Yes, as a modern cloud platform, Leno allows for No-Code configuration. The solution is highly scalable and can be flexibly adapted to your internal structures, processes, and permission sets without any programming effort.

Leno eliminates manual errors through high-level automation and integrated AI. Structured workflows and built-in regulatory expertise replace tedious email-based coordination and static lists with a modern, digital process.

Yes, Leno eliminates fragmented data silos by seamlessly linking vendors directly to their corresponding contracts, risks, and mitigation measures. This seamless integration prevents redundant data entry and ensures full transparency.

Leno is a modular GRC platform designed to digitalize and automate Governance, Risk & Compliance. It serves as a central hub for Third-Party Risk Management (TPRM), Contract Lifecycle Management (CLM), Information Security (ISM), and BCM.

A further outsourcing occurs when a service provider outsources all or part of the services it provides to a financial institution to a third party. This applies regardless of whether the outsourcing is permanent or temporary. If the outsourced services involve information and communication technology (ICT), this is referred to as an ICT subcontracting arrangement.

Thanks to pre-defined GRC templates and expert onboarding support, you can achieve a rapid "Go-Live". We guide you from initial data migration to full production to ensure a smooth transition.

Not every subcontractor needs formal approval - the key factor is risk relevance. Subcontractors providing services related to critical or important functions or significantly affecting ICT risks must be assessed and approved in advance. For non-critical services, simplified documentation may be sufficient.

‍

Yes, Leno supports English and German as standard. Additional languages for international GRC teams can be added upon request to support your global compliance operations.

Security is ensured through Single Sign-On (SSO) and role-based access control (RBAC). Leno provides hosting and support directly from Germany, adhering to the highest security standards and architectural requirements.

The documentation must be detailed enough to ensure that risks from further outsourcing are fully traceable and manageable. As long as a further outsourcing arrangement can generate a risk relevant to the institution, the assessment, decision basis, approval, and monitoring must be documented. Supervisors and auditors must be able to see at any time which further outsourcing arrangements exist, which risks have been assessed, and how they are being managed.

Leno is modular and fully integrated. We offer specialized modules: Leno TPRM (Third-Party Risk & Outsourcing), Leno CLM (Contract Management), and Leno ISM (Information Security & BCM). All modules work together to form a holistic GRC ecosystem.

Leno provides all audit-relevant information on further outsourcing centrally, up-to-date, and in a traceable manner. Risk analyses, approvals, decisions, and changes in the ICT supply chain are documented in a structured way and can be accessed at any time in an audit-proof manner. This allows institutions to respond quickly and consistently to internal audits, external auditors, and supervisory authorities without manually compiling information.

From a regulatory perspective, financial institutions are also expected to have transparency and control over subcontractors that are used as part of onward transfers. It is not only the contract that is decisive, but the actual monitoring of the entire ICT supply chain. The institution remains fully responsible even with subcontractors and must be able to assess risks, document approvals and understand changes.