Risk Management in a FinTech startup (13 employees).

  • A FinTech start-up offers a portal for investors and small businesses looking for start-up and growth capital.
  • The FinTech start-up itself is looking for investors and partners, but these require proper risk reporting
  • Partnerships with banks require professional risk reporting that not only identifies financial portfolio risks, but also operational risks.
  • Sound risk management strengthens the image.


  • Several work sessions with the partners show that the company does not have a systematic approach to identify and manage risks.
  • It is decided to implement “Enterprise Risk Management” in a systematic way, with knowledge transfer to the FinTech employees


  • Through workshops, both internal and external risks were identified in different domains
  • The risk appetite was determined.
  • The risks were analyzed and included in a fully elaborated risk register with heatmap.
  • A specific approach was developed for each type of risk.
  • (risk management framework)
  • Risk Owners are indicated.
  • Relevant Key Risk Indicators have been chosen as the basis for reporting.
  • The ICT risks have been identified (according to the ISO 27001 and ISO 27032 standards).


  • This approach ensured greater transparency of the risks throughout the organization, which facilitated rapid remediation.
  • The systematic approach was incorporated into the daily way of working and formed the basis for subsequent compliance audits.
  • A maturity model was drawn up, with a plan to reach the target level within three years.