Germán Fuentes Capella

About me

My career has moved across engineering, CTO, CISO, and regulatory delivery roles in regulated financial services. That range is deliberate: the problems worth solving sit at the intersection.

Engineering: building and scaling teams, infrastructure, and systems in high growth environments.

Delivery: leading programmes across engineering, legal, finance, and risk. Comfortable going deep into technical architecture or sitting in a board conversation.

GRC: translating regulatory requirements into technical specifications, and engineering decisions back into governance language.

DORA and operational resilience are common anchors for this work. I have worked with entities regulated under CSSF and FCA across Luxembourg and the UK.

Where I can help

• Engineering organisations slowing down as they scale or facing reliability challenges
• Regulated entities going through licensing who need technical and regulatory delivery owned together
• Regulatory programmes stalling because engineering and GRC cannot translate between each other
• Cross-domain programmes across legal, finance, risk, and technology that lack a single accountable lead
• DORA and operational resilience obligations that need someone to own delivery end to end

My approach

I work across engineering, delivery, and governance without needing a translator in any direction. That means going deep into technical architecture when the problem requires it, owning the board and regulatory conversation when that is where the decision sits, and running cross-domain programmes across legal, finance, risk, and technology without losing accountability at each handoff.

Every engagement is built around outcomes: engineering organisations designed for delivery speed and resilience, operating models that teams can run, and regulatory obligations embedded in how the organisation works rather than managed as a separate function.

Core capabilities

Engineering and delivery leadership

Aligning engineering and product organisations around high-velocity delivery: team structure, ownership, and ways of working designed for speed and quality. Leading strategic programmes across cloud migration, banking infrastructure, and financial integrations, with explicit design for degraded operation and recovery.

Regulatory delivery

Building the methodology and execution behind regulatory programmes: critical or important function classification, operational resilience strategy, and DORA workstreams through to BAU. ICT risk, third-party oversight, and Register of Information obligations embedded in how the organisation runs.

Payments and regulated infrastructure

Building and operating payments infrastructure across orchestration, connectivity, settlement, and payouts under CSSF and FCA supervision. This operational depth grounds every engagement: criticality classification, resilience design, and programmes shaped by how these systems actually fail.

Experience

At PPRO, regulated under CSSF and FCA, I built an engineering organisation designed to deliver under stress and constraints and led the operational resilience strategy through board-level approval. I then delivered the DORA programme end to end: critical or important function classification, six workstreams into BAU, and a Register of Information submission covering 100+ ICT providers completed within the first days of the CSSF window.

At ONPEX, a BaaS institution under CSSF supervision in Luxembourg, I built and operated the banking infrastructure enabling cross-border payment flows as CTO and Head of Service Delivery.

How I work

I start by making the problem mine. Before proposing anything, I invest time understanding the organisation, the constraints, the people, and what has already been tried. That understanding shapes everything that follows.

Progress is tracked with data. Whether the engagement is an engineering transformation, a regulatory programme, or a cross-domain delivery, I define what success looks like early and build the visibility to track it. That means issues surface before they become blockers, and decisions are grounded in evidence rather than status updates.

I work alongside teams, not above them. The goal is to build capability in the team: ways of working, evidence that the process generates continuously, and the confidence that comes from teams that consistently deliver.