungsbranche
- > 20 Jahre Business- und IT-Projekte in der Umsetzung regulatorischer Anforderungen in der Finanzdienstleistungsbranche
- > 10 Jahre Outsourcing (Near- und Offshoring) von Business & IT Services
- Zertifizierungen: Certified Information Security Manager (CISM) von ISACA, Project Management Professional (PMP) von PMI, Prince 2 Practioner
- Ausbildungen in Lean Management, Design Thinking, PROSCI Change Management, OneTrust Certified Privacy Professional
Tarik Kayapinar
Motto:
“Positive thinking and belief in yourself, are the way to success.”
Why Pragmatica:
Pragmatica allows me to develop in an exciting environment in customer projects or in internal fields of activity. Here, I can further deepen my strengths as well as learn new skills that strongly promote my further development. The collegial and familiar environment at Pragmatica is important to me, so I feel at home.
Learn more
Consulting focus/ Expertise
- Information security management (ISMS) in banking and insurance industry
- Risk management e.g. in banking sector (CH) and in mobility and transport group (DE)
- 3rd party security and contract management in the insurance industry
- Identity & Access Architecture and Data Compliance in the banking sector
- Internal auditing in the financial services sector
- Business Continuity Management System (ISO 22301)
- Data Protection Management (GDPR): Implementation and internal training
- ISMS focus areas: Leadership, risk management, supplier management, physical security, incident management, BCM, compliance, and asset management
Relevant work experience, qualifications and training
- 9 years information security management / ISMS
- 7 years IT and business process management
- 5 years data management
- 4 years data protection management (GDPR) and DPIA
- 4 years Security Awareness
- 5 years project management, Prince2 Practitioner certified
- 6 years risk and quality management
- 4 years Identity & Access Management
Dr. Doron Zimmermann
Motto:
“Si sapis, alterum alteri misce: nec speraveris sine desperatione nec desperaveris sine spe.”
(If you are wise, combine these two things: Never hope without doubt; and never despair without leaving room for hope)
-Lucius Annaeus Seneca
Why Pragmatica:
He who shows compassion, draws unto himself the likeminded. Pragmatica brings together smart individuals from different walks of professional life. What unites them is their striving to render quality service to our clients; and, therefore, the will to earn our clients’ trust. Although this may seem commonplace, at the level of an entire organization, it is extraordinary.
Learn more
My Expertise
- Security risk management
- Information security
- Business continuity management
- Crisis management
- Enterprise/corporate security
- Insider risk management
Relevant work experience, qualifications and training
- 20+ years of security risk management
- Financial-, energy-, supply chain and telecommunications industry experience
- Chief Security Officer and Chief Information Security Officer experience
- Public policy and federal government experience (staff, Federal Council of Switzerland)
- Teaching and research (ETH & National Defense University, Washington, D.C.)
- Certified Information Security Manager – CISM (ISACA)
- Enterprise Security Risk Managment, certificate (ASIS)
- Special training courses for insider risk management
- Graduated university with a doctorate (PhD), (Emmanuel) Cambridge, U.K.
Salvatore Arcidiacona
Motto:
“At the end of the day, the goals are simple: safety and security.”
Why Pragmatica:
At Pragmatica, I value the long-standing partnerships based on trust, which is the result of client satisfaction. I am convinced that the high quality of consulting services and the implementation of pragmatic solutions pay off for our clients, especially in view of the current cost pressure and the pressure to innovate.
Learn more
My Expertise
- Cyber Defense & Security Operations (SOC/CDC)
- Cyber Threat Intelligence
- Security Incident Management
- Regulatory Compliance (FINMA, DORA)
Relevant Professional Experience, Degrees and Training
- 20+ years of experience in cybersecurity and IT security
- Founder and Head of a global Cyber Defence Center (international fintech)
- Experience in cross sector crisis coordination (FS-CSC, BACS/NCSC)
- Master of Advanced Studies in Information Systems Management
- Active member of DefCon Chapter Switzerland