Skip to content

SIMPAISA GROUP - OPERATING MODEL

Version 0.1 (Skeleton) | April 2026

Document Owner: Chief Digital Officer

FILE REFERENCE

The sections in this skeleton are distributed across the following working files. Section numbers correspond to the headings below.

Sections File
1–2, 13–14 Section 01-02-13-14 - Overview Risk Islamic.md
4, 11–12 Section 04-11-12 - Governance Regulatory Compliance.md
5 Section 05 - Organisational Design.md
6 Section 6 - Roles and Responsibilities.md
7 Section 07 - RASCI Matrices.md
8–10 Section 08-10 - Core Business Processes.md
15–19 Section 15-19 - Tech InfoSec Finance HR.md
20–26 Section 20-26 - Country Operating Models.md
27–28 Section 27-28 Policies Standards and Procedures.md
Standalone Policies (DFSA-Critical) Standalone Policies - DFSA Critical.md
Standalone Policies (Governance) Standalone Policies - Governance.md

Note: Section 3 (Corporate Group Structure) does not yet have a dedicated working file.

PART I: EXECUTIVE OVERVIEW

1. Introduction and Purpose

  • 1.1 Document Purpose and Scope
  • 1.2 How to Use This Document
  • 1.3 Document Governance, Ownership, and Version History

2. Company Overview and Strategic Context

  • 2.1 Company History and Evolution (2016–Present)
  • 2.2 Vision, Mission, and Values
  • 2.3 Strategic Pillars and Growth Thesis
  • Geographic expansion (Saudi Arabia, MENA, Central Asia)
  • Product deepening (white-label wallets, crypto off-ramping)
  • Corridor density and network effects
  • Regulatory moat (own licences in each market)
  • Islamic-market alignment
  • 2.4 Target Operating Model Summary (Deloitte TOM Framework)
  • Strategy | Governance | Processes | People | Technology | Data
  • 2.5 Competitive Positioning
  • vs. dLocal, Thunes, TerraPay, Flutterwave, regional players

PART II: CORPORATE STRUCTURE AND GOVERNANCE

3. Corporate Group Structure

  • 3.1 Legal Entity Map and Shareholding Structure
  • Simpaisa Holdings PTE. Limited (Singapore) - HoldCo
  • PublishEx Solutions PVT Limited (Pakistan)
  • Simpoysha BD Limited (Bangladesh)
  • Soft Tech Innovation PVT LTD / aamarPay (Bangladesh)
  • Simpaisa Technologies LTD (UAE)
  • Commerce Plex Limited (UK)
  • Simpaisa CA LTD (Canada)
  • Simpaisa Holdings PTE. LTD (Iraq) - Branch Office
  • Pay Nest PVT LTD (Nepal)
  • 3.2 Entity Purpose and Functional Mandate (per entity)
  • 3.3 Intercompany Agreements and Transfer Pricing
  • 3.4 Equity Investments (aamarPay, YAP Pakistan)

4. Board and Executive Governance

  • 4.1 Board of Directors - Composition and Mandates
  • Bernhard Klemen, Blake Tan, Sebastian Reis, Nadeem Hussain (Chairman), Yassir Pasha
  • 4.2 Board Committees
  • 4.2.1 Audit and Risk Committee
  • 4.2.2 Compliance and Regulatory Committee
  • 4.2.3 Remuneration and Nomination Committee
  • 4.2.4 Technology and Information Security Committee
  • 4.3 Executive Leadership Team - Structure and Mandate
  • 4.4 Delegation of Authority Matrix
  • Financial commitments, contractual signing, hiring, technology spend, regulatory filings - by entity and role
  • 4.5 Corporate Secretary and Governance Calendar
  • Board meetings, AGMs, regulatory filings, audit cycles, licence renewals by jurisdiction

PART III: ORGANISATIONAL STRUCTURE AND PEOPLE

5. Organisational Design

  • 5.1 Design Philosophy
  • Hybrid model: functional global teams + geographic P&L ownership
  • 5.2 Group Organisational Chart (full hierarchy)
  • 5.3 Departmental Org Charts
  • 5.3.1 Office of the CEO (12 direct reports)
  • 5.3.2 Technology - CTO Organisation
    • Portal (7) | Disbursements (7) | Collections (6) | DevOps & DB (9) | SQA (7) | Architecture (2)
  • 5.3.3 Information Security - CISO Organisation
    • IT/NOC/SOC (8) | InfoSec/Pentest/Cloud Security (5)
  • 5.3.4 Finance - Global CFO Organisation
    • Treasury | Financial Reporting & Audit
  • 5.3.5 Product & Project - CPO Organisation
    • Product Management | PMO | Service Delivery | Integration
  • 5.3.6 Operations - Country Head Pakistan
    • Settlements | Partner Support
  • 5.3.7 Revenue - CRO Organisation
    • BD | Key Account Management | BI | Strategy & Governance
  • 5.3.8 COO Organisation
    • Admin & Procurement | HR | Growth & Governance | Legal | Marketing
  • 5.3.9 Strategy & Network - CSNO Organisation
  • 5.3.10 Regulatory Affairs - Global Head Organisation
  • 5.3.11 Country Operations - Bangladesh & Nepal
  • 5.3.12 Payment Channel Partnerships
  • 5.4 Headcount Plan and Scaling Model (12/24/36 months)

6. Roles and Responsibilities

  • 6.1 Executive Role Profiles (C-Suite and Country Heads)
  • CEO, CSNO, COO, CPO, Global CFO, CISO, CTO, CRO, Country Head Pakistan, Country Head BD&NP, Global Head Regulatory Affairs
  • 6.2 Senior Management Role Profiles
  • 6.3 Middle Management and Specialist Roles
  • 6.4 Individual Contributor Role Profiles
  • 6.5 Country-Specific Roles and Dual-Reporting Structures

7. RASCI Matrices

  • 7.1 RASCI Framework and Methodology
  • 7.2 Merchant Onboarding (Pay-Ins and Pay-Outs)
  • 7.3 Payment Transaction Processing - Collections
  • 7.4 Payment Transaction Processing - Disbursements
  • 7.5 Remittance Corridor Activation and Operations
  • 7.6 Crypto Off-Ramp Transaction Processing
  • 7.7 White-Label Wallet Provisioning
  • 7.8 KYC/KYB and Customer Due Diligence
  • 7.9 Sanctions Screening and Transaction Monitoring
  • 7.10 Settlement and Reconciliation
  • 7.11 Incident Management and Escalation
  • 7.12 New Market Entry and Licence Application
  • 7.13 Product Development Lifecycle
  • 7.14 Financial Reporting and Audit
  • 7.15 Vendor and Partner Onboarding
  • 7.16 Technology Change Management (Releases)

PART IV: CORE BUSINESS PROCESSES

8. Product Operating Models

  • 8.1 Product Portfolio Overview and Country Matrix
  • 8.2 Pay-Ins (Collections)
  • 8.2.1 Product Description and Value Proposition
  • 8.2.2 End-to-End Process Flow (API initiation → settlement)
  • 8.2.3 Payment Methods by Country
    • PK: Easypaisa, JazzCash, HBL Konnect, Alfa, Mobilink/Telenor/Ufone/Zong (DCB), OTC, IBFT (1LINK), cards
    • BD: bKash, Nagad, Rocket, Upay, Tap Pay, OK wallet, cards (Visa/MC/Amex), OTC
    • NP: Khalti, e-Sewa, IME Pay, Paywell
  • 8.2.4 Integration Architecture and API Specs
  • 8.2.5 Pricing Model (MDR-based)
  • 8.2.6 SLAs and Performance Metrics
  • 8.2.7 Reconciliation and Settlement Process
  • 8.2.8 Tier A Merchant Portfolio
  • 8.3 Pay-Outs (Disbursements)
  • 8.3.1 Product Description
  • 8.3.2 End-to-End Process Flow
  • 8.3.3 Disbursement Rails by Country
    • PK: Mobile wallets, Push IBFT, OTC (branchless banking agents & branches)
    • BD: Mobile wallets, bank transfers (NPSB/BEFTN), EMI (29+ banks), OTC
    • NP: PSPs/wallets (Khalti, e-Sewa, IME Pay), bank transfers
  • 8.3.4 Float Management and Pre-Funding
  • 8.3.5 Tier A Partner Portfolio
  • 8.4 Remittances
  • 8.4.1 Corridor Map
  • 8.4.2 Regulatory Framework per Corridor (MSB/FMSB via Canada/UK)
  • 8.4.3 End-to-End Process Flow (initiation → compliance → FX → settlement → last-mile)
  • 8.4.4 Correspondent and Partner Network
  • 8.4.5 FX Management and Treasury Operations
  • 8.4.6 Country Addenda (Pakistan, Bangladesh, Egypt, Nepal)
  • 8.5 Crypto Off-Ramping
  • 8.5.1 Product Description (USDT → PKR rail)
  • 8.5.2 VASP Licencing Requirements
  • 8.5.3 Process Flow (crypto receipt → conversion → fiat settlement)
  • 8.5.4 AML/CFT Controls for Virtual Assets (FATF Travel Rule)
  • 8.5.5 Risk Management (volatility, liquidity, counterparty)
  • 8.6 White-Label Wallets
  • 8.6.1 Product Description and Client Proposition
  • 8.6.2 Technical Architecture (multi-tenant)
  • 8.6.3 Licencing Implications (EMI licence required)
  • 8.6.4 Client Onboarding and Configuration

9. Commercial and Revenue Operations

  • 9.1 Go-to-Market Strategy and Sales Process
  • 9.2 Merchant/Partner Onboarding Process
  • BD inquiry → KYB → commercial negotiation → MPSA + addenda → technical integration → go-live
  • 9.3 Account Management and Partner Success
  • 9.4 Business Intelligence and Analytics
  • 9.5 Pricing Strategy and Revenue Model (MDR + FX spread)

10. Payment Operations

  • 10.1 Transaction Lifecycle Management
  • States: initiated → authorised → processing → settled → failed/refunded/disputed
  • 10.2 Settlement and Reconciliation
  • 10.2.1 Settlement Architecture (net vs. gross, cycles by corridor)
  • 10.2.2 Three-Way Reconciliation (internal ledger, partner/bank, client)
  • 10.2.3 Break Management and Exception Handling
  • 10.3 Payment Channel and Partner Network Management
  • 10.4 Disputes, Chargebacks, and Refund Management
  • 10.5 Operational Resilience and Business Continuity (99.9%+ uptime target)

PART V: RISK, COMPLIANCE, AND REGULATORY

11. Regulatory Framework and Licencing

  • 11.1 Licencing Map by Jurisdiction | Jurisdiction | Entity | Licence/Status | Regulator | |---|---|---|---| | Canada | Simpaisa CA | MSB | FINTRAC | | Canada | Commerce Plex | FMSB | FINTRAC | | Pakistan | PublishEx | SBP Schedule H (UBL/1LINK), BB Agency | SBP | | Bangladesh | Soft Tech/aamarPay | PSO Licence | Bangladesh Bank | | Nepal | Pay Nest | PSP partnership | NRB | | Iraq | Branch Office | Local partner arrangement | CBI | | UAE | Simpaisa Technologies | Commercial licence; pursuing DFSA Cat 3D | DFSA | | Singapore | HoldCo | MAS framework | MAS | | UK | Commerce Plex | HMRC MSB | HMRC/FCA |
  • 11.2 Regulatory Engagement Strategy
  • 11.3 Licence Application and Market Entry Process (standardised playbook)
  • 11.4 Licence Acquisition Roadmap
  • EMI (Pakistan) - acquiring 33.3% stake in licenced player
  • PSO/PSP (Pakistan) - own licence application
  • DFSA Category 3D (UAE/DIFC)
  • PSO (Nepal) - M&A target identified
  • Major PI (Saudi Arabia) - post-partnership phase
  • Payment Organisation (Kazakhstan)

12. Compliance Programme

  • 12.1 Group Compliance Framework (existing document)
  • 12.2 AML/CFT/CPF Programme
  • 12.2.1 Group AML/CFT Policy Architecture
    • Group policy + jurisdiction addenda: Singapore, Canada (×2), Pakistan
  • 12.2.2 Customer Due Diligence / KYC/KYB Standards
  • 12.2.3 Transaction Monitoring Programme
  • 12.2.4 Suspicious Activity Reporting (SAR/STR)
  • 12.2.5 Record Keeping and Data Retention
  • 12.3 Sanctions Compliance
  • 12.3.1 Group Sanctions Policy (existing)
  • 12.3.2 Screening Process (existing flow diagram)
  • 12.3.3 Eastnets Platform (screening technology)
  • 12.3.4 Hit Escalation and Disposition
  • 12.4 Anti-Bribery and Corruption (existing Group ABC Policy)
  • 12.5 Client Funds Safeguarding (existing Group Policy)
  • 12.6 Anti-Fraud Programme (existing Canada entity policies)
  • 12.7 Compliance Monitoring and Testing
  • 12.8 Regulatory Reporting Calendar (all jurisdictions)

13. Enterprise Risk Management

  • 13.1 ERM Framework (references existing Risk Assessment Policy)
  • 13.2 Risk Appetite Statement
  • 13.3 Operational Risk
  • KRIs | Incident Management | BCP/DR | Third-Party Risk
  • 13.4 Financial Risk
  • FX Risk (PKR, BDT, NPR, IQD) | Liquidity Risk | Credit/Counterparty | Settlement Risk
  • 13.5 Regulatory and Compliance Risk
  • 13.6 Geopolitical and Country Risk
  • Pakistan (capital controls, political instability) | Bangladesh (FX controls) | Nepal (capital account restrictions) | Iraq (sanctions adjacency) | Saudi/MENA expansion risks
  • 13.7 Fraud Risk (by product line)
  • 13.8 Risk Reporting and Governance

14. Islamic Finance and Shariah Considerations

  • 14.1 Shariah Compatibility Framework
  • Not an Islamic FI, but ensuring compatibility for Islamic-majority markets
  • Prohibition of Riba (interest), Gharar (uncertainty), Haram activities
  • 14.2 Product Shariah Screening
  • Merchant screening for prohibited industries (gambling, alcohol, adult content)
  • 14.3 Shariah Advisory Arrangements
  • Relevant for DFSA/Saudi expansion; AAOIFI standards alignment
  • 14.4 Islamic Market Sensitivity in Operations
  • Prayer time SLAs, Ramadan adjustments, cultural competency, Zakat facilitation

PART VI: TECHNOLOGY AND INFORMATION SECURITY

15. Technology Architecture

  • 15.1 Technology Strategy and Principles (API-first, cloud-native)
  • 15.2 Platform Architecture Overview
  • Payment gateway | Processing engine | Settlement engine | Merchant portal | Partner APIs
  • 15.3 Infrastructure and Cloud (AWS)
  • EC2, VPC, ALB/NLB, CloudFront, NAT Gateway, Parameter Store, Certificate Manager, Autoscaling, SNS
  • Kafka (messaging), Redis (caching)
  • 15.4 DevOps and CI/CD
  • Jenkins, Terraform, Ansible | M. Mohsin's team (9 people)
  • 15.5 Database Architecture
  • MySQL, PostgreSQL, MongoDB, Amazon DocumentDB
  • 15.6 API Management and Integration Architecture
  • Principal Architect (Maqsood Ali) + Application Architect (Laique Ali)
  • 15.7 Software Development Lifecycle
  • Agile/Scrum, sprint cadence, code review, release process
  • 15.8 Quality Assurance
  • Owais Khalid's SQA team (7): automation + manual testing, REST Assured, Gatling, JMeter, Playwright, Appium
  • 15.9 Technology Roadmap (12–24 months)

16. Information Security and Cyber Resilience

  • 16.1 ISMS (ISO 27001 Certified)
  • 16.2 PCI DSS Compliance Programme
  • 16.3 Security Operations Centre (24/7 NOC/SOC)
  • Datadog, Amazon CloudWatch, CyGlass
  • Rohit Rana (Lead NOC & Sys Admin), 4 NOC/SOC Associates, NOC Engineer, 2 IT Help Desk
  • 16.4 Cloud Security
  • AWS Security Hub, GuardDuty, Detective, WAF, Inspector, Network Firewall
  • Microsoft Defender, AttackMetricx
  • Khizer Javed (Cloud Security Engineer)
  • 16.5 DevSecOps and Application Security
  • Snyk (dependency scanning), Shahzaib Iqbal (DevSecOps Lead)
  • 16.6 Penetration Testing and Vulnerability Management
  • 16.7 Data Protection and Privacy
  • By jurisdiction: Pakistan PECA, Bangladesh ICT Act, Nepal Privacy Act, PDPA Singapore, UAE data protection, UK GDPR
  • 16.8 Identity and Access Management
  • 16.9 Incident Response Plan
  • 16.10 Security Awareness and Training

PART VII: FINANCIAL OPERATIONS

17. Financial Management

  • 17.1 Finance Operating Model (Global CFO organisation)
  • 17.2 Chart of Accounts and Accounting Policies (IFRS)
  • 17.3 Financial Planning and Budgeting
  • 17.4 Management Reporting and KPIs
  • 17.5 Statutory and Regulatory Financial Reporting (by entity)
  • Pakistan: PublishEx audited accounts (FY17–FY22 available)
  • Singapore: HoldCo audited accounts (FY23, FY24 available)
  • 17.6 External Audit (PwC Pakistan, PwC Singapore)
  • 17.7 Internal Audit

18. Treasury and Cash Management

  • 18.1 Treasury Operating Model
  • 18.2 Bank Account Structure (multi-entity, multi-currency)
  • 18.3 Foreign Exchange Management
  • Frontier currency pairs: USD/PKR, USD/BDT, USD/NPR, USD/IQD
  • 18.4 Cash Flow Forecasting and Liquidity Management
  • 18.5 Client Funds Segregation and Safeguarding
  • 18.6 Settlement Execution

PART VIII: HUMAN RESOURCES AND PEOPLE

19. People Strategy and HR Operations

  • 19.1 People Strategy (scale-up phase talent philosophy)
  • 19.2 Recruitment and Onboarding
  • 19.3 HR Operations and Employee Lifecycle
  • Contracts, payroll (by entity/jurisdiction), benefits, leave, performance, exit
  • 19.4 Compensation and Benefits Framework
  • 19.5 Learning and Development
  • 19.6 Performance Management
  • 19.7 Culture and Engagement (multi-cultural: PK, BD, NP, IQ, SG, UAE)
  • 19.8 Fit and Proper Requirements for Regulated Roles
  • SBP, Bangladesh Bank, NRB, DFSA, MAS requirements

PART IX: COUNTRY OPERATING MODELS

20. Pakistan Operations

  • 20.1 Entity: PublishEx Solutions PVT Limited
  • 20.2 Regulatory: SBP, SECP, FMU
  • 20.3 Products Active: Pay-Ins, Pay-Outs, Remittance inflows
  • 20.4 Local Org: Noor Ali (Country Head Pakistan)
  • 20.5 Banking/Payment Partners
  • 20.6 Country Compliance (existing AML/CFT/PF + Sanctions policies)
  • 20.7 Operational Metrics

21. Bangladesh Operations

  • 21.1 Entities: Simpoysha BD + Soft Tech Innovation/aamarPay
  • 21.2 Regulatory: Bangladesh Bank, BFIU, BPSSR 2014
  • 21.3 Products Active: Pay-Ins (aamarPay), Pay-Outs, Remittances
  • 21.4 Local Org: Sanjana Farid, Faruk Kaysar (Deputy CM)
  • 21.5–21.7 Partners | Compliance | Metrics

22. Nepal Operations

  • 22.1 Entity: Pay Nest PVT LTD
  • 22.2 Regulatory: Nepal Rastra Bank (NPR 150M/250M capital req)
  • 22.3 Products: PSP integrations (Khalti, e-Sewa, IME Pay)
  • 22.4 Local Org: Shailendra Joshi (Deputy CM)
  • 22.5–22.7 Partners | Compliance | Metrics

23. Iraq Operations

  • 23.1 Entity: Branch Office
  • 23.2 Regulatory: Central Bank of Iraq
  • 23.3 Products: Pay-Ins via local partner
  • 23.4 Sanctions Risk Management (heightened controls)

24. UAE Operations and DIFC Expansion

  • 24.1 Entity: Simpaisa Technologies LTD
  • 24.2 Regulatory: DFSA, CBUAE
  • 24.3 DFSA Cat 3D Application Requirements
  • Governance: non-exec chair, SEO resident UAE, MLRO, compliance officer
  • Capital: USD 300K–500K
  • 24.4 Products Planned
  • 24.5 Organisational Build-Out

25. Canada and UK Operations

  • 25.1 Entities: Simpaisa CA (MSB) + Commerce Plex (FMSB)
  • 25.2 Regulatory: FINTRAC, HMRC
  • 25.3 Role: Remittance corridor origination points
  • 25.4 AML/CFT Programs (4 existing policy documents)

26. Expansion Markets

  • 26.1 Market Entry Evaluation Framework (scorecard)
  • 26.2 Saudi Arabia
  • Phase 1: Aggregator model via local processor (target Q2 2026)
  • Phase 2: JV with local partner (D360 Bank, MBC Group, Mawarid candidates)
  • Phase 3: SAMA Major PI licence
  • 26.3 MENA Pipeline (Egypt, Jordan, Kuwait, Bahrain, Oman)
  • 26.4 Central Asia (Kazakhstan, Uzbekistan - target Q1 2026)
  • 26.5 New Market Operational Playbook (templatised)

PART X: POLICIES, STANDARDS, AND PROCEDURES

27. Policy Framework

  • 27.1 Policy Hierarchy
  • Tier 1: Group Policies (board-approved, all entities)
  • Tier 2: Entity-Level Policies (jurisdiction-specific)
  • Tier 3: Standard Operating Procedures (department-level)
  • 27.2 Policy Index and Ownership Matrix
  • Existing policies:
    • Group Compliance Framework
    • Group Client Funds Safeguarding Policy
    • Group Sanctions Policy
    • Group ABC Policy
    • Risk Assessment Policy
    • AML/CFT/PF - Singapore HoldCo
    • AML/CFT/PF - Commerce Plex (Canada)
    • AML/CFT - Simpaisa CA (Canada)
    • AML/CFT/PF - PublishEx (Pakistan)
    • Anti-Fraud - Commerce Plex (Canada)
    • Anti-Fraud - Simpaisa CA (Canada)
    • PublishEx Sanctions Policy
    • Data Retention and Protection Policy
    • Security Architecture
  • 27.3 Policy Development and Review Process
  • 27.4 Policy Gap Analysis and Roadmap
  • Needed for DFSA/growth:
    • Operational Resilience Policy
    • Outsourcing and Third-Party Management Policy
    • Data Governance Policy
    • Conflicts of Interest Policy
    • Whistleblowing Policy
    • Remuneration Policy
    • Fit and Proper Policy
    • Complaints Handling Policy
    • Code of Conduct and Ethics

28. Key Policies (Summaries and Cross-References)

  • 28.1 AML/CFT/CPF Policy Suite
  • 28.2 Sanctions Policy
  • 28.3 Anti-Bribery and Corruption
  • 28.4 Client Funds Safeguarding
  • 28.5 Anti-Fraud
  • 28.6 Risk Assessment
  • 28.7 Information Security (ISO 27001)
  • 28.8 Data Protection and Privacy
  • 28.9 Business Continuity and Disaster Recovery
  • 28.10 Acceptable Use and IT Security
  • 28.11 Outsourcing and Third-Party Management
  • 28.12 Whistleblowing
  • 28.13 Conflicts of Interest
  • 28.14 Code of Conduct and Ethics
  • 28.15 Complaints Handling
  • 28.16 Record Retention

PART XI: APPENDICES

  • A. Glossary of Terms
  • B. Acronym Index (MSB, FMSB, PSO, PSP, EMI, DFSA, MAS, SBP, BFIU, NRB, AML, CFT, KYC, KYB, CDD, EDD, PEP, SAR, STR, FATF, VASP, ISMS, PCI DSS, NOC, SOC, etc.)
  • C. Regulatory Authority Contact Directory
  • D. Group Entity Register (names, registration numbers, addresses, directors, company secretaries)
  • E. Master Agreement Templates Index (MPSA, Service Addenda, Country Addenda, Remittance Agreements)
  • F. RASCI Matrix Master File (consolidated tables)
  • G. KPI Dictionary (definitions, formulas, data sources, targets, reporting frequency)
  • H. Document Control and Change Log

DESIGN PRINCIPLES

  1. Deloitte TOM Framework as the organising spine: Strategy, Governance, Processes, People, Technology, Data
  2. Country-specific depth because regulatory requirements in frontier markets are materially different per jurisdiction
  3. Islamic finance integrated where it matters - not bolted on as an afterthought
  4. RASCI matrices are product-specific because decision chains differ fundamentally between pay-ins, pay-outs, remittances, and crypto
  5. Corporate group structure foregrounded - for a 9-entity group across 7+ jurisdictions, intercompany governance is existential
  6. Scale-up orientation - headcount scaling, expansion playbooks, policy gap analysis are forward-looking
  7. Existing assets leveraged - references the 14 existing policy documents in the data room rather than duplicating