- Review of operational policies and procedures including testing them to ensure they are followed and demonstrate good.
- Review of policy and implementation relating to Financial Crime, AML/KYC and borrower status tests.
- Identifying any weaknesses in the Servicer’s systems and controls.
- Review of 3rd party outsource arrangements, oversight and performance.
- Cost confirmation and rationale for expenses incurred by vendors.
- Assessment of custody of documentation including appropriateness and accuracy.
- On-boarding and monitoring of key third party vendors.
- Financial strength review covering balance sheet, cash flow position and financial controls.
- Staffing resource review including experience, turnover and incentives.
- Review of Compliance to local jurisdiction regulatory framework and delta to UK FCA TCF guidelines.
- Review of statutory notices and other borrower communications.
- Review of complaints have progressed and acknowledged in a timely manner and conform to FCA DISP and TCF guidelines (or other local jurisdiction equivalent).
- Assessment of Servicer Collections versus best practice including the use of payment arrangements and forbearance measures.
- Review of system notes for borrower engagement and approach to vulnerability.
- Comparison of loan servicing approach to FCA MCOB and CONC regulation and principles of TCF.
- Review of loan tape against systems of record including Data Enrichment for missing fields where requested.
Portfolio Cash Testing
- Confirm and test cash reconciliation processes by obtaining a summary of cash receipts for the Company’s total portfolio and tracing the daily deposits made to the bank accounts from the bank statements to the Company’s servicing system and reports generated from the servicing system to determine that collections are applied on a timely and accurate basis.
- SPV sweep and co-mingling audit including the checking of SPV related bank accounts for accurate and timely sweep from OpCo to SPV.
- Cash-flow management policies and procedures review.
- Collections policy and procedures review.
- Post investment cash collections, arrears and cash-flow management review.
Payment Plans (Arrangements to Pay)/Refinancing Audit
- Whether a payment plan has been agreed, on what basis, and whether the amount and terms were realistic and in the customer’s interest.
- Determine whether the arrangement has been properly documented.
- Whether an arrangement has been adhered to and followed up on expiry of the arrangement.
- Understand and comment upon payment allocation process.
- Evidence of any loan restructure having taken place.
- Evidence that any agreed shortfall settlement maximises revenue and is appropriate when balanced the time and costs of litigation.
Fraud Assessment and Investigation
- Forensic financial crime and fraud investigation.
- Use of OSINT platform and data analytics tools to carry out enhanced due diligence including detailed individual background checks; Politically Exposed Person checks; sanctioned parties check.
- AML/CTF due diligence.
Project Financing Cash Audit
- Capital project financing and SPV financing audit to cover an independent in-depth review of all cash movements in relation with a particular capital project or investment portfolio.
Other Financial and Corporate Due Diligence
- Financial control/ cash management including internal and external audits completed.
- Accuracy of financial reporting in terms of long standing defaults and bad debt provisioning.
- Appropriateness and quality of the Financial Control function, including a review of the latest audited financials and cash flow statements.
- General Corporate: ownership structure, changes, financial performance, management, strategy, regional focus, experience/track record etc.
SPV Fund Management Cash Audit
- A detailed review of the flow of funds through bank accounts for specific investments.
Network Audit & Infrastructure Analysis
- Carry out entire IT estate Network Audit identifying all IP based devices.
- Create overall Risk Report.
- Create network management plan.
- Create site diagrams.
- Create asset details report.
- Create network risk assessment analysis.
- Create IT SWOT Analysis.
- Create Backup Disaster Recovery (BDR) Analysis report.
- PCI compliance sweep.
- Malicious network threat sweep and analysis report.
Security Risk Audit
- Carry out PCI compliant security audit of entire network.
- Create overall Security Risk Report.
- Create security management plan.
- Create computer security report cards.
- Create anomalous login reports.
- Create external vulnerabilities report.
- Create external network vulnerabilities report.
- Create outbound security report.
- Create security policy report.
- Create share permission report by device.
- Create share permission report by user.
- Create user behaviour analysis.
- Create data breach liability report.
- Wi-Fi posture analysis.
- Dark web posture analysis.
- Analysis of network traffic and event logs, along with any existence of network intrusions.
- Vulnerability and Malware analysis based on the Client websites.
Cyber Security Diagnosis
- Penetration Testing.
- Security Assessment.
- Workstation Management.
- Monitoring and Alert Management.
- Vulnerability Management.
- IT Business Continuity.
- Backup Management.
- Server Management.
- Application Management.
- Tech Infrastructure Improvements.
- General Data Protection Regulations (GDPR) compliance assessment.
- IT security policies and procedures review.
- Technology assessment in line with National Electronic Security Authority (NESA) compliance guidelines (UAE only).
- Technology assessment in line with Information Security Regulation (ISR) compliance guidelines (Dubai only).
- Cyber security training (B2B) for legal and corporate policy compliance.
FinTech Platform Tech Assessment
- Complete tech assessment of FinTech platform in terms of data flow, data security, data storage.
- Data analytics for FinTech and e-Commerce platforms.
- Vulnerability assessment.
- Operational assessment.
- Advisory on platform IT infrastructure.
Portfolio Asset Valuations
- Geographic spread of assets, regional locations identified.
- Region by region investigation.
- Kerbside reviews of location and built form where required.
- Investigation and spread of asset classes (Apartment, townhouse, semi detached or single dwelling).
- Overall assessment of LVR (Loan to Value Ratio’s) asset wide against current market values.
- Adoption of International definition of ‘Market Value’ to benchmark asset values.
Individual Asset Reporting
- Preparation of individual reports containing property specific information as to:
- Photographic representation and site identification.
- Known and identified data summary of land and building areas with amenity of the built form (No of Bedrooms, bathrooms, Gross Internal Areas where available).
- Comparable sales used.
- Method of assessment described and identified for each.
- Signed certificate of valuation per property by a RICS and API registered valuer.
- Return of valuations to suit tight time frames where required.
Individual Asset Kerbside Assessment
- Assessment of land from GIS mapping where available.
- Review of Context and surrounding built form.
- Nature and size of built form – investigation with database records where available concerning size and amenity.