Audit, risk, compliance.
The governance posture of the holding company. Operating subsidiaries inherit the Group baseline and add the regulatory regime of their category.
Audit posture.
The Group operates under an annual independent audit across the holding company and each operating subsidiary. Audit working papers are available to qualified counterparties under NDA.
Risk and compliance.
Each operating subsidiary is responsible for the regulatory regime of its category. The Group office maintains a single risk register across platforms, reviewed quarterly by the principals.
Cryptographic standards.
Every platform that handles customer data inherits the Group’s cryptographic baseline: end-to-end encryption at rest and in transit, isolated key custody, and an audit log architecture designed for regulated environments.
Data sovereignty.
Customer data is held inside the customer’s jurisdiction by default. Cross-border transfer happens only with explicit customer authorisation and only via the Group’s cryptographic substrate.
Operator accountability.
Every Group platform has a named operating principal accountable to the holding company. Principals carry economic alignment with the platform they operate.