This talk presents results coming out of an ongoing research project between Credit Suisse Luxembourg and the TU Berlin. It presents an approach that shows good potential to address security, risk and compliance issues the bank has in its daily business by the use of integrated organizational models build up by en- terprise modeling activities. Such organizational models are intended to serve to describe, evaluate, automate, monitor and control as well as to develop an organization respecting given organizational security, risk and compliance side-constraints. Based on the empirical scenario at Credit Suisse, real-world requirements towards a modeling framework as well as the modeling process are developed. Graph Transformation techniques are proposed as formal framework for this purpose and they are evaluated in the sense of how far they can support the identified enterprise modeling activities in the context of the new enterprise modeling frame- work.